Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 ◊ Securing Information through Trust Management in Wireless Networks Mohit Virendra, Shambhu Upadhyaya Computer Science and Engineering The State University.

Published byBriana Singleton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 ◊ Securing Information through Trust Management in Wireless Networks Mohit Virendra, Shambhu Upadhyaya Computer Science and Engineering The State University."— Presentation transcript:

1 1 ◊ Securing Information through Trust Management in Wireless Networks Mohit Virendra, Shambhu Upadhyaya Computer Science and Engineering The State University of New York at Buffalo Buffalo, NY Sep 24, 2004

2 CEISARE @ 2 Trust Schemes: Wireless Domain Wireless Network Classification 1.Independent Ad-hoc 2. Central Authority Trust-based Security Schemes a. Independently Mutual information exchange between the nodes b. Using a Trusted Central Authority

3 CEISARE @ 3 Trust based Admission Control scheme with a first yes policy for WLANs Trust monitoring through Intent Graphs in wireless domain Actual Condition Review-based Peer Monitoring Scheme Trust based security scheme for ad-hoc networks: Physical and Logical Security Domains Trust management through Domain Heads in ad-hoc networks Overview Defining trust schemes for securing information in WLANs and Ad-hoc networks Problem Statement: Contributions:

4 CEISARE @ 4 CA Assisted Scenario: WLAN model WLAN Architecture: Two servers on the Distribution System: (a) Admission Controller (AC), (b) Global Monitor (GM) Trust Based Admission Control admission time trust establishment Optimistic Approach: Trust everyone until misbehavior detected Intent query scheme between AC and the new node Admission decision depends on “trust value” and “intent” of the new node Admission decision depends on “trust value” and “intent” of the new node Perfunctory check policy for node with unknown trust “First Yes Policy”: Node proves and maintains trust value to be in session. Trust verified while node is in the system Looks Naïve! But very effective in selective admission control

5 CEISARE @ 5 WLAN model: Trust Establishment Nodes use symmetric key pairs for communication with AP, key duration dependent on trust value and “incrementing” trust also Trust Levels: Used to (dis)allow a node to perform certain operations During the operation, AC/GM monitors node using GHMS [10], checks against Intent Map and builds its Trust History Three Trust Levels: Low, Medium and High Intent Map (Graph) Generation: models node’s intended behavior Intent Map (Graph) Generation: models node’s intended behavior FSM based on resources required & steps to be followed Benign transactions increase node’s trust value Relationship between transactions completed and trust value depicted by graph on next slide

6 Operations Trust Value Misbehavior Threshold High Medium Low/ Unknown (Benign)(Malicious) (Intrusion Flagged) Trust Value vs. Operations

7 CEISARE @ 7 Intent Graphs and ACR generation Tolerance in Intent Graphs Tolerance Level and Misbehavior Threshold Dealing with excess data rates: calculating threshold as an incremental percentage or probability as a function of data rates [11] Flagging an intrusion == premature expiration of the session key between node and AP Each deviation => closer to threshold ~ severity of misbehavior Trust Values help in Leader Selection Peer Trust Monitoring: Actual Condition Review (ACR) report generation scheme FORWARD MONITORING: APs generate ACRs about nodes REVERSE MONITORING: Nodes generate ACRs about APs SELF MONITORING: Nodes forced to submit their own progress report Result: A self correcting trust monitoring system

8 WLAN Logical Implementation

9 CEISARE @ 9 Independent Ad-hoc Networks Grouping nodes with similar trust parameters and interests Defining Qualitative Trust Parameters and Quantifying Trust Trust Based Domains A ~> B and B ~> C, then A =~> C using B’s trust as a verifier More comprehensive schemes if A and C don’t trust a common node Encryption Schemes proposed by Zhou et al. [17], [18] Node may share trust interests with nodes belonging to two or more domains: “Border Nodes” Membership in a domain a collective decision (e.g. secure polling) Mutual Information Exchange Based Trust

10 CEISARE @ 10 Domains Nodes in a Domain share a common DOMAIN KEY Physical Trust Domains (PTDs) and Logical Trust Domains (LTDs) All inter and intra-domain communication uses symmetric pair-wise keys Domain Heads: Election and Rotation Domain Heads can establish pair-wise symmetric keys with each other on the fly for trust negotiation Nodes preloaded with keying material: establish pair-wise symmetric keys on the fly with domain members Overlapping PTDs Non-overlapping PTDs Overlapping LTDs Non-overlapping LTDs

11 CEISARE @ 11 PTD APTD BPTD C NaNabNbc Nc Overlapping PTDs

12 CEISARE @ 12 Overlapping PTDs

13 CEISARE @ 13 Non Trusted Regions and Hierarchical Trust Communication between non-trusted regions: End to end tunnels Tradeoff between: Information Security and Information Relevance Lifetime Sending information along multiple routes: Minimum Trust Value of a route Hierarchical Trust and Super Domains Addressing Scalability and Reduce Control Overhead of Head Nodes Hierarchical Trust : But, requires extra degree of protection for domain heads and super domain heads against attacks targeted at Central Authority Would help if a domain head (hence all domain members) are compromised

