1 / 25

Smartening the Environment using Wireless Sensor Networks in a Developing Country

Smartening the Environment using Wireless Sensor Networks in a Developing Country. SECRET: A Secure and Efficient Certificate Revocation Scheme for Mobile Ad Hoc Networks. Dieynaba Mall 1 , Karim Konaté 1 , and Al- Sakib Khan Pathan 2 1 Department of Mathematics and Computer Science,

keiki
Download Presentation

Smartening the Environment using Wireless Sensor Networks in a Developing Country

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smartening the Environment using Wireless Sensor Networks in a Developing Country SECRET: A Secure and Efficient Certificate Revocation Scheme for Mobile Ad Hoc Networks Dieynaba Mall1, Karim Konaté1, and Al-Sakib Khan Pathan2 1Department of Mathematics and Computer Science, UniversitéCheikh Anta Diop de Dakar, Dakar, Senegal 2Department of Computer Science, International Islamic University Malaysia, Kuala Lumpur, Malaysia Presented By: Al-SakibKhan Pathan

  2. Outline of This Presentation • Introduction • Motivation and Objectives • The proposed scheme • Analysis – security and performance • Future research directions ISBAST 2014, 26-27 August 2014, KL, Malaysia

  3. Introduction • In Mobile Ad hoc Networks (MANETs), the nodes maintain the network by communicating among themselves without any particular centralized entity. • Due to the nature of wireless communication, MANETs are more vulnerable. • Key management is used for secure communication • Key distribution is mainly discussed • Key revocation is also critical ISBAST 2014, 26-27 August 2014, KL, Malaysia

  4. Motivation Behind This Work • Most of the proposed certificate revocation schemes in MANET present many insufficiencies: • Vulnerable to various types of attacks and do not guarantee efficient resource utilization. • Only digital signature-based schemes addressed resource-efficiency. However, the cost associated with using such operations is still substantially higher than that of symmetric cryptographic operations. • Signature-based broadcast authentication protocols are vulnerable to DoS (Denial of Service) attacks. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  5. Objective and Overview • We propose an enhanced and efficient certificate/key revocation scheme for Mobile Ad hoc Networks (MANETs). • Specific contribution: Our key revocation scheme is based on the scheme presented in the following work (identity based approach): • K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report 9 2009-15, Centre for Applied Cryptographic Research, March 2009. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  6. Objective and Overview • Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address. • Two main issues are addressed in our work: • Vulnerability against various attacks • Resource consumption / Resource-efficiency ISBAST 2014, 26-27 August 2014, KL, Malaysia

  7. Building Blocks of Our Scheme • We adapt and modify the work of Hoeper and Gong. • Employ the HEAP protocol as the underlying broadcast authentication scheme: • R. Akbani, T. Korkmaz, and G. V. S. Raju., “HEAP: hop-by-hop efficient authentication protocol for Mobile Ad-hoc Networks,” Proc. of the 2007 spring simulation multiconference - Volume 1 (SpringSim '07), Vol. 1. Society for Computer Simulation International, 2007, San Diego, CA, USA, pp. 157-165. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  8. Security Assumptions • We assume a PKI (Public Key Infrastructure)-based system with an external trusted certificate authority, CA (Certification Authority). • We consider that each node can communicate with this trusted CA before joining the network and can obtain a unique public key certificate signed by the CA as well as the authentic public key of the CA. • A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  9. Security Assumptions (Cntd.) • All direct communication links between nodes are bidirectional and each node has an implemented monitoring scheme. • Each node knows its one-hop neighbors - this is necessary to assure a complete distribution of shared keys. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  10. Proposed Scheme • Our proposal comprises of three algorithms • Before presenting the algorithms, let us know, • All the mathematical notations and their meanings • Certificate Revocation Lists (CRLs) ISBAST 2014, 26-27 August 2014, KL, Malaysia

  11. Mathematical Notations TABLE 1. LIST OF NOTATIONS FOR CERTIFICATE REVOCATION SCHEME ISBAST 2014, 26-27 August 2014, KL, Malaysia

