Post on 11-Jan-2016
transcript
Overview of Security Overview of Security Research in Research in
Ad Hoc NetworksAd Hoc Networks
Melanie AgnewMelanie AgnewJohn FolkertsJohn Folkerts
Cory VirokCory Virok
AgendaAgenda
Towards Flexible Credential Verification in Towards Flexible Credential Verification in Mobile Ad-hoc NetworksMobile Ad-hoc Networks by Keoh and Lupu by Keoh and Lupu
Simple and Fault-Tolerant Key Agreement for Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative GroupsDynamic Collaborative Groups by Kim, Perring, by Kim, Perring, and Tsudikand Tsudik
Fast Authenticated Key Establishment Fast Authenticated Key Establishment ProtocolsProtocolsfor Self-Organizing Sensor Networksfor Self-Organizing Sensor Networks by Huang, by Huang, Cukier, Kobayashi, Liu and ZhangCukier, Kobayashi, Liu and Zhang
Towards Flexible Towards Flexible Credential Credential
Verification in Verification in Mobile Ad-hoc Mobile Ad-hoc
NetworksNetworksby Sye Loong Keoh and Emil Lupuby Sye Loong Keoh and Emil Lupu
Published in ACM Published in ACM Principles of Mobile Principles of Mobile Computing 2002Computing 2002
Goal and AssumptionsGoal and Assumptions GoalGoal
Enable credential verification in an ad hoc Enable credential verification in an ad hoc environment given some natural limitationsenvironment given some natural limitations
AssumptionsAssumptions Ad hoc networks are built around entities with a priori relationshipsAd hoc networks are built around entities with a priori relationships
E.g. wireless collaboration between colleagues in the same physical E.g. wireless collaboration between colleagues in the same physical locationlocation
Trust communications can occur “out of band”Trust communications can occur “out of band” Trusts must be established ahead of time Trusts must be established ahead of time
E.g. trust of a certificate authority or individual making assertionsE.g. trust of a certificate authority or individual making assertions Ad hoc networks will generally not have connections to verification Ad hoc networks will generally not have connections to verification
services (e.g. on-line CA)services (e.g. on-line CA) Off-line verification is done using PGP-like “web of trust” modelOff-line verification is done using PGP-like “web of trust” model Verifiers are more likely to have access to on-line resources like CA’s Verifiers are more likely to have access to on-line resources like CA’s
and CRL’s.and CRL’s. Limited computational and storage resourcesLimited computational and storage resources
Not enough storage to keep track of all possible public keysNot enough storage to keep track of all possible public keys
Security AssertionsSecurity Assertions
The Idea: The Idea: Use Use credential assertionscredential assertions instead of instead of
certificates, attributes, and repeated certificates, attributes, and repeated individual verification of credentialsindividual verification of credentials
Each device has:Each device has: A key ring which contains trusted keys A key ring which contains trusted keys
(including root certificates as needed)(including root certificates as needed) A public/private key pairA public/private key pair User policy for determining User policy for determining
trustworthinesstrustworthiness
1
Credential Assertion Statement
Assertion Signature Statement
Signed: Bob
Signed: Alice
ExampleExample
Bob Alice
2• Alice verifies Bob’s signature and credentials on the CAS•Alice generates ASS and sends it to Bob
Bob generates CAS
3Bob presents CAS andASS’s to service for access
Service
4Service performs verificationon the signature using its trustedkey ring and individual policies
Benefits / ShortfallsBenefits / Shortfalls BenefitsBenefits
User may have multiple CAS’s depending on usageUser may have multiple CAS’s depending on usage Identity is self-asserted; only the authorization Identity is self-asserted; only the authorization
assertion is independently certifiedassertion is independently certified Trust is not transitive (unless you design a trust Trust is not transitive (unless you design a trust
this way)this way) ShortfallsShortfalls
In a complex environment would create lots of In a complex environment would create lots of CAS’s; potentially one for each roleCAS’s; potentially one for each role
Revocation can not be done (no place for the Revocation can not be done (no place for the verifier to check). This could limit the duration for verifier to check). This could limit the duration for any ASS to remain valid.any ASS to remain valid.
Concept of trust is simplistic; does not extend to Concept of trust is simplistic; does not extend to larger environmentslarger environments
Simple and Fault-Simple and Fault-Tolerant Key Tolerant Key
Agreement for Agreement for Dynamic Dynamic
Collaborative GroupsCollaborative Groupsby Yongdae Kim, Adrian Perring, Gene by Yongdae Kim, Adrian Perring, Gene
TsudikTsudik
Published in ACM Published in ACM Conference on Computer and Conference on Computer and
Communications Security 2000Communications Security 2000
GoalsGoals
Question: Question: How can we generate and maintain a common How can we generate and maintain a common
encryption key for a frequently changing encryption key for a frequently changing group?group?
