Self-Organized Public-Key Management for Mobile Ad Hoc Networks

Similar documents
Fraud within Asymmetric Multi-Hop Cellular Networks

Overlapping Communities

On the Average Pairwise Connectivity of Wireless Multihop Networks

CS 4407 Algorithms Lecture: Shortest Path Algorithms

Computing Trusted Authority Scores in Peer-to-Peer Web Search Networks

Research Article MDS-Based Wormhole Detection Using Local Topology in Wireless Sensor Networks

Design and Analysis of Algorithms

7. Shortest Path Problems and Deterministic Finite State Systems

Secure and reliable connectivity in heterogeneous wireless sensor networks

NP-problems continued

CS-E4320 Cryptography and Data Security Lecture 11: Key Management, Secret Sharing

Chapter 6: Securing neighbor discovery

Formal definition of P

Topics in Approximation Algorithms Solution for Homework 3

Detecting Wormhole Attacks in Wireless Networks Using Local Neighborhood Information

NP-problems continued

Patrol: Revealing Zero-day Attack Paths through Network-wide System Object Dependencies

Bounded Privacy: Formalising the Trade-Off Between Privacy and Quality of Service

Flows. Chapter Circulations

Notes for Lecture 17

Combinatorial Rigidity and the Molecular Conjecture

2.2 Asymptotic Order of Growth. definitions and notation (2.2) examples (2.4) properties (2.2)

Show that the following problems are NP-complete

NP-complete Problems

CS 241 Analysis of Algorithms

CPSC 467: Cryptography and Computer Security

Valiant s Neuroidal Model

Active Measurement for Multiple Link Failures Diagnosis in IP Networks

ANALYTICAL MODEL OF A VIRTUAL BACKBONE STABILITY IN MOBILE ENVIRONMENT

A Unified Approach to Combinatorial Key Predistribution Schemes for Sensor Networks

Quantum Wireless Sensor Networks

The Lopsided Lovász Local Lemma

Directly Revocable Key-Policy Attribute- Based Encryption with Verifiable Ciphertext Delegation

Project in Computational Game Theory: Communities in Social Networks

Observations on Linear Key Predistribution Schemes and Their Applications to Group Deployment of Nodes

Approximation Algorithms for Asymmetric TSP by Decomposing Directed Regular Multigraphs

Cryptanalysis of Threshold-Multisignature Schemes

A Tight Rate Bound and Matching Construction for Locally Recoverable Codes with Sequential Recovery From Any Number of Multiple Erasures

This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.

Robust Network Codes for Unicast Connections: A Case Study

The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran

Chapter 7 Network Flow Problems, I

Reliability Analysis of Communication Networks

Branch-and-Bound for the Travelling Salesman Problem

Analogies and discrepancies between the vertex cover number and the weakly connected domination number of a graph

Algorithms: COMP3121/3821/9101/9801

Clique Number vs. Chromatic Number in Wireless Interference Graphs: Simulation Results

Topic: Balanced Cut, Sparsest Cut, and Metric Embeddings Date: 3/21/2007

CPSC 467: Cryptography and Computer Security

Minimum spanning tree

Modeling disruption and dynamic response of water networks. Sifat Ferdousi August 19, 2016

Metrics: Growth, dimension, expansion

Chapter 34: NP-Completeness

Secret sharing schemes

Discrete Wiskunde II. Lecture 5: Shortest Paths & Spanning Trees

arxiv: v1 [cs.dc] 22 Oct 2018

Disjoint paths in tournaments

Running Time. Assumption. All capacities are integers between 1 and C.

Information Disclosure in Identity Management

A location privacy metric for V2X communication systems

Structural Resilience of Cyberphysical Systems Under Attack

Exact Algorithms for Dominating Induced Matching Based on Graph Partition

Graph-theoretic Problems

Notes on MapReduce Algorithms

Shortest Paths. CS 320, Fall Dr. Geri Georg, Instructor 320 ShortestPaths 3

P P P NP-Hard: L is NP-hard if for all L NP, L L. Thus, if we could solve L in polynomial. Cook's Theorem and Reductions

Vertex colorings of graphs without short odd cycles

On Selfish Behavior in CSMA/CA Networks

Public Key Cryptography

A Generalized Eigenmode Algorithm for Reducible Regular Matrices over the Max-Plus Algebra

On Content Indexing for Off-Path Caching in Information-Centric Networks

Public Key Exchange by Neural Networks

Combinatorial Optimization

Chapter 3: Propositional Calculus: Deductive Systems. September 19, 2008

Perfect Omniscience, Perfect Secrecy and Steiner Tree Packing

Transitive Signatures Based on Non-adaptive Standard Signatures

Dominating Connectivity and Reliability of Heterogeneous Sensor Networks

Shortest Link Scheduling with Power Control under Physical Interference Model

eigenvalue bounds and metric uniformization Punya Biswal & James R. Lee University of Washington Satish Rao U. C. Berkeley

