Scurit dans les rseaux - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Scurit dans les rseaux

Description:

Objectif: r aliser la personnalisation du routage par des cartes puce. Une partie de la s curit est effectu e dans la carte puce. Architecture. Deux contributions ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 21
Provided by: afi55
Category:
Tags: dans | les | puce | rappel | rseaux | scurit

less

Transcript and Presenter's Notes

Title: Scurit dans les rseaux


1
Sécurité dans les réseaux
  • Hossam Afifi, Groupe Mobilité et Sécurité

2
Petit rappel la sécurité dans les réseaux de
données
S-MIME S-HTTP PGP SET IPSEC (ISAKMP)
?
E2E
Applications
TCP/UDP (Transport)
SSL SOCKS V5
E2E
IP (Réseau)
G2G
IPSEC (AH,ESP)
L2TP/PPP PPTP/PPP (Liaison de Donnée)
CHAP, MS-CHAP PAP, MPPE
P2P
3
Le projet ESTER
  • Projet ANR démarré en 2007
  • Objectif réaliser la personnalisation du routage
    par des cartes à puce
  • Une partie de la sécurité est effectuée dans la
    carte à puce

4
Architecture
5
Deux contributions
  • Une solution pour le routage intra (ospf)
  • La carte signe à la place du routeur
  • La carte établit un tunnel pour acheminer
    lauthentification
  • Tous les mots de passe/certificats restent dans
    la carte
  • Une solution de routage inter (BGP)
  • La carte se charge de lauthentification
  • On propose des solutions basées sur identity
    Based Encryption

6
1-1. Introduction
  • Physical layer security can be classified in
    three categories
  • Power approach (power allocation,
    beamforming)
  • Channel approach ( information theory)
  • Code approach (scrambling ..etc)

Where can the physical layer security be applied ?
7
1-2. Introduction
  • Our approach trigers the physical layer
    encryption
  • Key Stream Encryption.
  • Block cipher is the keystream generator
  • Why the physical layer encryption?
  • For preventing the maximum of attacks or making
    them more difficult
  • It is much more difficullt to build lower layer
    analyser.
  • implementing security at hardware level provides
    manufacturers
  • with much efficiency and flexibility in
    terms of implementation design
  • and technologies.

8
2. Literature survey
  • The security on the CDMA systems
  • Users signal is spread using a (Channelization
    code) and then it is scrambled.
  • ?Scrambling code
    Channelization code The built in security.
  • The built in security relies on the use of LFSR
    (42 bits) and a long code mask
  • (42 bits).
  • This security solution is not
    sufficient.
  • 1 enhaces the built in security by usin AES in
    the scrambling process
  • Good approach but the frames size to be
    encrypted is not defined.
  • 2 enhaces the built in security by usin AES in
    the interleaving process
  • The computational complexity becomes a
    significant problem for the receivers
  • 3 uses a self synchronisation architecture
    using a special sync pattern
  • One lost bit in the sync pattern ?
    synchronisation is lost

9
3-1. Our approach
  • We apply the encryption just after the encoding
    process
  • OFB (Output Feedback Mode) is used as an
    encryption mode.
  • AES takes the role of the encryption cipher
  • Advantages of using this architecture
  • OFB does not propagate the errors 1 error
    occured in the
  • propagation channel produces only 1 error
    after the decryption
  • process.( it is not the case with CFB and
    CBC modes)
  • OFB does not affect the functionality of the
  • Encoder/Decoder block.
  • AES is robust an known enough and can be
  • implemented in hardware.

10
3-2. Our approach
Application feild
  • Our architecture can be applied for High Data
    Rate (HDR) and Low Data
  • Rate (LDR) devices in wireless and wired
    communication systems.
  • implementing this solution in LDR devices is
    valuable because
  • 1) Legacy protocls are very heavy to be
    implemented in these devices.
  • 2) Some kinds of LDR devices dont have
    upper layers.
  • 3) LDR devices require minimal security
    implementation with a low cost.

11
Example of application
  • This example is targeting MAGNET LDR
    architecture.
  • - MAGNET LDR architecture relies on
    the use of 802.15.4 MAC layer.
  • - We modify MAGNET physical layer
    architecture in order to insert the
  • encryption process.
  • - CSMA-CA is the used mechanism to
    access the medium.
  • - The Key and the IV are registered in
    the software/hardware interface.
  • - The framing block is the responsable
    part of constructing the final frame.
  • We apply this example for sensor network in star
    topology.

12
MAGNET architecture for LDR devices
Dotted lines represent our propsal
13
  • To avoid the excessive power consumption, An
    identification mechanism is
  • defined.
  • Each node has a Physical Layer Security
    Association Identifiers (PHSAid)
  • This mechanism gives the receiver the
    possibility to identify the sender .

14
Information theoretic security
  • Based on your precise location
  • You obtain a unique code
  • The code is first used as a challenge
  • It is a proof of non presence of MiM
  • The system is applicable to wireless protocols
    such as Wifi Hotspots

15
Federation concept
  • A federation is a group of users that share one
    same access control profile
  • The federation is based on a manager that
    allocates rights and permissions to its resources
    and manages rights to others resources
  • A federation is not a group communication

16
A simple example
Three distinct domains with their own
credentials the federation aims at
sharing these resources
17
The architecture
18
Two novel approaches
  • Self signed certificates
  • Linked by a pairing protocol
  • A novel group key hierarchy to allocate keys
  • Keys are updated on every change in the federation

19
Key hierarchy
20
Projets
  • MAGNET Beyond
  • ESTER (Alcatel, Trusted Logic)
  • IEEE 802.15 BAN
Write a Comment
User Comments (0)
About PowerShow.com