trust-level based authentication services in mobile ad hoc networks mphil term 2 presentation...
Post on 21-Dec-2015
215 views
TRANSCRIPT
Trust-Level Based Authentication Services in Mobile Ad Hoc Networks
MPhil Term 2 Presentation (Spring 2003)by Edith NgaiAdvisor: Prof. Michael R. Lyu
Department of Computer Science and Engineering, The Chinese University of Hong Kong 2
Outline
BackgroundRelated WorkTrust-Level Based Authentication ServicesSelf-InitializationCertificate RenewalFuture WorkDiscussion & Conclusion
Department of Computer Science and Engineering, The Chinese University of Hong Kong 3
Mobile Ad Hoc Network
An ad hoc network is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected.Nodes of ad hoc networks are often mobile, apply wireless communication (MANET)Applications– Personal area networks– Military communications– Sensor networks– Disaster area networks
Background
Department of Computer Science and Engineering, The Chinese University of Hong Kong 4
Characteristics
Dynamic network topologyLimited physical securityLimited bandwidthEnergy constrained nodesNatures of ad hoc networks make them vulnerable to security attacks
Passive eavesdroppingDenial of service attacks by malicious nodesAttacks from compromised entities or stolen devices
Background
Department of Computer Science and Engineering, The Chinese University of Hong Kong 5
Vulnerabilities – Traditional network vs Ad hoc network
Wired network– Adversary must gain physical access to wired link– Adversary has to sneak through security holes at
firewalls or routers
Ad hoc network– Wireless links give poor physical protection– Mobile nodes are capable of roaming independently– Decentralized management
Background
Department of Computer Science and Engineering, The Chinese University of Hong Kong 6
Key Management
Security in networks widely rely on key management mechanismsTrust third party (TTP) is an entity trusted by all users and is often used to provide key management servicesCertificate authorities (CA) is a public key management system responsible for issuing and revoking certificatesA certificate binds the identity of an entity to its public key
Background
Department of Computer Science and Engineering, The Chinese University of Hong Kong 7
Public Key Encryption
We use public key encryption to secure the networkIt can obtain non-repudiation, confidentiality, integrity and authenticationAdversary can defeat the system by impersonation when entities are exchanging public keys, or alter the public file containing public keysPublic key cryptography requires the authenticity of public keys
Background
Department of Computer Science and Engineering, The Chinese University of Hong Kong 8
Related Work
Traditional network authentication solutions rely on TTP or CAPopular network authentication architectures include X.509 and Kerberos.Some model on hierarchical CAsAd hoc network is infrastructurelessNo centralized server for key management
Related Work
Department of Computer Science and Engineering, The Chinese University of Hong Kong 9
Related Work
Pretty Good Privacy (PGP) is proposed following a web of trust authentication model. A node rely on trusted PGP users to introduce othersThreshold secret sharing can distribute the functionality of centralized CA server among a fixed group of serversProactive secret sharing can improve robustness by updating secret keys periodically
Related Work
Department of Computer Science and Engineering, The Chinese University of Hong Kong 10
Related Work
Partially distributed certificate authority – makes use of a (k,n) threshold scheme to distribute the
services of CA to a set of specialized server nodes– requires rich network connectivity among group of servers
Fully distributed certificate authority– extends certificate services to every nodes and a threshold
number of neighboring nodes can collaboratively act as a authentication server
– requires enough neighboring nodes
Related Work
Department of Computer Science and Engineering, The Chinese University of Hong Kong 11
Related Work
Self-issued certificates– Issues certificates by users themselves without the
involvement of any certificate authority– Any pair of users can find certificate chains to each
other using their certificate repositories– Problem exists if certificates issued did not reach
certain amont
Related Work
Department of Computer Science and Engineering, The Chinese University of Hong Kong 12
Primitives
Adopt fully distributed certificate authorities approachCombine the authentication services with trust level conceptApply weighted threshold secret sharing instead of general threshold secret sharing schemeExtend certificate services not limited to neighboring nodes using trust chains
Trust-Level Based Authentication Services
Department of Computer Science and Engineering, The Chinese University of Hong Kong 13
Authentication Services Flowchart
Trust-Level Based Authentication Services
With valid certificate state
High increase in trust level
Request for one more
polynomial share
Join into the network
Request for a polynomial share
Request for a certificate
With valid certificate
Certificate renewal
Certificate expires?
