340 likes | 492 Views
Trust-Level Based Authentication Services in Mobile Ad Hoc Networks. MPhil Term 2 Presentation (Spring 2003) by Edith Ngai Advisor: Prof. Michael R. Lyu. Outline. Background Related Work Trust-Level Based Authentication Services Self-Initialization Certificate Renewal Future Work
E N D
Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation (Spring 2003) by Edith Ngai Advisor: Prof. Michael R. Lyu
Outline • Background • Related Work • Trust-Level Based Authentication Services • Self-Initialization • Certificate Renewal • Future Work • Discussion & Conclusion Department of Computer Science and Engineering, The Chinese University of Hong Kong
Background Mobile Ad Hoc Network • An ad hoc network is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected. • Nodes of ad hoc networks are often mobile, apply wireless communication (MANET) • Applications • Personal area networks • Military communications • Sensor networks • Disaster area networks Department of Computer Science and Engineering, The Chinese University of Hong Kong
Background Characteristics • Dynamic network topology • Limited physical security • Limited bandwidth • Energy constrained nodes • Natures of ad hoc networks make them vulnerable to security attacks • Passive eavesdropping • Denial of service attacks by malicious nodes • Attacks from compromised entities or stolen devices Department of Computer Science and Engineering, The Chinese University of Hong Kong
Background Vulnerabilities –Traditional network vs Ad hoc network • Wired network • Adversary must gain physical access to wired link • Adversary has to sneak through security holes at firewalls or routers • Ad hoc network • Wireless links give poor physical protection • Mobile nodes are capable of roaming independently • Decentralized management Department of Computer Science and Engineering, The Chinese University of Hong Kong
Background Key Management • Security in networks widely rely on key management mechanisms • Trust third party (TTP) is an entity trusted by all users and is often used to provide key management services • Certificate authorities (CA) is a public key management system responsible for issuing and revoking certificates • A certificate binds the identity of an entity to its public key Department of Computer Science and Engineering, The Chinese University of Hong Kong
Background Public Key Encryption • We use public key encryption to secure the network • It can obtain non-repudiation, confidentiality, integrity and authentication • Adversary can defeat the system by impersonation when entities are exchanging public keys, or alter the public file containing public keys • Public key cryptography requires the authenticity of public keys Department of Computer Science and Engineering, The Chinese University of Hong Kong
Related Work Related Work • Traditional network authentication solutions rely on TTP or CA • Popular network authentication architectures include X.509 and Kerberos. • Some model on hierarchical CAs • Ad hoc network is infrastructureless • No centralized server for key management Department of Computer Science and Engineering, The Chinese University of Hong Kong
Related Work Related Work • Pretty Good Privacy (PGP) is proposed following a web of trust authentication model. A node rely on trusted PGP users to introduce others • Threshold secret sharing can distribute the functionality of centralized CA server among a fixed group of servers • Proactive secret sharing can improve robustness by updating secret keys periodically Department of Computer Science and Engineering, The Chinese University of Hong Kong
Related Work Related Work • Partially distributed certificate authority • makes use of a (k,n) threshold scheme to distribute the services of CA to a set of specialized server nodes • requires rich network connectivity among group of servers • Fully distributed certificate authority • extends certificate services to every nodes and a threshold number of neighboring nodes can collaboratively act as a authentication server • requires enough neighboring nodes Department of Computer Science and Engineering, The Chinese University of Hong Kong
