SlideFinderPowerPoint search engine with thumbnail results
Newest Viewed Downloaded

L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen johanna.vartiainen@ee.oulu.fi Centre for Wireless Communications University of Oulu, Finland

L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen johanna.vartiainen@ee.oulu.fi Centre for Wireless Communications University of Oulu, Finland

1. Introduction 2. Security Goals and Challenges 3. Scope and Roadmap 4. Secure Routing 5. Key Management Service 6. The System Model 7. Threshold Cryptography 8. Proactive Security and Adaptability 9. Conclusions Outline

1. Introduction

Ad hoc networks do not rely in any fixed infstractructure, unlike trational mobile wireless networks To keep the network connecting, hosts rely on each other Mobile nodes comminicate directly via wireless links or rely on other nodes to relay messages as routers Frequent changes of network topology caused by node mobility Main applications are military and other secure-sensitive operations Ad hoc networks has unique properties -> commercial use, e.g. virtual classrooms and sensor networks Main challenges: vulnerability to security attacks Article studies the threats and security goals New challenges and opportunities How to defend against denial-of-service attacks towards routing protocols

2. Security Goals 1/3 Security is a very important issue for ad hoc networks Availability: ensures the survivability of network services despite denial-of-service attacks A denial-of-service attack could be launched at any layer Confidentiality: ensures that certain information is never disclosed for unauthorized entities Integrity: guarantees that a message being transferred is never corrupted Authentication: enables a node to ensure the identity of the peer node with which it is communicating Nonrepudiation: ensures that the origin of a message cannot deny having sent the message

2. Challenges 2/3 To achieving security goals, in ad hoc networks are both challenges and opportunities Wireless links are sensitive to link attacks eavesdropping is violating confidentiality active impersonation and active attacks - even message distortion - are violating availability, integrity, authentication and nonredudiation Nodes in a hostile environment with comparatively poor physical protection are endangered E.g. nodes in the battlefield Attacks can be launched from within the network Distributed architecture with no central entries to achieve high survivability

2. Challenges 3/3 Because of frequent changes, ad hoc network is dynamic Changes in topology and in its membership Among nodes trust relationships also change Security mechanism should to adapt to the changes Ad hoc networks may consist of hundreds or even thousands of nodes Security mechanism should be capable to handle such a big group of nodes

3. Scope and Roadmap Traditional security mechanisms still have important role in ad hoc networks ... but these are not sufficient enough We rely on the two principles : To achieve availability, we take adavantage of redundancies in the network topology Distribution of trust to an aggregation of nodes No single node is trustworthy Assume: any t+1 nodes are improbable to all be compromised, consensus of at least t+1 nodes is trustworthy

4. Secure Routing 1/4 All key-beeping based cryptographic schemes demand a key management service Responsible for keeping track of bindings between keys and nodes and assisting the establishment of mutual trust and secure communication between nodes Routing protocols should to be robust against dynamically changing topology and hostile attacks Proposed routing protocols do cope well with the changing topology ... but not against hostile attacks

4. Secure Routing 2/4 In most routing protocols, routers exchange information about the network topology in order to establish routes between nodes A target for hostile objector who want to bring the network downnnnn There is two kinds of threats to routing protocols : From external attackers Injecting erroneous routing information, replaying old routing information, distorting routing information Countermeasure: nodes can protect routing information as they protect data traffic Cryptographic schemes, e.g. digital signature Ineffective against attacks from compromised servers

4. Secure Routing 3/4 From compromised nodes More severe kind of threats ! Compromised noise might advertise incorrect routing information to other nodes Compromised nodes are still able to generate valid signatures using their private keys NOTE : there is always a possibility that the node is compromised ! Because of dynamical nature of ad hoc networks, detection of compromised node is difficult : is a piece of routing information invalid because of compromised node OR because of topology changes ?

4. Secure Routing 4/4 Some properties of ad hoc networks can exploit to achieve seecure routing False routing information by compromised nodes could be considered as an outdated information (to some extent) If there is enough correct nodes, the routing protocol should be able to find routes that go around compromised nodes That capability usually relies on the inherent redundancies in ad hoc networks Multiple routes between nodes, possibly disjoint Nodes can switch the primary, failed route to an alternative route if routing protocol can discover multiple routes Diversity codes takes advantage of multiple paths without message retransformation Redundance information is transmitted through additional routes for error detection and correction E.g. n disjoint routes, n-r channels for transmitting the data and r channels to transmit redundant information