Yes
Yes
No
Department of Computer Science and Engineering, The Chinese University of Hong Kong 14
Trust Model
A trust model defines how the nodes in the network trust each otherPast work on authentication services just define trust model to be - a node with valid certificate can be trusted in the networkWe add in the concept of trust levelWe define that each node keeps a trust value to each of its neighboring nodes
Trust-Level Based Authentication Services
Department of Computer Science and Engineering, The Chinese University of Hong Kong 15
Trust-Level Concept
We define the trust value to be floating number between 0.0 and 1.0Trust value from node vj to node vi represents the level of trust that node vj towards viThe value is based on the observation on node’s behaviorGenerally, a node is believed to be trustable if its trust value is above the level of 0.5
Trust-Level Based Authentication Services
Department of Computer Science and Engineering, The Chinese University of Hong Kong 16
Trust-Level Concept
Neighboring nodes received request message will check the trust level of the nodes send / forward it the message
r
r
0.6
0.7
0.8
0.4
0.5 0.3
0.30.9
0.6
0.4
0.6
0.9
r
1. Send request message 3. Reply the message
2. Check trust levels
Trust-Level Based Authentication Services
Department of Computer Science and Engineering, The Chinese University of Hong Kong 17
Assumptions
Each node has a unique IDEach node can discover its one-hop neighboursCommunication link within one-hop neighbours is reliable.The mobility is characterized by maximum node moving speedEach node maintains a trust value to each neighborsA node holds a limited number of polynomial sharesTrust values on a path can form a trust chain.
Trust-Level Based Authentication Services
Department of Computer Science and Engineering, The Chinese University of Hong Kong 18
Number of Polynomial Shares per Node
Each node holds a number of polynomial shares for initialization and certificationA node can hold maximum c sharesEach node and each share has a unique ID
Self-Initialization
Node ID Share IDs
1 1, 2, …, c
2 c+1, c+2, …, 2c
3 2c+1, 2c+2, …, 3c
… …
k (k-1)*c+1, (k-1)*c+2, …, k*c
… …
n (n-1)*c+1, (n-1)*c+2, …, n*c
Department of Computer Science and Engineering, The Chinese University of Hong Kong 19
Request for More Polynomial Share
A node gets 1 polynomial share when it joins the networkIt can request for more polynomial share if its trust level is high enough some time laterA field “trust level increased” can be added in the reply message in certificationA node can make more contribution to certification and initialization if it holds more shares
Self-Initialization
Department of Computer Science and Engineering, The Chinese University of Hong Kong 20
Algorithm
Apply the localized self-initialization algorithmA node vi broadcasts its request for a polynomial shareNodes reply to vi with their partial sharesLet a1, a2, … ak be the polynomial share IDs received by vi, the corresponding polynomial share are Pa1, Pa2, … Pak
Self-Initialization
Department of Computer Science and Engineering, The Chinese University of Hong Kong 21
Algorithm
Each node calculates their partial share and return it to vi:
Pj = Paj * Laj(ai) mod N
where mod N
By Lagrange Interpolation, vi can generate a new polynomial share Pai:Pai = f (ai) = Pa1*La1(ai) + Pa2*La2(ai) + … + Pak*Lak(ai)
= = mod N
k
jrr araj
araiaiLaj
,1)(
Self-Initialization
k
j 1
Laj(ai)*Paj
k
j 1
Pj
Department of Computer Science and Engineering, The Chinese University of Hong Kong 22
Number of Partial Certificate in Reply
Assume node vj holds K polynomial sharesEach share can sign one partial certificateTrust level to no. of partial certificate
Certificate Renewal
Trust level (vj to vi) No. of partial certificate vj to vi
x<1/2 0
1/2<= x <½+1/4 1
½+1/4<= x <½+1/4+1/8 2
… …
½+1/4+…1/(2^(K-1))<= x <½+1/4+…1/(2^K) K-1
½+1/4+…1/(2^K)<= x <=1 K
Department of Computer Science and Engineering, The Chinese University of Hong Kong 23
Number of Partial Certificates in Reply
A node decide number of partial certificates to reply based on the trust level of the requesting node
1.00 0.5 0.75 0.875
Trust value (ranges from 0.0 to 1.0)
1 2 3
K
….
