Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg.

Published byBritney Hodges Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg."— Presentation transcript:

1 Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg

2 Status Personal draft, intended for WG adoption, Standards Track. Updates RFC 7182 that: Defined an ICV TLV for RFC 5444 packets/messages. Included crypto function and hash function codepoints. Used shared secret key in most specified cases. Is partially mandated for implementation using OLSRv2/NHDP (by RFC 7183). Draft defines two related new crypto function codepoints.

3 Identity-based signature Defines an identity-based signature (IBS). All routers individually keyed. o Potentially less harm when router compromised. o Possible revocation, information in identity (beyond scope). Routers independently keyed by trusted authority (KMS). o No need to know any other router’s identity in advance. o Additional routers can be added in future, no changes needed. Trusted authority not needed during network operation. o Authority can be kept “out of harm’s way”. Good fit to characteristics of many ad hoc networks.

4 Drawbacks Trusted authority has to be completely trusted: It can sign anything as anybody. o Possible to destroy it if no new keys will be needed. Implementations based on elliptic curve mathematics: Need suitable mathematical library. Signatures computationally relatively expensive. Signatures larger at same strength than shared key. More that one possible implementation, tradeoff.

5 Selection RFC 6507: Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI) Accepted informational RFC. Draft repeats RFC 6507 elliptic curve recommendation. o Also needs hash function, SHA-256 recommended. Does not use “pairings” (bilinear function from elliptic curve to another group) unlike some other IBS cases. o Pairings are expensive, this is faster than cases using them. Larger signature than some IBS cases. o With recommended elliptic curve, signature length is 129 octets (to be compatible with RFC 6507, allows code reuse). o Cannot truncate, need whole signature to verify. o Security level 128 bits (similar to HMAC-SHA-256, 32 octets).

6 Identity Identity can be anything tied to router. Natural choice is IP address. o Originator address for messages, IP source address for packets. o These may not be suitable (originator address may not be present, source address may not be unique on router). o Also need an option not based on address. Also may want to add to address, e.g. added validity. Can use from RFC 7182. Two options: just, address +. o These are the two crypto functions: ECCSI and ECCSI-ADDR. o Like HMAC, these define how to use hash, not just composed. o Verify function, rather than re-sign (impossible) and compare.

Download ppt "Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg."

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
HASH ALGORITHMS - Chapter 12

HASH ALGORITHMS - Chapter 12
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)

Cryptography and Network Security (CS435) Part Ten (Hash and MAC algorithms)
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 29 September 2010 NATO IST-092 Symposium New Capabilities in Security and QoS Using the Updated MANET Routing Protocol OLSRv2 Christopher Dearlove

1 29 September 2010 NATO IST-092 Symposium New Capabilities in Security and QoS Using the Updated MANET Routing Protocol OLSRv2 Christopher Dearlove
Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.

Lecture 2: Message Authentication Anish Arora CSE5473 Introduction to Network Security.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Similar presentations

Ads by Google