splash sécurisation des protocoles dans les réseaux mobiles ad hoc
DESCRIPTION
SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc. http://www.inrialpes.fr/planete/splash.html 12 Décembre 2003. Refik Molva Institut EURECOM [email protected]. Wireless & Mobile Limited Energy Lack of physical security Ad Hoc Lack of(or limited) infrastructure - PowerPoint PPT PresentationTRANSCRIPT
SPLASH Sécurisation des ProtocoLes dans les
réseAux mobileS ad Hoc
http://www.inrialpes.fr/planete/splash.html
12 Décembre 2003
Refik MolvaInstitut EURECOM
MANET Security Requirements
Wireless & Mobile• Limited Energy• Lack of physical security
Ad Hoc• Lack of(or limited)
infrastructure• Lack of a priori trust
• Cooperation Enforcement
• Secure Routing
• Key management
[Recent security solutions for mobile ad hoc networks In “Ad Hoc Networks” IEEE Press - Wiley Ed]
Key Management Objectives
• Bootstrapping from scratch
• Fully distributed
• Minimum dependency
Key Management Approaches• Symmetric crypto [Basagni et al.]
• (ID, PK) binding– Certificate = (ID,PK)CA
• Self-organized Authorities [Zhou, Haas] [Kong, et al.] [Yi, Kravets] [Lehane, et al.]
• Web of trust(PGP) [Hubaux, Buttyan, Capkun]
– Certificate-less• Crypto-based IDs: ID = h(PK) [Montenegro, Castellucia] [O’Shea,
Roe] [Bobba, et al] • ID-based Crypto: PK = f(ID) [Halili, Katz, Arbaugh]
• Context-dependent authentication– location-limited channels [Balfanz, et al.] – Shared passwords [Asokan, Ginzborg]
Self-organized Admission ControlPerformance Comparison
• Centralized (simple signatures)– member gets t signatures from other members– Server grants GMC when t or more signatures are shown.
• Distributed (threshold signatures)– member gets “partial” certificates (mSKi) from other members.– member combines t certificates to get a GMC
GMC = mSK1 mSK2 mSK3.. mSKt = mSK
Threshold signatures are NOT suitable in MANET and sensor networks.
• Currently investigating Bilinear mappings
[Admission Control in Peer-to-Peer: Design and Performance Evaluation, ACM SASN Workshop, October 2003.]
[On the Utility of Distributed Cryptography in P2P and MANETs, ICNP 2003.]
(ID, PK) binding without a PKICrypto-Generated Addresses
(CGA)• Statistically Unique Cryptographically Verifiable IDs [Montenegro,
Castellucia] [O’Shea, Roe] IPv6 @ = prefix | h( prefix | PK )
• Secure Routing using CGA: AODV [Castellucia, Montenegro] DSR[Bobba, et al]
PROs: no certificates, no PKI CONs: generation of bogus IDs
• New: CGA based on the small primes variation of the Feige-Fiat-Shamir (MFFS)
[Statistically Unique and Cryptographically Verifiable Addresses: concepts and applications. ACM TISSEC, Feb. 2004]
[Protecting AODV against impersonation attacks, ACM MC2R, October 2002]
Cooperation enforcement mechanisms
Token-based [Yang,Meng,Lu]
Nuglets [Buttyan,Hubaux]SPRITE [Zhong, Chen, Yang]
CONFIDANT[Buchegger,Le Boudec] CORE [Michiardi,Molva]Beta-Reputation [Josang,Ismail]
Reputation-based
Threshold cryptography
Micro-payment
Cooperation Enforcement Evaluation with Game Theory
• Cooperative GT– Study the size (k) of a coalition of cooperating nodes
– Nash Equilibrium lower bound on k
• Non-cooperative GT– Utility function with pricing
– Pricing used to guide the operating point (i.e. maximum of utility function) to a fair position
– ri : dynamic reputation of node ni evaluated by her neighbors
jjy
iyi
iriiyuikU
:sharerelative
:functionutility )()()(
),,,,,(),( irjbibPFEREselfEfjbibiu
[Michiardi,Molva,CMS’02, WiOpt’03] [Srinivasan,et al.,INFOCOM’03]
Simulations: CORE – uniform traffic
Simulations: TFT – uniform traffic
Summary• Specific requirements
– Self organized bootstrapping of security associations
– Cooperation enforcement
• Prospects– New tools from crypto bag of tricks (Id-based crypto, . . .)
– Integrated mechanisms: reputation + key management
• Participation in MOBILEMAN project on Ad Hoc Networks
• ESAS 2004 1st European Workshop on Security in Ad-Hoc and Sensor Networks. (5.-6. August, 2004)
ESORICS 2004 – RAID 2004
September 13-17
Institut EURECOMSophia Antipolis - FRANCE
THANK YOU