Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate.

Published byVincent Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate."— Presentation transcript:

1 Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate Revocation Scheme for Mobile Ad Hoc Networks Dieynaba Mall 1, Karim Konaté 1, and Al-Sakib Khan Pathan 2 1 Department of Mathematics and Computer Science, Université Cheikh Anta Diop de Dakar, Dakar, Senegal 2 Department of Computer Science, International Islamic University Malaysia, Kuala Lumpur, Malaysia

2 Outline of This Presentation Introduction Motivation and Objectives The proposed scheme Analysis – security and performance Future research directions 2 ISBAST 2014, 26-27 August 2014, KL, Malaysia

3 Introduction In Mobile Ad hoc Networks (MANETs), the nodes maintain the network by communicating among themselves without any particular centralized entity. Due to the nature of wireless communication, MANETs are more vulnerable. Key management is used for secure communication –Key distribution is mainly discussed –Key revocation is also critical 3 ISBAST 2014, 26-27 August 2014, KL, Malaysia

4 Motivation Behind This Work Most of the proposed certificate revocation schemes in MANET present many insufficiencies: –Vulnerable to various types of attacks and do not guarantee efficient resource utilization. –Only digital signature-based schemes addressed resource-efficiency. However, the cost associated with using such operations is still substantially higher than that of symmetric cryptographic operations. –Signature-based broadcast authentication protocols are vulnerable to DoS (Denial of Service) attacks. 4 ISBAST 2014, 26-27 August 2014, KL, Malaysia

5 Objective and Overview We propose an enhanced and efficient certificate/key revocation scheme for Mobile Ad hoc Networks (MANETs). Specific contribution: Our key revocation scheme is based on the scheme presented in the following work (identity based approach): –K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report 9 2009-15, Centre for Applied Cryptographic Research, March 2009. 5 ISBAST 2014, 26-27 August 2014, KL, Malaysia

6 Objective and Overview Identity-based cryptography is a type of public- key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address. Two main issues are addressed in our work: –Vulnerability against various attacks –Resource consumption / Resource-efficiency 6 ISBAST 2014, 26-27 August 2014, KL, Malaysia

7 Building Blocks of Our Scheme We adapt and modify the work of Hoeper and Gong. Employ the HEAP protocol as the underlying broadcast authentication scheme: –R. Akbani, T. Korkmaz, and G. V. S. Raju., “HEAP: hop-by-hop efficient authentication protocol for Mobile Ad-hoc Networks,” Proc. of the 2007 spring simulation multiconference - Volume 1 (SpringSim '07), Vol. 1. Society for Computer Simulation International, 2007, San Diego, CA, USA, pp. 157-165. 7 ISBAST 2014, 26-27 August 2014, KL, Malaysia

8 Security Assumptions We assume a PKI (Public Key Infrastructure)- based system with an external trusted certificate authority, CA (Certification Authority). We consider that each node can communicate with this trusted CA before joining the network and can obtain a unique public key certificate signed by the CA as well as the authentic public key of the CA. –A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. 8 ISBAST 2014, 26-27 August 2014, KL, Malaysia

9 Security Assumptions (Cntd.) All direct communication links between nodes are bidirectional and each node has an implemented monitoring scheme. Each node knows its one-hop neighbors - this is necessary to assure a complete distribution of shared keys. 9 ISBAST 2014, 26-27 August 2014, KL, Malaysia

10 Proposed Scheme Our proposal comprises of three algorithms Before presenting the algorithms, let us know, –All the mathematical notations and their meanings –Certificate Revocation Lists (CRLs) 10 ISBAST 2014, 26-27 August 2014, KL, Malaysia

11 Mathematical Notations 11 ISBAST 2014, 26-27 August 2014, KL, Malaysia TABLE 1. LIST OF NOTATIONS FOR CERTIFICATE REVOCATION SCHEME

12 Certificate Revocation Lists Each node i creates a certificate revocation list CRL i for any of its known nodes j such that j ∈ N i. This list can be represented by a matrix with dimensions (Ω i,Ω i+3 ) as shown below: 12 ISBAST 2014, 26-27 August 2014, KL, Malaysia

13 Our Revocation Scheme We use: (i)Certificate revocation lists instead of key revocation lists, and (ii)The HEAP protocol as broadcast authentication scheme. Hence, shared keys are used to secure accusation messages. The combination gives significant advantage over the previous approach. 13 ISBAST 2014, 26-27 August 2014, KL, Malaysia

