Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago) Source: IJNS review paper Reporter: Chun-Ta Li ( 李俊達 )

2 Outline  Introduction  Problem statement  Solution  Analysis and Discussion  Comments

3 Introduction  Motivation Establishing a secure communication channels between nodes in a wireless ad-hoc network  No trusted third party  No requirement to share a prior context  No out-of-band authentication channels Proposing the use of secure identifiers  use the hash of the public key for the identifier of a node

4 Problem statement Given a set of nodes To establish an authenticated network (AN) For any given node j in the AN would satisfy the following property Node i possesses the corresponding private key Network layer functions are not available yet  radio broadcast in a wireless network // All nodes in the AN know the authentic public keys of all other nodes in the AN //

5 Solution  Notations Identity model  id i = hash(PK i ) Message  MSG(contents) Type of message  JOIN, ACCEPT, UPDATE Public and private key  PK i and SK i Digital signature  S SK (M) Radio broadcast  Sequence number copied from the last JOIN message from i (an integer)  seq i Local time when the most recent message from node id i was seen  time i Two columns of node j ’ s key table: the PK and seq column  KeyTable j The set of (PK,seq) entries from j ’ s key table  KeyTableDelta j

6 Solution  Outline of protocol to establish authenticated channels

7 Solution  1. Send JOIN A node i outside of an AN wants to join AN If it is a member of another AN  sub-networks merges

8 Solution  2. Receive JOIN First verify the validity of the digital signature computes id i = hash(PK i ) and check if there exists an entry with id i for node i in j ’ s key table  (a) id i entry does not exist  new entry should be added to key table  broadcast ACCEPT and UPDATE message  (b) id i entry does exist (id i = id k ) i. PK i ≠ PK k and seq i < seq k  discard JOIN message ii. PK i = PK k and seq i < seq k  discard JOIN message iii. PK i = PK k and seq i > seq k  seq k should be updated to seq i

9 Solution  3. Send ACCEPT A node i that is not a member of AN without an identifier conflict Node j broadcast the ACCEPT message  4. Receive ACCEPT (AN join+accept ) check the signature of the message add entries from the KeyTable field of the ACCEPT message to its key table broadcast an UPDATE message

10 Solution  5. Send UPDATE A node that is a member of the AN join or AN accept New entries are added to the key table in the following cases The KeyTableDelta field of the message should contain all the (PK,seq) pairs

11 Solution  6. Receive UPDATE A node that is a member of AN join or AN accept check the signature of the message add entries from the KeyTableDelta field to its key table execute step 5  7. Key Timeout Every node should maintain a timestamp associated with every entry in its key table An entry should be deleted from the key table if the timestamp is order than a specified threshold value

12 Analysis and Discussion  Security analysis Against impersonation attacks  Digital signature and a node’s identity is bound to its public key Against replay attacks  Use of sequence number Sybil attack threat ( an entity from generating multiple public, private key-pairs and multiple identities )  Reputation management approaches

13 Analysis and Discussion  Complexity analysis // N be the number of entries in the sender ’ s key table // M be the number of fresh entries in the sender ’ s key table Overall Bootstrapping Cost – Broadcasts  O(n 2 ) // n be |AN| after JOIN operations Overall Bootstrapping Cost – Message Space  O(|AN| 2 )

14 Comments  The solution for establishing authenticated channels in ad-hoc network is simple  There are no notable problems found in this paper  Descriptions of Table 2  4 typos Evaluation of Paper: Confirmatory Recommendation: Accept after minor revision