Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R."— Presentation transcript:

1 Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R. Lyu Proceedings 2nd International Workshop on Mobile Distributed Computing (MDC'04), Tokyo, Japan, March 23-26 2004

2 Dept. of Computer Science & Engineering, CUHK2 Outline  Introduction  Related Work  Models  Security Operations  Simulation Results  Conclusion

3 Dept. of Computer Science & Engineering, CUHK3 Mobile Ad Hoc Networks  Infrastructure-less  Multi-hops  Wireless communications  Highly mobile  Dynamic topology  Vulnerable to security attacks

4 Dept. of Computer Science & Engineering, CUHK4 Introduction  Certificate-based approach  Fully distributed manner  Detect false public key certificates  Isolate dishonest users  Propose a secure, scalable and distributed authentication service  Assure correctness of public key certification

5 Dept. of Computer Science & Engineering, CUHK5 Related Work  Traditional network authentication solutions rely on physically present, trust third-party servers, or called certificate authorities (CAs).  Partially-distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes.  Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node.

6 Dept. of Computer Science & Engineering, CUHK6 Related Work (Cont.)  Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web of trust is established.  Self-issued certificates issue certificates by users themselves without the involvement of any certificate authority.

7 Dept. of Computer Science & Engineering, CUHK7 Our Work  Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes  An originally trust-worthy node may become malicious all of a sudden due to the invasion of hackers  Prevent nodes from obtaining false public keys of the others  Based on a network model and a trust model  Security operations include public key certification and trust value update

8 Dept. of Computer Science & Engineering, CUHK8 Architecture  Network Model Clustering-based network model for obtaining a hierarchical organization of the network  Trust Model Trust model with an authentication metric to maintain the trust values of different nodes  Security operations To detect and isolate malicious nodes

9 Dept. of Computer Science & Engineering, CUHK9 The Network Model  Obtain a hierarchical organization  Minimize the amount of storage for communication information  Optimize the use of network bandwidth  Direct monitoring capability is limited to neighboring nodes  Allow the monitoring work to proceed more naturally  Improve network security

10 Dept. of Computer Science & Engineering, CUHK10 The Network Model (Cont.)  Obtaining a hierarchical organization of a network is a well-known and well-studied problem  Related Clustering Techniques Weight-based clustering algorithms Max-Min D-cluster formation Weakly-connected dominating set Adaptive maintenance Zonal algorithm Location-aware clustering

11 Dept. of Computer Science & Engineering, CUHK11 The Network Model (Cont.)  The network is divided into different regions  Each region with similar number of nodes  Each of the group has a unique group ID

12 Dept. of Computer Science & Engineering, CUHK12 The Trust Model  Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority  Use digital signatures as the form of introduction. Any node signs another's public key with its own private key to establish a web of trust  There is no need for any trust root certificates  Rely only on direct trust and groups of introducers in certification

13 Dept. of Computer Science & Engineering, CUHK13 The Trust Model (Cont.)  Authentication in ad hoc network without centralized authorities generally depends on a path of trust intermediates.  To evaluate the trusts from the recommendation of other reliable entities, the relying node should be able to estimate the trustworthiness of these entities  Many metrics have been proposed to evaluate the confidence afforded by different paths  Related approaches include metrics for directed graph, PGP ’ s three levels of trust, and path independence

14 Dept. of Computer Science & Engineering, CUHK14 The Trust Model (Cont.)  Define the authentication metric as a continuous value between 0.0 and 1.0  A direct trust is the trust relationship between two nodes in the same group  A recommendation trust is the trust relationship between nodes in different groups  Apply some equations to calculate and combine the trust values of the trust relationships on different paths  Update the trust tables accordingly

15 Dept. of Computer Science & Engineering, CUHK15 Assumptions  There is an underlying clustering algorithm in the network  Nodes are divided into groups with unique IDs  Each node keeps exchanging information about which groups the other nodes belong to  Each node is able to monitor the behavior of its group members and obtain their public keys  Each node keeps a trust table for storing trust values of other nodes

16 Dept. of Computer Science & Engineering, CUHK16 Security Operations  Public key certification It allows a node to obtain the public key of another node securely A node sends request messages to certain number of introducers for the public key certificates of the target node  Trust value update It updates the trust value of a node based the trust values and relationships built up with other nodes in the network

17 Dept. of Computer Science & Engineering, CUHK17  Authentication in our network relies on the public key certificates signed by some trustable nodes, called introducers i 1, i 2, …, i n  A trust path is formed by a recommendation trust relationship and a direct trust relationship Public Key Certification

18 Dept. of Computer Science & Engineering, CUHK18 Operations of Node  Select introducers  Send request messages to introducers  Collect and decrypt the messages  Compare the certificates, isolate dishonest nodes  Calculate trust value of the new node

19 Dept. of Computer Science & Engineering, CUHK19 Trust Value Update  Direct trust relationship means to believe an entity in its capability with respect to the given trust class  Recommendation trust expresses the belief in the capability of an entity to decide whether another entity is reliable in the given trust class and in its honesty when recommending third entities  s denotes the requesting node  t denotes the target node  Nodes i 1, i 2, …, i n are the introducers  Each V s, i* and V i*, t form a pair to make up a single trust path from s to t

20 Dept. of Computer Science & Engineering, CUHK20 Trust Value Update (Cont.)  Compute the new trust relationship from s to t of a single path  Combine trust values of different paths to give the ultimate trust value of t  Insert trust value V com to the trust table of s

21 Dept. of Computer Science & Engineering, CUHK21 Simulation Set-Up  Network simulator Glomosim  Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Simulation Parameters Network# of nodes40 # of groups4 % of trustable nodes at initialisationp % of malicious nodesm Public key request Max # of introducers for each request3 Min # of reply for each request1 SimulationTime10000s # of query cycles20 # of requests per cycle40

22 Dept. of Computer Science & Engineering, CUHK22 Metrics  Successful rate % of public key requests that lead to a correct conclusion  Failure rate % of public key requests that lead to an incorrect conclusion  Unreachable rate % of public key requests that cannot be made due to not enough number of introducers

23 Dept. of Computer Science & Engineering, CUHK23 Ratings to % of Malicious Nodes

24 Dept. of Computer Science & Engineering, CUHK24 Comparison on Successful Rate

25 Dept. of Computer Science & Engineering, CUHK25 Comparison on Failure Rate

26 Dept. of Computer Science & Engineering, CUHK26 Conclusions  We developed a trust- and clustering-based public key authentication mechanism  We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values  We defined the network model as clustering-based  The proposed authentication protocol involved new security operations on public key certification, update of trust table, discovery and isolation on malicious nodes  We conducted security evaluation  We compared with the PGP approach to demonstrate the effectiveness of our scheme

Download ppt "Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R."

Similar presentations

Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Presented by: Vijay Kumar.

Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Presented by: Vijay Kumar.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Similar presentations

Ads by Google