1

Secure Ad-Hoc Network

Eunjin Jung

ejung@cs.utexas.edu

2

What is Ad-Hoc Network?

Ad-Hoc Network– Subset of peer-to-peer computing problem– Sensor network– Wireless and mobile– Physically neighboring participants– No infrastructure

3

Truth is…

Ad-Hoc Network relies on – Base Station– Offline configuration

Potential– Military operation use– Sensor network– Pervasive, ubiquitous computing

4

Challenges in Ad-Hoc Network

Mobility– Restricted computing resource– Restricted power resource– Unreliable communication

Ad-Hoc– Transient states– No trustworthy third party– Often security protocol integrated with others

5

Security in Ad-Hoc Network

Availability– Sleep Deprivation Torture

• Power consumption is worse than computing or network resource consumption, because the device cannot recover as soon as the attack finishes

– Jamming• Spectrum Spread, Frequency Hopping

6

Security in Ad-Hoc Network

Confidentiality– Easier to passively eavesdrop– Cannot rely on expensive cryptosystem– Symmetric key cryptography is used– Small key, frequent update vs. large key,

intermittent update

7

Security in Ad-Hoc Network

Authorization– Network resource

• Inherently vulnerable to bandwidth stealing

• Should reject routing unauthorized packet

– Transient states• Security associations between principals are

transient

• Static authorization policy is unfeasible

8

Security in Ad-Hoc Network

Authentication– Cannot rely on central server– Neither on public key cryptography– Should be adaptive to transient authorization

policy– Should be swift to renew symmetric key– Pre-computed certificate– Threshold cryptography

9

Security in Ad-Hoc Network

Integrity– Similar to any communication– Use traditional solution based on symmetric

key Non-Repudiation

– Based on public/private key cryptography– Hard to achieve with limited computing

resource– Content with certificates

10

Security in Ad-Hoc Network

Tamper-Resistance– Security not only on communication, but also

on its physical status

Intrusion Detection– Shares have to be revoked and renewed when

compromised

Anonymity– Hide the identity of the senders and receivers

11

Security in mobile network

AAA properties– Authentication– Authorization– Accounting

Standard in CDMA2000 packet core network

12

Proper authentication scheme is the key to solve security problem in ad-hoc network

Hierarchical authentication scheme– Less mobility, higher in hierarchy

Multilevel authentication scheme– Link layer[BT01]– Routing layer[PSWCT01]– Application layer

Everything comes to…

13

Traditional ways do not work

Indirect Kerberos[FG96]– Assuming application-level proxy to delegate

public key operations– Base station can do the job if there is one

Duplicated servers– Tradeoff between mobility and cost

14

Early works may not either…

Authentication protocols for PCS [LH95] – offer even non-repudiation– Assumption of static and high-capability

HOME base station; works with mobile-IP– Assumption of reliable communication between

home base station and current one– Frequent cryptographic operation including

public key operation on the subscriber’s side

15

SPINS – authenticated routing

: streaming authentication protocol– Two-party key agreement protocol

SNEP(Secure Network Encryption Protocol)– data confidentiality, two-party data

authentication, and data freshness

Key from , further operation on SNEP

TESLA

TESLA

16

SPINS – authenticated routing

Problem– Assumption on the functionality of base station– Lack of local operation

17

Decentralized solutions

Emulations of Certificate Authority Key agreement based on prior context or

offline agreement Self-organized public key infrastructure

18

Shamir’s secret sharing scheme

Interpolating scheme (m>1)

1110)(

mm xaxaaxF

1110)(

mm xaxaaxf

19

What is threshold cryptography?

(m, n) – threshold scheme– m-out-of-n scheme, secret sharing scheme– 1 sender(dealer) distributes partial

secret(shares, shadows) to n participants– Any m parts put together can retrieve the secret,

but not less than m– Perfect for any group of at most m-1

participants

20

Threshold Scheme

Tradeoff between security and reliability according to the choice of m and n– Reliability measure

• Target of denial of service attack : n-m+1

– Security measure• Target of compromising : m

Good for distributed authentication

21

Emulation of Certificate Authority Each entity has a share of group key More than m entities can act as a certificate

authority – local operation Each entity computes partial certificate out

of partial secret Proactively update shares, and actively

revoke any compromised ones

22

Still problem remains…

Requires collaborative users – have to respond the partial certificate request anytime.

Who can be a dealer?– Shares are given to principals in bootstrap

phase (still base station?)

23

Password based public key infrastructure Prior context is assumed, so all participants

share a weak secret. Extending Diffie-Hellman method to agree

on stronger symmetric key among multi-parties.

24

Password based public key infrastructure O(n) steps

m1

m2

m3

m4

g^S1

g^S1S2

g^S1S2S3

g^S1S2S3

g^S1S2S3P(c1=g^S1bs2S3)

c1^S4

25

Password based public key infrastructure Need to communicate with all group

members and select a leader Static group assumption

26

Self-organized public-key infrastructure Each user publishes its own certificate and

some for others Each user maintains certificate repository,

some issued by itself, rest by others. Trust graph : each user is a node, and an

edge (u,v) denotes user u published certificate to v.

27

Self-organized public-key infrastructure

28

Self-organized public-key infrastructure How many certificates should be stored in

the repository to cover all pairs in the ad hoc network? covers 95%

Certificate neighbor may not be available at the trust graph construction time

Tested on PGP trust graphs – does that represent ad hoc network properly?

n2

29

No scheme is perfect yet

Security issues in ad-hoc networks are converged into authentication problem without infrastructure, in peer-to-peer manner.

The burden of CA is reduced, but still we need co-ordination