360 likes | 521 Views
Xiaodong Lin, Rongxing Lu, Haojin Zhu, Pin-Han Ho, Xuemin Shen , Zhenfu Cao. ASRPAKE: An Anonymous Secure routing protocol with authenticated key exchange for wireless ad-hoc networks. Outline.
E N D
Xiaodong Lin, Rongxing Lu, Haojin Zhu, Pin-Han Ho, XueminShen, Zhenfu Cao ASRPAKE: An Anonymous Secure routing protocol with authenticated key exchange for wireless ad-hoc networks
WINC- Paper Summary Outline
In MANET, network is very dynamic and there is no fixed infrastructure, and each node is a host and router in the same time. In this environment; nodes may not have sufficient protection from malicious attacks. So providing security and anonymity in such environment is not a straightforward task. WINC- Paper Summary Problem Statement
Because establishing anonymous secure route in a MANET is not a trivial work as that in wired network. Why? • To protect the network from snare attack • What is the snare attack? How harmful could it be? WINC- Paper Summary Motivation
Providing anonymous route between source and destination with the integration of authenticated key exchange mechanisms to the routing algorithm design. WINC- Paper Summary Main Contribution
Group Authentication mechanism where the verifier can be convinced that the message was signed by one member of a certain group WINC- Paper Summary Anonymous Authenticated Key Agreement Protocol Any node can assign the message on behalf of a set of member including himself Node need to authenticate a message that came from a certain group
WINC- Paper Summary Anonymous Authenticated Key Agreement Protocol
Elliptic Curve (E): Where over Zp • p is a large prime number • E(Zp) group for the set of solutions (x,y) ϵZpХZp • A generator point P = (xp,yp) it’s order is a large prime number over E(Zp) • So A subgroup G over E(Zp) is constructed WINC- Paper Summary Ring Authentication Algorithm (Terminology)
Signers U = {U1 , U2, …….,Un } Have a private key X = {x1, x2, …….,xn} xiϵZ*q Have a public key Y = {x1P, x2P, …….,xnP} Choose a secure hash function H: G X G→ Z*q WINC- Paper Summary Ring Authentication Algorithm (Terminology)
WINC- Paper Summary Ring Authentication Algorithm(Ring Sign Algorithm) 1- Ri = aiP 2- Choose random a ϵ Z*q 3- Compute if Ru = O or Ru = Ri for some I not equal U, go to step 2 else go to step 4 4- Compute 5- signature of xP → (R1,…Rm,Y1,….Ym,σ)
WINC- Paper Summary Ring Authentication Algorithm(Verifier Sign Algorithm) • 1- Compute for all 1 ≤ i ≤ m • 2- Check the equation Proof:
WINC- Paper Summary Ring Authentication Algorithm(Anonymous authenticated key agreement protocol) Alice Bob xP xP, R1 …….Rm ,Y1,….Ym,σ yP yP, R1 …….Rm ,Y1,….Ym,σ k = x(yP) k = y(xP)
WINC- Paper Summary Secure Routing Protocol • System Formulation • Local neighborhood table • Local Route Table • Description of Protocol • The key pre-distribution phase • Neighborhood Discovery phase • Route Discovery Phase • The Route Reverse Phase • Data Forwarding Phase
Offline security manager (SM) for identity check and private key redistribution • <G1,G2,e^,q,G,Ppub,H1,SIDA> • Where G1: an additive group of prime order q • G2 Multiplicative group with same order • G1 X G1→ G2 be the bilinear pairing • H1: {0,1}* → G1 (hash function • S is master key; Ppub = sG (public key for SM) • IDA: is the ID of A; QIDA = H1(IDA); SIDA = s QIDA WINC- Paper Summary Secure Routing ProtocolKey Distribution phase
A→* : n1,xP N1→A; n2,yP, R’1 …….R’m ,Y’1,….Y’m,σ’, MACsk(N1_addr||n1||n2) A→N1 : R1 …….Rm ,Y1,….Ym,σ, MACsk(A_addr||n1||n2); sk = xyP If authentication succeeded; insert |A_Addr|xyP|TN1|, |N1_Addr|xyP|TA| in A,N1 neighborhood table successfully. WINC- Paper Summary Secure Routing ProtocolNeighbor Discovery Phase
Step1 • S generates its unique sequence number src_seq# • Rt_seqno = H(S_Addr||src_seq#) • Select random number a ϵ [1,p-1] to compute ga and H(ga||Ksd||0) • Ksd=e^(H(IDD),SIDs), H(.): one cryptographic hash function. • Then source(S) makes Ms Such that Ms = [IDs,IDD,ga, H(ga||Ksd||0)] • IDD : real identity of D • IDS : real identity of S • Cs=E(EID MS); using IBE scheme. • ARREQ=<rt_seqno,HopCount,Cs> WINC- Paper Summary Secure Routing ProtocolRoute Discovery Phase
In the End: • S adds the entry |rt_seqno|IDD|N|A|?|TS| • First field records the route sequence number • Second field records the real identity of the destination • Third field Upstream node (not applicable in the source) • Fourth field Downstream node • Fifth field is the timer of the route WINC- Paper Summary Secure Routing ProtocolRoute Discovery Phase
Step2 • Upon receiving ARREQ • Check if it is from one of its trusted neighbor nodes based on its sender’s address.(Reject|Accept) • Check for duplicate ARREQ • Check if the node is the destination by decypting CS with the private key of the node. If it has a meaning then I am the destination. • If not broadcast ARREQ after checking that (HopCount--) ≥ 0 WINC- Paper Summary Secure Routing ProtocolRoute Discovery Phase
Step2 • If the node is the receiver, it parse IDD ,ga , H(ga||KSD||0) • KSD = e^(H(IDD),SIDs) = e^(H(IDs),SIDd), so destination authenticate the source S. WINC- Paper Summary Secure Routing ProtocolRoute Discovery Phase
