Secure Ad-Hoc Network Eunjin Jung [email protected] 1 What is Ad-Hoc Network? Ad-Hoc Network – Subset of peer-to-peer computing problem – Sensor network – Wireless and mobile – Physically neighboring participants – No infrastructure 2 Truth is… Ad-Hoc Network relies on – Base Station – Offline configuration Potential – Military operation use – Sensor network – Pervasive, ubiquitous computing 3 Challenges in Ad-Hoc Network Mobility – Restricted computing resource – Restricted power resource – Unreliable communication Ad-Hoc – Transient states – No trustworthy third party – Often security protocol integrated with others 4 Security in Ad-Hoc Network Availability – Sleep Deprivation Torture • Power consumption is worse than computing or network resource consumption, because the device cannot recover as soon as the attack finishes – Jamming • Spectrum Spread, Frequency Hopping 5 Security in Ad-Hoc Network Confidentiality – Easier to passively eavesdrop – Cannot rely on expensive cryptosystem – Symmetric key cryptography is used – Small key, frequent update vs. large key, intermittent update 6 Security in Ad-Hoc Network Authorization – Network resource • Inherently vulnerable to bandwidth stealing • Should reject routing unauthorized packet – Transient states • Security associations between principals are transient • Static authorization policy is unfeasible 7 Security in Ad-Hoc Network Authentication – Cannot rely on central server – Neither on public key cryptography – Should be adaptive to transient authorization policy – Should be swift to renew symmetric key – Pre-computed certificate – Threshold cryptography 8 Security in Ad-Hoc Network Integrity – Similar to any communication – Use traditional solution based on symmetric key Non-Repudiation – Based on public/private key cryptography – Hard to achieve with limited computing resource – Content with certificates 9 Security in Ad-Hoc Network Tamper-Resistance – Security not only on communication, but also on its physical status Intrusion Detection – Shares have to be revoked and renewed when compromised Anonymity – Hide the identity of the senders and receivers 10 Security in mobile network AAA properties – Authentication – Authorization – Accounting Standard in CDMA2000 packet core network 11 Everything comes to… Proper authentication scheme is the key to solve security problem in ad-hoc network Hierarchical authentication scheme – Less mobility, higher in hierarchy Multilevel authentication scheme – Link layer[BT01] – Routing layer[PSWCT01] – Application layer 12 Traditional ways do not work Indirect Kerberos[FG96] – Assuming application-level proxy to delegate public key operations – Base station can do the job if there is one Duplicated servers – Tradeoff between mobility and cost 13 Early works may not either… Authentication protocols for PCS [LH95] – offer even non-repudiation – Assumption of static and high-capability HOME base station; works with mobile-IP – Assumption of reliable communication between home base station and current one – Frequent cryptographic operation including public key operation on the subscriber’s side 14 SPINS – authenticated routing TESLA : streaming authentication protocol – Two-party key agreement protocol SNEP(Secure Network Encryption Protocol) – data confidentiality, two-party data authentication, and data freshness Key from TESLA , further operation on SNEP 15 SPINS – authenticated routing Problem – Assumption on the functionality of base station – Lack of local operation 16 Decentralized solutions Emulations of Certificate Authority Key agreement based on prior context or offline agreement Self-organized public key infrastructure 17 Shamir’s secret sharing scheme Interpolating scheme (m>1) f ( x) a0 a1 x am1 x m 1 F ( x) a0 a1 x am1 x m1 18 What is threshold cryptography? (m, n) – threshold scheme – m-out-of-n scheme, secret sharing scheme – 1 sender(dealer) distributes partial secret(shares, shadows) to n participants – Any m parts put together can retrieve the secret, but not less than m – Perfect for any group of at most m-1 participants 19 Threshold Scheme Tradeoff between security and reliability according to the choice of m and n – Reliability measure • Target of denial of service attack : n-m+1 – Security measure • Target of compromising : m Good for distributed authentication 20 Emulation of Certificate Authority Each entity has a share of group key More than m entities can act as a certificate authority – local operation Each entity computes partial certificate out of partial secret Proactively update shares, and actively revoke any compromised ones 21 Still problem remains… Requires collaborative users – have to respond the partial certificate request anytime. Who can be a dealer? – Shares are given to principals in bootstrap phase (still base station?) 22 Password based public key infrastructure Prior context is assumed, so all participants share a weak secret. Extending Diffie-Hellman method to agree on stronger symmetric key among multiparties. 23 Password based public key infrastructure O(n) steps c1^S4 m1 g^S1 P(c1=g^S1bs2S3) g^S1S2S3 m2 m4 g^S1S2S3 g^S1S2S3 g^S1S2 m3 24 Password based public key infrastructure Need to communicate with all group members and select a leader Static group assumption 25 Self-organized public-key infrastructure Each user publishes its own certificate and some for others Each user maintains certificate repository, some issued by itself, rest by others. Trust graph : each user is a node, and an edge (u,v) denotes user u published certificate to v. 26 Self-organized public-key infrastructure 27 Self-organized public-key infrastructure How many certificates should be stored in the repository to cover all pairs in the ad hoc network? 2 n covers 95% Certificate neighbor may not be available at the trust graph construction time Tested on PGP trust graphs – does that represent ad hoc network properly? 28 No scheme is perfect yet Security issues in ad-hoc networks are converged into authentication problem without infrastructure, in peer-to-peer manner. The burden of CA is reduced, but still we need co-ordination 29
© Copyright 2026 Paperzz