Security for Ubiquitous and Adhoc Networks. Mobile Adhoc Networks  Collection of nodes that do not rely on a predefined infrastructure  Adhoc networks.

Slides:



Advertisements
Similar presentations
Akshat Sharma Samarth Shah
Advertisements

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Chapter 20: Network Security Business Data Communications, 4e.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Key Management in Cryptography
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
1 Self Protecting Cryptosystems Moti Yung Columbia University/ RSA Labs.
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
1 Secure Ad-Hoc Network Eunjin Jung
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
Key Management in Mobile and Sensor Networks Class 17.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
Cryptography, Authentication and Digital Signatures
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Network Security David Lazăr.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Ad Hoc Network.
Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Fall 2006CS 395: Computer Security1 Key Management.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Key management issues in PGP
Presented by Edith Ngai MPhil Term 3 Presentation
Intrusion Tolerant Architectures
網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments
Web Information Systems Engineering (WISE)
Presentation transcript:

Security for Ubiquitous and Adhoc Networks

Mobile Adhoc Networks  Collection of nodes that do not rely on a predefined infrastructure  Adhoc networks can be formed merged together partitioned to separate networks  Not necessarily but often mobile  There may exist static and wired nodes

Examples  Computer science classroom adhoc network between student PDAs and workstation of the instructor  Large IT campus Employees of a company moving within a large campus with PDAs, laptops, and cellphones  Moving soldiers with wearable computers Eavesdropping, denial-of-service and impersonation attacks can be launched  Shopping mall, restaurant, coffee shops Customers spend part of the day in a networked mall of specialty shops, coffee shops, and restaurants

Examples Group A Group B Group C A trust relationship among 3 different adhoc groups

Networking Infrastructure Networking topologies  Flat infrastructure (zero-tier) All nodes have equivalent routing roles No hierarchy  Hierarchical infrastructure (N-tier) Cluster nodes have different routing roles Control the traffic between cluster and other clusters

Routing Protocols  Proactive: table-driven and distance vector protocols Nodes periodically refresh the existing routing info, every node can operate with consistent and up-to-date tables  Reactive (on-demand): updates the routing information only when necessary Most routing protocols are reactive  Hybrid: uses both reactive and proactive protocols For example, proactive protocol between networks, reactive protocol inside of networks

Networking Constraints  Mobility Due to mobility, topology of network can change frequently Nodes can be temporarily off-line or unreachable  Resource constraints Energy constraints Memory and CPU constraints Bandwidth constraints  Prior trust relationship Availability of Internet connection Central trust authority, base station Pre-distributed symmetric keys Pre-defined certificates and certificate revocation lists

Trust Management  Trust model Node-to-node trust Node-to-central authority trust  Cryptosystems Public-key cryptosystem  More convenience  Digital signature possibility Secret-key cryptosystem  Less functionality  Key distribution problem

Trust Models Web of Trust Model Hierarchical Model

Key Management  Key creation Central key creation Distributed key creation  Key storage Centralized Replicated storage for fault tolerance Distributed, on each node  Partial key storage (shared secrets)  Full key storage  Key distribution Symmetric and private keys: Confidentiality, authenticity and integrity should not be violated Public keys: Integrity and authenticity should be preserved

Availability  Network services should operate properly  Network services should tolerate failures even when DoS attack threats  Several availability attacks: Network layer: the attacker can modify the routing protocol (divert the traffic to invalid addresses) Network layer: adversary can shut down the network Session layer: adversary can remove encryption in the session-level secure channel Application layer: availability of essential services may be threatened

Physical Security  Nodes are assumed to have low physical security  Nodes can easily be stolen or compromised by an adversary  Fewer than 1/3 of the principals at the time of network formation are corrupted or malicious  Single or distributed point of failure

Identification and Authentication  Only authorized nodes (subjects) can have access to data (objects)  Only authorized nodes may form, destroy, join or leave groups  Identification can be satisfied by: User ID-Password based authentication systems Presented adequate credentials Delegate certificates

Network Operations  Link layer protections Protects confidentiality Protects authenticity  Network layer protections IPSec in case of IP-based routing  Confidentiality of routing info  Authenticity and integrity of routing info Against impersonation attacks Against destruction and manipulation of messages Against false traffic due to hardware or network failure

