Presentation is loading. Please wait.

Presentation is loading. Please wait.

MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,

Published byEverett Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,"— Presentation transcript:

1 MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25, 2003 Presented by Sookhyun, Yang

2 2/16 Contents Introduction Introduction Background Background Requirements Requirements MOCA (MObile Certificate Authority) Framework MOCA (MObile Certificate Authority) Framework Evaluation Evaluation Conclusion Conclusion

3 3/16 Introduction Wireless ad hoc networks Wireless ad hoc networks Infrastructure-less nature Infrastructure-less nature Inhibit guaranteeing any kind of connectivity Inhibit guaranteeing any kind of connectivity Increased physical vulnerability of the nodes Increased physical vulnerability of the nodes Key management framework for ad hoc networks Key management framework for ad hoc networks MOCA framework MOCA framework PKI (Public Key Infrastructure) without infrastrucutre PKI (Public Key Infrastructure) without infrastrucutre Threshold cryptography Threshold cryptography MOCA nodes MOCA nodes Communication protocol between a client and CAs Communication protocol between a client and CAs MP (MOCA certification protocol) MP (MOCA certification protocol)

4 4/16 Background PKI PKI Collection of components and procedure that support the management of cryptographic keys through the use of digital certificates Collection of components and procedure that support the management of cryptographic keys through the use of digital certificates Public key certificate Public key certificate Threshold cryptography Threshold cryptography Divide up a secret to n pieces Divide up a secret to n pieces Reconstruct the full secret with any k pieces out of those n Reconstruct the full secret with any k pieces out of those n CA’s private key : KRauth CA’s public key : KUauth X’s public key : Kux C A = E KRauth [TIme 1,ID A,KUa] CACA AABB KUa KUb (2) C B CACA CBCB (1) C A thresholdMOCAsMOCAs

5 5/16 Requirements Requirements for MOCA framework Requirements for MOCA framework Fault tolerance Fault tolerance Maintain correct operation in the presence of faulty nodes Maintain correct operation in the presence of faulty nodes Tolerant to a fraction of faulty nodes Tolerant to a fraction of faulty nodes Security Security Act as the trust anchor for the whole network Act as the trust anchor for the whole network Operate securely against malicious nodes or adversaries Operate securely against malicious nodes or adversaries Availability Availability Highly dependent on the connectivity of the network Highly dependent on the connectivity of the network Certification service should be always available to clients Certification service should be always available to clients

6 6/16 MOCA Framework (1/4) Choosing MOCA nodes Choosing MOCA nodes Exploit heterogeneity Exploit heterogeneity More trustworthy More trustworthy Computationally more powerful Computationally more powerful Physically more secure Physically more secure Threshold cryptography Threshold cryptography Distribute the functionality of a CA to the whole network Distribute the functionality of a CA to the whole network Secret : CA’s private key Secret : CA’s private key CA : n MOCA nodes CA : n MOCA nodes Threshold : k MOCA nodes Threshold : k MOCA nodes Configuration Configuration Total number of nodes in the network (M) Total number of nodes in the network (M) Number of MOCAs (n) Number of MOCAs (n) Threshold value for secret reconstruction (1<= k <= n) Threshold value for secret reconstruction (1<= k <= n) Connectivity Connectivity MP (MOCA certification protocol) MP (MOCA certification protocol) Communication protocol between client and MOCAs Communication protocol between client and MOCAs One-to-many-to-one One-to-many-to-one

7 7/16 MOCA Framework (2/4) Threshold Cryptography Threshold Cryptography Certification Certification Revocation Revocation (1)At least k request (2) Partial signature signed with key share (3) Collect k partial signature (4) Reconstruct full signature “C A ” clientMOCA nodes (1) Partially signed revocation certificate signed with its key share (2) Full revocation certificate (3) CRL (Certificate revocation list)

8 8/16 Communication protocol - MP Communication protocol - MP Success case Success case k valid CREPs within a fixed period of time k valid CREPs within a fixed period of time Routing Routing Reverse path with CREQ Reverse path with CREQ If no CREP within time-out period, reverse path expires If no CREP within time-out period, reverse path expires MOCA Framework (3/4) (1) CREQ (2) CREP

