Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R."— Presentation transcript:

1 An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong 5 Jun 2006 The IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2006)

2 Dept. of Computer Science & Engineering, CUHK2 Outline Introduction Related Work Architecture and Models Trust- and Clustering-Based Authentication Service Simulation Results Conclusion

3 Dept. of Computer Science & Engineering, CUHK3 Mobile Ad Hoc Network An ad-hoc network (of wireless nodes) is a temporarily formed network, created, operated and managed by the nodes themselves. It is also often termed an infrastructure-less, self-organized, or spontaneous network.

4 Dept. of Computer Science & Engineering, CUHK4 Mobile Ad Hoc Network Connected with wireless communication Dynamic Topology Nodes are often mobile Vulnerable to security attacks Applications –Military: for tactical communications –Rescue missions : in times of natural disaster –Commercial use: for sales presentations or meetings

5 Dept. of Computer Science & Engineering, CUHK5 Vulnerabilities Security in wireless ad hoc network is hard to achieve due to the vulnerabilities of its links, limited physical protection, and the absence of centralized management point Unlike conventional networks, nodes of ad hoc networks cannot be secured in locked cabinets Risk in being captured and compromised Wireless communications are vulnerable to eavesdropping and active interference

6 Dept. of Computer Science & Engineering, CUHK6 Security Mechanisms Popular network authentication architecture include X. 509 standard and Kerberos systems Pretty Good Privacy (PGP) functions by following a web-of-trust model and using digital signatures Authentication service establishes the valid identities of communicating nodes In reality, a node may turn from trustworthy to malicious under a sudden attack We provide a secure authentication service that can defend against malicious nodes

7 Dept. of Computer Science & Engineering, CUHK7 Related Work Partially-distributed certificate authority by Zhou and Hass Mobile Certificate Authority (MOCA) by Yi and Kravets Fully-distributed certificate authority by Kong et. al.

8 Dept. of Computer Science & Engineering, CUHK8 Related Work Pretty Good Privacy (PGP) –following a web-of-trust authentication model Self-issued certificates by Hubaux et. al. –distribute certificates by users themselves without the involvement of any certificate authority

9 Dept. of Computer Science & Engineering, CUHK9 Our Work Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes Prevent nodes from obtaining false public keys of the others Engage a network model and a trust model Design security operations including public key certification, identification of malicious nodes, and trust value update

10 Dept. of Computer Science & Engineering, CUHK10 Trust- and Clustering-Based Authentication Service Architecture

11 Dept. of Computer Science & Engineering, CUHK11 The Network Model Clustering-based network model obtains a hierarchical organization of a network Limit direct monitoring capability to neighboring nodes Allow monitoring work to proceed more naturally Improve network security

12 Dept. of Computer Science & Engineering, CUHK12 The Trust Model This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust Define the authentication metric as a continuous value between 0.0 and 1.0 Define a direct trust relationship as the trust relationship between two nodes in the same group and a recommendation trust as the trust relationship between nodes of different groups.

13 Dept. of Computer Science & Engineering, CUHK13 Clustering Structure Maintenance Maintain a balanced clustering structure for supporting our trust model and security operations Adapt to the mobility of nodes Handle leave and join of nodes from one cluster to another Each node requests for the cluster ID of its neighboring nodes periodically In each cycle, a node collects this information and updates its cluster ID

14 Dept. of Computer Science & Engineering, CUHK14 Clustering Structure Maintenance A node joins the neighbouring cluster with minimum size only if it leaves the original cluster or the sizes of the neighbouring clusters are not within a certain range

15 Dept. of Computer Science & Engineering, CUHK15 Evolution of Cluster Size It keeps balance cluster sizes

16 Dept. of Computer Science & Engineering, CUHK16 Authentication Service 1. Public key certification 2. Identification of malicious nodes 3. Trust value update Selects a number of trustable nodes as introducers Sends out request messages to introducers Collects and compares all the public key certificates received Selects the public key of t with majority votes Discovers malicious introducer? Isolates malicious introducer Calculates trust value of t Updates trust table

