Secure Ad-Hoc NetworkWhat is Ad-Hoc Network?Truth is…Challenges in Ad-Hoc NetworkSecurity in Ad-Hoc NetworkSlide 6Slide 7Slide 8Slide 9Slide 10Security in mobile networkEverything comes to…Traditional ways do not workEarly works may not either…SPINS – authenticated routingSlide 16Decentralized solutionsShamir’s secret sharing schemeWhat is threshold cryptography?Threshold SchemeEmulation of Certificate AuthorityStill problem remains…Password based public key infrastructureSlide 24Slide 25Self-organized public-key infrastructureSlide 27Slide 28No scheme is perfect yet1Secure Ad-Hoc NetworkEunjin [email protected] is Ad-Hoc Network?Ad-Hoc Network–Subset of peer-to-peer computing problem–Sensor network–Wireless and mobile–Physically neighboring participants–No infrastructure3Truth is…Ad-Hoc Network relies on –Base Station–Offline configurationPotential–Military operation use–Sensor network–Pervasive, ubiquitous computing4Challenges in Ad-Hoc NetworkMobility–Restricted computing resource–Restricted power resource–Unreliable communicationAd-Hoc–Transient states–No trustworthy third party–Often security protocol integrated with others5Security in Ad-Hoc NetworkAvailability–Sleep Deprivation Torture•Power consumption is worse than computing or network resource consumption, because the device cannot recover as soon as the attack finishes–Jamming•Spectrum Spread, Frequency Hopping6Security in Ad-Hoc NetworkConfidentiality–Easier to passively eavesdrop–Cannot rely on expensive cryptosystem–Symmetric key cryptography is used–Small key, frequent update vs. large key, intermittent update7Security in Ad-Hoc NetworkAuthorization–Network resource•Inherently vulnerable to bandwidth stealing•Should reject routing unauthorized packet–Transient states•Security associations between principals are transient•Static authorization policy is unfeasible8Security in Ad-Hoc NetworkAuthentication–Cannot rely on central server–Neither on public key cryptography–Should be adaptive to transient authorization policy–Should be swift to renew symmetric key–Pre-computed certificate–Threshold cryptography9Security in Ad-Hoc NetworkIntegrity–Similar to any communication–Use traditional solution based on symmetric keyNon-Repudiation–Based on public/private key cryptography–Hard to achieve with limited computing resource–Content with certificates10Security in Ad-Hoc NetworkTamper-Resistance–Security not only on communication, but also on its physical statusIntrusion Detection–Shares have to be revoked and renewed when compromisedAnonymity–Hide the identity of the senders and receivers11Security in mobile networkAAA properties–Authentication–Authorization–AccountingStandard in CDMA2000 packet core network12Proper authentication scheme is the key to solve security problem in ad-hoc networkHierarchical authentication scheme–Less mobility, higher in hierarchyMultilevel authentication scheme–Link layer[BT01]–Routing layer[PSWCT01]–Application layerEverything comes to…13Traditional ways do not workIndirect Kerberos[FG96]–Assuming application-level proxy to delegate public key operations–Base station can do the job if there is oneDuplicated servers–Tradeoff between mobility and cost14Early works may not either… Authentication protocols for PCS [LH95] –offer even non-repudiation–Assumption of static and high-capability HOME base station; works with mobile-IP–Assumption of reliable communication between home base station and current one–Frequent cryptographic operation including public key operation on the subscriber’s side15SPINS – authenticated routing : streaming authentication protocol–Two-party key agreement protocolSNEP(Secure Network Encryption Protocol)–data confidentiality, two-party data authentication, and data freshnessKey from , further operation on SNEPTESLATESLA16SPINS – authenticated routingProblem–Assumption on the functionality of base station–Lack of local operation17Decentralized solutionsEmulations of Certificate AuthorityKey agreement based on prior context or offline agreementSelf-organized public key infrastructure18Shamir’s secret sharing schemeInterpolating scheme (m>1)1110)(mmxaxaaxF 1110)(mmxaxaaxf 19What is threshold cryptography?(m, n) – threshold scheme–m-out-of-n scheme, secret sharing scheme–1 sender(dealer) distributes partial secret(shares, shadows) to n participants–Any m parts put together can retrieve the secret, but not less than m–Perfect for any group of at most m-1 participants20Threshold SchemeTradeoff between security and reliability according to the choice of m and n–Reliability measure •Target of denial of service attack : n-m+1–Security measure•Target of compromising : mGood for distributed authentication21Emulation of Certificate AuthorityEach entity has a share of group keyMore than m entities can act as a certificate authority – local operationEach entity computes partial certificate out of partial secretProactively update shares, and actively revoke any compromised ones22Still problem remains…Requires collaborative users – have to respond the partial certificate request anytime.Who can be a dealer?–Shares are given to principals in bootstrap phase (still base station?)23Password based public key infrastructurePrior context is assumed, so all participants share a weak secret.Extending Diffie-Hellman method to agree on stronger symmetric key among multi-parties.24Password based public key infrastructureO(n) steps m1m2m3m4g^S1g^S1S2g^S1S2S3g^S1S2S3g^S1S2S3P(c1=g^S1bs2S3)c1^S425Password based public key infrastructureNeed to communicate with all group members and select a leaderStatic group assumption26Self-organized public-key infrastructureEach user publishes its own certificate and some for othersEach user maintains certificate repository, some issued by itself, rest by others. Trust graph : each user is a node, and an edge (u,v) denotes user u published certificate to v.27Self-organized public-key infrastructure28Self-organized public-key infrastructureHow many certificates should be stored in the repository to cover all pairs in the ad hoc network? covers
View Full Document