Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan
Introduction/justification The problem in MANET is mostly related to –that there isn’t any central management system or access to a trusted third party (TTP), witch contain a repository of the identity of al legal node –It must be assumed that node have restricted computation power, power and memory capacity. –Node may frequently change location or new one is entering the network. –It must be assumed that the network will be exposed for passive and active attack from an unauthorised source, witch may have more computation power, power and memory capacity then legal nodes Justification –A MANET may be useful in many situations where no infrastructure (fixed or cellular) is available, or wireless public access in urban areas to providing quick deployment and extended coverage. –Without any appropriate authentication protocol it’s possible that the network may be used by user that don’t follows legal principle or isn’t a legal user of the network. –At this moment there aren’t any standards that describe a proper authentication protocol that may be use in MANET.
Research questions/method Research questions –Description of the scenario for the rescue operation. –What kind of threat that may be expected for MANET in this scenario. –Consideration on what kind of different authentication method and cryptographic algorithm that may be appropriate against the threat and useful in a MANET. –Design of a new and better authentication protocol that is suited for this scenario. Method: – Consider different threat that has been identified in earlier work and literature – Mathematician and computer simulation to compute the complexity of the new and earlier authentication protocol
Authentication is fundamental Authentication is fundamental in all aspect of information security and assurance, and is the binding of an identity to a subject. Authentication may be based on: –something known (as a password, shared secret, secret, the private key corresponding to a public key etc.) –something possessed (this is typical a physical asset as a badge card, id-card, password calculator etc.) –something inherent (handwrite, fingerprint, etc.). An authentication protocol proves the nodes identity in a given instance of time. To maintain the identity authentication additional techniques must be included. If nodes is authenticated at the start of a session, they have to ensure that they maintain the authentication during the session, so that an adversary hasn’t interfered the session. An approach to prevent this to happen include: –perform re-authentication or for each discrete resource request (eg each message that have to be exchanged) –tying the identification to an ongoing integrity service, that each message can be tied together with session authentication.
Requirement Few computational steps Balanced computational steps Cheap computational step Few messages flow Small messages Small program memory Small data memory requirement Restricted consequences of data disclosure
Different crypto algorithm Symmetric encryption –When the nodes (network) is deployed it’s hard (or impossible) to change key –If one node is compromised, the entire network is compromised Hash and HMAC is fast Asymmetric is slow
Authentication model The distribution of credential may be done in two ways: –encrypt the credential by the receiver nodes public key – the credential has a signature base on initiators private key The first option require more message exchange during authenticate of its neighbour nodes, than the second option. One-by-one Broadcast
The trust model/clock synchronisation If two nodes have succeed an authentication of each other, then there is established a trust relationship between this nodes. –This mean if Node A and B has done the authentication process they trust each other, that is also true if node B and C has done the authentication process. –But this doesn’t mean that node A and C trust each other. If node A and C have to trust each other, they have to do the authentications process. Further it is assumed that every legal node has a certificate with a unique identity and public/private key pair that is distributed and signed by an off-line TTP The private keys are stored in a secure and tamper proof area within the node, and are only known by its owner. Every node is equipped with a GPS-clock, and the time deviation is small (much smaller than a second).
Different fast authentication protocols Leslie Lamport (LATEX?) Weakness DoS attack Sign every traffic key Wormhole and insider attack DoS attack Sign every hash chain Wormhole and insider attack
Threat Wormhole attackInsider attack
The new authentication protocol
New authentication protocol(1) The protocol include 3 hash chain 1.The master hash chain 2.Traffic hash chain 3.Session hash chain
New authentication protocol(2) hop-by-hop
New authentication protocol(3) hop-by-hop
Three hash chain
Some test result on my computer 1.6 GHz Centrino Duo
Result from simulation Assume that Pt>Pc>Pm, Pt=xPc and r-the data rate Pt-Transmit power, Pc-CPU power, Pm-power to keep memory
Conclusion The new protocol –is more secure against DoS, wormhole and insider attack –require less power than earlier proposed authentication protocol