Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPLASH Project INRIA-Eurecom-UC Irvine November 2006.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SPLASH Project INRIA-Eurecom-UC Irvine November 2006."— Presentation transcript:

1 SPLASH Project INRIA-Eurecom-UC Irvine November 2006

2 SPLASH project review July 2003- July 2006 Security of Wireless Adhoc Networks –From MANET security… –To WSN (Wireless Sensor Network) Security! Many contributions in many different areas...

3 Outline MANET Security –Membership Management –Collaboration Enforcement WSN Security –The security Challenges –Secure Aggregation Conclusions

4 What is a MANET? No centralized control No hierarchy Fault-tolerant Dynamic membership MANET Distributed and scalable security services required Set of nodes (5-50) that establish A network Wireless and multi-hop Does not rely on any fixed infrastructure Spontenuous (no prior association)

5 MANET two main Security Challenges Membership/Key Management –How does a new node become a member of the MANETand receive key material without relying on a trusted membership controller? Secure Routing/Collaboration Enforcement –How can we make sure that all node collaborate i.e. relays others’ packets?

6 Topic 1: Membership Management The Centralized Approach A B C D E F Membership manager Single point of failure!

7 Our Approach: Distributed Membership Management A B C E F All members are equal and can participate in new node admission Secure as long as less than t nodes out of n get compromized

8 Our approach:Admission Control Step 1: Join request Step 2: Join commit (Vote) Step 3: GMC issuance & share acquisition M new New member (M new ) wants to join the group A quorum of t current members need to issue M new a group membership certificate (GMC) If no quorum found, membership is denied Vote 1 Vote 2

9 Some details …. Initialization –Dealer (or set of founding nodes) randomly selects polynomial f(x) of degree t-1 –… distributes a secret ssi to each authorized member –And publishes its witnesses f(x) = S + a 1 x + a 2 x 2 + … + a t-1 x t-1 (mod q) ss i = f(id i ) (mod q) Wj = g aj (mod p)

10 Node Admission A new node new receives the partial secret share, pssj, from node j, –Pssj = ssj.lj(new), where lj(.) is the Lagrange coefficient. –Computes its secret share, from at least t partial secrets share by summing them.

11 Key Exchange Once a node becomes a member it has a secret share ss_{new} that can be used: –To Vote for new member admission –To Establish a key with any other MANET member n_i Compute n_i’s public key, PK(i) K_{new,i} = PK(i)^ss_{new} = g^{ssi})^ss_{new} Node i can do the same computation and retrieve the same secret key –To Prove membership Our scheme is fully distributed and secure as long as less than t out of the n members are compromised. It was fully implemented and evaluated… More infos?: –Robust Self-Keying Mobile Ad Hoc Networks, Claude Castellucia, Nitesh Saxena, and Jeong H. Yi, Elsevier Computer Networks, April 2007.Elsevier Computer Networks (mod q) (mod p)

12 Topic 2: Secure Collaboration How to make sure that members are not selfish? –Some nodes might drop packets to save energy or to perform DoS attacks We have developped: – a reputation based solution (CORE) Introduced at Paristic 2004 –a Cryptographic solution

13 Collaboration Enforcement Problem statement: A B C CA

14 Collaboration Enforcement (2) Problem statement: A B C CA

15 Boomerang Routing Some packets addressed to B are routed via C –Boomerang routing ;-) A C B CABA A C B CABA BA

16 Boomerang Routing If B drops packets…it may drop some of its packets  … It is forced to collaborate since he does not know the final destination… Reference: Pocket bluff (INRIA Research Report) Pocket bluff A C B CABA

17 Topic3 : Wireless Sensor Networks Security Another type of adhoc networks Network of sensors that usually monitor the environment Sensors are very small and cheap devices They usually send their monitored data to the sink (a more powerful device) Sink a bc d e

18 Application Spectrum Hazard Detection Biological Monitoring Linear Structure Protection Smart Environment Wearable Computing Immerse Environments Earth Science & Exploration Context-Aware Computing Interactive VR Game Wireless Sensor Networks Urban Warfare Military Surveillance Disaster Recovery Environmental Monitoring