5. Key Management Service 1/2 Use of cryptograpnic schemes requires key management service A public key infrastructure is adopted Superiority in distributing keys and achieving integrity and nonrepudiatation Secret key schemes are used to secure communication after nodes authentication each other and establish a shared secret session key Each node has public and private key (key pair) in a public key system Public key is really public, so it can be distributed to other nodes Private key is absolutely confidential There is a trusted entity for key management The certification authority (CA) which has a key pair

5. Key Management Service 2/2 The CA has to stay online to reflect the current bindings because the bindings can change The CA is vulnerable point of network Unavailability of the CA means that nodes cannot get the current public keys of other nodes or nodes cannot establish secure communication It is problematic to have only one CA especially if the network is huge But a replication ot the CA makes the service even more vulnerable The article distributes trust to a set of nodes by letting these nodes share the key management responsibility

6. The System Model 1/2 Assumptions : A network without no bound on message delivery and processing times The underlying network layer provides reliable links (much weaker link assumption to a separate article in preparation) All nodes know the public key of the service and trust any certificates signed using the corresponding private key Nodes can submit query request to get other nodes public key Nodes can submit update request to change their own keys (n,t+1) configuration, n>=3t+1 n special nodes, called servers Each server has its own key pair and stores the public keys of all nodes in the network and each server knows the public keys of other servers t is the number of servers that the adversary can compromise in any period of time of a certain duration

6. The System Model 2/2 The adversary has access to all the secret information stored on the server if a server is compromised The adversary lacks the computational power to break the cryptographic schemes we employ The service is correct if two concitions hold : Robustness : the service is always able to process requests (query and update) from clients Confidentiality : the private key of the service is never disclosed to an adversary

7. Threshold cryptography 1/4 Server 1 Server 2 Server n .. k s1 s2 sn K1/k1 K2/k2 Kn/kn Fig. 1: The configuration of a key management service Distribution of trust is accomplished using threshold cryptography (n,t+1) threshold cryptography scheme ( n servers, t compromised servers) The private key k of the service is divided into n shares s1, ..., sn , one share for each server Each server has also a key pair Ki /ki (public and private key) The public key K is known to all nodes in the network

7. Threshold cryptography 2/4 For the service to sign a cerfiticate, each server generates a partial signature for the certificate using its private key share and submits the partial signature to a combiner Any server can be a combiner, to ensure that a compromised combiner cannot prevent a signature, it can be used t+1 servers as a combiners To make sure that at least one combiner is correct Compromised servers (at most t ) are not able to generate correctly signed certificates, because they can generate at most t partial signatures With t+1 correct partial signatures, the combiner can compute the signature for the certificate

7. Threshold cryptography 3/4 Fig. 2: Threshold signature K/k Server 2 Server 1 Server 3 m s1 s2 s3 combiner PS(m,s1) PS(m,s3) Server 2 K/k is the key pair of the server (3,2) cryptographic scheme, e.g. n=3, t=1 ( 3 servers and 1 of these servers is compromised) Each server i gets a share of si of the private key k Message m : server i can generate a partial signature PS(m,si ) using its share si . In this case, i=1 and 3. Correct servers (1 and 3) both generate partial signatures and forward the signatures to a combiner Combiner can generate the signature of m signed by server private key k

7. Threshold cryptography 2/4 Compromised servers ... ... can generate an incorrect partial signature That can yield an invalid signature BUT a combiner can verify the validity of a computed signature using the service public key If vertification fails, the combiner tries another set of partial signatures ... and continues until the correct signature is constructed

8. Proactive Security and Adaptability 1/6 Key management service also employs the share refreshing to tolerate ’mobile’ adversaries and adapt its configuration to changes in the network Mobile adversary temporarily compromise a server and then move to the next victim Mobile adversary might be able to compromise all the servers over a long period of time (e.g. viruses) Compromised servers may be detected and excluded, but the adversary could still gather more than t shares of the private key from compromised servers over time That would allow the adversary to generate any valid certificates signed by the private key Countermeasure: proactive threshold cryptography scheme

Showing 1 - 20 of 26 items Details

Name: 
Vartiainen
Author: 
Jari Iinatti
Company: 
MasaTech
Description: 
L. Zhou and Z. J. Haas, Cornell University: Securing Ad Hoc Networks presented by Johanna Vartiainen johanna.vartiainen@ee.oulu.fi Centre for Wireless Communications University of Oulu, Finland
Tags: 
server | key | node | network | servic | rout | secur | share
Created: 
11/2/2000 8:09:23 PM
Slides: 
26
Views: 
4
Downloads: 
1
Rating: 
0


> Comment



Share this presentation
|
12 Next >>

Comments

Share this presentation:

|
Sitemap