Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.

Published byShon Ramsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray."— Presentation transcript:

1 Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray

2 Towards Flexible Credential Verification in Mobile Ad-hoc Networks - Goals “To propose a flexible verification mechanism to ascertain a user’s identity and credentials based on assertions from peers.” “To propose a flexible verification mechanism to ascertain a user’s identity and credentials based on assertions from peers.” Similar to PGP’s web-of-trust concept. Similar to PGP’s web-of-trust concept. Lessen the number of signature verifications needed. Lessen the number of signature verifications needed. Allow interoperability between different certificate formats and paradigms (X.509, PGP, SPKI). Allow interoperability between different certificate formats and paradigms (X.509, PGP, SPKI).

3 Towards Flexible Credential Verification in Mobile Ad-hoc Networks – Requirements Due to generation and verification of credentials and assertions, significant processing power may be required. Due to generation and verification of credentials and assertions, significant processing power may be required. For X.509 and SPKI verification, a connection to a wired or fixed network is required. For X.509 and SPKI verification, a connection to a wired or fixed network is required. The devices must have enough space to store a public key ring and trustworthiness levels for each key. The devices must have enough space to store a public key ring and trustworthiness levels for each key.

4 Towards Flexible Credential Verification in Mobile Ad-hoc Networks – Architecture The general architecture is shown in the following figure. The general architecture is shown in the following figure. Verification Module Key Management XML Credential Generator Security Assertion Module Key management: Public keys can be added provided their validity has been checked beforehand. Key management: Public keys can be added provided their validity has been checked beforehand. Only assertions made from trusted keys in the ring are considered, all other assertions are discarded. Only assertions made from trusted keys in the ring are considered, all other assertions are discarded. Four trust levels; Full, Partial, Untrustworthy, Unknown. Four trust levels; Full, Partial, Untrustworthy, Unknown.

5 Towards Flexible Credential Verification in Mobile Ad-hoc Networks – Architecture XML Credential Generator: Used to create Credential Assertion Statements (CAS) by grouping the user’s credentials together. XML Credential Generator: Used to create Credential Assertion Statements (CAS) by grouping the user’s credentials together. Information in X.509 certificates and SPKI are extracted and then converted into XML form to produce the CAS. Information in X.509 certificates and SPKI are extracted and then converted into XML form to produce the CAS. The CAS itself need not be encrypted, but it is signed. The CAS itself need not be encrypted, but it is signed. Contains X.509 certificate data and attribute certificate data through and tags in the XML document. Contains X.509 certificate data and attribute certificate data through and tags in the XML document. The tag denotes where the certificate is stored in its original form (ASN.1 DER encoded) The tag denotes where the certificate is stored in its original form (ASN.1 DER encoded)

6 Towards Flexible Credential Verification in Mobile Ad-hoc Networks – Architecture Security Assertion Model: Main functionality is to issue assertions to other peers after successfully verifying the credentials listed in the CAS. Security Assertion Model: Main functionality is to issue assertions to other peers after successfully verifying the credentials listed in the CAS. This is done through Assertion Signature Statements (ASS) which are distributed to the Ad-hoc network. This is done through Assertion Signature Statements (ASS) which are distributed to the Ad-hoc network. Peers must have explicitly declared trust of the issuer of the ASS for it to be considered. Peers must have explicitly declared trust of the issuer of the ASS for it to be considered. More trusted nodes would lead to more ability to validate credentials via peers in the Ad-hoc network instead of through Credential Authorities via a wired network. More trusted nodes would lead to more ability to validate credentials via peers in the Ad-hoc network instead of through Credential Authorities via a wired network.

