Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) Srdjan Čapkun joint work with Jean-Pierre Hubaux.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) Srdjan Čapkun joint work with Jean-Pierre Hubaux."— Presentation transcript:

1 1 Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) Srdjan Čapkun joint work with Jean-Pierre Hubaux and Levente Buttyàn + {srdan.capkun, jean-pierre.hubaux}@epfl.ch, buttyan@hit.bme.hu Mobility Helps Security in Ad Hoc Networks + Now with Laboratory of Cryptography and Systems Security (CrySyS) Department of Telecommunications Budapest University of Technology and Economics

2 2 Does mobility increase or reduce security ? Mobility is usually perceived as a major security challenge Wireless communications Unpredictable location of the user/node Sporadic availability of the user/node Higher vulnerability of the device Reduced computing capability of the devices However, very often, people gather and move to increase security Face to face meetings Transport of assets and documents Authentication by physical presence - In spite of the popularity of PDAs and mobile phones, this mobility has not been exploited to provide digital security - So far, client-server security has been considered as a priority (e-business) - Peer-to-peer security is still in its infancy

3 3 Two scenarios - Mobile ad hoc networks with a central authority - off-line or on-line authority - nodes or authorities generate keys - authorities certify keys and node ids - authorities control network security settings and membership - Fully self-organized mobile ad hoc networks - no central authority (not even in the initialization phase !) - each user/node generates its own keys and negotiates keys with other users - membership and security controlled by users themselves trust CA trust Fully self organized Authority-based

4 4 Secure routing requirements and assumptions - A network controlled by the central authority - All security associations established between all nodes prior to protocol execution - The most stringent assumption: Routes are established between nodes with which a source and the destination have security associations Secure routing proposals - Securing Ad Hoc Routing Protocols, Zappata, Asokan, WiSe, 2002 - Ariande, Hu, Perrig, Johnson, MobiCom 2002 - Secure Routing for Ad Hoc Networks, Papadimitratos, Haas CNDS, 2002 - A Secure Routing Protocol for Ad Hoc Networks, Sanzgiri et al. ICNP, 2002 - SEAD, Hu, Perrig, Johnson, WMCSA 2002 i j m

5 5 Key management in Ad Hoc networks Solutions proposed so far (not exhaustive) Providing. Robust and Ubiquitous Security Support for MANETs (threshold cryptography, cooperation) UCLA: Kong et al., ICNP 2001 Key Agreement in Ad Hoc Networks (shared password) Asokan and Ginzboorg, Computer Communications 2000 Securing Ad Hoc Networks (1999) (threshold cryptography, servers) Cornell: Zhou and Haas, IEEE Network 1999 Ariadne (Key distribution with on-line servers) Hu et al., Mobicom 2002 Self-organized Public-Key Management for Mobile Ad Hoc Networks (certificate chains) EPFL: Capkun et al., TMC 2003 SUCV (Montenegro and Castelluccia) NDSS 2002 CAM (O'Shea and Roe) ACM Computer Communications Review 2001

6 6 Routing – security interdependence Routing can not work until security associations are set up. Security associations can not be set up via multi-hop routes because routing does not work Existing solutions: - Preloading all pairs of keys into nodes (it makes it difficult to introduce new keys and to perform rekeying) - On-line authentication servers (problematic availability and in some cases routing-security inter-dependence, rekeying) - CAM, SUCV i j

7 7 Mobility helps security of routing { A, PuK A } Wireless channel - Typically long distance - No integrity - No confidentiality  PuKCA A B Certificate that binds B’s Public key with his id, issued and signed by the central authority - Each node holds a certificate that bind its id with its public key, signed by the CA { B, PuK B }  PuKCA

8 8 Establishment of security associations The establishment of security associations within the power range breaks the routing-security interdependence cycle

9 9 Discussion: advantages of the mobility approach (1) - Mobile ad hoc networks with authority based security systems - breaks the routing-security dependence circle - automatic establishment of security associations - no user involvement - associations can be established in power range - only off-line authorities are needed - straightforward rekeying

10 10 Fully self-organized scenario Infrared link (Alice, PuK Alice, XYZ) (Bob, PuK Bob, UVW) Visual recognition, conscious establishment of a two-way security association Secure side channel -Typically short distance (a few meters) - Line of sight required - Ensures integrity - Confidentiality not required Alice Bob

