Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation (Spring 2003) by Edith Ngai Advisor: Prof. Michael R. Lyu

Department of Computer Science and Engineering, The Chinese University of Hong Kong2 Outline Background Related Work Trust-Level Based Authentication Services Self-Initialization Certificate Renewal Future Work Discussion & Conclusion

Department of Computer Science and Engineering, The Chinese University of Hong Kong3 Mobile Ad Hoc Network An ad hoc network is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected. Nodes of ad hoc networks are often mobile, apply wireless communication (MANET) Applications –Personal area networks –Military communications –Sensor networks –Disaster area networks Background

Department of Computer Science and Engineering, The Chinese University of Hong Kong4 Characteristics Dynamic network topology Limited physical security Limited bandwidth Energy constrained nodes Natures of ad hoc networks make them vulnerable to security attacks Passive eavesdropping Denial of service attacks by malicious nodes Attacks from compromised entities or stolen devices Background

Department of Computer Science and Engineering, The Chinese University of Hong Kong5 Vulnerabilities – Traditional network vs Ad hoc network Wired network –Adversary must gain physical access to wired link –Adversary has to sneak through security holes at firewalls or routers Ad hoc network –Wireless links give poor physical protection –Mobile nodes are capable of roaming independently –Decentralized management Background

Department of Computer Science and Engineering, The Chinese University of Hong Kong6 Key Management Security in networks widely rely on key management mechanisms Trust third party (TTP) is an entity trusted by all users and is often used to provide key management services Certificate authorities (CA) is a public key management system responsible for issuing and revoking certificates A certificate binds the identity of an entity to its public key Background

Department of Computer Science and Engineering, The Chinese University of Hong Kong7 Public Key Encryption We use public key encryption to secure the network It can obtain non-repudiation, confidentiality, integrity and authentication Adversary can defeat the system by impersonation when entities are exchanging public keys, or alter the public file containing public keys Public key cryptography requires the authenticity of public keys Background

Department of Computer Science and Engineering, The Chinese University of Hong Kong8 Related Work Traditional network authentication solutions rely on TTP or CA Popular network authentication architectures include X.509 and Kerberos. Some model on hierarchical CAs Ad hoc network is infrastructureless No centralized server for key management Related Work

Department of Computer Science and Engineering, The Chinese University of Hong Kong9 Related Work Pretty Good Privacy (PGP) is proposed following a web of trust authentication model. A node rely on trusted PGP users to introduce others Threshold secret sharing can distribute the functionality of centralized CA server among a fixed group of servers Proactive secret sharing can improve robustness by updating secret keys periodically Related Work

Department of Computer Science and Engineering, The Chinese University of Hong Kong10 Related Work Partially distributed certificate authority –makes use of a (k,n) threshold scheme to distribute the services of CA to a set of specialized server nodes –requires rich network connectivity among group of servers Fully distributed certificate authority –extends certificate services to every nodes and a threshold number of neighboring nodes can collaboratively act as a authentication server –requires enough neighboring nodes Related Work

Department of Computer Science and Engineering, The Chinese University of Hong Kong11 Related Work Self-issued certificates –Issues certificates by users themselves without the involvement of any certificate authority –Any pair of users can find certificate chains to each other using their certificate repositories –Problem exists if certificates issued did not reach certain amont Related Work

Department of Computer Science and Engineering, The Chinese University of Hong Kong12 Primitives Adopt fully distributed certificate authorities approach Combine the authentication services with trust level concept Apply weighted threshold secret sharing instead of general threshold secret sharing scheme Extend certificate services not limited to neighboring nodes using trust chains Trust-Level Based Authentication Services

Department of Computer Science and Engineering, The Chinese University of Hong Kong13 Authentication Services Flowchart Trust-Level Based Authentication Services With valid certificate state High increase in trust level Request for one more polynomial share Join into the network Request for a polynomial share Request for a certificate With valid certificate Certificate renewal Certificate expires? Yes No

