Securing Ad Hoc Networks - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Securing Ad Hoc Networks

Description:

EECS 600 Advanced Network Research, Spring 2005. 2. Security Goals. Availability ... Ensures information not disclosed to unauthorized entities ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 20
Provided by: shu143
Category:
Tags: aret | hoc | networks | securing

less

Transcript and Presenter's Notes

Title: Securing Ad Hoc Networks


1
Securing Ad Hoc Networks
EECS 600 Advanced Network Research, Spring 2005
Instructor Shudong Jin February 28, 2005
2
Security Goals
  • Availability
  • Ensures survivability despite DoS attack
  • Attack at different layers
  • Application layer key management service
  • Network layer routing service
  • Physical and MAC layer Jamming

3
Security Goals
  • Confidentiality
  • Ensures information not disclosed to unauthorized
    entities
  • Transmission of sensitive information
  • Routing information also confidential?
  • Integrity
  • Message not corrupted
  • Q is it a security goal?

4
Security Goals
  • Authorization
  • Ensures the identity of the peer
  • Network should reject routing unauthorized packet
  • Transient security associations gt static
    authorization policy is unfeasible
  • Non-repudiation
  • The origin of a message cannot deny having sent
    the message.
  • Useful to detect/isolate compromised nodes

5
Challenges (1)
  • The use of wireless links
  • Susceptible to link attacks ranging from passive
    eavesdropping to active impersonation, message
    replay, and message distortion.
  • violating confidentiality, availability,
    integrity, authentication, and non-repudiation.
  • Mobility in hostile environment
  • Nodes roaming in a hostile environment (e.g., a
    battlefield) with relatively poor physical
    protection, have non-negligible probability of
    being compromised.
  • Need distributed architecture with no central
    entities. Any central authority may lead to
    significant vulnerability

6
Challenges (2)
  • Dynamic topology
  • Because of frequent changes in both its topology
    and its membership. Trust relationship among
    nodes also changes. Any security solution with a
    static configuration would not suffice. It is
    desirable for our security mechanisms to adapt
    on-the-fly to these changes.
  • Scalable secure service
  • An ad hoc network may consist of hundreds or even
    thousands of nodes. Security mechanisms should be
    scalable to handle such a large network.

7
This paper
  • To provide security mechanisms, further rely on
    two principles
  • redundancies in the network topology
  • distribution of trust
  • DoS attacks towards routing protocols
  • How to establish a key management service that is
    appropriate for ad hoc networks.

8
Secure routing (1)
  • No previous routing protocol have accommodated
    mechanisms to defend against malicious attacks.
  • bad routing info from external attackers
  • How to defend against it?
  • more severe threats comes from compromised nodes
  • How to defend against it?
  • More difficult, less effective if nodes are
    compromised
  • Dynamic topology adds complexity

9
Secure routing (2)
  • We can exploit certain properties of ad hoc
    networks to achieve secure routing
  • False routing information generated by
    compromised nodes could be considered outdated
    information.
  • If we have enough correct nodes (and alternative
    paths - redundancy), routing around compromised
    nodes
  • Mitigating routing misbehavior

10
Key management service
  • Cryptographic schemes require a key management
    service.
  • Public/private keys
  • Public keys can be distributed to other nodes,
    while private keys should be kept confidential to
    individual nodes. There is a trusted entity
    called Certification Authority (CA) for key
    management. The CA has a public/private key pair,
    with its public key known to every node, and
    signs certificates binding public keys to nodes.
  • The trusted CA has to stay on-line to reflect the
    current bindings. A public key should be revoked
    if the owner node is no longer trusted.
  • A node may refresh its key pair periodically to
    reduce the chance of a successful brute-force
    attack on its private key
  • Problems with a single CA
  • Standard solution replication

11
Key management models and assumption
  • Reliable links at network layer
  • Public/private keys
  • Query other nodes public key
  • Update own private key
  • An (n,t1) configuration n servers where
    ngt3t1, among them no more than t servers can be
    compromised.
  • Compromised servers unavailable and Byzantine
    behavior, but unable to break cryptographic
    schemes
  • Need to provide (1) Robustness and (2)
    confidentiality

12
Threshold cryptography (1)
  • The n servers of the key management service share
    the ability to sign certificates. Divide the
    private key k of the service into n shares (s1,
    s2, . . . , sn), assigning one share to each
    server.

13
Threshold cryptography (2)
  • Each server generates a partial signature for the
    certificate using its private key share and
    submits the partial signature to a combiner. Need
    t 1 correct partial signatures.

14
Mobile adversaries
  • Adversaries that temporarily compromise a server
    and then move on to the next victim
  • May gather t shares from more than t shares of
    the private key.

15
Proactive Schemes as Countermeasure (1)
  • Proactive threshold cryptography scheme
  • Uses share refreshing, which enables servers to
    compute new shares from old ones in collaboration
    without disclosing the service private key to any
    server.
  • The new shares constitute a new (n, t 1)
    sharing of the service private key.
  • A property exploited (on page 7, in middle)

16
Proactive Schemes as Countermeasure (2)
  • Tolerate missing subshares and erroneous
    subshares from compromised servers.
  • Just to detect incorrect subshares, use
    verifiable secret sharing schemes - extra public
    information generated using a one-way function.

17
Related work
  • Secure routing
  • Against external attackers and compromised nodes
  • Replicated secure services
  • No mechanisms to defeat mobile adversaries and
    achieve scalable adaptability

18
Your thoughts on providing security?
  • Hard problem and costly solutions
  • The burden on CA
  • Peer-to-peer paradigm?
  • authentication without infrastructure
  • Level of guarantee? Detect and protect against
    most attacks (maybe not all), ok?
  • Security in more specifically, sensor network?

19
Plan for Wednesday
  • Continue on security or touch transport layer
    issues. Your opinions?
  • Quiz, not a midterm exam.
Write a Comment
User Comments (0)
About PowerShow.com