9 9/16 MOCA Framework (4/4) Mechnisms of MP Mechnisms of MP Flooding Flooding Send and receive packets (CREQ, CREP) to all nodes Send and receive packets (CREQ, CREP) to all nodes Unicast-based optimization Unicast-based optimization β-unicast β-unicast Multiple unicast connections if the client has sufficient routes to MOCAs in its routing cache Multiple unicast connections if the client has sufficient routes to MOCAs in its routing cache Sufficiency Sufficiency Threshold k Threshold k State of the network State of the network If (routes to MOCAs >= β), then β - unicast If (routes to MOCAs >= β), then β - unicast else flooding else flooding How to choose among the MOCAs cached in the routing table (>= β) How to choose among the MOCAs cached in the routing table (>= β) Random MOCAs Random MOCAs Closest MOCAs Closest MOCAs Freshest MOCAs Freshest MOCAs β (threshold unicast) = k (crypto threshold) + α (safety margin) β

10 10/16 Evaluation (1/6) Focus of evaluation Focus of evaluation Effectiveness Effectiveness Success ratio Success ratio Flooding-based protocol : (# of total received CREPs) /(# of total CREQs) Flooding-based protocol : (# of total received CREPs) /(# of total CREQs) Unicast-base optimization : (# of successful certification request)/(# of total CREQs) Unicast-base optimization : (# of successful certification request)/(# of total CREQs) Unicast usage in uicast-based optimization Unicast usage in uicast-based optimization Cost Cost Packet overhead Packet overhead Response time : additional communication delay Response time : additional communication delay Simulation set-up Simulation set-up 1km 600s # of + (mobile nodes) : 150, 300 # of (MOCAs) : 30, 50 # of CREQ : each node 1/1min Mobility Node pause time : 0, 10s Node Max. Speed : 0, 1, 5, 10, 20 ms

11 11/16 Evaluation (2/6) Flooding vs. Unicast Flooding vs. Unicast Unicast usage Unicast usage Use of unicast CREQs Use of flooding CREQs x : β y : usage of unicast Total # of CREQs = 1000

12 12/16 Evaluation (3/6) Packet overhead Packet overhead Total number of control packets Total number of control packets used for certification services n = 30 n = 30 Setting β as low as possible Setting β as low as possible results in the best improvements in overhead, but endangering security of the whole framework

13 13/16 Evaluation (4/6) Certification delay Certification delay Arrival time of CREP packets with the closest-unicast approach Arrival time of CREP packets with the closest-unicast approach Choice between flooding and unicast-based optimizations or choice between different β values does not affect the timing behavior Choice between flooding and unicast-based optimizations or choice between different β values does not affect the timing behavior 0.3s

14 14/16 Evaluation (5/6) Success ratios Success ratios α plays an important role in determining the success ratio within a given τ α plays an important role in determining the success ratio within a given τ Helpful when deciding an adequate τ for a given k Helpful when deciding an adequate τ for a given k

15 15/16 Evaluation (6/6) Summary Summary High success ratio High success ratio Flooding-based protocol : almost 99% Flooding-based protocol : almost 99% Unicast-based optimization : 75%~97% Unicast-based optimization : 75%~97% Reduced overhead Reduced overhead Unicast optimization saves up to about 30% of control packets Unicast optimization saves up to about 30% of control packets Certification delay is acceptable Certification delay is acceptable

16 16/16 Conclusion Present a practical key management framework for ad hoc wireless networks using PKI Present a practical key management framework for ad hoc wireless networks using PKI Clarify the necessity and the problem of providing a PKI framework for ad hoc network Clarify the necessity and the problem of providing a PKI framework for ad hoc network Identify requirements for such a framework Identify requirements for such a framework Show effectiveness of paper’s approach through simulation results Show effectiveness of paper’s approach through simulation results Provide some insights into the configuration of such security services in ad hoc networks Provide some insights into the configuration of such security services in ad hoc networks

Download ppt "MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,"

Similar presentations

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman

Ranveer Chandra Ramasubramanian Venugopalan Ken Birman
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
1 Mobile IPv6-Based Ad Hoc Networks: Its Development and Application Advisor: Dr. Kai-Wei Ke Speaker: Wei-Ying Huang.

1 Mobile IPv6-Based Ad Hoc Networks: Its Development and Application Advisor: Dr. Kai-Wei Ke Speaker: Wei-Ying Huang.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Similar presentations

Ads by Google