14 CEISARE @ 14 Conclusion and Discussion Introduced trust based schemes for wireless networks Trust based security model for WLANs Idea of Physical and Logical Trust Domains in ad-hoc networks Conceptual paper: describes new paradigms and concepts, require deeper investigation Studying control overheads of the schemes introduced by us Continuing Research: Extending the ACR generation scheme to ad-hoc networks Formalizing the “first yes” admission control scheme

15 CEISARE @ 15 References 1.A.Rahman and S. Hailes, “A Distributed Trust Model”, New Security Paradigms Workshop 1997, ACM, 1997. 2.D. Balfanz, D. Smetters, P. Stewart and H. Wong, “Talking to Strangers: Authentication in Ad-hoc Wireless Networks”, NDSS, San Diego, 2002. 3.L. Eschenauer, V.Gligor and J. Baras, “On Trust Establishment in Mobile Ad-Hoc Networks”, Proc. 10th International Workshop of Security Protocols, Springer Lecture Notes in Computer Science (LNCS), Apr. 2002. 4.J. Kong, H. Luo, K. Xu, D. L. Gu, M. Gerla, and S. Lu, “Adaptive security for multi-layer ad-hoc networks,” in Special Issue of Wireless Communications and Mobile Computing. Wiley Interscience Press, Aug. 2002. 5.T. Hughes, J. Denny, P. Muckelbauer, J. Etzl, "Dynamic Trust Applied to Ad Hoc Network Resources", Autonomous Agents & Multi-Agent Systems Conference, Melbourne, Australia, 2003. 6.J. Kong, P. Zerfos, H. Luo, S. Lu and L. Zhang, “Providing Robust and Ubiquitous Security Support for Mobile Ad-hoc Networks”, ICNP, Riverside, CA, 2001. 7.L. Zhou and Z. J. Haas, “Securing ad hoc networks,” IEEE Network Magazine, vol. 13, no. 6, pp. 24–30, Nov.’99. 8.C. Davis, "A localized trust management scheme for ad-hoc networks", Proc. 3rd International Conference on Networking (ICN'04), Mar. 2004. 9.H. Debar, M.Dacier, A. Wespi and S. Lampart, “An Experimentation Workbench for Intrusion Detection Systems”, Research Report, IBM Research Division, Zurich Research Laboratory, Switzerland, 1982. 10.M. Virendra, S. Upadhyaya, X. Wang, “ GSWLAN: A New Architecture Model for a Generic and Secure Wireless LAN System”, 5th Annual IEEE Information Assurance Workshop, West Point, NY, June 2004. 11.M. Molloy, “Performance analysis using Stochastic Petri Nets”, IEEE Trans. On Computers, vol. 39, no 9, pp. 913-917. 12.Y. Huang and W. Lee, “A Cooperative Intrusion Detection System for Ad Hoc Networks”, ACM CCS SASN Worskhop, Oct. 2003. 13.Y. Huang, W. Fan, W. Lee, and P. Yu, “Cross-feature analysis for detecting ad-hoc routing anomalies”, 23rd International Conference on Distributed Computing Systems, Providence, May 2003. 14.S. Upadhyaya, R. Chinchani, K. Kwiat, "An Analytical Framework for Reasoning about Intrusions", Symposium on Reliable Distributed Systems (SRDS’01), New Orleans, Oct. 2001 15.L. Zhou, F. Schneider, R. van Renesse, “COCA: A secure distributed on-line certification authority”, ACM Transactions on Computer Systems 20, Nov. 2002, pp. 329–368. 16.H. Debar, M.Dacier, A. Wespi, S. Lampart, “An Experimentation Workbench for Intrusion Detection Systems”, Research Report, IBM Research Division, Zurich Research Laboratory, Switzerland, 1982. 17.S. Zhu, S. Xu, S. Setia and S. Jajodia, “Establishing Pair-wise Keys for Secure Communication in Ad Hoc Networks”, 11th IEEE International Conference on Network Protocols (ICNP’03), Atlanta, Nov. 2003. 18.S. Zhu, S. Xu, S. Setia, S. Jajodia and P. Ning, “An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks”, IEEE Symposium on Security and Privacy, Oakland, May 2004 19.Y. Ko, N. Vaidya, “Location-aided routing (LAR) in mobile ad hoc networks”, Proc. 4th annual ACM/IEEE international conference on Mobile computing and networking, pp.66-75, Dallas, Oct. 1998

16 16 Questions ? Email: {virendra, shambhu}@cse.buffalo.edu www.cse.buffalo.edu/~virendra

Download ppt "1 ◊ Securing Information through Trust Management in Wireless Networks Mohit Virendra, Shambhu Upadhyaya Computer Science and Engineering The State University."

Similar presentations

Supporting Cooperative Caching in Disruption Tolerant Networks

Supporting Cooperative Caching in Disruption Tolerant Networks
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.

An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.
GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.

GRS: The Green, Reliability, and Security of Emerging Machine to Machine Communications Rongxing Lu, Xu Li, Xiaohui Liang, Xuemin (Sherman) Shen, and Xiaodong.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.

Source-Location Privacy Protection in Wireless Sensor Network Presented by: Yufei Xu Xin Wu Da Teng.
University of Waterloo & UOIT & INRIA Lille Presenter: Rongxing Lu

University of Waterloo & UOIT & INRIA Lille Presenter: Rongxing Lu
Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.

Location-Aware Security Services for Wireless Sensor Networks using Network Coding IEEE INFOCOM 2007 최임성.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.

Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.

Similar presentations

Ads by Google