1 / 27

Edith C.H. Ngai and Michael R. Lyu

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation. Edith C.H. Ngai and Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong 5 Jun 2006

gambhiri-naveen
Download Presentation

Edith C.H. Ngai and Michael R. Lyu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R. Lyu Department of Computer Science and EngineeringThe Chinese University of Hong Kong 5 Jun 2006 The IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2006)

  2. Outline • Introduction • Related Work • Architecture and Models • Trust- and Clustering-Based Authentication Service • Simulation Results • Conclusion Dept. of Computer Science & Engineering, CUHK

  3. Mobile Ad Hoc Network • An ad-hoc network (of wireless nodes) is a temporarily formed network, created, operated and managed by the nodes themselves. • It is also often termed an infrastructure-less, self-organized, or spontaneous network. Dept. of Computer Science & Engineering, CUHK

  4. Mobile Ad Hoc Network • Connected with wireless communication • Dynamic Topology • Nodes are often mobile • Vulnerable to security attacks • Applications • Military: for tactical communications • Rescue missions : in times of natural disaster • Commercial use: for sales presentations or meetings Dept. of Computer Science & Engineering, CUHK

  5. Vulnerabilities • Security in wireless ad hoc network is hard to achieve due to the vulnerabilities of its links, limited physical protection, and the absence of centralized management point • Unlike conventional networks, nodes of ad hoc networks cannot be secured in locked cabinets • Risk in being captured and compromised • Wireless communications are vulnerable to eavesdropping and active interference Dept. of Computer Science & Engineering, CUHK

  6. Security Mechanisms • Popular network authentication architecture include X. 509 standard and Kerberos systems • Pretty Good Privacy (PGP) functions by following a web-of-trust model and using digital signatures • Authentication service establishes the valid identities of communicating nodes • In reality, a node may turn from trustworthy to malicious under a sudden attack • We provide a secure authentication service that can defend against malicious nodes Dept. of Computer Science & Engineering, CUHK

  7. Related Work • Partially-distributed certificate authority byZhou and Hass • Mobile Certificate Authority (MOCA) by Yi and Kravets • Fully-distributed certificate authority by Kong et. al. Dept. of Computer Science & Engineering, CUHK

  8. Related Work • Pretty Good Privacy (PGP) • following a web-of-trust authentication model • Self-issued certificatesby Hubaux et. al. • distribute certificates by users themselves without the involvement of any certificate authority Dept. of Computer Science & Engineering, CUHK

  9. Our Work • Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes • Prevent nodes from obtaining false public keys of the others • Engage a network model and a trust model • Design security operations including public key certification, identification of malicious nodes, and trust value update Dept. of Computer Science & Engineering, CUHK

  10. Trust- and Clustering-Based Authentication Service Architecture Dept. of Computer Science & Engineering, CUHK

  11. The Network Model • Clustering-based network model obtains a hierarchical organization of a network • Limit direct monitoring capability to neighboring nodes • Allow monitoring work to proceed more naturally • Improve network security Dept. of Computer Science & Engineering, CUHK

  12. The Trust Model • This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust • Define the authentication metric as a continuous value between 0.0 and 1.0 • Define a direct trust relationship as the trust relationship between two nodes in the same group and a recommendation trust as the trust relationship between nodes of different groups. Dept. of Computer Science & Engineering, CUHK

  13. Clustering Structure Maintenance • Maintain a balanced clustering structure for supporting our trust model and security operations • Adapt to the mobility of nodes • Handle leave and join of nodes from one cluster to another • Each node requests for the cluster ID of its neighboring nodes periodically • In each cycle, a node collects this information and updates its cluster ID Dept. of Computer Science & Engineering, CUHK

  14. Clustering Structure Maintenance A node joins the neighbouring cluster with minimum size only if it leaves the original cluster or the sizes of the neighbouring clusters are not within a certain range Dept. of Computer Science & Engineering, CUHK

  15. Evolution of Cluster Size It keeps balance cluster sizes Dept. of Computer Science & Engineering, CUHK

  16. Authentication Service Selects a number of trustable nodes as introducers • Public key certification • Identification of malicious nodes • Trust value update Sends out request messages to introducers Collects and compares all the public key certificates received Selects the public key of t with majority votes Discovers malicious introducer? Isolates malicious introducer Calculates trust value of t Updates trust table Dept. of Computer Science & Engineering, CUHK

  17. Public Key Certification • Authentication in our network relies on the public key certificates signed by some trust-worthy nodes • Nodes in the same group always know each other better by means of their monitoring components and their short distances • Every node is able to request for the public key certificates of other new nodes • Nodes in the same cluster are assumed to know each other by means of their mutual monitoring components Dept. of Computer Science & Engineering, CUHK

  18. Public Key Certification • We focus on public key certification, wheres and t belong to different groups • Nodes, which are in the samecluster as t and have already built up a trust relationshipwith s, can be introducers Dept. of Computer Science & Engineering, CUHK

  19. Public Key Certification Send request to neighbors if target node in same cluster Send request to introducers if target node in different cluster Dept. of Computer Science & Engineering, CUHK

  20. Identification of Malicious Nodes • Identify malicious neighboring nodes by monitoring their behaviors • Identify introducers who provide public key certificates different from the others • Identify a target node as malicious if the trust values provided from the introducers indicate that Dept. of Computer Science & Engineering, CUHK

  21. Trust Value Update Dept. of Computer Science & Engineering, CUHK

  22. Parameters Setting • Network simulator Glomosim • Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Dept. of Computer Science & Engineering, CUHK

  23. Simulation Metrics Possible Cases with 3 Introducers • Successful rate • Fail rate • Unreachable rate • False-positive error rate • False-negative error rate Dept. of Computer Science & Engineering, CUHK

  24. Effectiveness of Neighbor Monitoring Rates to No. of Cycles with n=40, r=100, (left) m=0.3 (right) m=0.7 Dept. of Computer Science & Engineering, CUHK

  25. ID Cases 0 Not enough Introducers 1 OOO 2 OOX 3 OXX 4 XXX 5 OO 6 OX 7 XX 8 O 9 X 10 No Reply Isolation of Malicious Nodes Rates to No. of Cycles with n=40, r=100, and Isolation of Suspicious Nodes in Cases 2,3,4,6,7 (left) m=0.3 (right) m=0.7 Dept. of Computer Science & Engineering, CUHK

  26. ID Cases 0 Not enough Introducers 1 OOO 2 OOX 3 OXX 4 XXX 5 OO 6 OX 7 XX 8 O 9 X 10 No Reply Isolation of Malicious Nodes Rates to No. of Cycles with n=40, r=100, and Isolation of Suspicious Nodes in Cases 2,4,7 (left) m=0.3 (right) m=0.7 Dept. of Computer Science & Engineering, CUHK

  27. Conclusions • We developed a trust- and clustering-based public key authentication mechanism • We defined a clustering-based network model with a balanced structure and a trust model that allows nodes to monitor and rate each other with quantitative trust values • The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation of malicious nodes • We conducted security evaluation to demonstrate the effectiveness of our solution Dept. of Computer Science & Engineering, CUHK

More Related