Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University."— Presentation transcript:

1 Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University

2 2 Outline Background Problem statement Related work Proposed scheme –Key Synchronization –Packet Retransmission Analysis, simulation and field test Summary

3 3 Background Mobile Ad Hoc Network (MANET) –A MANET consists of mobile platforms (e.g., a router with multiple hosts and wireless communications devices), which are free to move about arbitrarily. -- IETF RFC2501 –Characteristics of MANET No pre-determined infrastructure Ease of deployment Dynamic topologies (e.g., mobility, network partition ) Constrained resources (e.g., bandwidth, energy )

4 4 Background (Cont) Network access control –Not media access control –Who has the right to access the network Physical* Technical * Administrative * –Firewalls Conventional network Using network topology and service information * H. F. Tipton, Handbook of information security management

5 5 Problem Statement An attacker may inject “bogus” packets to consume the network resources, or insert itself into critical routes No mature access control scheme for MANET –more complicated due to open media and dynamic topology

6 6 Related Work DHCP Access Control Gateway Kerberos Distributed firewall Pebblenets Distributed access control scheme for consumer operated MANET LHAP

7 7 Related Work --Cont LHAP: a lightweight hop-by-hop authentication protocol for ad-hoc networks –Based on one-way key chain and TESLA –Hop-by-hop authentication –Each transmitted packet associated with a traffic key, –Receiver (or intermediate node) verifies to decide whether forward (accept) the packet C A B D S Cert &Commit S M, K F (i) S M, K F (I+1)

8 8 Proposed Scheme – cryptographic tools Group key agreement Group key distribution –Controller chooses key –Stateful vs. Stateless Stateless key distribution –Each user is assigned an unique set of personal keys –New key is encrypted with the personal keys only known to the legitimate users –Nice stateless property k1 k2 K 1- 2 K 3- 4 k3k3 k4 K 1- 4 M1M2M3M4

9 9 Proposed Scheme – underlying models Network model –All nodes come from one domain –A node’s access to the network is controlled by a domain manager (i.e., key manager) –Each node has a unique ID and a set of personal secret keys Attack model –Attackers inject packets to deplete the resources of node relaying the packets

10 10 Proposed Scheme - outline Basic idea –Cryptography-oriented (using group key) –Authenticate all the packets with a network- wide access control (group session) key. –Any “bogus” packet that has incorrect authentication information will be filtered out immediately. –As a result, illegitimate nodes will be excluded from communication (routes). pan wang:

11 11 Research challenges Two critical challenges –Synchronization of network access control key –Interaction between data transmission and key distribution If these two challenges can be solved, the proposed group key based network access control scheme will be done.

12 12 Key Synchronization Problem statement –A key update message may fail to propagate across MANET. Thus, two legitimate user may simultaneously hold different session key (lack of key synchronization)

13 13 Key Synchronization (Cont-1) An example of lack of key synchronization

14 14 Key Synchronization (Cont-2) Solution –Exploit the stateless feature of the proposed stateless group key distribution scheme –Each user buffers the key update message most recently received –Transmit the buffered message to the other users that are using old session keys

15 15 Key Synchronization (Cont-3) Scheme details –Proactive part Broadcast the buffered key update message every t time unites –Reactive part Send a key synchronization request, if a received packet has higher session ID Send the buffered key update message, if a received packet has a lower session ID

16 16 Key Synchronization (Cont-4) Illustration of the proposed key synchronization scheme B A S E F H J D C G I K M N L B A S E F H J D C G I K Broadcast M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M N L B A S E F H J D C G I K M L N Represents a node that has the most recent key

17 17 Key Synchronization (Cont-5) Security analysis (possible attacks) –Resource consumption via forged key update message Solution: lightweight authentication methods (One- way key chain & Merkle hash tree) –Resource consumption via forged data packet Constrained to one-hop –Logically partition MANET via refusing forwarding key update message Multiple paths, watchdog

18 18 Key Synchronization (Cont-6)  One-way key chain

19 19 Key Synchronization (Cont-7)  Merkle hash tree

20 20 Key Synchronization (Cont-8) Performance analysis –Rely on the adopted stateless group key distribution scheme –Storage One message –Computation –Communication Depends on t and number of users using an old key

21 21 Packet Retransmission Problem statement –The interaction between data transmission and key distribution. That is, in the case of a lack of key synchronization, a user may receives some (unverified) packets authenticated with a different session key.

22 22 Packet Retransmission (Cont-1) Possible options –Simply drop –Buffer and then verify –Synchronize the keys before sending every data packet All of them have serious drawbacks

23 23 Packet Retransmission (Cont-2) Proposed solution –Drop, synchronize keys, and then retransmit. –ACK mechanism –Unicast & broadcast

24 24 Algorithm of the proposed scheme

25 25 Packet Retransmission (Cont-3) Security analysis (possible attacks) –Resource consumption attack –Forged ACK message –Packet modification

26 26 Packet Retransmission (Cont-4) Performance analysis –Computation Authentication & verification Pentium 4 2.1 GHz processor * MD5 216.674 MB/s SHA-1 67.977 MB/s –Communication Retransmission rate

27 27 Simulation Evaluation The simulation modal –40/80 nodes randomly placed in a fixed area (a square of size 1km x 1km) –Random walk with a maximum speed 20m/s –Communication range 200m –2000 simulations, using different random number seeds

28 28 Simulation Evaluation (Cont-2) Average percentage of nodes which got the latest session key

29 29 Simulation Evaluation (Cont-3) Average percentage of nodes which got the latest session key

30 30 Simulation Evaluation (Cont-4)

31 31 Implementation Based on Netfilter Two daemons –Adopt the stateless scheme proposed by Liu & Ning

32 32 Field Test Test bed –One Dell P4 laptop with Linux 9.0 (kernel 2.4.20) –Two Compaq iPAQ 3970 PDAs with Familiar v0.7.2 (kernel 2.4.19-rmk-pxal-hh30) –Lucent Orinoco wireless cards Tests –Key distribution –User revocation –Packet authentication and verification –Key synchronization

33 33 Summary Network access control is an important issue for MANET Cryptography-oriented solution exploiting the stateless feature of stateless group key distribution scheme Simulation as well as functioning prototype indicates it practical and effective

34 34 Question

Download ppt "Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University."

Similar presentations

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,

Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez D. D. Perkins, H. D. Hughes, and C. B. Owen: ”Factors Affecting the Performance of Ad Hoc Networks”,
Multicast-Enabled Landmark (M-LANMAR) : Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yeng Lee, SW Lee Computer Science Dept University.

Multicast-Enabled Landmark (M-LANMAR) : Implementation and scalability YunJung Yi, Mario Gerla, JS Park, Yeng Lee, SW Lee Computer Science Dept University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.
1 A Novel Mechanism for Flooding Based Route Discovery in Ad hoc Networks Jian Li and Prasant Mohapatra Networks Lab, UC Davis.

1 A Novel Mechanism for Flooding Based Route Discovery in Ad hoc Networks Jian Li and Prasant Mohapatra Networks Lab, UC Davis.
Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.

Component-Based Routing for Mobile Ad Hoc Networks Chunyue Liu, Tarek Saadawi & Myung Lee CUNY, City College.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.
1 Internet Networking Spring 2006 Tutorial 3 Ad-hoc networks TBRPF (based on IETF tutorials on TBRPF)

1 Internet Networking Spring 2006 Tutorial 3 Ad-hoc networks TBRPF (based on IETF tutorials on TBRPF)

Similar presentations

Ads by Google