Related Work Related Work • Self-issued certificates • Issues certificates by users themselves without the involvement of any certificate authority • Any pair of users can find certificate chains to each other using their certificate repositories • Problem exists if certificates issued did not reach certain amont Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services Primitives • Adopt fully distributed certificate authorities approach • Combine the authentication services with trust level concept • Apply weighted threshold secret sharing instead of general threshold secret sharing scheme • Extend certificate services not limited to neighboring nodes using trust chains Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services Join into the network Request for a polynomial share With valid certificate state High increase in trust level Request for a certificate Yes Request for one more polynomial share No With valid certificate Certificate expires? Yes Certificate renewal Authentication Services Flowchart Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services Trust Model • A trust model defines how the nodes in the network trust each other • Past work on authentication services just define trust model to be - a node with valid certificate can be trusted in the network • We add in the concept of trust level • We define that each node keeps a trust value to each of its neighboring nodes Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services Trust-Level Concept • We define the trust value to be floating number between 0.0 and 1.0 • Trust value from node vj to node vi represents the level of trust that node vj towards vi • The value is based on the observation on node’s behavior • Generally, a node is believed to be trustable if its trust value is above the level of 0.5 Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services 0.3 0.5 0.6 0.9 0.3 0.9 0.7 r 0.6 0.4 0.6 0.8 0.4 r r Trust-Level Concept • Neighboring nodes received request message will check the trust level of the nodes send / forward it the message 2. Check trust levels 1. Send request message 3. Reply the message Department of Computer Science and Engineering, The Chinese University of Hong Kong
Trust-Level Based Authentication Services Assumptions • Each node has a unique ID • Each node can discover its one-hop neighbours • Communication link within one-hop neighbours is reliable. • The mobility is characterized by maximum node moving speed • Each node maintains a trust value to each neighbors • A node holds a limited number of polynomial shares • Trust values on a path can form a trust chain. Department of Computer Science and Engineering, The Chinese University of Hong Kong
Self-Initialization Node ID Share IDs 1 1, 2, …, c 2 c+1, c+2, …, 2c 3 2c+1, 2c+2, …, 3c … … k (k-1)*c+1, (k-1)*c+2, …, k*c … … n (n-1)*c+1, (n-1)*c+2, …, n*c Number of Polynomial Shares per Node • Each node holds a number of polynomial shares for initialization and certification • A node can hold maximum c shares • Each node and each share has a unique ID Department of Computer Science and Engineering, The Chinese University of Hong Kong
Self-Initialization Request for More Polynomial Share • A node gets 1 polynomial share when it joins the network • It can request for more polynomial share if its trust level is high enough some time later • A field “trust level increased” can be added in the reply message in certification • A node can make more contribution to certification and initialization if it holds more shares Department of Computer Science and Engineering, The Chinese University of Hong Kong
Self-Initialization Algorithm • Apply the localized self-initialization algorithm • A node vi broadcasts its request for a polynomial share • Nodes reply to vi with their partial shares • Let a1, a2, … ak be the polynomial share IDs received by vi, the corresponding polynomial share are Pa1, Pa2, … Pak Department of Computer Science and Engineering, The Chinese University of Hong Kong
Self-Initialization Algorithm • Each node calculates their partial share and return it to vi: Pj = Paj * Laj(ai) mod N wheremod N • By Lagrange Interpolation, vi can generate a new polynomial share Pai: Pai = f (ai) = Pa1*La1(ai) + Pa2*La2(ai) + … + Pak*Lak(ai) = = mod N Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal Trust level (vj to vi) No. of partial certificate vj to vi x<1/2 0 1/2<= x <½+1/4 1 ½+1/4<= x <½+1/4+1/8 2 … … ½+1/4+…1/(2^(K-1))<=x<½+1/4+…1/(2^K) K-1 ½+1/4+…1/(2^K)<=x<=1 K Number of Partial Certificate in Reply • Assume node vj holds K polynomial shares • Each share can sign one partial certificate • Trust level to no. of partial certificate Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal 1.0 1 2 3 …. Trust value (ranges from 0.0 to 1.0) 0 0.5 0.75 0.875 K Divisions of trust level Number of Partial Certificates in Reply • A node decide number of partial certificates to reply based on the trust level of the requesting node Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal k No. of shares a node holds Min. no. of nodes in a coalition Max. no. of nodes in a coalition 5 1 5 5 5 1-2 3 5 10 1 10 10 10 1-2 5 10 10 1-3 4 10 K 1-C K/C K Number