Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility."— Presentation transcript:

1 1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility

2 2 Some security activities in MICS Secure software, secure applications Tamper-proof device-based security Protocol analysis (WTLS) Zero-infrastructure security Mobility Vs Security : - Mobility helps security - Provable encounters Last Encounter Routing Immune mobile systems Cooperation issues : - In multi-hop cellular networks - In pure ad hoc networks IP1 IP4 IP6 IP8 Trust in peer-to-peer systems IP5 Business aspects of security in mobile networks IP10

3 3 Provable encounters claimant certifier 1. Encounter claimant verifier 2. Proof of encounter Verification is: a posteriori frequent Verification is: a posteriori frequent claimant : a node claiming that it has met another node at a given time t certifier : a node that certified the encounter with the claimant verifier : a node that verifies the encounter between two nodes - Two scenarios : - any-to-any (typically mobile ad hoc networks, where any node can be a claimant, a verifier and a certifier) - any-to-one (typically hybrid ad hoc networks, where mobile nodes play roles of claimants and certifiers, and base stations perform verification) - Two building blocks : - Distance bounding - Proving the time of encounter

4 4 Applications of provable encounters  Secure protocols based on last encounter (e.g., Last Encounter Routing)  Topology tracking in multi-hop cellular networks (e.g, for misbehaviour detection)  Any service requiring to prove previous encounters, including their distance (e.g., liability issues in road traffic)  Distributed robotics  Prevention of wormhole attacks  …

5 5 General assumptions  Loose synchronization of the nodes clocks  Abilities of each node :  Measure time with a nanosecond precision  Perform cryptographic operations (generate keys, check signatures, compute hash functions,…)  No GPS receivers, no system providing location information  Presence of a centralized authority (off-line or on-line): assigns a unique, certified identity to each node  All nodes share pairwise secret keys (other options are possible)  The claimant and the verifier always authenticate each other at verification time

6 6 Authenticated distance bounding Similar issue: the Chess Grandmaster Problem Solution: Distance-Bounding Protocols (Brands and Chaum, Eurocrypt 1993) Related problem: Wormhole Attacks in ad hoc networks Proposed solution: Packet leashes (Hu, Perrig and Johnson, Infocom 2003) (based on precise clock synchronization or on location awareness) Alice Secret communication channel Authentication protocol Damien Bernard Carole Authentication protocol Location 1 Location 2 Mafia Fraud Attack (Y. Desmedt, 1988) :

7 7 Mutual Authentication with Distance Bounding (MAD) (1/2)  Our solution: MAD  Improvements wrt Brands and Chaum’s proposal:  Avoid public key cryptography  rely on MAC computations  Both nodes can measure the distance to the other node simultaneously  Assumption: special hardware module in each node  Can temporarily take over the control of the radio transceiver from the CPU  Able to respond to a one-bit challenge with a one-bit response

8 8 Mutual Authentication with Distance Bounding (MAD) (2/2)

9 9 Guaranteeing Encounter Freshness (GEF) (meaning at or before time t) 1. Initialization (at each node) V0V0 V1V1 V2V2 VNVN H H H 2. Network operation : disclose the values V i in reverse order Cert Cl 1 V 96 2.1. Encounters : 1.1. Construct the hash chain : 1.2 Distribute V N to all other nodes 2.2. Verification (certifier authentication only, therefore called GEF-Ce) : Verif Cl 2 V 47 Cl 1 V 96 H N-47 (V 47 ) = V N ? Almost optimal hash sequence traversal: Coppersmith and Jakobsson, FC’02 If claimant authentication is also desired: each node produces n hash chains instead of one  GEF-CeCl Cl 2 V 47

10 10 Guaranteeing the Time of the Encounter (GTE) Purpose: The claimant can prove to the verifier that it met the certifier at the time t of the actual encounter (neither before nor later); Basic mechanism: only certifier authentication: GTE-Ce 1. Initialization Generation of N values (V 0 to V N ) Construction of the Merkle tree Deliver the root of the tree to all other nodes (in an authentic way) 2. Network operation 2.1 Encounters - At each time interval, the certifier broadcasts a V i with its siblings 2.2 Verification - Example : H(H(m 01 ||H(H(V 2 )||m 3 ))||m 47 ) = m 07 ?