  12. Certificate Revocation Lists • Each node icreates a certificate revocation list CRLi for any of its known nodes j such that j∈Ni. • This list can be represented by a matrix with dimensions (Ωi,Ωi+3) as shown below: ISBAST 2014, 26-27 August 2014, KL, Malaysia

  13. Our Revocation Scheme • We use: • Certificate revocation lists instead of key revocation lists, and • The HEAP protocol as broadcast authentication scheme. Hence, shared keys are used to secure accusation messages. The combination gives significant advantage over the previous approach. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  14. Our Revocation Scheme (Ctnd.) • Algorithm 1: Neighborhood Watch • In this algorithm, each node i monitors its one-hop neighbors. Whenever it observes a suspicious neighborj∈Ni,1, it sets and creates a neighborhood watch message nwi with: MAC - Message Authentication Code ISBAST 2014, 26-27 August 2014, KL, Malaysia

  15. Our Revocation Scheme (Ctnd.) • where, , containing ; • certi is the serial number of i’s certificate; • hopcountensures that the message reaches all nodes in m-hop distance. Initially, node i sets hopcount = m. • index is the index number related to this message and used to prevent replay attacks. • and are the different MACs computed each for a one-hop neighbor according to the New Step 2 in the paper. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  16. Our Revocation Scheme (Ctnd.) • Algorithm 2: Propagate • This algorithm is triggered by Algorithms 1 and 3. After creating an accusation message which can be neighborhood watch message nwi or update message umi, the nodes securely propagate accusations to their one-hop neighbors. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  17. Our Revocation Scheme (Ctnd.) • Algorithm 3: Update CRL • This algorithm describes how the node i updates its own revocation list CRLi according to the received accusation message. • Node i prepares an update message umi for all of its one-hop neighbors j∈Ni,1 with: where M contains the parameters as noted before. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  18. Security Analysis • The use of HEAP as authentication scheme provides a foundation. • With HEAP, our revocation scheme can authenticate every single packet in every single hop. Hence, it can combat • replay, impersonation, DoS, man-in-the-middle, wormhole attacks, etc. • In addition, HEAP offers some level of protection against insider attackers who try to forge packets and impersonate other insiders. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  19. Security Analysis (Ctnd.) • Our scheme defends against a wide range of insider attacks by using intelligent techniques, security, and system parameters (in Table 1). • Protection against: • Sybil attack • Dropping accusations • Attempt to modify accusations • Moving to a new neighborhood whenever accusation account approaches threshold • Collusion of nodes ISBAST 2014, 26-27 August 2014, KL, Malaysia

  20. Performance Analysis TABLE 2 [16] K. Hoeper and G. Gong, Monitoring-Based Key Revocation Schemes for Mobile Ad Hoc Networks: Design and Security Analysis. Technical Report 9 2009-15, Centre for Applied Cryptographic Research, March 2009. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  21. Performance Analysis • With our approach, • the memory space required to store the required information slightly increases due to the storage of certificate of each one-hop neighbor. • the computational overhead generated by an accusation message in our solution remains the same as the one associated with the proposal in [16] ISBAST 2014, 26-27 August 2014, KL, Malaysia

  22. Performance Analysis • With our approach, • to disseminate an accusation message to the one-hop neighborhood, a node i just needs to execute one broadcast. Thus, compared to the method in [16], our solution considerably reduces the communication overhead associated to the propagation of accusations. • Note that in [16], due to the use of pairwise pre-shared secret keys ki,j, to propagate an accusation, it is required to unicast the associated message to each one-hop neighbor. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  23. Final Words and Overall Gains • Security and performance analyses show that our approach ensures • good protection against a wide range of attacks launched by outsiders • Also, insider attacks in a cost-effective way since our scheme offers smaller overheads. • Future work is to investigate applicability of the scheme for other networks and possibly, to further reduce complexity. ISBAST 2014, 26-27 August 2014, KL, Malaysia

  24. THANK YOU ISBAST 2014, 26-27 August 2014, KL, Malaysia

  25. Questions and Answers Any query should be directed to sakib.pathan@gmail.com , sakib@iium.edu.my ??? For More Information: http://staff.iium.edu.my/sakib/ ISBAST 2014, 26-27 August 2014, KL, Malaysia

More Related