Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."— Presentation transcript:

1 Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture 13: Key Management in MANETs Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Thanks to: Nitin H. Vaidya University of Illinois at Urbana-Champaign

2 Kemal AkkayaWireless & Network Security 2 Key Management  Security in networking is in many cases dependent on proper key management  In “pure” ad hoc networks, access to infrastructure cannot be assumed  MANETs & WSNs  Network may also become partitioned  In “hybrid” networks, however, if access to infrastructure is typically available, traditional solutions can be extended with relative ease  Wireless LANs  Centralized approaches for Key Management are vulnerable as single point of failures  Distributed Approaches are desirable in MANETs and WSNs

3 Kemal AkkayaWireless & Network Security 3 CA  Certification Authority (CA) has a public/private key pair, with public key known to all  CA signs certificate binding public keys to other nodes  A single CA may not be enough – unavailability of the CA (due to partitioning, failure or compromise) will make it difficult for nodes to obtain public keys of other hosts  A compromised CA may sign erroneous certificates  Solutions for MANETs  Distributed CA: [Zhou99] Securing Ad Hoc Networks, Lidong Zhou, Zygmunt J. Haas, IEEE Network, 1999  [Capkun93] S. Capkun, L. Buttyan, and J. P. Hubaux, "Self- Organized Public-Key Management for Mobile Ad Hoc Networks“ IEEE Transactions on Mobile Computing, Vol. 2, Nr. 1 (January - March 2003)

4 Kemal AkkayaWireless & Network Security 4 Distributed CA  Use threshold cryptography to implement CA functionality jointly at n nodes. The n CA servers collectively have a public/private key pair  Each CA only knows a part of the private key  Can tolerate t compromised servers  Threshold cryptography: (n,t+1) threshold cryptography scheme allows n parties to share the ability to perform a cryptographic operation (e.g., creating a digital signature)  Any (t+1) parties can perform the operation jointly  No t or fewer parties can perform the operation  Each server knows public key of other servers, so that the servers can communicate with each other securely  To sign a certificate, each server generates a partial signature for the certificate, and submits to a combiner  To protect against a compromised combiner, use t+1 combiners

5 Kemal AkkayaWireless & Network Security 5 Self-Organized Public Key Management  Does not rely on availability of CA  Nodes form a “Certificate Graph”  each vertex represents a public key  an edge from K u to K w exists if there is a certificate signed by the private key of node u that binds K w to the identity of some node w.  Four steps of the management scheme  Step 1: Each node creates its own private/public keys. Each node acts independently  Step 2: When a node u believes that key K w belongs to node w, node u issues a public-key certificate in which K w is bound to w by the signature of u  Step 3: Nodes periodically exchange certificates with other nodes they encounter  Step 4: Each node forms a certificate graph using the certificates known to that node KuKu KwKw (w,K w ) Pr Ku

6 Kemal AkkayaWireless & Network Security 6 Self-Organized Public Key Management  Authentication  When a node u wants to verify the authenticity of the public key K v of node v, u tries to find a directed graph from K u to K v in the certificate graph. If such a path is found, the key is authentic.  Misbehaving hosts may issue incorrect certificates  If there are mismatching certificates, indicates presence of a misbehaving host (unless one of the mismatching certificate has expired)  Mismatching certificates may bind same public key for two different nodes, or same node to two different keys  To resolve the mismatch, a “confidence” level may be calculated for each certificate chain that verifies each of the mismatching certificates  Choose the certificate that can be verified with high confidence – else ignore both certificates

Download ppt "Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture."

Similar presentations

How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.

How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.
Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York 14853.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.

Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
L. Zhou, Z.J. Haas: Securing Ad Hoc Networks, 1999 1 (26) L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen.

L. Zhou, Z.J. Haas: Securing Ad Hoc Networks, (26) L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.

Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Centre for Wireless Communications University of Oulu, Finland

Centre for Wireless Communications University of Oulu, Finland
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google