17 Dept. of Computer Science & Engineering, CUHK17 Public Key Certification Authentication in our network relies on the public key certificates signed by some trust- worthy nodes Nodes in the same group always know each other better by means of their monitoring components and their short distances Every node is able to request for the public key certificates of other new nodes Nodes in the same cluster are assumed to know each other by means of their mutual monitoring components

18 Dept. of Computer Science & Engineering, CUHK18 Public Key Certification We focus on public key certification, where s and t belong to different groups Nodes, which are in the same cluster as t and have already built up a trust relationship with s, can be introducers

19 Dept. of Computer Science & Engineering, CUHK19 Public Key Certification Send request to neighbors if target node in same cluster Send request to introducers if target node in different cluster

20 Dept. of Computer Science & Engineering, CUHK20 Identification of Malicious Nodes Identify malicious neighboring nodes by monitoring their behaviors Identify introducers who provide public key certificates different from the others Identify a target node as malicious if the trust values provided from the introducers indicate that

21 Dept. of Computer Science & Engineering, CUHK21 Trust Value Update

22 Dept. of Computer Science & Engineering, CUHK22 Parameters Setting Network simulator Glomosim Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes

23 Dept. of Computer Science & Engineering, CUHK23 Simulation Metrics Successful rate Fail rate Unreachable rate False-positive error rate False-negative error rate Possible Cases with 3 Introducers

24 Dept. of Computer Science & Engineering, CUHK24 Effectiveness of Neighbor Monitoring Rates to No. of Cycles with n=40, r=100, (left) m=0.3 (right) m=0.7

25 Dept. of Computer Science & Engineering, CUHK25 Isolation of Malicious Nodes Rates to No. of Cycles with n=40, r=100, and Isolation of Suspicious Nodes in Cases 2,3,4,6,7 (left) m=0.3 (right) m=0.7 IDCases 0Not enough Introducers 1OOO 2OOX 3OXX 4XXX 5OO 6OX 7XX 8O 9X 10No Reply

26 Dept. of Computer Science & Engineering, CUHK26 Isolation of Malicious Nodes Rates to No. of Cycles with n=40, r=100, and Isolation of Suspicious Nodes in Cases 2,4,7 (left) m=0.3 (right) m=0.7 IDCases 0Not enough Introducers 1OOO 2OOX 3OXX 4XXX 5OO 6OX 7XX 8O 9X 10No Reply

27 Dept. of Computer Science & Engineering, CUHK27 Conclusions We developed a trust- and clustering-based public key authentication mechanism We defined a clustering-based network model with a balanced structure and a trust model that allows nodes to monitor and rate each other with quantitative trust values The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation of malicious nodes We conducted security evaluation to demonstrate the effectiveness of our solution

Download ppt "An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R."

Similar presentations

Revocation Mechanisms for Hybrid Group Communication with Asymmetric Links Abstract Wildcard identity-based encryption (IBE) provides an effective means.

Revocation Mechanisms for Hybrid Group Communication with Asymmetric Links Abstract Wildcard identity-based encryption (IBE) provides an effective means.
1 A Real-Time Communication Framework for Wireless Sensor-Actuator Networks Edith C.H. Ngai 1, Michael R. Lyu 1, and Jiangchuan Liu 2 1 Department of Computer.

1 A Real-Time Communication Framework for Wireless Sensor-Actuator Networks Edith C.H. Ngai 1, Michael R. Lyu 1, and Jiangchuan Liu 2 1 Department of Computer.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
MPAC 2004Rae Harbird 1 RUBI Adaptive Resource Discovery for Ubiquitous Computing Rae Harbird Stephen Hailes

MPAC 2004Rae Harbird 1 RUBI Adaptive Resource Discovery for Ubiquitous Computing Rae Harbird Stephen Hailes
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Similar presentations

Ads by Google