Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Information Networking Group (WING) Securing Wireless Ad Hoc Networks: An ID-Based Cryptographic Approach Yuguang “Michael” Fang, Professor JSPS.

Published byLambert Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Information Networking Group (WING) Securing Wireless Ad Hoc Networks: An ID-Based Cryptographic Approach Yuguang “Michael” Fang, Professor JSPS."— Presentation transcript:

1 Wireless Information Networking Group (WING) Securing Wireless Ad Hoc Networks: An ID-Based Cryptographic Approach Yuguang “Michael” Fang, Professor JSPS Visiting Invitation Fellow University of Florida Research Foundation Professor Department of Electrical & Computer Engineering University of Florida Changjiang Scholar Chair Professor Xidian University, China In Collaboration with Xiaoyan Zhu and Yanchao Zhang http://winet.ece.ufl.edu/

2 Wireless Information Networking Group (WING) Outline Introduction –Resource-constrained wireless ad hoc networks –Security requirements Security issues to tackle Our ID-based public key approach Conclusion & future work

3 Future Cyberspace: Integrated Wired-Wireless Internet Mobile Ad-Hoc Networks Current Internet Wi-Fi Networks Cellular Networks WiMAX Networks Wireless Mesh Networks Wireless Sensor Networks NSF GENI Vision www.geni.net

4 Wireless Information Networking Group (WING) Wireless Movement There are many interesting applications –Cellular phones –PDAs or iPods –Bluetooth earphones –Wi-Fi (hot-spot technologies) –Tactical radios (missions for war or peace keeping)) –Smart phones (healthcare monitoring) –iPhone –Wireless sensors (tagging the environments) –Digital cameras or camcorder (wireless connections) You are being watched!!!

5 Wireless Information Networking Group (WING) Wireless Advantage There are many good things wireless can offer –Frees us from physical attachment – Provides freedom of movement while engaging in communications –Can be self-configured with rapid setup –Could be made high speed (broadband) –Could be made small and be embedded in everything (everything goes wireless)

6 Wireless Information Networking Group (WING) Wireless Disadvantage There are many design challenges –Poor channel conditions (e.g., fading) –Time-varying links –Failure due to mobility/power depletion –Susceptible to interference –Limited bandwidth –Limited power –Limited computing resources (memory and CPU) –Open access (subject to interception or eavesdropping) –Lack of trusted infrastructure (sometimes)!

7 Wireless Information Networking Group (WING) Design Challenges Resource constraints pose many secure design challenges –Security schemes for wired networks may NOT be feasible for wireless networks –Computationally intensive scheme will not work well –Power hungry operations should be avoided (due to either computation or communications) –Trust model should be re-evaluated –Non-conventional attacks should be investigated and appropriate strategy should be designed

8 Wireless Information Networking Group (WING) Design Challenges PKI or not PKI? This is the question! Public (asymmetric) key approach: PKI –Pros: scalable, easier key establishment, better authentication and embedded digital signature –Cons: computationally intensive, larger key size, demand trusted infrastructure (certificate management) and more overhead due to certificate management, and subject to DoS attacks Secret (symmetric) key approach: not PKI –Pros: low computational overhead, no certificate is necessary –Cons: not scalable, more communication overhead, no support of digital signature …dilemma indeed!!!

9 Wireless Information Networking Group (WING) ID-based Public Key Cryptography (PKC) ID-based Signature (Shamir 1984) ID-based PKC (Non-interactive PKC) –Joux (2000): pairing does some magic—three-party key agreement –Boneh and Franklin (2001): alternative PKI (encryption) –Any string (or ID) such as email, telephone number, or any string can be used as the public key –No certificate is necessary: does not need to maintain (ID,PublicKey) binding because the public key is directly derivable from the ID –Elliptic curve cryptography can be easily incorporated

10 Wireless Information Networking Group (WING) Why ID-based PKC Advantages –Non-interactive key establishment: shared secret without exchanging information—conserving energy! –No certificate: saving memory space! No need of trusted infrastructure! –The fact that any string can be a part of public key offers the flexibility of adding specialized property to a user: instead of Michael, we can use Michael @UF –Scalable: as long as private key is given from the same master secret, secure communication can be enabled

11 Wireless Information Networking Group (WING) Why ID-based PKC Disadvantages –The master secret holder (Trusted Authority or TA) knows everything: somebody is watching! –Computational complexity of pairing: more complex than exponentiation! Fitting Wireless Ad Hoc Networks (WANETs) –WANETs is designed for a single mission, hence collaborative in nature and TA is the network owner! –Pairing computational efficiency is progressing: Hardware implementation: Tate pairing needs 6ms to compute Platform implementation: sub-second implementation on sensor platform has been proposed lately (Wisec’2009)

12 Wireless Information Networking Group (WING) Notation

13 Wireless Information Networking Group (WING) Pairing Technique Similar to the exponentiation function in RSA Modified Weil pairing or Tate pairing can be used

14 Wireless Information Networking Group (WING) Key Generation and Establishment Key Generation: Given (ID, K), it is infeasible to derive s, as the Discrete Logarithm Problem is computationally hard in G 1. Key establishment: node A (ID A,K A ) and node B (ID B,K B ) A shared key is established without exchanging any information!!!