of Nodes Required • Nodes may sign more partial certificates to a node with high trust level • No. of nodes required varies though no. of partial certificates required is fixed Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal vi v2 V2 V1 v1 Trust Relationship of Nodes • Certification is not limited to neighboring nodes with our trust level model • Nodes have never met can determine each other trustable or not by a trust chain • Trust values can be calculated to a single value with formula Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal V1\V2 0.3 0.6 0.9 0.3 0.1 0.24 0.49 0.6 0.19 0.42 0.75 0.9 0.27 0.56 0.87 vi v2 V2 V1 v1 Trust Relationship of Nodes • Formula we use: V1V2 = 1 - (1-V2)V1, where V1V2 represents the trust level from v1 to vi • Analysis on the formula • If V1 is high (v1 trusts v2), V1V2 will be closer to V2 (the view of trust from v2 to vi) ; vice versa Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal v1 v1 v2 v2 vi vi v3 0.8 v3 v4 v4 0.5 Trust relationship from arrow left to arrow right. Partial certificates in reply 1 v6 v6 0.9 2 v5 v5 Number of partial certificate in reply Trust values of different nodes Trust Relationship of Nodes Trust value (v5 to vi) = 0.90.8 = 1 - (1-0.8)0.9 = 0.765 Trust value (v6 to vi) = 0.50.8 = 1 - (1-0.8)0.5 = 0.553 Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal Algorithm • A node vi broadcasts certificate renewal request • Nodes vj sign partial certificates by their polynomial shares and reply to vi • Let the k polynomial shares involvedbe Pa1, Pa2, … Pak • The shares can generate partial certificates using the formula: CERTaj = (cert)Paj mod N Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal Algorithm • Upon receiving at least k such partial certificates, node vi picks k to form the coalition B • Suppose, vi chooses {CERTa1, CERTa2, … ,CERTak}, where a1,a2, …, ak are the IDs of the corresponding polynomial shares, candidate certificate can be generated: CERT’aj = (CERTaj)Laj(0) mod N where mod N • vi then multiplies {CERT’a1, CERT’a2, … ,CERT’ak}, CERT’ =mod N • vi can employ K-bounded coalition offsetting algorithm to recover its new certificate CERT Department of Computer Science and Engineering, The Chinese University of Hong Kong
Certificate Renewal I O I: input message received O: output message sent s1 s2 Protocol q0 qj Node makes the request q0: making a request w0: waiting for the replies c0: received k or more replies, request successes a0:received less than k replies, request fails Request? Request? Certj Request? w0 rj aj >=k(Certj) CERT0 < k(Certj) CERT0 c0 a0 cj Nodes received the request qj: receive a request rj: requesting node is trustable, send reply aj: requesting node is not trustable, no reply is sent cj:receive the new certificate from the requesting node Node makes the request Nodes receive the request Protocol on certificate renewal Department of Computer Science and Engineering, The Chinese University of Hong Kong
Future Work Future Work • Simulation will be carried out • To evaluate the performance of our authentication services • Possible simulators can simulate ad hoc networks are Ns-2, glomosim, etc • Main difficulty is how to modify the C++ and Otcl codes in Ns-2 for simulation Department of Computer Science and Engineering, The Chinese University of Hong Kong
Discussion Discussion • Trust-level concept • Formalizes the authentication services in network • Classifies the trust of nodes by levels • Allows weighted threshold secret sharing and trust chain be applied • Weighted threshold secret sharing • Speeds up collection of enough shares in certification and initialization • Nodes can make more contribution with high trust level • Coalition size decreases dynamically according to trust level of nodes • Trust chain • Allows nodes never met to determine the trust of each other • Reduces the problem of not enough neighboring nodes in certification and initialization Department of Computer Science and Engineering, The Chinese University of Hong Kong
Conclusion Conclusion • We studied the characteristics, vulnerabilities and key management techniques of mobile ad hoc networks • We proposed a scalable distributed authentication services to secure mobile ad hoc networks • We combined trust level concept and fully distributed CA approach to provide authentication services • We applied weighted threshold secret sharing scheme • We extended the services to non-neighboring nodes by trust chains • Simulation will be carried out in the future Department of Computer Science and Engineering, The Chinese University of Hong Kong
Q & A Department of Computer Science and Engineering, The Chinese University of Hong Kong