Network Operations  Non-repudiation of routing info Routing traffic must leave traces  Management of network Must be protected from disclosure Must be protected against tampering Must be protected against modified configuration tables by adversary (for reactive routing protocols)

Key Management Security  Environment-specific and efficient key management system  Nodes must have made a mutual agreement on a shared secret or exchanged public keys  In more dynamic environments Exchange of encryption keys may be addressed on-demand  In less dynamic environments Keys are mutually agreed proactively or configured manually

Key Management Security  Private keys have to be stored in the nodes confidentially Encrypted with the system key With proper hardware protection (smart cards) By distributing the key in parts to several nodes  Centralized approaches are vulnerable as single point of failures

Adhoc Keying Mechanisms  ID-based cryptography Master public key/secret key is generated by private-key generation service (PKG) Master keys known to everyone Arbitrary identities are public keys  Identity: “A1”  Public key: “MasterPublicKey | A1” Private keys should be delivered to nodes by PKG

Adhoc Keying Mechanisms  ID-based encryption schemes Setup: input a security parameter, return master public/secret keys Extract: input master secret key and identity, return the personal secret key corresponding to identity Encrypt: input master public key, the identity of the recipient and message, return ciphertext Decrypt: input master public key, ciphertext and a personal secret key, return plaintext

Adhoc Keying Mechanisms  Threshold cryptography Allows operations to be “split” among multiple users In t-out-of-n threshold scheme, any set of t users can compute function while any set of t-1 users cannot  If adversary compromises even t-1 users, he cannot perform crypto operation  Honest user who needs to perform crypto operation should contact t of users Secure against Byzantine adversaries exist for t < n/2, secure against passive adversaries can support t < n

Resurrecting Duckling Security Model Two state principle (duckling)  Imprintable  Imprinted Imprinting principle  Transition from imprintable to imprinted  Mother node sends imprinting key Imprintable Imprinted (alive) imprinting death

Resurrecting Duckling Security Policy  New node identifies and authenticates itself to the nearest active node (mother) in the group: imprinting  A shared secret key is established between mother and the new node: bootstrapping is generally accomplished by physical contact  This key provides privacy of computations between the node and the mother  A node may die, returning to its imprintable mode  A new imprinting by another mother is possible: reverse metempsychosis

Resurrecting Duckling Principles  Death principle Transition from imprinted to imprintable (death) Death by order of the mother Death by old age after predefined time interval Death on completion of a specific transaction/job  Assassination principle Assassination by attacker may be uneconomical Some suitable level of tamper resistance should be provided  Broken is different from death A node can be broken by an adversary, but it cannot be made imprintable (it can be smashed, but it will not die)

Resurrecting Duckling Principles  If the shared secret key is lost and beyond recovery, we may want/need to regain control of the node The manufacturer may order the device to commit suicide (escrowed seppuku) Shogun role by the manufacturer; however, this will cause centralization If the mother keeps a copy of the imprinting key, localization can be achieved  Multilevel souls The same node can serve to many mothers establishing different keys Each soul in the node will have imprinted and imprintable states, souls would be functioning in parallel

Research at Oregon State University  Information Security Laboratory at Oregon State University is working towards developing a distributed Kerberos system for mobile adhoc network of devices Devices with different computing power, memory (code & RAM) space, and power consumption properties Initial group formation (authentication) is accomplished by physical contact, touching (imprinting) Symmetric cryptography based hierarchical trust model Key list & Trust list data structures Nodes may join and may gracefully leave the group Ungraceful (abrupt) leaving requires new touching

Group Formation a bc d IdRelationMACKey cItself …… aParent … K ac dChild … K cd IdRelationMACKey dItself …… cParent … K cd KL c KL d KL a IdRelationMA C Key aItself …… bChild … K ab cChild … K ac KL b IdRelationMA C Key bItself …… aParent … K ab

Node-to-node Key Agreement a b e d i h g f c Ancestor Sets AS b ={a} AS h ={b, a} AS d ={a} AS i ={d, a}

Graceful Leave a b e d i h g f c j Node j wants to leave the group Node f generates new branch key and sends to b, b forwards new branch key to root node a, node a changes the group key and begins the group re-keying with refreshed branch keys

Abrupt Leave a b e d i h g f c j Node d leaves the group abruptly Node a generates new branch key for this branch, but since node i lost its mother, i should touch contact to any node in the group in order to re-join and re-authenticate