15 Wireless Information Networking Group (WING) Wireless Sensor Networks A wireless sensor network (WSN) is composed of a large number of low-cost sensor nodes randomly deployed to sense/monitor the field of interest, collect and process information, and make intelligent decision (actuation) Sensor nodes –Limited in energy, computation, and storage –Sense/monitor their local environment –Perform limited data processing –Communicate over short distances –Actuate/control (decision making) E.g., sink model –Gather data from sensor nodes and connect the WSN to the outside world

16 Wireless Information Networking Group (WING) Wireless Sensor Networks sink

17 Wireless Information Networking Group (WING) Security Requirements sink An attacker at (20,18) ABU Message confidentiality An attacker at (20,18) Message authenticity & integrity Node mutual authentication More …

18 Wireless Information Networking Group (WING) Security Issues Authentication Key agreement Mitigating specific serious attacks Secure location discovery Broadcast authentication Secure data aggregation Secure clock synchronization Secure routing and MAC protocols Intrusion detection …

19 Wireless Information Networking Group (WING) #1 Pair-wise Authentication Two neighboring nodes verify that the other party is who it claims to be –Chan et al. (IEEE SP ’ 03) Otherwise, attackers can –Inject false data reports via good nodes –Distribute wrong routing information –Impersonate good nodes to misbehave AB “Show me you are B ” “Show me you are A ”

20 Wireless Information Networking Group (WING) #2 Key Agreement Two neighboring nodes establish a shared secret key known only to themselves –Eschenauer and Gligor (CCS ’ 03), Chan et al. (SP ’ 03), Liu and Ning (IEEE CCS ’ 03), … The shared key is a prerequisite for –Message encryption/decryption –Message authentication AB encrypt/ authenticate

21 Wireless Information Networking Group (WING) #3 Sybil Attack Sybil (1976) staring Sally Field: a girl with at least 13 personalities A malicious node claims multiple identities –Severely interrupt routing, fair resource allocation, distributed storage, misbehavior detection … –Douceur (IPTPS ’ 02), Newsome et al. (IPSN ’ 04) A E “I am F ” CB “I am V ” “I am W ” “I am U ” D F Correct path wrong path

22 Wireless Information Networking Group (WING) #4 Node Duplication Attack The attacker put clones of a captured node at random or strategic locations in the network –Parno et al. (IEEE SP ’ 05) sink A

23 Wireless Information Networking Group (WING) #5 Random Walk Attack The attacker uses secret information of a captured node to roam in the network sink A

24 Wireless Information Networking Group (WING) #6 Wormhole Attack Attackers tunnel packets received at one location to another distant network location –Hu et al. (INFOCOM ’ 03), Karlof et al. (SNPA ’ 03) Allowing the attacker to –Disrupt routing, selectively drop packets, … secret Wormhole link AB

25 Wireless Information Networking Group (WING) Previous Research Many separate solutions exist, but –Difficult to combine due to different or even conflicting underlying assumptions –Even if possible, far too complex a solution stack –Most prior solutions do not work when a small number of nodes are captured by attackers –Many schemes address one problem but create other problems –Most schemes apply the symmetric key approach. Many do reduce the computational cost; however, they tend to dramatically increase the communications cost (often ignored by many)

26 Wireless Information Networking Group (WING) Observation Almost all WSN applications are location- dependent and require a sensor node to know its own location –E.g., military sensing and tracking Most sensor nodes are stationary once deployed –Can be identified by their IDs plus locations Most sensor nodes have a limited comm. range –Can only directly communicate with others inside their communication range

27 Wireless Information Networking Group (WING) Location-based Security Solution Location-based authentication –Neighbor-to-neighbor authentication –Key agreement –Sybil attack –Node duplication attack –Random walk attack –Wormhole attack

28 Wireless Information Networking Group (WING) Location-based Keys Conventional way: ID-based keys –Name a node merely with its ID –Bind sensor nodes ’ keys only to their IDs –Vulnerable to many attacks, e.g., node duplication Our method: location-based keys (LBKs) –Name a node with both its ID and location Michael@UF is more specific than Michael! –Bind sensor nodes ’ keys to both IDs and locations

29 Wireless Information Networking Group (WING) Location-based Keys Assume a secure way to decide node locations –Zhang et al., IEEE JSAC ’ 06 Node A ’ s LBKs: –Given (ID A @L A, K A ), it is infeasible to derive s, as the Discrete Logarithm Problem is hard in G 1. Each node only knows its unique LBK pair, and has no knowledge of s –Use a key pre-distribution model