Step1 • D makes MD = [IDs,IDD,gb, H(gb||Ksd||1)] • CD = EIDs(MD) ARREP =<rt_seqno,CD,MACKDIn(rt_seqno,CD)> SKSD = (ga)b. WINC- Paper Summary Secure Routing ProtocolRoute Reverse Phase
Step2 • Any node receives the ARREP it check the MAC • It search rt_seqno if found it continues else it stop • It looks to the upstream of the next node in the route table and create new hash for sequence number and encrypted. • And then it forward to the next node. WINC- Paper Summary Secure Routing ProtocolRoute Reverse Phase
Step3 • When the sender receive the message it checks the MAC • Then it check the rt_seqno, if found it continue else it stops • In the entry found S updates the successor field along with the timer field. • Then use its private key to decrypt message and pase IDD ,gb , and H( gb||KSD ||1) which must be equal H( gb||e^(H(IDD),SIDs)||1) WINC- Paper Summary Secure Routing ProtocolRoute Reverse Phase
S begin to send data to D • Use the session key to encrypt data • Examine the route table to find the downstream node. • It encrypts rt_seqno with the session key between it and the downstream node (RI) and calculate and MAC of the message using the same key • And it sends (RI ,C,MAC KSI1(C)) WINC- Paper Summary Secure Routing ProtocolData Forwarding Phase
A node may be compromised, then the compromised node may be used to lure a VIN to communicate with then the adversary can easily intercept and eavesdrop any transmission in the network, so the adversary may identify the physical location of the VIN by analyzing some routes. • How can we solve this problem? WINC- Paper Summary Snare AttackVery Important node (VIN)
A node may be compromised, then the compromised node may be used to lure a VIN to communicate with then the adversary can easily intercept and eavesdrop any transmission in the network, so the adversary may identify the physical location of the VIN by analyzing some routes. • How can we solve this problem? WINC- Paper Summary Snare AttackVery Important node (VIN)
Decoy: a person or advice used as a source of distraction. In MANET, several nodes can serve as Decoys in order to protect the VIN VIN chooses n nodes to be decoys D1 to Dn Each decoy shares a secret key with the VIN When VIN receives a request from a legitimate user S, V may randomly choose one Decoy Di to answer this request and asks Di to establish an active route corresponding to the request. WINC- Paper Summary Decoy MechanismVery Important node (VIN)
To do that MV = [IDS,IDV,gb, H(gb||KSV||1)] SKSV = gab DRREP=<ESi(IDDi,IDS,rt_seqno,MV,SKSV),HopCount> Any decoy node will try to decrypt with session key. Decoy node will encrypt Mv with source public key after receiving DRREP Then it form ARREP =<rt_seqno,CV,MACKDIn(rt_seqno,CV)> WINC- Paper Summary Decoy MechanismVery Important node (VIN)
First • ASRPAKE maintains the end to end anonymity of a route provided that not all the intermediate nodes along the route are in collusion. • Secondly, • We can examine the security of ASRPAKE in terms of the following mechanisms • Known session key security • Forward Secrecy • No key compromise impersonation • No unknown key share WINC- Paper Summary Anonymous and Security Analysis
Limitations • All the intermediate nodes must be in collusion. • If the network was very dynamic, I think this routing table, because this scheme not converge • An offline security manager must be exist which is not an applicable in a self-configurable network WINC- Paper Summary SLOWStrengths, Limitations, Opportunities, Weaknesses
Strengths • They modify anonymous authenticated key agreement protocol to provide a security level on demand by tuning number of chosen signing group. • They introduce the decoy mechanism and the snare attack. WINC- Paper Summary SLOWStrengths, Limitations, Opportunities, Weaknesses
Weakness • They didn’t explain how the snare attack actually route. • They didn’t justify the timers fields in the route table or neighbor table, how they must be tuned to gain high performance. • They didn’t analyze the complexity of their algorithms nor providing the overhead of anonymous property w.r.t to normal routing WINC- Paper Summary SLOWStrengths, Limitations, Opportunities, Weaknesses
Opportunities • Improve route efficiency while preserving the security and anonymity(author suggestion) • Modify the scheme to relax the assumption that all the intermediate nodes are in collusion. WINC- Paper Summary SLOWStrengths, Limitations, Opportunities, Weaknesses
In this paper they have done the following • Proposed a ring anonymous authenticated key agreement protocol • Then an anonymous security routing protocol • Then they introduce a snare attack and proposed the decoy mechanism to defend against this attack WINC- Paper Summary Summary
WINC- Paper Summary Feel free to ask any question? Any Questions ?
ASRPAKE: An Anonymous Secure routing protocol with authenticated key exchange for wireless ad-hoc networks WINC- Paper Summary Reference
WINC- Paper Summary Thank you