Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate.

Slides:

Advertisements

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Advertisements

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Survey of Secure Wireless Ad Hoc Routing

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Centre for Wireless Communications University of Oulu, Finland

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Routing Security in Ad Hoc Networks

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Applied Cryptography for Network Security

Probability Grid: A Location Estimation Scheme for Wireless Sensor Networks Presented by cychen Date ： 3/7 In Secon (Sensor and Ad Hoc Communications and.

Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.

Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan A Neighbour Discovery Approach for.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.

SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.

Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

A Multicast Routing Algorithm Using Movement Prediction for Mobile Ad Hoc Networks Huei-Wen Ferng, Ph.D. Assistant Professor Department of Computer Science.

Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio

1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The.

VEHICULAR AD HOC NETWORKS GAURAV KORDE KAPIL SHARMA.

Security of the Internet of Things: perspectives and challenges

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

Indian Institute Of Technology, Delhi Page 1 Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks Ashwin Rao 2006SIY7513.

Presented by Edith Ngai MPhil Term 3 Presentation

Net 435: Wireless sensor network (WSN)

Privacy Preservation and Protection Scheme over ALARM on Geographical routing B. Muthusenthil, S. Murugavalli Results The PPS is geographical routing protocol,

Presentation transcript:

Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate Revocation Scheme for Mobile Ad Hoc Networks Dieynaba Mall 1, Karim Konaté 1, and Al-Sakib Khan Pathan 2 1 Department of Mathematics and Computer Science, Université Cheikh Anta Diop de Dakar, Dakar, Senegal 2 Department of Computer Science, International Islamic University Malaysia, Kuala Lumpur, Malaysia

Outline of This Presentation Introduction Motivation and Objectives The proposed scheme Analysis – security and performance Future research directions 2 ISBAST 2014, August 2014, KL, Malaysia

Introduction In Mobile Ad hoc Networks (MANETs), the nodes maintain the network by communicating among themselves without any particular centralized entity. Due to the nature of wireless communication, MANETs are more vulnerable. Key management is used for secure communication –Key distribution is mainly discussed –Key revocation is also critical 3 ISBAST 2014, August 2014, KL, Malaysia

Motivation Behind This Work Most of the proposed certificate revocation schemes in MANET present many insufficiencies: –Vulnerable to various types of attacks and do not guarantee efficient resource utilization. –Only digital signature-based schemes addressed resource-efficiency. However, the cost associated with using such operations is still substantially higher than that of symmetric cryptographic operations. –Signature-based broadcast authentication protocols are vulnerable to DoS (Denial of Service) attacks. 4 ISBAST 2014, August 2014, KL, Malaysia

Objective and Overview We propose an enhanced and efficient certificate/key revocation scheme for Mobile Ad hoc Networks (MANETs). Specific contribution: Our key revocation scheme is based on the scheme presented in the following work (identity based approach): –K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report , Centre for Applied Cryptographic Research, March ISBAST 2014, August 2014, KL, Malaysia

Objective and Overview Identity-based cryptography is a type of public- key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an address, domain name, or a physical IP address. Two main issues are addressed in our work: –Vulnerability against various attacks –Resource consumption / Resource-efficiency 6 ISBAST 2014, August 2014, KL, Malaysia

Building Blocks of Our Scheme We adapt and modify the work of Hoeper and Gong. Employ the HEAP protocol as the underlying broadcast authentication scheme: –R. Akbani, T. Korkmaz, and G. V. S. Raju., “HEAP: hop-by-hop efficient authentication protocol for Mobile Ad-hoc Networks,” Proc. of the 2007 spring simulation multiconference - Volume 1 (SpringSim '07), Vol. 1. Society for Computer Simulation International, 2007, San Diego, CA, USA, pp ISBAST 2014, August 2014, KL, Malaysia

Security Assumptions We assume a PKI (Public Key Infrastructure)- based system with an external trusted certificate authority, CA (Certification Authority). We consider that each node can communicate with this trusted CA before joining the network and can obtain a unique public key certificate signed by the CA as well as the authentic public key of the CA. –A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. 8 ISBAST 2014, August 2014, KL, Malaysia

Security Assumptions (Cntd.) All direct communication links between nodes are bidirectional and each node has an implemented monitoring scheme. Each node knows its one-hop neighbors - this is necessary to assure a complete distribution of shared keys. 9 ISBAST 2014, August 2014, KL, Malaysia

Proposed Scheme Our proposal comprises of three algorithms Before presenting the algorithms, let us know, –All the mathematical notations and their meanings –Certificate Revocation Lists (CRLs) 10 ISBAST 2014, August 2014, KL, Malaysia

