Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Slides:



Advertisements
Similar presentations
Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection Presented by: Vijay Kumar.
Advertisements

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing
Application of Bayesian Network in Computer Networks Raza H. Abedi.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
A Trust Based Assess Control Framework for P2P File-Sharing System Speaker : Jia-Hui Huang Adviser : Kai-Wei Ke Date : 2004 / 3 / 15.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
Design, Implementation, and Experimentation on Mobile Agent Security for Electronic Commerce Applications Anthony H. W. Chan, Caris K. M. Wong, T. Y. Wong,
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation (Spring 2003) by Edith Ngai Advisor: Prof. Michael R. Lyu.
Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Routing Security in Ad Hoc Networks
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Safeguarding Wireless Service Access Panos Papadimitratos Electrical and Computer Engineering Virginia Tech.
Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.
MOCA : Mobile Certificate Authority for Wireless Ad Hoc Networks The 2nd Annual PKI Research Workshop (PKI 2003) Seung Yi, Robin Kravets September. 25,
Effect of Intrusion Detection on Reliability Jin-Hee Cho, Member, IEEE, Ing-Ray Chen, Member, IEEE, and Phu-Gui Feng IEEE TRANSACTIONS ON RELIABILITY,
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Trust Model Based Self-Organized Routing Protocol For Secure Ad Hoc Networks Li Xiaoqi CSE Department, CUHK 29/04/2003.
A Security-Aware Routing Protocol for Wireless Ad Hoc Networks
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.
Dual-Region Location Management for Mobile Ad Hoc Networks Yinan Li, Ing-ray Chen, Ding-chau Wang Presented by Youyou Cao.
Performance of Adaptive Beam Nulling in Multihop Ad Hoc Networks Under Jamming Suman Bhunia, Vahid Behzadan, Paulo Alexandre Regis, Shamik Sengupta.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
KAIS T AO2P: Ad Hoc On-Demand Position- Based Private Routing Protocol IEEE Transactions on Mobile Computing Vol.4, No. 3, May 2005 Xiaoxin Wu
P2 DAP-Sybil Attacks Detection in Vehicular Ad hoc Networks..
Computer Science and Engineering 1 Mobile Computing and Security.
Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.
An Adaptive Zone-based Storage Architecture for Wireless Sensor Networks Thang Nam Le, Dong Xuan and *Wei Yu Department of Computer Science and Engineering,
Hierarchical Trust Management for Wireless Sensor Networks and Its Applications to Trust-Based Routing and Intrusion Detection Wenhai Sun & Ruide Zhang.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
On Mobile Sink Node for Target Tracking in Wireless Sensor Networks Thanh Hai Trinh and Hee Yong Youn Pervasive Computing and Communications Workshops(PerComW'07)
Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.
Enforce Collaboration in Mobile Ad Hoc Network Ning Jiang School of EECS University of Central Florida
Key management issues in PGP
Presented by Edith Ngai MPhil Term 3 Presentation
TAODV: A Trusted AODV Routing Protocol for MANET
Talal H. Noor, Quan Z. Sheng, Lina Yao,
Recommendation Based Trust Model with an Effective Defense Scheme for ManetS Adeela Huma 02/02/2017.
CSE 4340/5349 Mobile Systems Engineering
Lei Chen and Wendi B. Heinzelman , University of Rochester
ITIS 6010/8010 Wireless Network Security
Presentation transcript:

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R. Lyu Proceedings 2nd International Workshop on Mobile Distributed Computing (MDC'04), Tokyo, Japan, March

Dept. of Computer Science & Engineering, CUHK2 Outline  Introduction  Related Work  Models  Security Operations  Simulation Results  Conclusion

Dept. of Computer Science & Engineering, CUHK3 Mobile Ad Hoc Networks  Infrastructure-less  Multi-hops  Wireless communications  Highly mobile  Dynamic topology  Vulnerable to security attacks

Dept. of Computer Science & Engineering, CUHK4 Introduction  Certificate-based approach  Fully distributed manner  Detect false public key certificates  Isolate dishonest users  Propose a secure, scalable and distributed authentication service  Assure correctness of public key certification

Dept. of Computer Science & Engineering, CUHK5 Related Work  Traditional network authentication solutions rely on physically present, trust third-party servers, or called certificate authorities (CAs).  Partially-distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes.  Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node.

Dept. of Computer Science & Engineering, CUHK6 Related Work (Cont.)  Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web of trust is established.  Self-issued certificates issue certificates by users themselves without the involvement of any certificate authority.

