WP4: Trusted Communities - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

WP4: Trusted Communities

Description:

Homomorphic hash functions. h(a b) = h(a) h(b) Application to network coding ... Homomorphic functions based on pairings. Setup. Secret keys: s, r ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 18
Provided by: hagglep
Category:

less

Transcript and Presenter's Notes

Title: WP4: Trusted Communities


1
WP4 Trusted Communities Secure
communicationsM1-M6 Achievements
  • July 2006

2
Security Challenges in HAGGLE
  • Self-organizing
  • No (or limited) infrastructure
  • Lack of organization
  • No security server
  • Opportunistic
  • No end-to-end connectivity
  • Collapsed system (Applicationnetwork)
  • Data eventually reaches destination
  • Wireless Mobile
  • Scarcity of Resources
  • Limited Energy
  • Lack of physical security
  • Trust establishment
  • Cooperation
  • Comm. Security
  • Key management
  • Privacy

3
WP4 Tasks
  • Task 4.1 Trust Cooperation
  • build trust among parties
  • enforce cooperation
  • Task 4.2 Secure Communication mechanisms
  • Confidentiality, integrity, availability
  • Requirements due to forwarding
  • Task 4.3 Integration of trust cooperation with
    Communication security
  • Solve potential conflicts between security and
    communication functions

4
Agenda
  • Secure forwarding
  • A new cooperation enforcement scheme (Task 4.1)
  • Secure network coding (Task 4.2)
  • Ciphered content based forwarding (Task 4.2)
  • Security for HAGGLE node (Task 4.3)
  • Security Manager Shared functions
  • Dedicated functions

5
Cooperation enforcement
  • The problem
  • No infrastructure for communication
  • Collaboration among parties is a MUST
  • Selfish behavior
  • Optimal resource usage
  • Need for cooperation enforcement
  • Existing Cooperation enforcement schemes
  • virtual money Buttyan,Hubaux,Zhong,Chen,Yang
  • reputationBuchegger,LeBoudec,Michiardi,Molva,
    Josang,Ismail

6
A new Cooperation enforcement scheme
  • Hot Potato Secure forwarding

I have a packet. Do you want it?
I have a packet. Do you want it?
I have a packet. Do you want it?
I1
I2
D
S
ltS,D,Pgt
ltS,D,Pgt
ltS,D,Pgt
ltS,D,Pgt
7
A new Cooperation enforcement scheme (contd)
  • Benefits
  • No escape from cooperation loss of money
  • no need for infrastructure
  • small overhead
  • no predefined path on-the-fly forwarding
  • Future work
  • Communication resource based fairness
  • money aggregation
  • multicast

8
Agenda
  • Secure forwarding
  • A new cooperation enforcement scheme (Task 4.1)
  • Secure network coding (Task 4.2)
  • Ciphered content based forwarding (Task 4.2)
  • Security for HAGGLE node architecture
  • Security Manager Shared functions
  • Dedicated functions

9
Network coding threats
  • Threats
  • bogus injection (poisoning)
  • Tampering with packets
  • Impact
  • Single error ? global failure
  • Requirements
  • Efficient integrity verification schemes at each
    node

10
Requirement for homomorphic functions
  • Homomorphism for integrity
  • Homomorphic hash functions
  • h(a ? b) h(a)? h(b)
  • Application to network coding
  • File F b1b2b3bn, H(F)(h(b1),h(b2),h(b3),
    ,h(bn))
  • Coding e?cibi h(e)h(?cibi)
  • Is h(e) correct?
  • Use of homomorphic hash functions
  • h(e)?(ci ? h(bi)) ? Easily verified
  • Open questions
  • Existing functions are too complex ? new target
    for DoS
  • New functions based on bilinear pairings

11
Homomorphic functions based on pairings
S
  • Setup
  • Secret keys s, r
  • Public Ppub s.P, QIDh(ID), Sids.QID
  • Bilinear map e e(ka,b) e(a,kb)
  • Initial broadcast
  • UrP Vibi.SIDr.PPub
  • Verification
  • e(?aiVi , P)e(?aiU ? aibi . Qid , Ppub)
  • e(V1V2,P) e((UU)(b1b2).Qid,Ppub)