19 MANET vs WSN MANET and WSN look similar but they are quite different.. MANETWSN Nodes are MobileNodes are Fixed 10-50 Nodes1000/10000 Nodes Nodes belong to same entityNodes belong to different entities Nodes sends to BSP2P communication Nodes can easily be physically corrupted Nodes have very Limited CPU/memory/energy

20 Manet Security Challenges MANET WSN Access/Membership Management Scalability Collaboration enforcement/ Secure routing Energy/CPU efficient security protocols Sensor revocation

21 Some Contributions Key establishment/pairing –Shake them Up! (presented at Paristic 2005) Dara Aggregation in WSN –Aggregation is a useful technique to save energy Transmission is the most costly: Transmitting 1 bit is equivalent to executing 1000 instructions! –User is often more interested in the aggregate (i.e. average in a give area) than each individual value –Instead of sending each value to the sink, the values are added by intermediate nodes… –Less packets are transmitted, i.e. energy is saved… Sink a bc d e y’=a+b+c+…e y=y’/n CH

22 Secure Aggregation Aggregation is simple without security –Intermediate nodes process data of their children But what happens if the data sent by each sensor is encrypted using a key that it shares with the sink? We’ve developed a new additively homomorphic cipher Enc(k1, a) + Enc(k2, b) = Enc(k1+k2, a+b) –Intermediate nodes can add the ciphers they receive from children …and the sink can still recover the sum of the plaintexts. –But intermediate nodes do not have access to the plaintext values, i.e. privacy is provided… Efficient Aggregation of Encrypted Data in Wireless Sensor Networks, Mobiquitous 2005, July 2005 Mobiquitous 2005 Sink aggregation function “average” of n sensor nodes a E(a) E(b) b E(c) c E(d) d e y’=E(a)+…+E( d) y=D(y’)/n E(e)

23 Conclusions The SPLASH project was a very productive, collaborative and successful project –Pars Mutaf (INRIA) visited Eurecom for 1 year. –Claude Castelluccia (INRIA) visited UCI for 2 years. The scientific contributions were numerous and many papers were published We participated in many conf. PC and launched ESAS (European Workshop on Security in Adhoc and Sensor Network) Most of our results were implemented and evaluated experimentally –Not just papers or simulations!

24 Some Papers Key distribution/Membership Management in MANET –Robust Self-Keying Mobile Ad Hoc Networks, Elsevier Computer Networks, April 2007.Elsevier Computer Networks –Ad hoc network security, book chapter in Mobile Adhoc networking, 2004 and in Handbook of Information Security (2006). Secure and Private MANET routing protocol –Packet coding for strong anonymity in ad hoc networks, IEEE Securecomm 2006, –Securing Route Discovery in DSR, IEEE Mobiquitous'05 Collaboration Enforcement in MANET –CORE: a collaborative reputation mechanism to enforce node cooperation in MANET (Michiardi phd thesis, 2004 + 6-7 publications) –Pocket Bluff, INRIA Tech. Report, 2005. WSN Security –Shake Them Up! Mobisys 2005. –Efficient Aggregation of Encrypted Data in Wireless Sensor Networks IEEE Mobiquitous'05 –Authenticated Interleaved Encryption, eprint, 2006. –More to come soon ;-)

Download ppt "SPLASH Project INRIA-Eurecom-UC Irvine November 2006."

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
SPLASH Project INRIA-Eurecom-UC Irvine November 2006.

SPLASH Project INRIA-Eurecom-UC Irvine November 2006.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM.

SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM.
1 A few challenges in security & privacy in the context of ubiquitous computing Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine

1 A few challenges in security & privacy in the context of ubiquitous computing Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine
研 究 生:蔡憲邦 指導教授:柯開維 博士 Design of Efficient and Secure Multiple Wireless Mesh Network 具安全性及自我組織能力的 無線網狀網路.

研 究 生:蔡憲邦 指導教授:柯開維 博士 Design of Efficient and Secure Multiple Wireless Mesh Network 具安全性及自我組織能力的 無線網狀網路.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Similar presentations

Ads by Google