Dept. of Computer Science & Engineering, CUHK7 Our Work  Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes  An originally trust-worthy node may become malicious all of a sudden due to the invasion of hackers  Prevent nodes from obtaining false public keys of the others  Based on a network model and a trust model  Security operations include public key certification and trust value update

Dept. of Computer Science & Engineering, CUHK8 Architecture  Network Model Clustering-based network model for obtaining a hierarchical organization of the network  Trust Model Trust model with an authentication metric to maintain the trust values of different nodes  Security operations To detect and isolate malicious nodes

Dept. of Computer Science & Engineering, CUHK9 The Network Model  Obtain a hierarchical organization  Minimize the amount of storage for communication information  Optimize the use of network bandwidth  Direct monitoring capability is limited to neighboring nodes  Allow the monitoring work to proceed more naturally  Improve network security

Dept. of Computer Science & Engineering, CUHK10 The Network Model (Cont.)  Obtaining a hierarchical organization of a network is a well-known and well-studied problem  Related Clustering Techniques Weight-based clustering algorithms Max-Min D-cluster formation Weakly-connected dominating set Adaptive maintenance Zonal algorithm Location-aware clustering

Dept. of Computer Science & Engineering, CUHK11 The Network Model (Cont.)  The network is divided into different regions  Each region with similar number of nodes  Each of the group has a unique group ID

Dept. of Computer Science & Engineering, CUHK12 The Trust Model  Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority  Use digital signatures as the form of introduction. Any node signs another's public key with its own private key to establish a web of trust  There is no need for any trust root certificates  Rely only on direct trust and groups of introducers in certification

Dept. of Computer Science & Engineering, CUHK13 The Trust Model (Cont.)  Authentication in ad hoc network without centralized authorities generally depends on a path of trust intermediates.  To evaluate the trusts from the recommendation of other reliable entities, the relying node should be able to estimate the trustworthiness of these entities  Many metrics have been proposed to evaluate the confidence afforded by different paths  Related approaches include metrics for directed graph, PGP ’ s three levels of trust, and path independence

Dept. of Computer Science & Engineering, CUHK14 The Trust Model (Cont.)  Define the authentication metric as a continuous value between 0.0 and 1.0  A direct trust is the trust relationship between two nodes in the same group  A recommendation trust is the trust relationship between nodes in different groups  Apply some equations to calculate and combine the trust values of the trust relationships on different paths  Update the trust tables accordingly

Dept. of Computer Science & Engineering, CUHK15 Assumptions  There is an underlying clustering algorithm in the network  Nodes are divided into groups with unique IDs  Each node keeps exchanging information about which groups the other nodes belong to  Each node is able to monitor the behavior of its group members and obtain their public keys  Each node keeps a trust table for storing trust values of other nodes

Dept. of Computer Science & Engineering, CUHK16 Security Operations  Public key certification It allows a node to obtain the public key of another node securely A node sends request messages to certain number of introducers for the public key certificates of the target node  Trust value update It updates the trust value of a node based the trust values and relationships built up with other nodes in the network

Dept. of Computer Science & Engineering, CUHK17  Authentication in our network relies on the public key certificates signed by some trustable nodes, called introducers i 1, i 2, …, i n  A trust path is formed by a recommendation trust relationship and a direct trust relationship Public Key Certification

Dept. of Computer Science & Engineering, CUHK18 Operations of Node  Select introducers  Send request messages to introducers  Collect and decrypt the messages  Compare the certificates, isolate dishonest nodes  Calculate trust value of the new node

Dept. of Computer Science & Engineering, CUHK19 Trust Value Update  Direct trust relationship means to believe an entity in its capability with respect to the given trust class  Recommendation trust expresses the belief in the capability of an entity to decide whether another entity is reliable in the given trust class and in its honesty when recommending third entities  s denotes the requesting node  t denotes the target node  Nodes i 1, i 2, …, i n are the introducers  Each V s, i* and V i*, t form a pair to make up a single trust path from s to t

Dept. of Computer Science & Engineering, CUHK20 Trust Value Update (Cont.)  Compute the new trust relationship from s to t of a single path  Combine trust values of different paths to give the ultimate trust value of t  Insert trust value V com to the trust table of s

Dept. of Computer Science & Engineering, CUHK21 Simulation Set-Up  Network simulator Glomosim  Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Simulation Parameters Network# of nodes40 # of groups4 % of trustable nodes at initialisationp % of malicious nodesm Public key request Max # of introducers for each request3 Min # of reply for each request1 SimulationTime10000s # of query cycles20 # of requests per cycle40

Dept. of Computer Science & Engineering, CUHK22 Metrics  Successful rate % of public key requests that lead to a correct conclusion  Failure rate % of public key requests that lead to an incorrect conclusion  Unreachable rate % of public key requests that cannot be made due to not enough number of introducers

Dept. of Computer Science & Engineering, CUHK23 Ratings to % of Malicious Nodes

Dept. of Computer Science & Engineering, CUHK24 Comparison on Successful Rate

Dept. of Computer Science & Engineering, CUHK25 Comparison on Failure Rate

Dept. of Computer Science & Engineering, CUHK26 Conclusions  We developed a trust- and clustering-based public key authentication mechanism  We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values  We defined the network model as clustering-based  The proposed authentication protocol involved new security operations on public key certification, update of trust table, discovery and isolation on malicious nodes  We conducted security evaluation  We compared with the PGP approach to demonstrate the effectiveness of our scheme

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.