Wireless Network Security Spring 2016

Lecture 3: Decidability

CS155: Probability and Computing: Randomized Algorithms and Probabilistic Analysis

Alphabet Size Reduction for Secure Network Coding: A Graph Theoretic Approach

Low Complexity Variants of the Arrow Distributed Directory 1

Spanning tree modulus for secure broadcast games

Applications of the Lopsided Lovász Local Lemma Regarding Hypergraphs

BOOLEAN MATRIX AND TENSOR DECOMPOSITIONS. Pauli Miettinen TML September 2013

Minimal enumerations of subsets of a nite set and the middle level problem

HASH FUNCTIONS 1 /62

Routing Algorithms. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

Stochastic Analysis of A Randomized Detection Algorithm for Pollution Attack in P2P Live Streaming Systems

A Characterization of the Cactus Graphs with Equal Domination and Connected Domination Numbers

k-symmetry Model: A General Framework To Achieve Identity Anonymization In Social Networks

Attack Graph Modeling and Generation

arxiv: v2 [cs.ni] 25 May 2009

RELIABLE BIOMETRIC AUTHENTICATION WITH PRIVACY PROTECTION

1 Primals and Duals: Zero Sum Games

Problem: Shortest Common Superstring. The Greedy Algorithm for Shortest Common Superstrings. Overlap graphs. Substring-freeness

Chapter 9: Relations Relations

Analysis of Algorithms. Outline. Single Source Shortest Path. Andres Mendez-Vazquez. November 9, Notes. Notes

Transcription:

Self-Organized Public-Key Management for Mobile Ad Hoc Networks Srđan Čapkun, Levente Buttyàn and Jean-Pierre Hubaux {srdan.capkun, levente.buttyan and jean-pierre.hubaux}@epfl.ch Laboratory for Computer Communications and Application (LCA) Swiss Federal Institute of Technology (EPFL) 1 Security in ad hoc networks Ad hoc networks mobile terminals (can be captured or compromised) wireless communications (passive eavesdropping and active interfering) no centralized management point (cooperation) Vulnerabilities basic mechanisms (e.g. routing) security mechanisms (e.g. (public) key management) 2

Self-Organized Public-Key Management Security: we use public-key cryptography scheme to support security services in mobile ad hoc networks Problem: How can a user u obtain the authentic public key of another user v in the presence of an active attacker? Our system: - users generate their keys and issue certificates - no central certification authority - no certification directories - no specific role assigned to a subset of nodes - no preinstalled keys/procedures 3 Model We assume that if a user i believes that a given public key belongs to a given user j, then i can issue a public-key certificate to j A certificate graph G(V,E) V is a set of keys E is the set of edges, where a directed edge (i,j) is added if i signed a public key certificate {, jk j } to user j Pr K i K i K j {, jk j } Pr K i 4

Certificate graph K 8 K 3 K 12 K K10 K 11 K 1 K 7 K 9 K 6 K 5 K 2 K 4 authentication via a chain of certificates 5 Self Organized Public Key Management The system works in two phases: 1. INITIALIZATION: USERS CONSTRUCT THEIR LOCAL CERTIFICATE REPOSITORIES (STORE A SET OF CERTIFICATES) 2. WHEN USER WANTS TO GET VERIFY A PUBLIC KEY OF ANOTHER USER, USERS MERGE THEIR LOCAL REPOSITORIES AND TRY TO FIND A PATH(S) OF CERTIFICATE BETWEEN THEM IN A CERTIFICATE GRAPH 1. 2. i i j 6

j Initialization (1) k i 7 Initialization (2) Each user stores a local repository of public-key certificates (a subgraph) stores the certificates that it issued (outgoing edges) stores the list of certificates that others issued for it (incoming edges) stores an additional set of certificates chosen according to some algorithm A Users use the same algorithm to build their repositories Centralized Distributed CD sub-graph 1 req 2 sub-graph 8

Merging the local repositories (verifying the key) j i 9 Example of an algorithm: Maximum Degree Node builds its incoming and outgoing path(s) choosing the nodes with the highest degrees. 10

Algorithm performance We define the performance p algorithm A on the certificate graph G as p (, s G) = A {( uv, ) V V: Ku G ua, G K va, v} {( uv, ) V V: K K} A (, s G) of the local repository construction u G v where s is the size of the local repoi stories of the users (i.e. the number of edges in the subgraph of each user): ( ). s= E G ua, 11 Performance of Maximum Degree Node builds its incoming and outgoing path(s) choosing the nodes with the highest degrees. 1 algorithm performance p MD (s,pgp) 0.9 0.8 PGP graph size = ~ 5000 0.7 c = 1 path c = 4 paths 0.6 0.5 4 14 24 34 44 54 64 74 local repository size (s) 12