Department of Computer Science and Engineering, The Chinese University of Hong Kong14 Trust Model A trust model defines how the nodes in the network trust each other Past work on authentication services just define trust model to be - a node with valid certificate can be trusted in the network We add in the concept of trust level We define that each node keeps a trust value to each of its neighboring nodes Trust-Level Based Authentication Services

Department of Computer Science and Engineering, The Chinese University of Hong Kong15 Trust-Level Concept We define the trust value to be floating number between 0.0 and 1.0 Trust value from node vj to node vi represents the level of trust that node vj towards vi The value is based on the observation on node’s behavior Generally, a node is believed to be trustable if its trust value is above the level of 0.5 Trust-Level Based Authentication Services

Department of Computer Science and Engineering, The Chinese University of Hong Kong16 Trust-Level Concept Neighboring nodes received request message will check the trust level of the nodes send / forward it the message r r r 1. Send request message 3. Reply the message 2. Check trust levels Trust-Level Based Authentication Services

Department of Computer Science and Engineering, The Chinese University of Hong Kong17 Assumptions Each node has a unique ID Each node can discover its one-hop neighbours Communication link within one-hop neighbours is reliable. The mobility is characterized by maximum node moving speed Each node maintains a trust value to each neighbors A node holds a limited number of polynomial shares Trust values on a path can form a trust chain. Trust-Level Based Authentication Services

Department of Computer Science and Engineering, The Chinese University of Hong Kong18 Number of Polynomial Shares per Node Each node holds a number of polynomial shares for initialization and certification A node can hold maximum c shares Each node and each share has a unique ID Self-Initialization Node IDShare IDs 11, 2, …, c 2c+1, c+2, …, 2c 32c+1, 2c+2, …, 3c …… k(k-1)*c+1, (k-1)*c+2, …, k*c …… n(n-1)*c+1, (n-1)*c+2, …, n*c

Department of Computer Science and Engineering, The Chinese University of Hong Kong19 Request for More Polynomial Share A node gets 1 polynomial share when it joins the network It can request for more polynomial share if its trust level is high enough some time later A field “trust level increased” can be added in the reply message in certification A node can make more contribution to certification and initialization if it holds more shares Self-Initialization

Department of Computer Science and Engineering, The Chinese University of Hong Kong20 Algorithm Apply the localized self-initialization algorithm A node vi broadcasts its request for a polynomial share Nodes reply to vi with their partial shares Let a 1, a 2, … a k be the polynomial share IDs received by vi, the corresponding polynomial share are P a1, P a2, … P ak Self-Initialization

Department of Computer Science and Engineering, The Chinese University of Hong Kong21 Algorithm Each node calculates their partial share and return it to vi: P j = P aj * L aj (a i ) mod N where mod N By Lagrange Interpolation, vi can generate a new polynomial share P ai : P ai = f (a i ) = P a1 *L a1 (a i ) + P a2 *L a2 (a i ) + … + P ak *L ak (a i ) = = mod N Self-Initialization

Department of Computer Science and Engineering, The Chinese University of Hong Kong22 Number of Partial Certificate in Reply Assume node vj holds K polynomial shares Each share can sign one partial certificate Trust level to no. of partial certificate Certificate Renewal Trust level (vj to vi)No. of partial certificate vj to vi x<1/20 1/2<= x <½+1/41 ½+1/4<= x <½+1/4+1/82 …… ½+1/4+…1/(2^(K-1))<= x <½+1/4+…1/(2^K)K-1 ½+1/4+…1/(2^K)<= x <=1K