7 Towards Flexible Credential Verification in Mobile Ad-hoc Networks – Architecture Verification Module: Used to determine if the CAS is authentic and based on authentic credentials. Verification Module: Used to determine if the CAS is authentic and based on authentic credentials. Checks the signatures in the ASSs corresponding to the CAS against the key ring to determine trust. Checks the signatures in the ASSs corresponding to the CAS against the key ring to determine trust. Trust relationships are not transitive except in the case of partially verified information. Trust relationships are not transitive except in the case of partially verified information. Ex: Node A trusts Node B, Node B trusts Node C. Node C asserts that node L’s credential is valid. Ex: Node A trusts Node B, Node B trusts Node C. Node C asserts that node L’s credential is valid. If Node A can partially validate L’s credential, it can trust it due to trusting Node B which trusts Node C. If Node A can partially validate L’s credential, it can trust it due to trusting Node B which trusts Node C. Does NOT imply trust of further assertions from Node C. Does NOT imply trust of further assertions from Node C.

8 Ad Hoc Sensor Networks Authentication Authentication Typically requires high levels of computational and communication capabilities Typically requires high levels of computational and communication capabilities Sensors Sensors Low-powered, mobile devices Low-powered, mobile devices Many applications for sensors where strong authentication is desirable Many applications for sensors where strong authentication is desirable

9 Three-tier Hierarchy Tier 1: Access Points Tier 1: Access Points High-power High-power Route radio packets to wired infrastructure Route radio packets to wired infrastructure Tier 2: Forwarding Nodes Tier 2: Forwarding Nodes Medium-power, mobile Medium-power, mobile Relay information to access points Relay information to access points Tier 3: Sensor Nodes Tier 3: Sensor Nodes Low-power, mobile Low-power, mobile Collect data to send to application Collect data to send to application

10 Authentication TESLA Certificate TESLA Certificate Short lifetime Short lifetime Sensors assigned certificates by access points Sensors assigned certificates by access points Forwarding nodes only authenticate themselves in assured mode Forwarding nodes only authenticate themselves in assured mode

11 Authentication Weak mode Weak mode Only the origin of the data is verified Only the origin of the data is verified The data can be routed through any series of forwarding nodes The data can be routed through any series of forwarding nodes Assured mode Assured mode Each forwarding node will append its signature to the data Each forwarding node will append its signature to the data This allows the route to be verified This allows the route to be verified

12 Mobility Helps Security in Ad Hoc Networks – Idea Mimic human behavior; to communicate securely get close to each other and establish mutual credentials. Mimic human behavior; to communicate securely get close to each other and establish mutual credentials. Two separate models: Two separate models: 1 – Allows for security without any kind of central authority. 1 – Allows for security without any kind of central authority. 2 – Allows for an offline authority authorizing nodes to join the network. 2 – Allows for an offline authority authorizing nodes to join the network.

13 Mobility Helps Security in Ad Hoc Networks – Assumptions The ability to establish a “secure side channel,” through an infrared link, physical connection, or some other secure, local method for model 1. The ability to establish a “secure side channel,” through an infrared link, physical connection, or some other secure, local method for model 1. Nodes in a given Ad Hoc network move around. Nodes in a given Ad Hoc network move around. This mobility will actually assist in establishing security associations between nodes on the network. This mobility will actually assist in establishing security associations between nodes on the network. Each node is able to generate cryptographic keys, check signatures, and accomplish any task required to secure its communications (specifically; agree on cryptographic protocols with other nodes) Each node is able to generate cryptographic keys, check signatures, and accomplish any task required to secure its communications (specifically; agree on cryptographic protocols with other nodes)

14 Mobility Helps Security in Ad Hoc Networks – Overview 1 Network is fully self-organized (no infrastructure, no central authority, no centralized trusted third party). Network is fully self-organized (no infrastructure, no central authority, no centralized trusted third party). Secure side channel is used to set up security associations between nodes by exchanging cryptographic material. Secure side channel is used to set up security associations between nodes by exchanging cryptographic material. This exchange is made by both users consciously and simultaneously (associate a “human face” with the established security association). This exchange is made by both users consciously and simultaneously (associate a “human face” with the established security association). Use of “Friends” to further distribute public keys. Use of “Friends” to further distribute public keys.

