Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big."— Presentation transcript:

1 An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big Sky, MT, March 6-13, 2004

2 Dept. of Computer Science & Engineering, CUHK 2 Outline Introduction Related Work Models Security Operations Simulation Results Conclusion

3 Dept. of Computer Science & Engineering, CUHK 3 Mobile Ad Hoc Networks Infrastructure-less Multi-hops Wireless communications Highly mobile Dynamic topology Vulnerable to security attacks

4 Dept. of Computer Science & Engineering, CUHK 4 Introduction Certificate-based approach Fully distributed manner Detect false public key certificates Isolate dishonest users Propose a secure, scalable and distributed authentication service Assure correctness of public key certification

5 Dept. of Computer Science & Engineering, CUHK 5 Related Work Traditional network authentication solutions rely on physically present, trust third-party servers, or called certificate authorities (CAs). Partially-distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes. Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node.

6 Dept. of Computer Science & Engineering, CUHK 6 Related Work Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web of trust is established. Self-issued certificates issue certificates by users themselves without the involvement of any certificate authority.

7 Dept. of Computer Science & Engineering, CUHK 7 Our Work Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes Prevent nodes from obtaining false public keys of the others Based on a network model and a trust model Security operations include public key certification and trust value update

8 Dept. of Computer Science & Engineering, CUHK 8 Architecture Clustering-based network model Trust model with an authentication metric Security operations to detect and isolate malicious nodes

9 Dept. of Computer Science & Engineering, CUHK 9 The Network Model Obtain a hierarchical organization Minimize the amount of storage for communication information Optimize the use of network bandwidth Direct monitoring capability is limited to neighboring nodes Allow the monitoring work to proceed more naturally Improve network security

10 Dept. of Computer Science & Engineering, CUHK 10 The Network Model Divide the network into different regions Each region with similar number of nodes Unique group ID E.g. Zonal distributed algorithm, Weight base clustering algorithm, etc

11 Dept. of Computer Science & Engineering, CUHK 11 The Trust Model Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust Our trust model does not have any trust root certificate; it just relies on direct trust and groups of introducers in certification

12 Dept. of Computer Science & Engineering, CUHK 12 The Trust Model Define the authentication metric as a continuous value between 0.0 and 1.0 A direct trust is the trust relationship between two nodes in the same group A recommendation trust is the trust relationship between nodes of different groups

13 Dept. of Computer Science & Engineering, CUHK 13 Security Operations Select introducers Send request messages Compare certificates received Trust value update

14 Dept. of Computer Science & Engineering, CUHK 14 Authentication in our network relies on the public key certificates signed by some trustable nodes. Nodes in the same group are assumed to know each other by means of their monitoring components and the short distances among them Public Key Certification

15 Dept. of Computer Science & Engineering, CUHK 15 Operation of Node Select introducers Send request messages to introducers Collect and decrypt the messages Compare the certificates, isolate dishonest nodes Calculate trust value of the new node

16 Dept. of Computer Science & Engineering, CUHK 16 Trust Value Update s denotes the requesting node t denotes the target node Nodes i 1, i 2, …, i n are the introducers Each V s, i* and V i*, t form a pair to make up a single trust path from s to t V s,i 1 V s,i 2 V s,i n V i 1,t V i 2,t V i n,t

17 Dept. of Computer Science & Engineering, CUHK 17 Trust Value Update Compute the new trust relationship from s to t of a single path Combine trust values of different paths to give the ultimate trust value of t Insert trust value V t to the trust table of s

18 Dept. of Computer Science & Engineering, CUHK 18 Simulation Set-Up Network simulator Glomosim Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Simulation Parameters

19 Dept. of Computer Science & Engineering, CUHK 19 Metrics Successful rate  % of public key requests that lead to a correct conclusion Failure rate  % of public key requests that lead to an incorrect conclusion Unreachable rate  % of public key requests that cannot be made due to not enough number of introducers

20 Dept. of Computer Science & Engineering, CUHK 20 Ratings to Periods of Time

21 Dept. of Computer Science & Engineering, CUHK 21 Ratings to Malicious Nodes

22 Dept. of Computer Science & Engineering, CUHK 22 Ratings to Trustable Nodes at Initialization

23 Dept. of Computer Science & Engineering, CUHK 23 Comparison with PGP - Successful Rate

24 Dept. of Computer Science & Engineering, CUHK 24 Comparison with PGP - Failure Rate

25 Dept. of Computer Science & Engineering, CUHK 25 Comparison with PGP - Unreachable Rate

26 Dept. of Computer Science & Engineering, CUHK 26 Conclusions We developed a trust- and clustering-based public key authentication mechanism We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values We defined the network model as clustering-based The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation on malicious nodes We conducted security evaluation We compared with the PGP approach to demonstrate the effectiveness of our scheme

Download ppt "An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big."

Similar presentations

1 A Real-Time Communication Framework for Wireless Sensor-Actuator Networks Edith C.H. Ngai 1, Michael R. Lyu 1, and Jiangchuan Liu 2 1 Department of Computer.

1 A Real-Time Communication Framework for Wireless Sensor-Actuator Networks Edith C.H. Ngai 1, Michael R. Lyu 1, and Jiangchuan Liu 2 1 Department of Computer.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.

Secure communication in cellular and ad hoc environments Bharat Bhargava Department of Computer Sciences, Purdue University This is supported.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.

On the Construction of Energy- Efficient Broadcast Tree with Hitch-hiking in Wireless Networks Source: 2004 International Performance Computing and Communications.

Similar presentations

Ads by Google