Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok

Agenda Towards Flexible Credential Verification in Mobile Ad-hoc Networks by Keoh and Lupu Towards Flexible Credential Verification in Mobile Ad-hoc Networks by Keoh and Lupu Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups by Kim, Perring, and Tsudik Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups by Kim, Perring, and Tsudik Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks by Huang, Cukier, Kobayashi, Liu and Zhang Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks by Huang, Cukier, Kobayashi, Liu and Zhang

Towards Flexible Credential Verification in Mobile Ad-hoc Networks by Sye Loong Keoh and Emil Lupu Published in ACM Principles of Mobile Computing 2002

Goal and Assumptions Goal Goal Enable credential verification in an ad hoc environment given some natural limitations Enable credential verification in an ad hoc environment given some natural limitations Assumptions Assumptions Ad hoc networks are built around entities with a priori relationships Ad hoc networks are built around entities with a priori relationships E.g. wireless collaboration between colleagues in the same physical location E.g. wireless collaboration between colleagues in the same physical location Trust communications can occur “out of band” Trust communications can occur “out of band” Trusts must be established ahead of time Trusts must be established ahead of time E.g. trust of a certificate authority or individual making assertions E.g. trust of a certificate authority or individual making assertions Ad hoc networks will generally not have connections to verification services (e.g. on-line CA) Ad hoc networks will generally not have connections to verification services (e.g. on-line CA) Off-line verification is done using PGP-like “web of trust” model Off-line verification is done using PGP-like “web of trust” model Verifiers are more likely to have access to on-line resources like CA’s and CRL’s. Verifiers are more likely to have access to on-line resources like CA’s and CRL’s. Limited computational and storage resources Limited computational and storage resources Not enough storage to keep track of all possible public keys Not enough storage to keep track of all possible public keys

Security Assertions The Idea: The Idea: Use credential assertions instead of certificates, attributes, and repeated individual verification of credentials Use credential assertions instead of certificates, attributes, and repeated individual verification of credentials Each device has: Each device has: A key ring which contains trusted keys (including root certificates as needed) A key ring which contains trusted keys (including root certificates as needed) A public/private key pair A public/private key pair User policy for determining trustworthiness User policy for determining trustworthiness

1 Credential Assertion Statement Assertion Signature Statement Signed: Bob Signed: Alice Example Bob Alice 2 Alice verifies Bob’s signature and credentials on the CAS Alice generates ASS and sends it to Bob Bob generates CAS 3 Bob presents CAS and ASS’s to service for access Service 4 Service performs verification on the signature using its trusted key ring and individual policies

Benefits / Shortfalls Benefits Benefits User may have multiple CAS’s depending on usage User may have multiple CAS’s depending on usage Identity is self-asserted; only the authorization assertion is independently certified Identity is self-asserted; only the authorization assertion is independently certified Trust is not transitive (unless you design a trust this way) Trust is not transitive (unless you design a trust this way) Shortfalls Shortfalls In a complex environment would create lots of CAS’s; potentially one for each role In a complex environment would create lots of CAS’s; potentially one for each role Revocation can not be done (no place for the verifier to check). This could limit the duration for any ASS to remain valid. Revocation can not be done (no place for the verifier to check). This could limit the duration for any ASS to remain valid. Concept of trust is simplistic; does not extend to larger environments Concept of trust is simplistic; does not extend to larger environments

Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups by Yongdae Kim, Adrian Perring, Gene Tsudik Published in ACM Conference on Computer and Communications Security 2000

Goals Question: Question: How can we generate and maintain a common encryption key for a frequently changing group? How can we generate and maintain a common encryption key for a frequently changing group? Goals Goals The key generation should not be centralized (to ensure fault tolerance) The key generation should not be centralized (to ensure fault tolerance) Ensure certain security properties for our key Ensure certain security properties for our key Minimize the amount of network traffic associated with key changes Minimize the amount of network traffic associated with key changes

Cryptographic Properties 1. Group Key Secrecy – it is computationally infeasible for a passive adversary to discover any group key 2. Forward Secrecy – a passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys 3. Backward Secrecy – a passive adversary who knows a contiguous subset of group keys cannot discover preceding group keys 4. Key Independence – a passive adversary who knows any proper subset of group keys cannot discover any other group key.

M1M1 M3M3 M4M4 M5M5 M6M6 M2M2 A Key Tree

Membership Events Join: a new member is added to the group Join: a new member is added to the group Leave: a member is removed from the group Leave: a member is removed from the group Merge: a subgroup is added to the group Merge: a subgroup is added to the group Partition: a subgroup is split from the group Partition: a subgroup is split from the group Key refresh: the group key is updated Key refresh: the group key is updated

Join M1M1 M3M3 M2M2 M1M1 M3M3 M4M4 M2M2

Leave M1M1 M2M2 M3M3 M4M4 M5M5 M2M2 M4M4 M5M5 M1M1

Conclusion

Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks by Qiang Huang, Johnas Cukier, Hisashi Kobayashi, Bede Liu and Jinyun Zhang Published in ACM Wireless Sensor Networks and Applications 2003

The problem Establishing keys securely across a sensor network Establishing keys securely across a sensor network Sensor nodes have very little hardware resources. Sensor nodes have very little hardware resources. Two types of encryption used Two types of encryption used Symmetric Key Encryption – Inexpensive Symmetric Key Encryption – Inexpensive Elliptic Curve Encryption – Expensive Elliptic Curve Encryption – Expensive Offloading the burden onto more powerful machines Offloading the burden onto more powerful machines Reducing Expense of Encryption Operations Reducing Expense of Encryption Operations Public key encryption is expensive Public key encryption is expensive Yet it needs to be done quickly Yet it needs to be done quickly Private key encryption is inexpensive Private key encryption is inexpensive Yet using one group key is insecure Yet using one group key is insecure How can we balance the two while still retaining speed and security? How can we balance the two while still retaining speed and security?

The Solution: Hybrid Authentication Approach Security Managers Security Managers More processing power than Sensor nodes More processing power than Sensor nodes Need to communicate with secure Certificate authority Need to communicate with secure Certificate authority Does not fit with the “Ad Hoc” paradigm - Server based Does not fit with the “Ad Hoc” paradigm - Server based Give the bulk of the work to the Security Manager Give the bulk of the work to the Security Manager Allows sensors to join/leave the network quicker Allows sensors to join/leave the network quicker Puts a major strain on the Security Manager Puts a major strain on the Security Manager Sensors will substitute elliptic encryption for symmetric key encryption Sensors will substitute elliptic encryption for symmetric key encryption Degrades security Degrades security Security Managers become more valuable targets Security Managers become more valuable targets Tradeoff Tradeoff

Conclusion Tradeoff between speed and security Tradeoff between speed and security Sensors will require less power, resources Sensors will require less power, resources Smaller, cheaper, faster Smaller, cheaper, faster Network authentication speed increased Network authentication speed increased Faster overall network performance Faster overall network performance

Questions?

Backup Slides

What is an Ad Hoc Network? Definition: A network which is created on demand, without fixed resources (servers, routers), such as used by wireless devices using short range communications Definition: A network which is created on demand, without fixed resources (servers, routers), such as used by wireless devices using short range communications Characteristics of Ad Hoc Networks Characteristics of Ad Hoc Networks No common resources (such as servers) – all resources must be contributed by the peers involved in the network No common resources (such as servers) – all resources must be contributed by the peers involved in the network Membership in the network may change often Membership in the network may change often Devices may have limited storage and computational power Devices may have limited storage and computational power Network is less reliable and bandwidth limited compared to fixed networks Network is less reliable and bandwidth limited compared to fixed networks