Security in Mobile Ad-Hoc Networks Simon Skaria ICS, UC Irvine

1. Security in Mobile Ad-Hoc Networks Simon Skaria ICS, UC Irvine

2. What is Ad-Hoc? No infrastructure required Like Bluetooth, IR; Unlike 802.11 Each node can communicate with another node if within the radio range, or a pager node is available

3. Securing Ad-Hoc Networks Need to provide �Anywhere, Anytime� security services Dynamically changing network topologies Resource constrained units, normally Jittery channel, Easy to jam and intrude

4. Authentication in Ad-Hoc Networks Uses Certificate-Based approach Intrusion Resistant, not intrusion Free Distributes CA functionality in each neighborhood Self-Initialization protocol to handle dynamic node membership

5. Network Setting Dynamic wireless ad-hoc network with N networking hosts/entities Every entity i has a globally unique nonzero ID vi Entities roam freely in the network Number of entities, N may change over time

6. Security Assumption Scheme assumes one of the following An entity�s private key will not be exposed for a certain period of time, OR An entity�s ID, vi is not forgeable by the intruder

7. Locally Distributing CAs {SK, PK} denote the RSA Key pair of the System CA Secret is distributed using Shamir�s scheme Each entity vi holds a secret share Pvi and any K of such entities can collectively function the role of a CA

8. Individually, Maintains a public key pair Signed by CA (SK), contains Tsign, Texpire Used for Cipher-Key Exchange Message Privacy Message Integrity and Non-Repudiation

9. Enforcing Validity Implicit Certificate Revocation Certificate is considered invalid unless renewed within Trenew Explicit Certificate Revocation CRL of revoked certificates is maintained. An entry needs to be kept for Trenew amount of time

10. Basic Operations Involves local coalition of K share holders Secret Share Dealing Certification Services, and Secret Share Updates

11. Secret Share Dealing An entity vi obtains its secret share Pvi Bootstrapping phase Before K entities have joined the group Self-Initialisation phase Need a local coalition of K entities Centralized dealer is not needed any more

12. Certification Services

13. Secret Share Updates No adversary group having less than K collaborative adversaries can forge a certificate To resist gradual break-ins, secret share is updated periodically Update time is a system parameter

14. Certificate Revocation Over and above the implicit revocation scheme If vx�s certificate is compromised, a counter certificate <?vx , Tsign? > is flooded over the network Each node maintain a subset of counter-certificates within the past Trenew

15. Shamir�s Secret Sharing D is secret to be shared Lagrange polynomial F(x) = D + f1.x +�+ fk-1.xk-1 fis Chosen randomly Each entity holds a secret share Pvi = (f(vi) mod n)

16. Localized Certification Service

17. Interpolation over Z?(n) Problem! (Pvi .lvi(0) mod n) = t.n + d; 0?t?K X ? Xd mod n

18. Solution: Coalition Offsetting Y0, Product of the Signatures Received Z = M-n mod n j = 0; w = 1 while j ? K do Y = Y0.W mod n; W = W.Z mod n if (M ? Ye (mod n)) then break; j = j + 1;

19. Self-Initialization

20. Self-Initialization, in Practice Uninitialized node vx broadcasts request Each member selects a random nonce ID forms a partial order Encrypts with of the intended receiver The requester routes encrypted nonces Nonces are added to the partial secret share

21. Issues Padding used in RSA do not cancel each other Secret Share of a new entity in the self-initialization process How do you know the K-participating entities in Self-Initialization? K is not flexible