1 secure ad-hoc network eunjin jung [email protected]
TRANSCRIPT
2
What is Ad-Hoc Network?
Ad-Hoc Network– Subset of peer-to-peer computing problem– Sensor network– Wireless and mobile– Physically neighboring participants– No infrastructure
3
Truth is…
Ad-Hoc Network relies on – Base Station– Offline configuration
Potential– Military operation use– Sensor network– Pervasive, ubiquitous computing
4
Challenges in Ad-Hoc Network
Mobility– Restricted computing resource– Restricted power resource– Unreliable communication
Ad-Hoc– Transient states– No trustworthy third party– Often security protocol integrated with others
5
Security in Ad-Hoc Network
Availability– Sleep Deprivation Torture
• Power consumption is worse than computing or network resource consumption, because the device cannot recover as soon as the attack finishes
– Jamming• Spectrum Spread, Frequency Hopping
6
Security in Ad-Hoc Network
Confidentiality– Easier to passively eavesdrop– Cannot rely on expensive cryptosystem– Symmetric key cryptography is used– Small key, frequent update vs. large key,
intermittent update
7
Security in Ad-Hoc Network
Authorization– Network resource
• Inherently vulnerable to bandwidth stealing
• Should reject routing unauthorized packet
– Transient states• Security associations between principals are
transient
• Static authorization policy is unfeasible
8
Security in Ad-Hoc Network
Authentication– Cannot rely on central server– Neither on public key cryptography– Should be adaptive to transient authorization
policy– Should be swift to renew symmetric key– Pre-computed certificate– Threshold cryptography
9
Security in Ad-Hoc Network
Integrity– Similar to any communication– Use traditional solution based on symmetric
key Non-Repudiation
– Based on public/private key cryptography– Hard to achieve with limited computing
resource– Content with certificates
10
Security in Ad-Hoc Network
Tamper-Resistance– Security not only on communication, but also
on its physical status
Intrusion Detection– Shares have to be revoked and renewed when
compromised
Anonymity– Hide the identity of the senders and receivers
11
Security in mobile network
AAA properties– Authentication– Authorization– Accounting
Standard in CDMA2000 packet core network
12
Proper authentication scheme is the key to solve security problem in ad-hoc network
Hierarchical authentication scheme– Less mobility, higher in hierarchy
Multilevel authentication scheme– Link layer[BT01]– Routing layer[PSWCT01]– Application layer
Everything comes to…
13
Traditional ways do not work
Indirect Kerberos[FG96]– Assuming application-level proxy to delegate
public key operations– Base station can do the job if there is one
Duplicated servers– Tradeoff between mobility and cost
14
Early works may not either…
Authentication protocols for PCS [LH95] – offer even non-repudiation– Assumption of static and high-capability
HOME base station; works with mobile-IP– Assumption of reliable communication between
home base station and current one– Frequent cryptographic operation including
public key operation on the subscriber’s side
15
SPINS – authenticated routing
: streaming authentication protocol– Two-party key agreement protocol
SNEP(Secure Network Encryption Protocol)– data confidentiality, two-party data
authentication, and data freshness
Key from , further operation on SNEP
TESLA
TESLA
16
SPINS – authenticated routing
Problem– Assumption on the functionality of base station– Lack of local operation
17
Decentralized solutions
Emulations of Certificate Authority Key agreement based on prior context or
offline agreement Self-organized public key infrastructure
18
Shamir’s secret sharing scheme
Interpolating scheme (m>1)
1110)(
mm xaxaaxF
1110)(
mm xaxaaxf
19
What is threshold cryptography?
(m, n) – threshold scheme– m-out-of-n scheme, secret sharing scheme– 1 sender(dealer) distributes partial
secret(shares, shadows) to n participants– Any m parts put together can retrieve the secret,
but not less than m– Perfect for any group of at most m-1
participants
20
Threshold Scheme
Tradeoff between security and reliability according to the choice of m and n– Reliability measure
• Target of denial of service attack : n-m+1
– Security measure• Target of compromising : m
Good for distributed authentication
21
Emulation of Certificate Authority Each entity has a share of group key More than m entities can act as a certificate
authority – local operation Each entity computes partial certificate out
of partial secret Proactively update shares, and actively
revoke any compromised ones
22
Still problem remains…
Requires collaborative users – have to respond the partial certificate request anytime.
Who can be a dealer?– Shares are given to principals in bootstrap
phase (still base station?)
23
Password based public key infrastructure Prior context is assumed, so all participants
share a weak secret. Extending Diffie-Hellman method to agree
on stronger symmetric key among multi-parties.
24
Password based public key infrastructure O(n) steps
m1
m2
m3
m4
g^S1
g^S1S2
g^S1S2S3
g^S1S2S3
g^S1S2S3P(c1=g^S1bs2S3)
c1^S4
25
Password based public key infrastructure Need to communicate with all group
members and select a leader Static group assumption
26
Self-organized public-key infrastructure Each user publishes its own certificate and
some for others Each user maintains certificate repository,
some issued by itself, rest by others. Trust graph : each user is a node, and an
edge (u,v) denotes user u published certificate to v.
27
Self-organized public-key infrastructure
28
Self-organized public-key infrastructure How many certificates should be stored in
the repository to cover all pairs in the ad hoc network? covers 95%
Certificate neighbor may not be available at the trust graph construction time
Tested on PGP trust graphs – does that represent ad hoc network properly?
n2
29
No scheme is perfect yet
Security issues in ad-hoc networks are converged into authentication problem without infrastructure, in peer-to-peer manner.
The burden of CA is reduced, but still we need co-ordination