Download presentation
Presentation is loading. Please wait.
1
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget sjberget@start.no Superviser Chik How Tan
2
Introduction/justification The problem in MANET is mostly related to –that there isn’t any central management system or access to a trusted third party (TTP), witch contain a repository of the identity of al legal node –It must be assumed that node have restricted computation power, power and memory capacity. –Node may frequently change location or new one is entering the network. –It must be assumed that the network will be exposed for passive and active attack from an unauthorised source, witch may have more computation power, power and memory capacity then legal nodes Justification –A MANET may be useful in many situations where no infrastructure (fixed or cellular) is available, or wireless public access in urban areas to providing quick deployment and extended coverage. –Without any appropriate authentication protocol it’s possible that the network may be used by user that don’t follows legal principle or isn’t a legal user of the network. –At this moment there aren’t any standards that describe a proper authentication protocol that may be use in MANET.
3
Research questions/method Research questions –Description of the scenario for the rescue operation. –What kind of threat that may be expected for MANET in this scenario. –Consideration on what kind of different authentication method and cryptographic algorithm that may be appropriate against the threat and useful in a MANET. –Design of a new and better authentication protocol that is suited for this scenario. Method: – Consider different threat that has been identified in earlier work and literature – Mathematician and computer simulation to compute the complexity of the new and earlier authentication protocol
4
Authentication is fundamental Authentication is fundamental in all aspect of information security and assurance, and is the binding of an identity to a subject. Authentication may be based on: –something known (as a password, shared secret, secret, the private key corresponding to a public key etc.) –something possessed (this is typical a physical asset as a badge card, id-card, password calculator etc.) –something inherent (handwrite, fingerprint, etc.). An authentication protocol proves the nodes identity in a given instance of time. To maintain the identity authentication additional techniques must be included. If nodes is authenticated at the start of a session, they have to ensure that they maintain the authentication during the session, so that an adversary hasn’t interfered the session. An approach to prevent this to happen include: –perform re-authentication or for each discrete resource request (eg each message that have to be exchanged) –tying the identification to an ongoing integrity service, that each message can be tied together with session authentication.
5
Requirement Few computational steps Balanced computational steps Cheap computational step Few messages flow Small messages Small program memory Small data memory requirement Restricted consequences of data disclosure
6
Different crypto algorithm Symmetric encryption –When the nodes (network) is deployed it’s hard (or impossible) to change key –If one node is compromised, the entire network is compromised Hash and HMAC is fast Asymmetric is slow
7
Authentication model The distribution of credential may be done in two ways: –encrypt the credential by the receiver nodes public key – the credential has a signature base on initiators private key The first option require more message exchange during authenticate of its neighbour nodes, than the second option. One-by-one Broadcast
8
The trust model/clock synchronisation If two nodes have succeed an authentication of each other, then there is established a trust relationship between this nodes. –This mean if Node A and B has done the authentication process they trust each other, that is also true if node B and C has done the authentication process. –But this doesn’t mean that node A and C trust each other. If node A and C have to trust each other, they have to do the authentications process. Further it is assumed that every legal node has a certificate with a unique identity and public/private key pair that is distributed and signed by an off-line TTP The private keys are stored in a secure and tamper proof area within the node, and are only known by its owner. Every node is equipped with a GPS-clock, and the time deviation is small (much smaller than a second).
9
Different fast authentication protocols Leslie Lamport (LATEX?) Weakness DoS attack Sign every traffic key Wormhole and insider attack DoS attack Sign every hash chain Wormhole and insider attack
10
Threat Wormhole attackInsider attack
11
The new authentication protocol
12
New authentication protocol(1) The protocol include 3 hash chain 1.The master hash chain 2.Traffic hash chain 3.Session hash chain
13
New authentication protocol(2) hop-by-hop
14
New authentication protocol(3) hop-by-hop
15
Three hash chain
16
Some test result on my computer 1.6 GHz Centrino Duo
17
Result from simulation Assume that Pt>Pc>Pm, Pt=xPc and r-the data rate Pt-Transmit power, Pc-CPU power, Pm-power to keep memory
18
Conclusion The new protocol –is more secure against DoS, wormhole and insider attack –require less power than earlier proposed authentication protocol
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.