14 Our Revocation Scheme (Ctnd.) Algorithm 1: Neighborhood Watch In this algorithm, each node i monitors its one- hop neighbors. Whenever it observes a suspicious neighbor j ∈ N i,1, it sets and creates a neighborhood watch message nw i with: MAC - Message Authentication Code 14 ISBAST 2014, 26-27 August 2014, KL, Malaysia

15 Our Revocation Scheme (Ctnd.) where,, containing ; – cert i is the serial number of i’s certificate; – hopcount ensures that the message reaches all nodes in m-hop distance. Initially, node i sets hopcount = m. index is the index number related to this message and used to prevent replay attacks. and are the different MACs computed each for a one-hop neighbor according to the New Step 2 in the paper. 15 ISBAST 2014, 26-27 August 2014, KL, Malaysia

16 Our Revocation Scheme (Ctnd.) Algorithm 2: Propagate This algorithm is triggered by Algorithms 1 and 3. After creating an accusation message which can be neighborhood watch message nw i or update message um i, the nodes securely propagate accusations to their one-hop neighbors. 16 ISBAST 2014, 26-27 August 2014, KL, Malaysia

17 Our Revocation Scheme (Ctnd.) Algorithm 3: Update CRL This algorithm describes how the node i updates its own revocation list CRL i according to the received accusation message. Node i prepares an update message um i for all of its one-hop neighbors j ∈ N i,1 with: where M contains the parameters as noted before. 17 ISBAST 2014, 26-27 August 2014, KL, Malaysia

18 Security Analysis The use of HEAP as authentication scheme provides a foundation. With HEAP, our revocation scheme can authenticate every single packet in every single hop. Hence, it can combat –replay, impersonation, DoS, man-in-the-middle, wormhole attacks, etc. In addition, HEAP offers some level of protection against insider attackers who try to forge packets and impersonate other insiders. 18 ISBAST 2014, 26-27 August 2014, KL, Malaysia

19 Security Analysis (Ctnd.) Our scheme defends against a wide range of insider attacks by using intelligent techniques, security, and system parameters (in Table 1). Protection against: –Sybil attack –Dropping accusations –Attempt to modify accusations –Moving to a new neighborhood whenever accusation account approaches threshold –Collusion of nodes 19 ISBAST 2014, 26-27 August 2014, KL, Malaysia

20 Performance Analysis 20 ISBAST 2014, 26-27 August 2014, KL, Malaysia [16] K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report 9 2009-15, Centre for Applied Cryptographic Research, March 2009. TABLE 2

21 Performance Analysis With our approach, –the memory space required to store the required information slightly increases due to the storage of certificate of each one-hop neighbor. –the computational overhead generated by an accusation message in our solution remains the same as the one associated with the proposal in [16] 21 ISBAST 2014, 26-27 August 2014, KL, Malaysia

22 Performance Analysis With our approach, –to disseminate an accusation message to the one-hop neighborhood, a node i just needs to execute one broadcast. Thus, compared to the method in [16], our solution considerably reduces the communication overhead associated to the propagation of accusations. Note that in [16], due to the use of pairwise pre- shared secret keys k i,j, to propagate an accusation, it is required to unicast the associated message to each one-hop neighbor. 22 ISBAST 2014, 26-27 August 2014, KL, Malaysia

23 Final Words and Overall Gains Security and performance analyses show that our approach ensures –good protection against a wide range of attacks launched by outsiders –Also, insider attacks in a cost-effective way since our scheme offers smaller overheads. Future work is to investigate applicability of the scheme for other networks and possibly, to further reduce complexity. 23 ISBAST 2014, 26-27 August 2014, KL, Malaysia

24 THANK YOU 24 ISBAST 2014, 26-27 August 2014, KL, Malaysia

25 Questions and Answers Any query should be directed to sakib.pathan@gmail.com, sakib@iium.edu.my ??? For More Information: http://staff.iium.edu.my/sakib/ 25 ISBAST 2014, 26-27 August 2014, KL, Malaysia

Download ppt "Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By: Al-Sakib Khan Pathan SECRET: A Secure and Efficient Certificate."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Similar presentations

Ads by Google