30 Wireless Information Networking Group (WING) Neighbor-to-Neighbor Authentication Purpose –Discover and perform mutual authentication with neighboring sensor nodes Idea –Check if the candidate is within the comm. range and has the correct location-based private key

31 Neighbor-to-Neighbor Authentication

32

33 Wireless Information Networking Group (WING) Resilience to Sybil Attack The captured node does not have the correct location-based private keys of the nodes it claims to be Comparison to Newsome et al. (IPSN ’ 04) –Our solution has much higher network scalability ( Random key pre- distribution with limited network size ) A B “I am ID W @L W ” “I am ID V @L V ” “I am ID U @L U ” “I am ID F @L F ” C E D

34 Wireless Information Networking Group (WING) Resilience to Node Duplication Attack A duplicate will be detected if talking to good nodes outside the communication range of node A The impact range of a captured node is reduced from the whole network to a small circle of radius < R Comparison to Parno et al. (IEEE SP ’ 05) –Our solution is much more efficient in both communication and computation (periodic report on location and witness nodes help) A R B

35 Wireless Information Networking Group (WING) Resilience to Random Walk Attack The impact range of a capture node is reduced from the whole network to a small circle of radius < R sink A R

36 Wireless Information Networking Group (WING) Resilience to Wormhole Attack The wormhole attack is completely defeated Comparison to Hu et al. (INFOCOM ’ 03) –Our solution has no stringent requirement on sensor hardware and time synchronization ( restrict the maximum transmission distance of any packet ) A R B R Wormhole link

37 Wireless Information Networking Group (WING) Comparison to Prior Solutions Our scheme Eschenauer ’ 02, Chan ’ 03, Du ’ 03, Liu ’ 03 … Key agreementDeterministicProbabilistic Neighborhood authentication YesNo or very limited Support for digital signatures YesNo Storage costLowHigh Network scalabilityHighPoor Attack resilienceHighPoor Communication overhead LowHigh Computation overhead HighLow Comm.+Computation overhead LowHigh

38 Wireless Information Networking Group (WING) ID-based Certificateless Key Management Propose a novel construction method of ID-based public/private keys, in which each public or private key consists of a node-specific element and a network-wide common element Design an efficient protocol to update public & private keys of all non-compromised nodes with one broadcast message & threshold cryptography Y. Zhang, W. Liu, W. Lou and Yuguang Fang, “Securing mobile ad hoc networks with certificateless public keys,” IEEE Transactions on Dependable and Secure Computing, 3(4): 386-399, 2006.

39 Wireless Information Networking Group (WING) Anonymity in MANETs ID-based approach can be used to generate multiple pseudonyms, which then generate dynamic link identifiers to hide real IDs –Anonymous MAC Use pseudonyms instead of MAC addresses –Anonymous routing Dynamic pseudo link ID management (dynamic link identifiers) to hide both source and destination Y. Zhang, W. Liu, W. Lou and Yuguang Fang, “MASK: anonymous on- demand routing in mobile ad hoc networks,” IEEE Transactions on Wireless Communications, 5(9): 2376-2385, 2006

40 Wireless Information Networking Group (WING) Security & Billing in Wireless Mesh Networks ID-based authentication schemes among mesh routers and mobile clients –Authentication for mesh router-mesh router, mesh router-mesh client, and client-client –Countermeasure against DoS attacks Micro-payment schemes Y. Zhang and Y. Fang, “A secure authentication and billing architecture for wireless mesh networks,'' Accepted for publication in ACM Wireless Networks Y. Zhang and Y. Fang, “ARSA: an attack-resilient security architecture for multi- hop wireless mesh networks,” IEEE Journal on Selected Areas in Communications, 24(10): 1916-1928, 2006.

41 Wireless Information Networking Group (WING) Conclusions Discuss challenges for information insurance Demonstrate the innovative applications of ID- based cryptography –Minimize communication overhead (no certificate, establishing session keys without exchanging keying materials) Exemplary application: a location-based unified solution for wireless sensor networks to address –Neighbor-to-neighbor authentication, key agreement, Sybil attack, node duplication attack, random walk attack, wormhole attack, data injection attack

42 Wireless Information Networking Group (WING) Future Research Directions There are many research challenges ahead –How to reduce the pairing computational complexity (hardware?) –How to deal with heterogeneous ad hoc networks (more powerful nodes can be better used to our advantage) –How to take advantage of mobile nodes –Mission-dependent, light-weight and adaptive security schemes –How to harness the cooperative nature, if any. –How to proactively detect intrusion –How to secure distributed storage –How to secure routing protocol in the light-weight fashion –How to carry out secure target tracking –How to integrate the security schemes over resource-constrained networks with those over fixed infrastructure –…

Download ppt "Wireless Information Networking Group (WING) Securing Wireless Ad Hoc Networks: An ID-Based Cryptographic Approach Yuguang “Michael” Fang, Professor JSPS."

Similar presentations

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Similar presentations

Ads by Google