FINAL Project Specifications Improvements to TESLA Broadcast Authentication Protocol ECE646: Cryptography and Network Security Professor Jens-Peter Kaps September 24, 2006 Project Team: Krishna Chaitanya Thirumalasetty KamalEldin Mohamed Lieyong Yang Nick TonFINAL - 1 - 1. Introduction and Motivation One of the many difficulties of low power secure wireless broadcast communication is to ensure source authentication, in other words allowing the receivers to determine that the data received really originates from the true source. This also implies that the communication protocol established must ensure that the data was not modified during transmission. The Timed Efficient Stream Loss-tolerant Authentication (TESLA) protocol was developed by Adrian Perrig e.t. al. to address this problem. The TESLA protocol has gained research interested namely for its efficient use of symmetric key for authentication. However, as established by Kui Ren et. al., the TESLA protocol is insecure against Denial of Service (DoS) attack. The focus of our research project is to explore improvements to the TESLA protocol. Specifically we aim to analyze and implement secret sharing algorithm to supplement the TESLA protocol in order to address the problem of Denial of Service attack. Unlike research explored by Kui Ren where an efficient public key algorithm is used to replace TESLA, our unique goal is to supplement TESLA protocol. We believe that there is a real need for an efficient protocol such as TESLA for low power wireless sensor network. Our research explores one possibility in broadening research in secure wireless sensor network. 2. Detailed description of problems/hypotheses you are planning to investigate. TESLA broadcast authentication protocol suffers from a serious Denial of Service (DoS) attacks due to the delayed message authentication process. The adversary, especially in multi-user scenario, can flood the network arbitrary with bogus packets. The overall objective of our research project is to modify the existing TELSA protocol, through the use of Secret Sharing algorithm to arrive at a scheme that has the following authentication properties: • Security: a legitimate receiver will only accept packets from the genuine source. • Real-time Authentication: a receiver can authenticate any packet immediately. • Efficiency: a scheme should be efficient in both computation and communication. • Immunity to Denial-of-Service (DOS) Attacks: a bogus packet should be filtered as early as possible. • Dynamic Maintenance: access control should be maintained. 3. A tentative list of question you will be seeking an answer to • How efficient does symmetric key secret sharing and/or public key cryptography address the issues of real time authentication and DoS attacks in TESLA Authentication protocol? • What are the other possible effective avenues towards tackling the DoS attacks against TESLA-Based protocol? • How many receivers can be in the network at a time? If a new node/receiver wants to join the network, what is the protocol to follow in light of the secret sharing scheme key distribution?FINAL - 2 - 4. Procedure for verifying the result of your investigation We intend to use NS-2 simulator on Ubuntu 6.06 Linux platform for simulating the Sensor Network nodes and the protocols. The protocols would be written in TCL/C++ complier which is readily available with Linux. The C++ code can be interfaced with NS-2 using the TCL/TK scripting package that comes with NS-2 simulator: • The NS-2 simulator will be used to describe the Sensor nodes, the number of wireless sensors and a rough estimate of the distance between each of them are described here. • The network topology is written in the OTcL script which is similar to writing a C/C++ language. The OTcl script initiates the network topology, network objects. • The script is executed. The simulation results show the transmission, packet and the network analysis. The nam network animator will be used to shows the visual analysis of the network. Furthermore, it can graphically present information such as throughput and number of packets drops at each link, although the graphical information cannot be accurate simulation analysis. Î Plan of Experiments The test experiments will include: 1. The tester will determine if the Shamir threshold scheme is implemented correctly. If all nodes’ pools their shares together in theory they should compute the S secret correctly. 2. The tester will determine if it is infeasible for a non-participating node to intercept a secret share and compute S. 3. The tester will determine if a message concatenated with a share used in conjunction with TESLA protocol can prevent DoS attack for five to six nodes. 4. The tester will extend the experiment 3, to large nodes parties. Î Additional Software Required: • PDNA–Parallel/Distributed NS: NS-2 simulator is a popular and widely used simulator for research. However, the design of NS is such that, simulation of large networks is difficult, if not impossible. PADS research group at Georgia Tech University, Atlanta has developed extensions and enhancements to the NS simulator to allow a network simulation to be run in a parallel and distributed fashion called PDNS– Parallel/Distributed NS. 5. List areas where the specification can change depending on the progress of the project. The specification changes may vary and will depend on the project progress. However, we anticipate the following task items can change based project complexity and progress: • Implementation of the test infrastructure in ns-2. • Experimentation scopeFINAL - 3 - 6. Project Schedule The project will adhere to the following tentative schedule: 7- A tentative table of contents of your final report Part (1): Abstract and Problem Definition Part (II): Introduction • Challenges to Broadcast Communications. • Security Requirements for Broadcast Communications Part (III): TESLA Broadcast Authentication Protocol • Description of Basic TESLA Protocol • TESLA Denial of Service Attacks Î DoS Attacks on the Sender Î DoS Attacks on the Receiver Part (IV): Towards Defeating TESLA DoS Attacks • Public Key Based Scheme Î Certificate Based Authentication Scheme Î Merkle Hash Tree Based Authentication Schemes Î ID Based Authentication Scheme • Proposed Secret
View Full Document