Divisions of trust level
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 24
Number of Nodes Required
Nodes may sign more partial certificates to a node with high trust levelNo. of nodes required varies though no. of partial certificates required is fixed
k No. of shares a node holds
Min. no. of nodes in a coalition
Max. no. of nodes in a coalition
5 1 5 5
5 1-2 3 5
10 1 10 10
10 1-2 5 10
10 1-3 4 10
K 1-C K/C K
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 25
Trust Relationship of Nodes
Certification is not limited to neighboring nodes with our trust level modelNodes have never met can determine each other trustable or not by a trust chain
Trust values can be calculated to a single value with formula
vi v2 v1V2 V1
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 26
Trust Relationship of Nodes
Formula we use:V1V2 = 1 - (1-V2)V1 ,
where V1V2 represents the trust level from v1 to vi
Analysis on the formula
If V1 is high (v1 trusts v2), V1V2 will be closer to V2 (the view of trust from v2 to vi) ; vice versa
vi v2 v1V2 V1
V1 \ V2 0.3 0.6 0.9
0.3 0.1 0.24 0.49
0.6 0.19 0.42 0.75
0.9 0.27 0.56 0.87
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 27
Trust Relationship of Nodes
Trust value (v5 to vi) = 0.90.8 = 1 - (1-0.8)0.9 = 0.765
Trust value (v6 to vi) = 0.50.8 = 1 - (1-0.8)0.5 = 0.553
Number of partial certificate in reply
Partial certificates in reply
vi
v3
v4
v1
v2
v5
v62
1Trust relationship from arrow left to arrow right.
vi
v3
v4
v1
v2
v5
v6
0.8
0.9
0.5
Trust values of different nodes
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 28
Algorithm
A node vi broadcasts certificate renewal requestNodes vj sign partial certificates by their polynomial shares and reply to viLet the k polynomial shares involved be Pa1, Pa2, … Pak
The shares can generate partial certificates using the formula:
CERTaj = (cert)Paj mod N
Certificate Renewal
Department of Computer Science and Engineering, The Chinese University of Hong Kong 29
Algorithm
Upon receiving at least k such partial certificates, node vi picks k to form the coalition BSuppose, vi chooses {CERTa1, CERTa2, … , CERTak}, where a1,a2, …, ak are the IDs of the corresponding polynomial shares, candidate certificate can be generated:
CERT’aj = (CERTaj)Laj(0) mod N
where mod N
vi then multiplies {CERT’a1, CERT’a2, … , CERT’ak},
CERT’ = mod N
vi can employ K-bounded coalition offsetting algorithm to recover its new certificate CERT
k
jrr jr
r
j
aa
aLa
,1
)0(
Certificate Renewal
k
jajCERT
1
'
Department of Computer Science and Engineering, The Chinese University of Hong Kong 30
Protocol
Certificate Renewal
q0
w0
c0
cj
aj
rj
qj
Request?
a0
< k(Certj) CERT0
Request?Certj
Request?
>=k(Certj)CERT0
Node makes the request Nodes receive the request
s2
s1
IO I: input message received
O: output message sent
Protocol on certificate renewal
Node makes the requestq0: making a requestw0: waiting for the repliesc0: received k or more replies, request successesa0:received less than k replies, request fails
Nodes received the requestqj: receive a requestrj: requesting node is trustable, send reply aj: requesting node is not trustable, no reply is sentcj:receive the new certificate from the requesting node
Department of Computer Science and Engineering, The Chinese University of Hong Kong 31
Future Work
Simulation will be carried outTo evaluate the performance of our authentication servicesPossible simulators can simulate ad hoc networks are Ns-2, glomosim, etcMain difficulty is how to modify the C++ and Otcl codes in Ns-2 for simulation
Future Work
Department of Computer Science and Engineering, The Chinese University of Hong Kong 32
Discussion
Trust-level concept– Formalizes the authentication services in network– Classifies the trust of nodes by levels– Allows weighted threshold secret sharing and trust chain be applied
Weighted threshold secret sharing– Speeds up collection of enough shares in certification and initialization– Nodes can make more contribution with high trust level– Coalition size decreases dynamically according to trust level of nodes
Trust chain– Allows nodes never met to determine the trust of each other– Reduces the problem of not enough neighboring nodes in certification and
initialization
Discussion
Department of Computer Science and Engineering, The Chinese University of Hong Kong 33
Conclusion
We studied the characteristics, vulnerabilities and key management techniques of mobile ad hoc networksWe proposed a scalable distributed authentication services to secure mobile ad hoc networksWe combined trust level concept and fully distributed CA approach to provide authentication servicesWe applied weighted threshold secret sharing schemeWe extended the services to non-neighboring nodes by trust chainsSimulation will be carried out in the future
Conclusion
Department of Computer Science and Engineering, The Chinese University of Hong Kong 34
Q & A