Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Similar presentations


Presentation on theme: "Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009."— Presentation transcript:

1 Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009

2 Wireless Trends Phones – Always on (Bluetooth, WiFi) – Background apps New hardware going wireless – Cars, passports, keys, … 2

3 Peer-to-Peer Wireless Networks Message Identifier 2 2 Share information with other users Authenticate message sender Certificate

4 Examples 4 Urban Sensing networks Delay tolerant networks Peer-to-peer file exchange MiFi Social networks

5 Anonymity Problem 5 Adversary can track activities of pseudonymous users Passive adversary monitors identifiers used in peer-to-peer communications Message Julien Freudiger Julien Freudiger Certificate Pseudonym

6 6 Reputation Privacy Anonymous Authentication

7 Previous Work (1) Multiple Pseudonyms 7 [1] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004 Message Pseudonym 1 Certificate 1 + Simple for users - Costly for operator (pseudonym management) - Limited privacy - Sybil attacks Pseudonym 2 Pseudonym 3 Pseudonym 4 Certificate 2 Certificate 3 Certificate 4 Nodes change pseudonyms

8 Previous Work (2) Group Signatures + Good anonymity - Central management - Traceable 8 [2] D. Boneh, X. Boyen and H. Shacham. Short Group Signatures. Crypto, 2004 [3] D. Chaum and E. van Heyst. Group Signatures. EuroCrypt, 1991 Message Group Identifier Group Certificate Central Authority Central Authority

9 + No need for infrastructure + Exploit inherent redundancy of mobile networks - Privacy? New Approach Self-Organized Anonymity 9 Message Random Identifier Random Identifier Many Certificates Network-generated privacy

10 Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 10

11 Cryptographic Primitive Ring Signatures Procedure 1.Select a set of pseudonyms (including yours) in a ring 2.Sign messages with ring Properties – Anonymity: Signer cannot be distinguished – Unlinkable: Signatures cannot be linked to same signer – Setup free: Knowledge of others’ pseudonym is sufficient Anonymous authentication: Member of ring signed the message 11 [4] R. L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. Communications of the ACM, 2001

12 Ring Signatures Explained 12 v z = + EkEk + EkEk + EkEk + EkEk … … + y 1 =g( ) y 2 =g( ) x s =g -1 ( ) y r-1 =g( ) y 0 =g( ) x0x0 x1x1 x2x2 ysys x r-1 y s =g( ) xsxs k=H(m) v is the glue value x i are random values

13 Ring Construction in MANETs Nodes record pseudonyms in rings of neighbors – Store pseudonyms in history – Node i creates ring by selecting pseudonyms from with strategy Rings are dynamically and independently created 13

14 Illustration t 1 : S 1 = [] R 1 = [P 1 ] t 2 : S 1 = [2, 3, 4] R 1 = [P 1, P 2, P 4 ] t 3 : S 1 = [2, 3, 4, 6] R 1 = [P 1, P 4, P 6 ]

15 Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 15

16 Anonymity Adversary should not infer user i from R i 16 …Pj……Pj… …Pj……Pj… PiPi PiPi User i RiRi Attack: Given all rings, adversary can infer most probable ring owner

17 Anonymity Analysis Bipartite graph model is set of nodes is set of pseudonyms is set of edges 17 Captures relation between nodes and rings

18 Attacking Ring Anonymity (1) Example 18 Find a perfect matching: Assignment of nodes to pseudonyms

19 Attacking Ring Anonymity (2) Analysis Find most likely perfect matching – Weight edges – Max weight perfect matching Bayesian inference – A priori weights – A posteriori weights Entropy metric 19

20 Optimal Construction Maximize anonymity 20 Theorem: Anonymity is maximum iif Graph is regular All subgraphs are isomorphic to each other

21 Outline 1.Ring Signatures 2.Anonymity Analysis 3.Evaluation 21

22 Validation of Theoretical Results LEDA C++ library for graph manipulation 10 nodes K=4 (ring size) 22 u1u1 u1u1 Random graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 K-out graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 …… u1u1 u1u1 Regular graphs P1P1 P1P1 P2P2 P2P2 P 10 u2u2 u2u2 u 10 ……

23 Entropy Distribution of Random Graphs with edge density p 23

24 Minimum & Mean Entropy Distribution for Random and Regular Graphs 24

25 Entropy distribution of random, K-out and regular graphs 25

26 Fraction of matched nodes for various graph constructions 26

27 Evaluation in Mobile Ad Hoc Network 100 nodes K=4 (ring size) Static – Learn pseudonyms as far as graph connectivity allows – Select pseudonyms randomly Mobile: Restricted Random Waypoint – Least popular: Select leas popular pseudonyms – Most popular: Select most popular pseudonyms – Random: Randomly select pseudonyms 27

28 Average Anonymity Set size over time 28 Least Random Static Mobile

29 Conclusion Self-organized anonymous authentication – Network generated anonymity – Analysis with graph theory Results – Regular constructions near optimal – K-out constructions perform well – Mobility helps anonymity – Knowledge of popularity of pseudonyms helps 29

30 Future Work Stronger adversary model – Active adversary Self-Organized Location Privacy – Linkability Breaks Anonymity 30

31 BACKUP SLIDES 31

32 Compute Weights A priori weight Probability of an assignment Probability of an assignment given all assignments A posteriori weight of an edge between u i and p j 32

33 Revocation Keys can be black listed using traditional CRLs Misbehaving nodes can be excluded by revoking all keys in a ring – Nodes can reclaim their key to CA – Nodes misbehaving several times would be detected Accountability of group of users 33

34 Cost Computation overhead Transmission overhead – Group of prime order q – q = 283 (128-bit security), M = log2(q) 34

35 CDF of the average anonymity set size 35


Download ppt "Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009."

Similar presentations


Ads by Google