GoalsGoals The key generation should not be centralized The key generation should not be centralized
(to ensure fault tolerance)(to ensure fault tolerance) Ensure certain security properties for our keyEnsure certain security properties for our key Minimize the amount of network traffic Minimize the amount of network traffic
associated with key changesassociated with key changes
Cryptographic PropertiesCryptographic Properties
1.1. Group Key SecrecyGroup Key Secrecy – it is computationally – it is computationally infeasible for a passive adversary to discover infeasible for a passive adversary to discover any group keyany group key
2.2. Forward SecrecyForward Secrecy – a passive adversary who – a passive adversary who knows a contiguous subset of old group keys knows a contiguous subset of old group keys cannot discover subsequent group keyscannot discover subsequent group keys
3.3. Backward SecrecyBackward Secrecy – a passive adversary who – a passive adversary who knows a contiguous subset of group keys cannot knows a contiguous subset of group keys cannot discover preceding group keysdiscover preceding group keys
4.4. Key IndependenceKey Independence – a passive adversary who – a passive adversary who knows any proper subset of group keys cannot knows any proper subset of group keys cannot discover any other group key.discover any other group key.
<2,3><2,2>
<1,1>
<0,0>
<1,0>
<2,1>
<3,1>
<2,0>
<3.0> <3,7><3,6>
M1
M3M4
M5 M6M2
A Key TreeA Key Tree
Membership EventsMembership Events Join: a new member is added to the groupJoin: a new member is added to the group
Leave: a member is removed from the groupLeave: a member is removed from the group
Merge: a subgroup is added to the groupMerge: a subgroup is added to the group
Partition: a subgroup is split from the groupPartition: a subgroup is split from the group
Key refresh: the group key is updatedKey refresh: the group key is updated
JoinJoin
<1,1>
<0,0>
<1,0>
<2,1><2,0>
M1
M3
M2
<2,3><2,2>
<1,1>
<0,0>
<1,0>
<2,1><2,0>
M1M3 M4M2
LeaveLeave
<2,3><2,2>
<1,1>
<0,0>
<1,0>
<2,1><2,0>
<3,7><3,6>M1 M2
M3
M4 M5 <2,3><2,2>
<1,1>
<0,0>
<1,0>
<2,1><2,0>
M2M4 M5M1
ConclusionConclusion
Fast Authenticated Key Establishment
Protocolsfor Self-Organizing
Sensor Networksby Qiang Huang, Johnas Cukier, Hisashi Kobayashi, Bede Liu and Jinyun Zhang
Published in ACM Wireless Sensor Networks and Applications
2003
The problemThe problem Establishing keys securely across a sensor Establishing keys securely across a sensor
networknetwork Sensor nodes have very little hardware resources.Sensor nodes have very little hardware resources. Two types of encryption usedTwo types of encryption used
Symmetric Key Encryption – InexpensiveSymmetric Key Encryption – Inexpensive Elliptic Curve Encryption – ExpensiveElliptic Curve Encryption – Expensive
Offloading the burden onto more powerful machinesOffloading the burden onto more powerful machines Reducing Expense of Encryption OperationsReducing Expense of Encryption Operations
Public key encryption is expensivePublic key encryption is expensive Yet it needs to be done quicklyYet it needs to be done quickly
Private key encryption is inexpensivePrivate key encryption is inexpensive Yet using one group key is insecureYet using one group key is insecure
How can we balance the two while still retaining speed and How can we balance the two while still retaining speed and security?security?
The Solution:The Solution:Hybrid Authentication Hybrid Authentication
ApproachApproach Security ManagersSecurity Managers
More processing power than Sensor nodesMore processing power than Sensor nodes Need to communicate with secure Certificate authorityNeed to communicate with secure Certificate authority
Does not fit with the “Ad Hoc” paradigm - Server basedDoes not fit with the “Ad Hoc” paradigm - Server based
Give the bulk of the work to the Security ManagerGive the bulk of the work to the Security Manager Allows sensors to join/leave the network quickerAllows sensors to join/leave the network quicker Puts a major strain on the Security ManagerPuts a major strain on the Security Manager
Sensors will substitute elliptic encryption for Sensors will substitute elliptic encryption for symmetric key encryptionsymmetric key encryption Degrades securityDegrades security
Security Managers become more valuable targetsSecurity Managers become more valuable targets TradeoffTradeoff
ConclusionConclusion
Tradeoff between speed and securityTradeoff between speed and security Sensors will require less power, Sensors will require less power,
resourcesresources Smaller, cheaper, fasterSmaller, cheaper, faster
Network authentication speed Network authentication speed increasedincreased Faster overall network performanceFaster overall network performance
Questions?Questions?
Backup SlidesBackup Slides
What is an Ad Hoc What is an Ad Hoc Network?Network?
Definition: A network which is created on Definition: A network which is created on demand, without fixed resources (servers, demand, without fixed resources (servers, routers), such as used by wireless devices using routers), such as used by wireless devices using short range communicationsshort range communications
Characteristics of Ad Hoc NetworksCharacteristics of Ad Hoc Networks No common resources (such as servers) – all resources No common resources (such as servers) – all resources
must be contributed by the peers involved in the must be contributed by the peers involved in the networknetwork
Membership in the network may change oftenMembership in the network may change often Devices may have limited storage and computational Devices may have limited storage and computational
power power Network is less reliable and bandwidth limited Network is less reliable and bandwidth limited
compared to fixed networkscompared to fixed networks