Some Security Issues - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Some Security Issues

Description:

Some Security Issues & Challenges in MANETs and Sensor Nets Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine http://sconce.ics.uci.edu/ – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 18
Provided by: uci112
Learn more at: https://ics.uci.edu
Category:

less

Transcript and Presenter's Notes

Title: Some Security Issues


1
Some Security Issues Challenges in MANETs and
Sensor Nets
  • Gene Tsudik
  • SCONCE Secure Computing and Networking Center
  • UC Irvine
  • http//sconce.ics.uci.edu/
  • 04/30/2004

2
Outline
  • Background
  • Some security issues
  • Secure Casual Multicast
  • Aided Cryptography
  • Secure Routing
  • Privacy Issues
  • Aggregation and minimization
  • Group Membership Admission and Eviction
  • DoS resistance
  • Some on-going work

3
Secure Casual Multicast
  • An important service in MANETs and sensor
    networks is the need to communicate to dynamic
    subsets/clusters of nodes, e.g.,
  • All routers with x available bw
  • All nodes close to some location
  • All nodes with gtt power remaining
  • This kind of multicast can be one-time
  • How to distribute a group key to such subsets?
  • Broadcast encryption doesnt help here

4
Secure Casual Multicast
  • If the subset is large (around n) then broadcast
    encryption techniques could be used
  • But what if subset size is much smaller than the
    total of nodes, e.g., n/c for some constant c.
  • Solutions today are
  • encrypt the message as many times as there are
    receivers or,
  • use group key establishment protocols
  • Both solutions are very expensive
  • Can we do better???

5
Aided Cryptographic Computations
  • Assume nodes have limited computation and
    communication ability as well as limited energy
  • Computationally intensive tasks, e.g., full-blown
    PK crypto operations are costly
  • Many setting involve a (small) number of more
    powerful devices (gw-s, servers, etc.)
  • Can be used for off-loading crypto computations
  • if power needed for computing is greater than
    that for communication
  • if time needed for computing would adversely
    impact sensors other tasks

6
Aided Cryptographic Computations
  • Server-aided cryptography is applicable but
    state-of-the-art (2-party, mediated,
    server-aided, etc..) still too expensive
  • Designed to enforce various policies
    (fine-grained control, revocation,) not to
    minimize computation
  • Can we design an architecture that off-loads
    heavy computation to more powerful devices?

7
Secure Routing/Key distribution
  • Most MANET routing protocols are vulnerable to
    attacks that can paralyze the whole network
  • Existing secure MANET routing protocols (such as
    Ariadne) authenticate each data and control
    packet
  • Proposed authentication solutions are
  • Signatures too costly!
  • TESLA needs buffering, synchronization, some
    complexity
  • Pair-wise keys not flexible - all nodes must be
    updated when a new node joins the MANET.
  • Shared (common) group key not secure one
    corruption is enough to break the system!
  • No general solution exists

8
Secure Routing/Key distribution
  • Similarly, state-of the art secure routing in
    sensor networks
  • relies on time synchronization (is this
    realistic?)
  • remains secure only if less that t nodes are
    compromised
  • Since wholesale re-keying/re-initializing is
    often impossible, these solutions might not be
    practical!
  • Also, it is often difficult to identify
    compromised nodes in monitoring applications
  • Ideally we need solutions that work even if some
    nodes have been compromised
  • New key distribution and secure routing protocols
    are required for these types of networks!

9
Privacy-Aware Routing
  • MANET routing is cooperative
  • Traffic analysis is very easy!
  • Some technical solutions exists onion routing,
    mixes very expensive!
  • Can we build routing protocols that prevent
    intermediate nodes from performing traffic
    analysis?
  • Privacy-aware routing is needed!