F b1b2
b1
b2
U,V1,V2
U,V1,V2
I
I
b1
b2
b1
I
b2
b1b2
b1b2
U,V1,V2
I
I
?
U,V1,V2
U,V1,V2
12
Homomorphism with bilinear maps
  • e(? aiVi , P) e(?ai (biSID rPpub), P)
  • e(s ?aibiQID ?ai rsP, P)
  • e(?aibiQID ?ai U,sP)
  • e(?ai U ?aibiQID, Ppub)

13
Agenda
  • Secure forwarding
  • A new cooperation enforcement scheme (Task 4.1)
  • Secure network coding (Task 4.2)
  • Ciphered content based forwarding (Task 4.2)
  • Security for HAGGLE node architecture
  • Security Manager Shared functions
  • Dedicated functions

14
Ciphered content based forwarding
  • Forwarding encrypted data wrt trusted communities
  • encrypted keyword search
  • keywords standing for attributes ( e.g.
    community)
  • searching is only authorized for community
    members
  • based on bilinear pairings

15
Ciphered content based forwarding (contd)
Test(KW,TDcomD)
Test(KW,TDcomI1)
Test(KW,TDcomI2)
Is this packet for my community ?
Is this packet for my community ?
Is this packet for my community?
E(KW),E(msg)
S
I1
D
I2
  • Sender sends E(msg), E(KW)
  • All nodes test the keyword
  • Successful test if community member
  • Decryption of the message by community members

16
Ciphered content based forwarding
  • Future work
  • Multiple keyword search based on logical
    operators
  • messages targeting multiple communities
  • security proofs
  • based on BonehFranklins security model

17
Agenda
  • Secure forwarding
  • A new cooperation enforcement scheme (Task 4.1)
  • Secure network coding (Task 4.2)
  • Ciphered content based forwarding (Task 4.2)
  • Security for HAGGLE node architecture
  • Security Manager Shared functions
  • Dedicated functions

18
Ubiquitous Security requirements
  • Connectivity Mgr
  • Trust establishment
  • authentication
  • Forwarding Mgr
  • Cooperation enforcement
  • Name Mgr
  • Trust relationship
  • authentication
  • Data Mgr
  • Confidentiality integrity
  • Protocol Mgr
  • Confidentiality integrity
  • Resource Mgr
  • Denial of Service Prevention
  • Cooperation Enforcement

Application
Protocol Mgr
Resource Mgr
Connectivity Mgr
Name Mgr
Forwarding Mgr
Data Mgr
Interface
19
Approach to Security
  • Shared functions
  • Same function used by one or several Haggle Mgr
  • Key Mgmt, Trust Establishment, Cooperation
    Enforcement
  • Dedicated functions
  • Specific mechanism for each Haggle Mgr
  • Authentication, confidentiality, integrity, etc.

20
The new HAGGLE node architecture
Application
  • Dedicated Functions
  • Confidentiality
  • Authentication
  • Integrity

Name Mgr
  • Shared Functions
  • Key mgt
  • trust establishment
  • cooperation

Data Mgr
Security Mgr
Resource Mgr
Forwarding Mgr
Protocol Mgr
Connectivity Mgr
Interface
21
Security Mgr Future work
  • Internship project (expected start on oct06)
  • Preliminary implementation of Security Mgr
  • A dedicated application (simple version) for
    HAGGLE
  • Secure messaging
  • Trust establishment
  • Key exchange protocol

22
Security Mgr as a User of Haggle Mgrs
Fwd Mgr
Fwd Mgr
Protocol Mgr
Protocol Mgr
HAGGLE Node 1
HAGGLE Node 2
23
Haggle Mgrs as a User of Security Mgr
Application
Name Mgr
Data Mgr
Security Mgr
Resource Mgr
Forwarding Mgr
Protocol Mgr
Connectivity Mgr
Interface
24
THANK YOU
25
Public Key Encryption with Keyword Search Boneh
et.al04
KW Keyword Rpub R public key EKW encrypted
keyword
Rpriv R private key TD trapdoor
I
EKWf(Rpub,KW), ERpub(msg)
TDg(Rpriv,KW)
Test(EKW,TD)
R
S
Write a Comment
User Comments (0)
About PowerShow.com