Mathematical Notations 11 ISBAST 2014, August 2014, KL, Malaysia TABLE 1. LIST OF NOTATIONS FOR CERTIFICATE REVOCATION SCHEME

Certificate Revocation Lists Each node i creates a certificate revocation list CRL i for any of its known nodes j such that j ∈ N i. This list can be represented by a matrix with dimensions (Ω i,Ω i+3 ) as shown below: 12 ISBAST 2014, August 2014, KL, Malaysia

Our Revocation Scheme We use: (i)Certificate revocation lists instead of key revocation lists, and (ii)The HEAP protocol as broadcast authentication scheme. Hence, shared keys are used to secure accusation messages. The combination gives significant advantage over the previous approach. 13 ISBAST 2014, August 2014, KL, Malaysia

Our Revocation Scheme (Ctnd.) Algorithm 1: Neighborhood Watch In this algorithm, each node i monitors its one- hop neighbors. Whenever it observes a suspicious neighbor j ∈ N i,1, it sets and creates a neighborhood watch message nw i with: MAC - Message Authentication Code 14 ISBAST 2014, August 2014, KL, Malaysia

Our Revocation Scheme (Ctnd.) where,, containing ; – cert i is the serial number of i’s certificate; – hopcount ensures that the message reaches all nodes in m-hop distance. Initially, node i sets hopcount = m. index is the index number related to this message and used to prevent replay attacks. and are the different MACs computed each for a one-hop neighbor according to the New Step 2 in the paper. 15 ISBAST 2014, August 2014, KL, Malaysia

Our Revocation Scheme (Ctnd.) Algorithm 2: Propagate This algorithm is triggered by Algorithms 1 and 3. After creating an accusation message which can be neighborhood watch message nw i or update message um i, the nodes securely propagate accusations to their one-hop neighbors. 16 ISBAST 2014, August 2014, KL, Malaysia

Our Revocation Scheme (Ctnd.) Algorithm 3: Update CRL This algorithm describes how the node i updates its own revocation list CRL i according to the received accusation message. Node i prepares an update message um i for all of its one-hop neighbors j ∈ N i,1 with: where M contains the parameters as noted before. 17 ISBAST 2014, August 2014, KL, Malaysia

Security Analysis The use of HEAP as authentication scheme provides a foundation. With HEAP, our revocation scheme can authenticate every single packet in every single hop. Hence, it can combat –replay, impersonation, DoS, man-in-the-middle, wormhole attacks, etc. In addition, HEAP offers some level of protection against insider attackers who try to forge packets and impersonate other insiders. 18 ISBAST 2014, August 2014, KL, Malaysia

Security Analysis (Ctnd.) Our scheme defends against a wide range of insider attacks by using intelligent techniques, security, and system parameters (in Table 1). Protection against: –Sybil attack –Dropping accusations –Attempt to modify accusations –Moving to a new neighborhood whenever accusation account approaches threshold –Collusion of nodes 19 ISBAST 2014, August 2014, KL, Malaysia

Performance Analysis 20 ISBAST 2014, August 2014, KL, Malaysia [16] K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report , Centre for Applied Cryptographic Research, March TABLE 2

Performance Analysis With our approach, –the memory space required to store the required information slightly increases due to the storage of certificate of each one-hop neighbor. –the computational overhead generated by an accusation message in our solution remains the same as the one associated with the proposal in [16] 21 ISBAST 2014, August 2014, KL, Malaysia

Performance Analysis With our approach, –to disseminate an accusation message to the one-hop neighborhood, a node i just needs to execute one broadcast. Thus, compared to the method in [16], our solution considerably reduces the communication overhead associated to the propagation of accusations. Note that in [16], due to the use of pairwise pre- shared secret keys k i,j, to propagate an accusation, it is required to unicast the associated message to each one-hop neighbor. 22 ISBAST 2014, August 2014, KL, Malaysia

Final Words and Overall Gains Security and performance analyses show that our approach ensures –good protection against a wide range of attacks launched by outsiders –Also, insider attacks in a cost-effective way since our scheme offers smaller overheads. Future work is to investigate applicability of the scheme for other networks and possibly, to further reduce complexity. 23 ISBAST 2014, August 2014, KL, Malaysia

THANK YOU 24 ISBAST 2014, August 2014, KL, Malaysia

Questions and Answers Any query should be directed to ??? For More Information: 25 ISBAST 2014, August 2014, KL, Malaysia