False certificates { FK, j } Pr K D K i K D {, jk'} j Pr KD K j K' j K D K' j { FK, j } Pr K D a key controlled by a dishonest user a false key created by a dishonest user a certificate binding user F to a key K j j i 13 Design goals performance redefined by taking authentication metrics into account key usage ideally, all vertices need to be used for authentication equal number of times (to be on the path equal number of times) scalability minimize the size of the local repositories (subgraphs) and the communication cost invariance to certificate graph changes 14

Performance with authentication metrics Authentication metric : the value ( u, vg, ) represents the assurance with which u can obtain the authentic public key of v using the information in G. Performance of a subgraph selection algorithm: p A, ( G) = 1 J~ ( uv, ) W ( uvg,, u U Gv) ( uvg,, ) { } where W = ( u, v) V V : ( u, v, G) 0 Examples of authentication metrics include: number of disjoint paths of certificates, number of bounded and k-bounded disjoint paths... Authentication metric analysis and design; M. Reiter and S. Stubblebine ACM trans.on Information and System Security 1999. 15 Certificate (Key usage) By usage for key authentication, we mean that a certificate in the merged subgraphs will be used for key authentication by the authentication metric. The number of times that a key is used for authentication is the sum of the numbers of times that the certificates signed by that key are used for authentication Given a certificate graph GV (, E), a local repository construction algorithm Aand an authentication metric, and for each pair of vertices, ( Ku, Kv) V V, a set of edges M ( K, K ) that are used by the authentication metric u v {,,,,,, } M ( K, K ) = ( K, K ) G G : ( K, K, G G \( K, K )) ( K, K, G G ) u v w z u A v A u v u A v A w z u v u A v A and for each vertex K V, the usage U ( K ) in M ( K, K ) w ( u, v),, A, G w u v { } U ( K ) = ( K, K ) M ( K, K ): K = K ( uv, ),, AG, w z x u v z w we define for each Kw V, a vertex (key usage) U, A, G( Kw) : U, AG, ( Kw) = U( uv, ),, AG,( Kw) Ku, Kv V 16

Fundamental design limit (1): size of the repositories Problem 1: Find a set of subgraphs that minimizes the size of local repositories such that p=1 Theorem 1: Let us consider a certificate graph G( V, E), a subgraph construction algorithm A, and an authentication metric 0. If pa, ( s, G) = 1, then s is minimized if 0 K V, G = spk (, K) spk (, K), v v v x x v where sp( K, K ) is the shortest path from K to K in G such that K minimizes Kv V, Kv Kx v x v x x max ( dk (, K) + dk (, K)) v x x v where d( K, K ) is the length of sp( K, K ). v x v x Furthermore, s = min max ( d( K, K ) + d( K, K )) Kx V Kv V, Kv Kx v x x v 17 Fundamental design limit (2): key usage Problem 2: Find a set of subgraphs that minimizes the size of local repositories such that p=1 and U(K v )=U(K u ) Theorem 2: Let us consider a certificate graph G( V, E), a subgraph construction algorithm A, and a binary authentication metric 0. If (i) pa, ( s, G) = 1, (ii) U( K ) ( ) 0 v = U Ku K, K V, and (iii) V( G ) = s for each K V, then s V -1. v v v v V = 4, s = 2 V = 9, s = 4 s = 2( V -1) 18

Maximum degree simulation results 19 Key usage: Maximum degree 20

Helper users 1 0.9 0.8 pa(s,h,g) 0.7 0.6 0.5 0.4 0.3 0.2 1 helper 2 helpers 3 helpers 4 helpers 0 helpers 0.1 0 0 0.2 0.4 0.6 0.8 1 pa(s,0,g) 21 Conclusion and Future work Conclusion We have proposed a public key management system for mobile ad hoc networks no publicly accessible certificate directories needed but can be used off line verification enabled the scheme provides probabilistic guarantees Possible applications Key Authentication in Ad hoc networks in the absence of connectivity to the backbone Peer-to-peer computing with no centralized certificate server Future work Key revocation 22

References g Jean-Pierre Hubaux, Levente Buttyan, Srdjan Capkun The Quest for security of mobile ad hoc networks MobiHoc 2001. g Srdjan Capkun, Levente Buttyan and Jean-Pierre Hubaux Self-Organized Public-Key Management for Mobile Ad Hoc Networks, EPFL/IC Technical Report no. 2002/34, May 2002. g Srdjan Capkun, Levente Buttyan and Jean-Pierre Hubaux Small Worlds in Security Systems: an Analysis of the PGP Certificate Graph, EPFL/IC Technical Report no. 2002/23, May 2002. http:// icwww.epfl.ch http:// www.terminodes.org 23

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback