Download
1 / 21
E N D
1.
Security in Mobile Ad-Hoc Networks
Simon Skaria
ICS, UC Irvine
2. What is Ad-Hoc? No infrastructure required
Like Bluetooth, IR; Unlike 802.11
Each node can communicate with another node if
within the radio range, or
a pager node is available
3. Securing Ad-Hoc Networks Need to provide Anywhere, Anytime security services
Dynamically changing network topologies
Resource constrained units, normally
Jittery channel, Easy to jam and intrude
4. Authentication in Ad-Hoc Networks Uses Certificate-Based approach
Intrusion Resistant, not intrusion Free
Distributes CA functionality in each neighborhood
Self-Initialization protocol to handle dynamic node membership
5. Network Setting Dynamic wireless ad-hoc network with N networking hosts/entities
Every entity i has a globally unique nonzero ID vi
Entities roam freely in the network
Number of entities, N may change over time
6. Security Assumption
Scheme assumes one of the following
An entitys private key will not be exposed for a certain period of time, OR
An entitys ID, vi is not forgeable by the intruder
7. Locally Distributing CAs {SK, PK} denote the RSA Key pair of the System CA
Secret is distributed using Shamirs scheme
Each entity vi holds a secret share Pvi and any K of such entities can collectively function the role of a CA
8. Individually, Maintains a public key pair
Signed by CA (SK), contains Tsign, Texpire
Used for
Cipher-Key Exchange
Message Privacy
Message Integrity and
Non-Repudiation
9. Enforcing Validity Implicit Certificate Revocation
Certificate is considered invalid unless renewed within Trenew
Explicit Certificate Revocation
CRL of revoked certificates is maintained.
An entry needs to be kept for Trenew amount of time
10. Basic Operations Involves local coalition of K share holders
Secret Share Dealing
Certification Services, and
Secret Share Updates
11. Secret Share Dealing An entity vi obtains its secret share Pvi
Bootstrapping phase
Before K entities have joined the group
Self-Initialisation phase
Need a local coalition of K entities
Centralized dealer is not needed any more
12. Certification Services
13. Secret Share Updates No adversary group having less than K collaborative adversaries can forge a certificate
To resist gradual break-ins, secret share is updated periodically
Update time is a system parameter
14. Certificate Revocation Over and above the implicit revocation scheme
If vxs certificate is compromised, a counter certificate <?vx , Tsign? > is flooded over the network
Each node maintain a subset of counter-certificates within the past Trenew
15. Shamirs Secret Sharing D is secret to be shared
Lagrange polynomial
F(x) = D + f1.x ++ fk-1.xk-1
fis Chosen randomly
Each entity holds a secret share
Pvi = (f(vi) mod n)
16. Localized Certification Service
17. Interpolation over Z?(n) Problem! (Pvi .lvi(0) mod n) = t.n + d; 0?t?K
X ? Xd mod n
18. Solution: Coalition Offsetting Y0, Product of the Signatures Received
Z = M-n mod n
j = 0; w = 1
while j ? K do
Y = Y0.W mod n; W = W.Z mod n
if (M ? Ye (mod n)) then break;
j = j + 1;
19. Self-Initialization
20. Self-Initialization, in Practice Uninitialized node vx broadcasts request
Each member selects a random nonce
ID forms a partial order
Encrypts with of the intended receiver
The requester routes encrypted nonces
Nonces are added to the partial secret share
21. Issues Padding used in RSA do not cancel each other
Secret Share of a new entity in the self-initialization process
How do you know the K-participating entities in Self-Initialization?
K is not flexible
