1 / 14

Establishing authenticated channels and secure identifiers in ad-hoc networks

Establishing authenticated channels and secure identifiers in ad-hoc networks. Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago) Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 ). Outline. Introduction Problem statement Solution Analysis and Discussion

torgny
Download Presentation

Establishing authenticated channels and secure identifiers in ad-hoc networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago) Source: IJNS review paper Reporter: Chun-Ta Li (李俊達)

  2. Outline • Introduction • Problem statement • Solution • Analysis and Discussion • Comments

  3. Introduction • Motivation • Establishing a secure communication channels between nodes in a wireless ad-hoc network • No trusted third party • No requirement to share a prior context • No out-of-band authentication channels • Proposing the use of secure identifiers • use the hash of the public key for the identifier of a node

  4. Problem statement • Given a set of nodes • To establish an authenticated network (AN) • For any given node j in the AN would satisfy the following property • Node i possesses the corresponding private key • Network layer functions are not available yet • radio broadcast in a wireless network // All nodes in the AN know the authentic public keys of all other nodes in the AN //

  5. Notations Identity model idi = hash(PKi) Message MSG(contents) Type of message JOIN, ACCEPT, UPDATE Public and private key PKi and SKi Digital signature SSK(M) Radio broadcast Sequence number copied from the last JOIN message from i (an integer) seqi Local time when the most recent message from node idi was seen timei Two columns of node j’s key table: the PK and seq column KeyTablej The set of (PK,seq) entries from j’s key table KeyTableDeltaj Solution

  6. Solution • Outline of protocol to establish authenticated channels

  7. Solution • 1. Send JOIN • A node i outside of an AN wants to join AN • If it is a member of another AN • sub-networks merges

  8. Solution • 2. Receive JOIN • First verify the validity of the digital signature • computes idi = hash(PKi) and check if there exists an entry with idi for node i in j’s key table • (a) idi entry does not exist  new entry should be added to key table  broadcast ACCEPT and UPDATE message • (b) idi entry does exist (idi =idk) • i. PKi≠ PKk and seqi < seqk discard JOIN message • ii. PKi= PKk and seqi < seqk discard JOIN message • iii. PKi= PKk and seqi>seqk seqk should be updated to seqi

  9. Solution • 3. Send ACCEPT • A node i that is not a member of AN • without an identifier conflict • Node j broadcast the ACCEPT message • 4. Receive ACCEPT (ANjoin+accept) • check the signature of the message • add entries from the KeyTable field of the ACCEPT message to its key table • broadcast an UPDATE message

  10. Solution • 5. Send UPDATE • A node that is a member of the ANjoin or ANaccept • New entries are added to the key table in the following cases • The KeyTableDelta field of the message should contain all the (PK,seq) pairs

  11. Solution • 6. Receive UPDATE • A node that is a member of ANjoin or ANaccept • check the signature of the message • add entries from the KeyTableDelta field to its key table • execute step 5 • 7. Key Timeout • Every node should maintain a timestamp associated with every entry in its key table • An entry should be deleted from the key table if the timestamp is order than a specified threshold value

  12. Analysis and Discussion • Security analysis • Against impersonation attacks • Digital signature and a node’s identity is bound to its public key • Against replay attacks • Use of sequence number • Sybil attack threat (an entity from generating multiple public, private key-pairs and multiple identities) • Reputation management approaches

  13. Analysis and Discussion • Complexity analysis • Overall Bootstrapping Cost – Broadcasts •  O(n2) // n be |AN| after JOIN operations • Overall Bootstrapping Cost – Message Space •  O(|AN|2) // N be the number of entries in the sender’s key table // M be the number of fresh entries in the sender’s key table

  14. Comments Evaluation of Paper: Confirmatory Recommendation: Accept after minor revision • The solution for establishing authenticated channels in ad-hoc network is simple • There are no notable problems found in this paper • Descriptions of Table 2 • 4 typos

More Related