15 Mobility Helps Security in Ad Hoc Networks – Overview 2 Ad Hoc network with a central authority (off-line). Ad Hoc network with a central authority (off-line). Central Authority controls network membership, deciding which nodes can join and how. Central Authority controls network membership, deciding which nodes can join and how. Each node has a unique identity, assigned to it by the authority, binding the node’s identity and public key. Each node has a unique identity, assigned to it by the authority, binding the node’s identity and public key. Each node holds the public key of the central authority. Each node holds the public key of the central authority. If a node A possesses a certificate signed by the central authority binding node B and its public key, then there is a one-way security association between node A and B. If a node A possesses a certificate signed by the central authority binding node B and its public key, then there is a one-way security association between node A and B. If each node has a one-way security association of the other, they have a two-way security association. If each node has a one-way security association of the other, they have a two-way security association.

16 Mobility Helps Security in Ad Hoc Networks – Comparisons Mobility-based approach allows insertion of new nodes and secure transfers without on-line key distribution. Mobility-based approach allows insertion of new nodes and secure transfers without on-line key distribution. Drawback: takes time to establish security associations. Drawback: takes time to establish security associations. Self-organized approach is useful in securing personal communications on the application level. Self-organized approach is useful in securing personal communications on the application level. Offline authority approach useful in securing networking mechanisms such as routing. Offline authority approach useful in securing networking mechanisms such as routing. In the self-organized approach, users must establish security associations consciously; In the authority-based approach, these associations are established automatically. In the self-organized approach, users must establish security associations consciously; In the authority-based approach, these associations are established automatically.

17 Generic Implementation of Elliptic Curve Cryptography using Partial Reduction Elliptic curve cryptography (ECC) is becoming an attractive alternative to traditional RSA and DH Elliptic curve cryptography (ECC) is becoming an attractive alternative to traditional RSA and DH Elliptic Curve Digital Signature Algorithm (ECDSA) Elliptic Curve Digital Signature Algorithm (ECDSA) Government a big fan Government a big fan Paper outlines hardware and software approach to implementing ECC Paper outlines hardware and software approach to implementing ECC

18 ECC Security per bit rivals other common cryptosystems Security per bit rivals other common cryptosystems Involves modular addition, multiplication, and division Involves modular addition, multiplication, and division Coupled with partial reduction, selection of curves becomes more flexible Coupled with partial reduction, selection of curves becomes more flexible

19 Self-Organized Network-Layer Security in Mobile Ad Hoc Networks Assumes no initial trust, no central trusting entity Assumes no initial trust, no central trusting entity Based on On-demand Distance Vector (AODV) routing protocol Based on On-demand Distance Vector (AODV) routing protocol Path discovery is on-demand Path discovery is on-demand Uses Route request/response packets Uses Route request/response packets Is susceptible to routing updates misbehavior and packet forwarding misbehavior Is susceptible to routing updates misbehavior and packet forwarding misbehavior

20 Self-Organized Network-Layer Security in Mobile Ad Hoc Networks Goals Goals No central trust authority or key distributor No central trust authority or key distributor Tolerant to the existence of compromised nodes Tolerant to the existence of compromised nodes Isolate the attacker Isolate the attacker Credit based system where nodes will incur less security overhead as time passes Credit based system where nodes will incur less security overhead as time passes

21 Self-Organized Network-Layer Security in Mobile Ad Hoc Networks How it works How it works Each node has a token signed by the system key (SK) Each node has a token signed by the system key (SK) This token will expire without renewing it in a timely manner This token will expire without renewing it in a timely manner Bad tokens are known to all nodes via their Token Revocation Lists Bad tokens are known to all nodes via their Token Revocation Lists

22 Self-Organized Network-Layer Security in Mobile Ad Hoc Networks How it works How it works Nodes collaborate to monitor each other and issue new tokens Nodes collaborate to monitor each other and issue new tokens Only when the group decides a node is an attacker is it isolated from the network Only when the group decides a node is an attacker is it isolated from the network

Download ppt "Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray."

Similar presentations

RFID Access Control System March, 2003 Softrónica.

RFID Access Control System March, 2003 Softrónica.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Similar presentations

Ads by Google