Download presentation

Presentation is loading. Please wait.

Published byEmiliano Tryon Modified over 2 years ago

1
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009

2
Wireless Trends Phones – Always on (Bluetooth, WiFi) – Background apps New hardware going wireless – Cars, passports, keys, … 2

3
Peer-to-Peer Wireless Networks 3 1 1 Message Identifier 2 2 Share information with other users Authenticate message sender Certificate

4
Examples 4 Urban Sensing networks Delay tolerant networks Peer-to-peer file exchange MiFi Social networks

5
Anonymity Problem 5 Adversary can track activities of pseudonymous users Passive adversary monitors identifiers used in peer-to-peer communications Message Julien Freudiger Julien Freudiger Certificate Pseudonym

6
6 Reputation Privacy Anonymous Authentication

7
Previous Work (1) Multiple Pseudonyms 7 [1] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004 Message Pseudonym 1 Certificate 1 + Simple for users - Costly for operator (pseudonym management) - Limited privacy - Sybil attacks Pseudonym 2 Pseudonym 3 Pseudonym 4 Certificate 2 Certificate 3 Certificate 4 Nodes change pseudonyms

8
Previous Work (2) Group Signatures + Good anonymity - Central management - Traceable 8 [2] D. Boneh, X. Boyen and H. Shacham. Short Group Signatures. Crypto, 2004 [3] D. Chaum and E. van Heyst. Group Signatures. EuroCrypt, 1991 Message Group Identifier Group Certificate Central Authority Central Authority

9
+ No need for infrastructure + Exploit inherent redundancy of mobile networks - Privacy? New Approach Self-Organized Anonymity 9 Message Random Identifier Random Identifier Many Certificates Network-generated privacy

10
Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 10

11
Cryptographic Primitive Ring Signatures Procedure 1.Select a set of pseudonyms (including yours) in a ring 2.Sign messages with ring Properties – Anonymity: Signer cannot be distinguished – Unlinkable: Signatures cannot be linked to same signer – Setup free: Knowledge of others’ pseudonym is sufficient Anonymous authentication: Member of ring signed the message 11 [4] R. L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. Communications of the ACM, 2001

12
Ring Signatures Explained 12 v z = + EkEk + EkEk + EkEk + EkEk … … + y 1 =g( ) y 2 =g( ) x s =g -1 ( ) y r-1 =g( ) y 0 =g( ) x0x0 x1x1 x2x2 ysys x r-1 y s =g( ) xsxs k=H(m) v is the glue value x i are random values

13
Ring Construction in MANETs Nodes record pseudonyms in rings of neighbors – Store pseudonyms in history – Node i creates ring by selecting pseudonyms from with strategy Rings are dynamically and independently created 13

14
Illustration 14 1 1 3 3 4 4 2 2 6 6 5 5 t 1 : S 1 = [] R 1 = [P 1 ] t 2 : S 1 = [2, 3, 4] R 1 = [P 1, P 2, P 4 ] t 3 : S 1 = [2, 3, 4, 6] R 1 = [P 1, P 4, P 6 ]

15
Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 15

16
Anonymity Adversary should not infer user i from R i 16 …Pj……Pj… …Pj……Pj… PiPi PiPi User i RiRi Attack: Given all rings, adversary can infer most probable ring owner

17
Anonymity Analysis Bipartite graph model is set of nodes is set of pseudonyms is set of edges 17 Captures relation between nodes and rings

18
Attacking Ring Anonymity (1) Example 18 Find a perfect matching: Assignment of nodes to pseudonyms

19
Attacking Ring Anonymity (2) Analysis Find most likely perfect matching – Weight edges – Max weight perfect matching Bayesian inference – A priori weights – A posteriori weights Entropy metric 19

20
Optimal Construction Maximize anonymity 20 Theorem: Anonymity is maximum iif Graph is regular All subgraphs are isomorphic to each other

21
Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 21

22
Validation of Theoretical Results LEDA C++ library for graph manipulation 10 nodes K=4 (ring size) 22 u1u1 u1u1 Random graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 K-out graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 Regular graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 ……

23
Entropy Distribution of Random Graphs with edge density p 23

24
Minimum & Mean Entropy Distribution for Random and Regular Graphs 24

25
Entropy distribution of random, K-out and regular graphs 25

26
Fraction of matched nodes for various graph constructions 26

27
Evaluation in Mobile Ad Hoc Network 100 nodes K=4 (ring size) Static – Learn pseudonyms as far as graph connectivity allows – Select pseudonyms randomly Mobile: Restricted Random Waypoint – Least popular: Select leas popular pseudonyms – Most popular: Select most popular pseudonyms – Random: Randomly select pseudonyms 27

28
Average Anonymity Set size over time 28 Least Random Static Mobile

29
Conclusion Self-organized anonymous authentication – Network generated anonymity – Analysis with graph theory Results – Regular constructions near optimal – K-out constructions perform well – Mobility helps anonymity – Knowledge of popularity of pseudonyms helps 29

30
Future Work Stronger adversary model – Active adversary Self-Organized Location Privacy – Linkability Breaks Anonymity 30

31
BACKUP SLIDES 31

32
Compute Weights A priori weight Probability of an assignment Probability of an assignment given all assignments A posteriori weight of an edge between u i and p j 32

33
Revocation Keys can be black listed using traditional CRLs Misbehaving nodes can be excluded by revoking all keys in a ring – Nodes can reclaim their key to CA – Nodes misbehaving several times would be detected Accountability of group of users 33

34
Cost Computation overhead Transmission overhead – Group of prime order q – q = 283 (128-bit security), M = log2(q) 34

35
CDF of the average anonymity set size 35

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google