10
Privacy of Associations
  • MANETs and sensor nets can operate in
    multi-cultural environment
  • Need to tell kin from strangers (friend-or-foe)
  • Need to do so in private manner no
    observability!
  • Secret Handshakes can help
  • Balfanz, et al.
  • Castelluccia, et al.
  • Still need to solve one-time credential issue
  • Group handshakes?
  • Sensors operating in hostile settings need to
    produce signatures that are anonymous/untraceable
  • Group signatures? Too expensive

11
Group Key Management
  • Group Key Distribution (GKD) requires a center,
    large groups, multicast, wireline
  • Group Key Agreement (GKA) distributed
    (group-based), expensive, small groups, wireline
  • Current solutions unsuitable for MANETs
  • GKD no center, long messages, broadcasts
  • GKA multi-round, many messages, broadcasts
  • GKA need underlying reliable group comm.
  • GKA tries to minimize computation
  • GKD tries to minimize bw
  • Sometimes need to switch priorities
  • GKA protocols need to complete even if
    membership changes in the interim
  • GKA center availability (partitions/failures/comp
    romise)
  • No practical protocol tolerates malicious insiders

12
Aggregation / Minimization
  • MACs, signatures are examples of crypto tags
  • If information is collected from each node
    (sensor, router, etc), much bw and storage is
    wasted on tags
  • Need to minimize tag size aggregate signatures,
    MACs, etc.
  • If multiple nodes report the same data, can
    aggregate it
  • Why not aggregate tags too?
  • Example techniques Mykletun NDSS04, Boneh
    EuroCrypt03, Mazieres IPTPS04
  • Much more work needed

13
DoS Resistance
  • DoS attacks are here to stay
  • Worst (best) attacks target servers Web, Time,
    Name, Authentication, etc.
  • So-called Client Puzzles are touted as an
    effective solution
  • Waste of computation
  • Punishes anemic clients
  • Powerful adversary can afford fast hw
  • Other solutions?

14
Group Membership Control
  • Goal secure admission of members to a
    group while tolerating adversaries both outside
    and inside
  • Standard Model
  • A CA is distributed among n nodes (all or only
    some)
  • A new node must gets a partial signature from
    each of at least k (out of n) nodes
  • It then computes its membership certificate and
    becomes a bona fide member
  • Can prove membership by presenting his
    certificate
  • Can compute pair-wise keys
  • Can authenticate to insiders and outsiders
  • TS-RSA, TS-DSA, ID-based
  • All areTOO expensive!
  • New crypto algorithms/protocols needed
  • Distributed Eviction is harder (need to maintain
    MRLs)

15
Membership Control
  • KMT03 Y. Kim, D. Mazzocchi and G. Tsudik,
  • Admission Control in Collaborative Groups, I
  • IEEE Symposium on Network Computing and
    Applications (NCA-03)
  • NTY03 M. Narasimha, G. Tsudik and J. Yi,
  • On the Utility of Distributed Cryptography in
    P2P and MANETs,
  • IEEE International Conference on Network
    Protocols (ICNP'03)
  • STY03 N. Saxena, G. Tsudik and J. Yi,
  • Admission Control in P2P Design and Performance
    Evaluation,
  • ACM Workshop on Security of Ad Hoc and Sensor
    Networks (SASN '03)

16
Key (pre-)distribution
  • Combine key pre-distribution (Blom scheme) with
    secret sharing to achieve (pairwise) key
    distribution in MANETs
  • Model
  • Each node (a priori) gets a share of its
    secrets from k servers
  • Uses shares to compute a secret
  • This secret can be used to compute a pair-wise
    key with any other node
  • Sometimes more appropriate than the
    distributed-CA model
  • Members get keys not certificates!
  • efficientfew modular multiplications per key
    computation
  • Extending this to INEXPENSIVE group keying

17
Aggregation of crypto-tags
  • Efficient Secure Routing
  • Using DH for securing Route Discovery (as in DSR)
  • Constant-size tags
  • Few (2) exponentiations to verify route integrity
  • Few (2) exponentiations per route hop
  • Also, using ID-based cryptography
Write a Comment
User Comments (0)
About PowerShow.com