11 11 The full solution : MAD + GTE-CeCl Encounter Proof of encounter

12 12 Attacks claimant certifier 1. Encounter claimant verifier 2. Proof of encounter Attack-Cl : deceive an honest verifier about previous encounters Attack-Ce : deceive a honest claimant about its identity or about the time of encounter Attack-V : deceive a honest verifier (to be met in the future) about previous encounters Attack-V : deceive a honest verifier (to be met in the future) about previous encounters

13 13 Resistance to attacks Resistant to Attacker-1-0 and Attacker-0-1 Resistant to Attacker-x-0 and Attacker-0-1 Resistant to Attacker-x-y Resistant to Attacker-1-0 and Attacker-0-1 Resistant to Attacker-x-0 and Attacker-0-1 Resistant to Attacker-x-y Resistant to Attacker-1-0 Resistant to Attacker-x-0 Resistant to Attacker-x-y GEF-Ce GTE-Ce GEF-CeCl GTE-CeCl With MAD Attack-Cl Attack-Ce Attack-V Other attacks: AttackClCe,… Attacker-x-y x : # owned nodes y : # compromised nodes Attacker-x-y x : # owned nodes y : # compromised nodes

14 14 Conclusion on Provable Encounters  Well-established cryptographic techniques can allow mobile nodes to prove their time and distance of encounters, at a very reasonable cost  Very first contribution to a novel and promising research area  Future work:  Study different mobility scenarios  Identify applications more precisely; examples: Single-hop wireless networks in which the Access Points are not (fully) trusted Intelligent Transport Systems S. Capkun, L. Buttyan, and J. P. Hubaux SECTOR : Secure Tracking of Node Encounters in Multi-hop Wireless Networks First ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), Washington, October 2003

15 15 Mobility helps security Infrared link (Alice, PuK Alice, XYZ) (Bob, PuK Bob, UVW) Visual recognition, conscious establishment of a two-way security association Secure side channel -Typically short distance (a few meters) - Line of sight required - Ensures integrity - Confidentiality not required Alice Bob Problem : how to bootstrap security in a mobile network without a central authority ?

16 16 Friends mechanism IR Colin Bob (Colin’s friend) Alice (Alice, PuK Alice, XYZ) Colin and Bob are friends: They have established a Security Association at initialisation They faithfully share with each other the Security Associations they have set up with other users Colin and Bob are friends: They have established a Security Association at initialisation They faithfully share with each other the Security Associations they have set up with other users

17 17 Mechanisms to establish Security Associations Friendship : nodes know each others’ triplets Exchange of triplets over the secure side channel Two-way SA resulting from a physical encounter i j i knows the triplet of j ; the triplet has been obtained from a friend of i ifjifjifjifjijij a) Encounter and activation of the Secure Side Channel b) Mutual friend c) Friend + encounter Note: there is no transitivity of trust (beyond your friends)

18 18 Pace of establishment of the security associations (1/2) - Depends on several factors: - Area size - Number of communication partners: s - Number of nodes: n - Number of friends - Mobility model and its parameters (speed, pause times, …) Established security associations : Desired security associations : Convergence :

19 19 Pace of establishment of the security associations (2/2)

20 20 Conclusion on Mobility Helps Security Mobility can help security in mobile ad hoc networks, from the networking layer up to the applications The proposed solution also supports re-keying The proposed solution can easily be implemented with both symmetric and asymmetric cryptography S. Capkun, J. P. Hubaux, and L. Buttyan Mobility Helps Security in Ad Hoc Networks Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003

21 21 Conclusion  Security in mobile and wireless networks is a major research area  MICS has pioneered the exploration of mobility Vs. security  MICS is strongly committed to make further fundamental contributions

Download ppt "1 Jean-Pierre Hubaux EPFL/School of Information and Communication Secure Mobility."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.

A Mobile Ad hoc Biosensor Network Muzammil KP S7,ECE Govt. Engg. College, Wayanad.
Hubaux Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Self-organization.

Hubaux Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Self-organization.
David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.

David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.

Security in Ad Hoc Networks Steluta Gheorghiu Universitat Politecnica de Catalunya Departament d’Arquitectura de Computadors.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.

Mini-Project 2006 Secure positioning in vehicular networks based on map sharing with radars Mini-Project IC-29 Self-Organized Wireless and Sensor Networks.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Cooperation between Nodes in Multi-Hop Wireless Networks Jean-Pierre Hubaux 1 Joint work with Naouel Ben Salem 1, Levente Buttyan 2, Srdjan Čapkun 1, Mark.

Cooperation between Nodes in Multi-Hop Wireless Networks Jean-Pierre Hubaux 1 Joint work with Naouel Ben Salem 1, Levente Buttyan 2, Srdjan Čapkun 1, Mark.

Similar presentations

Ads by Google