Department of Computer Science and Engineering, The Chinese University of Hong Kong23 Number of Partial Certificates in Reply A node decide number of partial certificates to reply based on the trust level of the requesting node Trust value (ranges from 0.0 to 1.0) 123 K …. Divisions of trust level Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong24 Number of Nodes Required Nodes may sign more partial certificates to a node with high trust level No. of nodes required varies though no. of partial certificates required is fixed kNo. of shares a node holds Min. no. of nodes in a coalition Max. no. of nodes in a coalition K1-CK/CK Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong25 Trust Relationship of Nodes Certification is not limited to neighboring nodes with our trust level model Nodes have never met can determine each other trustable or not by a trust chain Trust values can be calculated to a single value with formula viv2v2 v1v1 V2V1 Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong26 Trust Relationship of Nodes Formula we use: V1  V2 = 1 - (1-V2) V1, where V1  V2 represents the trust level from v1 to vi Analysis on the formula If V1 is high (v1 trusts v2), V1  V2 will be closer to V2 (the view of trust from v2 to vi) ; vice versa viv2v2 v1v1 V2V1 V1 \ V Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong27 Trust Relationship of Nodes Trust value (v5 to vi) = 0.9  0.8 = 1 - (1-0.8) 0.9 = Trust value (v6 to vi) = 0.5  0.8 = 1 - (1-0.8) 0.5 = Number of partial certificate in reply Partial certificates in reply vi v3v3 v4v4 v1v1 v2v2 v5v5 v6v6 2 1 Trust relationship from arrow left to arrow right. vi v3v3 v4v4 v1v1 v2v2 v5v5 v Trust values of different nodes Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong28 Algorithm A node vi broadcasts certificate renewal request Nodes vj sign partial certificates by their polynomial shares and reply to vi Let the k polynomial shares involved be P a1, P a2, … P ak The shares can generate partial certificates using the formula: CERT aj = (cert) Paj mod N Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong29 Algorithm Upon receiving at least k such partial certificates, node vi picks k to form the coalition B Suppose, vi chooses {CERTa 1, CERTa 2, …, CERTa k }, where a1,a2, …, ak are the IDs of the corresponding polynomial shares, candidate certificate can be generated: CERT’aj = (CERTaj) Laj(0) mod N where mod N vi then multiplies {CERT’a 1, CERT’a 2, …, CERT’a k }, CERT’ = mod N vi can employ K-bounded coalition offsetting algorithm to recover its new certificate CERT Certificate Renewal

Department of Computer Science and Engineering, The Chinese University of Hong Kong30 Protocol Certificate Renewal q0q0 w0 c0c0 cjcj ajaj rj qjqj Request? a0a0 < k(Cert j )CERT 0 Request? Cert j Request? >=k(Cert j ) CERT 0 Node makes the requestNodes receive the request s2s2 s1s1 IOIO I: input message received O: output message sent Protocol on certificate renewal Node makes the request q0: making a request w0: waiting for the replies c0: received k or more replies, request successes a0:received less than k replies, request fails Nodes received the request qj: receive a request rj: requesting node is trustable, send reply aj: requesting node is not trustable, no reply is sent cj:receive the new certificate from the requesting node

Department of Computer Science and Engineering, The Chinese University of Hong Kong31 Future Work Simulation will be carried out To evaluate the performance of our authentication services Possible simulators can simulate ad hoc networks are Ns-2, glomosim, etc Main difficulty is how to modify the C++ and Otcl codes in Ns-2 for simulation Future Work

Department of Computer Science and Engineering, The Chinese University of Hong Kong32 Discussion Trust-level concept –Formalizes the authentication services in network –Classifies the trust of nodes by levels –Allows weighted threshold secret sharing and trust chain be applied Weighted threshold secret sharing –Speeds up collection of enough shares in certification and initialization –Nodes can make more contribution with high trust level –Coalition size decreases dynamically according to trust level of nodes Trust chain –Allows nodes never met to determine the trust of each other –Reduces the problem of not enough neighboring nodes in certification and initialization Discussion

Department of Computer Science and Engineering, The Chinese University of Hong Kong33 Conclusion We studied the characteristics, vulnerabilities and key management techniques of mobile ad hoc networks We proposed a scalable distributed authentication services to secure mobile ad hoc networks We combined trust level concept and fully distributed CA approach to provide authentication services We applied weighted threshold secret sharing scheme We extended the services to non-neighboring nodes by trust chains Simulation will be carried out in the future Conclusion

Department of Computer Science and Engineering, The Chinese University of Hong Kong34 Q & A