11 11 Two binding techniques Binding of the face or person name with his/her public key : by the Secure Side Channel, the Friend mechanism and the appropriate protocols Binding of the public key with the NodeId XYZ : by CAM or SUCV Assumption: static allocation of the NodeId: NodeId = h(PuK) G. O’Shea and and M. Roe: Child-proof authentication for IPv6 (CAM) ACM Computer Communications Review, April 2001 G. Montenegro and C. Castelluccia: Statistically unique and cryptographically verifiable (SUCV) identifiers and addresses. NDSS 2002 G. O’Shea and and M. Roe: Child-proof authentication for IPv6 (CAM) ACM Computer Communications Review, April 2001 G. Montenegro and C. Castelluccia: Statistically unique and cryptographically verifiable (SUCV) identifiers and addresses. NDSS 2002

12 12 Friends mechanism IR Colin Bob (Colin’s friend) Alice Colin and Bob are friends: They have established a Security Association at initialisation They faithfully share with each other the Security Associations they have set up with other users Colin and Bob are friends: They have established a Security Association at initialisation They faithfully share with each other the Security Associations they have set up with other users

13 13 Mechanisms to establish Security Associations Friendship : nodes know each others’ triplets Exchange of triplets over the secure side channel Two-way SA resulting from a physical encounter i j i knows the triplet of j ; the triplet has been obtained from a friend of i ifjifjifjifjijij a) Encounter and activation of the SSC b) Mutual friend c) Friend + encounter Note: there is no transitivity of trust (beyond your friends)

14 14 Discussion: advantages of the mobility approach (2) - Fully self-organized mobile ad hoc networks - There are no central authorities - Each user/node generates its own public/private key pairs - (No) trust transitivity - Intuitive for users - Can be easily implemented (vCard) - Useful for setting up security associations for secure routing in smaller networks or peer-to-peer applications - Requires some time until network is fully secure - User/application oriented

15 15 Pace of establishment of the security associations - Depends on several factors: - Area size - Number of communication partners: s - Number of nodes: n - Number of friends - Mobility model and its parameters (speed, pause times, …) Established security associations : Desired security associations : Convergence :

16 16 Mobility models - Random walk - discrete time - simple, symmetric random walk - area: Bounded and toroid grids (33x33, 100x100, 333x333) - number of nodes: 100 - Random waypoint - most commonly used in mobile ad hoc networks - continuous time - area size: 1000m x1000m - max speed: 5m/s, 20m/s - pause time: 5s, 100s, 200s - security power range: 5m (SSC), 50m 100m (radio) - Common simulation settings - simulations are run 20 times - confidence interval: 95% p=1/5

17 17 (Restricted) random waypoint  8  Any point on the plane If  =0  Regular random waypoint mobility model Restricts the movement of nodes to a set of points with a predefined probability - area size: 1000m x1000 m - max speed: 5m/s, 20m/s - pause time: 5s, 100s, 200s - restriction probability: 0.1, 0.5, 1 - number of restriction points: 20

18 18 Size matters t M =O(NlogN)

19 19 Friends help (f+1)

20 20 Security range matters

21 21 Meeting points help

22 22 Pause time

23 23 Conclusion and future work Conclusion Mobility can help security in mobile ad hoc networks, from the networking layer up to the applications Mobility “breaks” the security-routing interdependence cycle The pace of establishment of the security associations is strongly influenced by the area size, the number of friends, and the speed of the nodes The proposed solution also supports re-keying The proposed solution can easily be implemented with both symmetric and asymmetric crypto Current/future work Closed-form expression for the pace of establishment of security associations with random walk mobility Application of our scheme to secure routing protocols Key revocation Improved scalability Better mobility models http://www.terminodes.org http://lcawww.epfl.ch/hubaux

Download ppt "1 Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) Srdjan Čapkun joint work with Jean-Pierre Hubaux."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.

Stimulation for Cooperation in Ad Hoc Networks: Beyond Nuglets Levente Buttyán, Jean-Pierre Hubaux, and Naouel Ben Salem Swiss Federal Institute of Technology.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.

How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Hubaux Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Self-organization.

Hubaux Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Self-organization.
David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.

David B. Johnson Rice University Department of Computer Science DSR Status Update Monarch Project 55th.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Security Improvement for Ad Hoc Wireless Network Visal Kith ECE 695 05/05/2006.

Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 5: Establishment of security.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 5: Establishment of security.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
1 Key Establishment in Ad Hoc Networks Part 1 of 2 S. Capkun, JP Hubaux.

1 Key Establishment in Ad Hoc Networks Part 1 of 2 S. Capkun, JP Hubaux.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM.

SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM.

Similar presentations

Ads by Google