Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Published byAmber Meachum Modified over 9 years ago

Similar presentations

Presentation on theme: "Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE."— Presentation transcript:

1 Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2006 Presenter: Hsin-Ruey, Tsai

2 Introduction Related work Design goals and system models IKM design Performance evaluation

3 Introduction MANET: Mobile ad hoc network Infrastructureless, autonomous, stand-alone wireless networks. Key management: Serverless Two intuitive symmetric-key solutions: 1. Preload all the nodes with a global symmetric key. 2. Let each pair of nodes maintain a unique secret that is only known to those two nodes.

4 Use public-key certificates to authenticate public keys by binding public keys to the owners’ identities. Preload each node with all the others’ public-key certificates prior to network deployment. Certificate-based cryptography(CBC) Drawbacks: network size, key update is not in a secure, cost-effective way.

5 ID-based cryptography(IBC) Eliminate the need for public key distribution and certificates. Master-key All/some are shareholders ID-based private keys collaboratively issues Drawbacks: 1. Compromised nodes more than threshold number, 2. Key update is a significant overheads, 3.How to select the secret sharing parameters, 4.No comprehensive argument about the advantages of IBC-based schemes over CBC-based ones.

6 ID-based key management (IKM) A novel construction method of ID-based public/ private keys. Determining secret-sharing parameters used with threshold cryptography. Simulation studies of advantages of IKM over CBC-based schemes. Node-specific  not jeopardize noncompromised nodes’ private keys Common element  efficient key updates via a single broadcast message Each node’s public key and private key is composed of a node-specific, ID-based element and a network-wide common element. IKM has performance equivalent to CBC-based schemes, denoted by CKM while it behaves much better in key updates. Identify pinpoint attacks against shareholders.

7 Introduction Related work Design goals and system models IKM design Performance evaluation

8 Related work CBC and (t, n) threshold cryptography N is number of nodes. t N N nodes CA’s public key Divided into n shares CA’s private key D-CA Certificate generation and revocation t D-CAs Tolerate the compromise of up to (t-1) D-CAs The failure of up to (n-t) D-CAs

9 Pairing Technique p, q be two large primes G 1 a q-order subgroup of the additive group of point of E/F p G 2 a q-order subgroup of the multiplicative group of the finite field F* p^2 e : G 1 *G 1 → G 2 Bilinear: For all P, Q, R, S belong to G 1, Consequently, for all a, b belong to Z* q e(aP, bQ)=e(aP, Q)^b= e(P, bQ)^a=e(P, Q)^ab e(P+Q, R+S)= e(P, R) e(P, S) e(Q, R)e(Q, S)

10 Introduction Related work Design goals and system models IKM design Performance evaluation

11 Design goals MANETs should satisfy the following requirements: 1. Each node is without attack originally. 2. Compromise-tolerant. 3. Efficiently revoke and update keys of nodes. 4. Be efficient because of resource-constrained.

12 Network & Adversary Model Network Model: special-purpose, single-authority MANET consisting of N nodes. Adversary Model: 1. Only minor members are compromised/disrupted. 2. Can’t break any of the cryptographic primitives. 3. Static adversaries. 4. Exhibit detectable misbehavior. Assumption that adversaries can compromise at most (t-1) D-PKGs and can disrupt no more than (n-t) D-PKGs (n is number of D-PKG, t is the threshold number)

13 Introduction Related work Design goals and system models IKM design Performance evaluation

14 Network Initialization PKG generates the paring parameters (p, q, e) and selects an generator W of G 1. H 1 : hash function maps binary strings to nonzero elements in G 1. K p 1,K p 2 : belong to Z* q and are master-secretes. W p 1 =K p 1 W, W p 2 =K p 2 W PKG preloads parameters (p, q, e, H 1, W, W p 1, W p 2 ) to each node while K p 1,K p 2 should never be disclosed to any single node.

15 Secret Sharing Enable key revocation and update. PKG performs a (t, n)-threshold secret sharing of K p 2. (t nodes number of threshold) (n D-PKGs ) (N nodes) PKG n D-PKGs distributes functionality to n D-PKGs reach threshold t PKG preloads to D-PKG: (verifiable) t elements Lagrange interpolation Lagrange coefficient K P 2 can then be reconstructed by computing g(0) with at least t elements.

16 Generation of ID-Based Public/Private Keys node-specificphase-specific Our IKM is composed of a number of continuous, nonoverlapping key update phases, denoted by p i for 1 i < M, where M is the maximum possible phase index. p i is associated with a unique binary string, called a phase salt, salt i Vary across key- update phases Remain unchanged and be kept confidential to A itself Due to the difficulty of solving the DLP in G 1, it is computationally infeasible to derive the network mastersecrets KP1 and KP2 from an arbitrary number of public/private key pairs Cannot deduce the private key of any noncompromised node.

17 Key Revocation Misbehavior Notification B accuses A timestamp shared key with V communication overheadresilient

18 Key Revocation Revocation Generation If over thresholddiagnose joint efforts of t D-PKGs t D-PKGs in with smallest IDs (leader) generates partial revocation revocation leader accumulated all the D-PKGs in generates partial revocation sends revocation leader D-PKGs sends the accumulated accusations response after verify accusation Complete revocation

19 Key Revocation Partial revocations Complete revocation Revocation leader denote the t D-PKGs participating in revocation generation It is possible that one or several members of A are unrevoked compromised nodes which might send wrongly computed partial revocations. Revocation leader check If not equivalent Check each node Floods to each node

20 Key Revocation If D-PKGs in do not receive a correct revocation against A in a certain time revocation leader itself is a compromised node second lowest ID succeeds as the revocation leader As long as there is at least one noncompromised D-PKG in and there are at least t noncompromised D-PKGs in, a valid accusation against node A can always be generated.

21 Key Update Public key: Private key: (B just performs two hash operations) needs the collective efforts of t D-PKGs in randomly selects (t-1) other nonrevoked D-PKGs send request these t D-PKGs including Z itself A generate a partial common private-key element check

22 Key Update To propagate securely to all the nonrevoked nodes, we use a variant of the self-healing group key distribution scheme : set of nodes revoked until phase p i Z broadcasts maximum number of compromised nodes PKG picks M distinct degree polynomials, denoted by and M distinct degree polynomials is a point on E=F p, its x-coordinate can be uniquely determined from its y-coordinate. Key-Update Parameters Revoked node

23 IKM design Choosing Secret-Sharing Parameter t, n They can only do is to attempt to compromise or disrupt randomly picked nodes with the expectation that those nodes happen to be the D-PKGs. Compromise and disrupt up to N c >=t and N d >=n-t+1 nodes P r c and P r d as the probabilities that at least t out of N c compromised nodes and (n-t+1) out of N d disrupted nodes happen to be D-PKGs

24 Introduction Related work Design goals and system models IKM design Performance evaluation

25 CKM vs IKM GloMoSim, a popular MANET simulator, on a desktop with an Intel P4 2.4GHz processor and 1 GB memory

26 Performance evaluation

Download ppt "Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Cryptography and Network Security

Cryptography and Network Security
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1 Complexity of Network Synchronization Raeda Naamnieh.

1 Complexity of Network Synchronization Raeda Naamnieh.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 90321019 王怡君.

Sec final project A Preposition Secret Sharing Scheme for Message Authentication in Broadcast Networks 王怡君.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google