160 likes | 338 Views
A secure anonymous routing protocol with authenticated key exchange for ad hoc networks. Authors: R. Lu, Z. Cao, L. Wang, and C. Sun Sources: Computer Standards & Interfaces, article in press. Reporter: Chun-Ta Li ( 李俊達 ). Outline. Motivation
E N D
A secure anonymous routing protocol with authenticated key exchange for ad hoc networks Authors: R. Lu, Z. Cao, L. Wang, and C. Sun Sources: Computer Standards & Interfaces, article in press. Reporter: Chun-Ta Li (李俊達)
Outline • Motivation • SARPAKE (Secure Anonymous Routing Protocol with Authenticated Key Exchange) protocol • Comments 2
Motivation • Reactive routing (source-initiated on-demand driven) in privacy-vital environment • Anonymity • Authenticated key exchange into the routing algorithm
SARPAKE protocol • Notations
SARPAKE protocol (cont.) • Assumptions
SARPAKE protocol (cont.) • Path discovery phase
SARPAKE protocol (cont.) • Path reverse phase
SARPAKE protocol (cont.) • Data transfer phase
Comments • Security weakness in data transfer phase (non-repudiation is not achieved) (replay attack) [C||CH] [C||CH] Node S Node 1 Node 2 Node D [C’||CH’] C = [M]SK, h=H(C) CH = EPK1(tag#, h) C = [M]SK, h=H(C) CH = EPK2(tag#, h) Intruder C’ = [M’]SK’, h’=H(C’) CH’ = EPKD(tag#, h’) // No one can accuse that Node 2 is guilty because all of nodes are capable of forging this fake messages //
Comments • Even assumption 4 is used, anonymity might not be achieved (Assume that attacker can collect all the communication messages over ad hoc networks and tag# is public)
Comments // Assume that the involved nodes for a specific route are trusted // • Improvement (path discovery phase) || Nonce0n (tag# , Nn, Nonce0n, ?, null, T0)LRT0 (tag# , Nn-1, null, ?, null, Ti)LRTi (tag# , Nn-2, null, ?, null, Tn-1)LRTn-1 (tag# , Nn-1, null, N0, Nonce0n, Tn)LRTn
Comments • Improvement (path reverse phase) Node S Node 1 Node 2 Node D (tag# , NS, NonceS1, N2, Nonce12, T1)LRT1 (tag# , N2, Nonce2D, NS, NonceSD, TD)LRTD CS = EPKS(tag#, NonceS) C2 = EPK2(tag#, Nonce2) CD = EPKS(M ||NonceSD+1) CD = EPKS(M||NonceSD+1) [CD||C1] [CD||CS] [CD||C2] (tag# , N1, Nonce12, ND, Nonce2D, T2)LRT2 (tag# , 0, NonceSD, N1, NonceS1, TS)LRTS C1 = EPK1(tag#, Nonce1) M = DSKS(CD) CD = EPKS(M ||NonceSD+1)
Comments • Improvement (data transfer phase) Node S Node 1 Node 2 Node D C = [M||NonceSD+2]SK, h=H(C||NonceS1+1) CH = EPK1(tag#, h) [C||CH] [C||CH] [C||CH] C = [M]SK, h=H(C||Nonce12+1) CH = EPK2(tag#, h) C = [M]SK, h=H(C||Nonce2D+1) CH = EPKD(tag#, h) H(C||Nonce2D+1) ?= h M||NonceSD+2 = DSK(C)
Comments session key table Node S: KS1, KS2, KSD Node 2: K2S, K21, K2D Node 1: K1S, K12, K1D Node D: KDS, KD1, KD2 • An efficient and secure routing protocol for providing anonymous channel and key exchange in ad hoc networks packet packet packet Node S Node 1 Node 2 Node D hS = H(tag#, KSD) MS = [tag# ||S||D||X=gx||NonseSD) CS = EKSD(MS) packet = [tag# ||hop||hS||CS) (tag# ,ND,NonceSD,?,null,TS)LRTS (tag# ,NS,null,?,null,T1)LRT1 (tag# ,N1,null,?,null,T2)LRT2 hD = H(tag#, KDS) hD ?= hS (tag# ,N2,?,NS,NonceSD,TD)LRTD
Comments • Path reverse phase Node S Node 2 Node D Node 1 session key SK=Xy=gxy MD = [tag# ||S||D||Y=gy||NonceSD+1) CD = EKDS(MD) C2 = EKD2(tag#||Nonce2D) [1||CD||CS] [2||CD||C1] [D||CD||C2] (tag# ,ND, NonceSD,N1, NonceS1,TS)LRTS (tag# ,NS, NonceS1,N2, Nonce12,T1)LRT1 (tag# ,N1, Nonce12,ND, Nonce2D,T2)LRT2 DKSD(CD) to verify NonceSD+1 DK12(C1) to recover tag# DK2D(C2) to recover tag# CS = EK1S(tag#|| NonceS1) C1 = EK21(tag#|| Nonce12) session key SK=Yx=gxy
Comments (cont.) • Data transfer phase Node S Node 1 Node 2 Node D C = ESK(M||NonceSD+2), h=H(C|| NonceS1+1) CH = ES1(tag#||h) [S||C||CH] Verify H(C|| NonceS1+1)?=h h=H(C|| Nonce12+1) [1||C||CH] CH = E12(tag#||h) Verify H(C|| NonceS1+1)?=h h=H(C|| Nonce2D+1) [2||C||CH] CH = E2D(tag#||h) Verify H(C|| Nonce2D+1)?=h M||NonceSD+2 = DSK(C)