Securing Ad Hoc Networks

Document Sample
Securing Ad Hoc Networks Powered By Docstoc
					Securing Ad Hoc Networks
Richard Lawrence Gordon   2007
Introduction




• An ad hoc network describes a network which is formed in a
  spontaneous manner so as to meet an immediate communication
  need between mobile nodes. They do not rely on a fixed network
  infrastructure for.

• Unique properties provide network security challenges, pre-
  dominantly within the area of key management.

• Before ad hoc networks will experience large scale development,
  within both the military and commercial world, the issue of
  security needs to be resolved.
Ad Hoc Network
  Challenges


• Lack of Infrastructure
     – A fixed entity structure such as a base station or central administration
       is crucial for security mechanisms, defining security services, and
       manages and distributes secret keying information which allows secure
       communication of data through encryption and decryption techniques.

• Connectivity
     – Networks are created spontaneously and nodes are mobile. Therefore
       connectivity between the nodes is sporadic.

• No prior relationship with Nodes
     – It can not be assumed that pairwise secrets exist between nodes
       which is the assumption of many of existing routing protocols have
       such as ARAN, SEAD, SRP, and Ariadne

•   Physical Vulnerability
     – A higher possibility of mobile node capture or compromised nodes.
Security Solution



•   Public Key Encryption Scheme
    – Public key systems are recognized as the most effective mechanism
      for providing security services to a dynamic network. This is due to
      their superiority in distributing keys, providing authentication and
      achieving integrity and non-repudiation.


• Employing:
    – Distributive Key Management Scheme
    – Proactive Active Refreshing Scheme
    – Physical Secure Threshold Scheme
     Distributive
   Key Management


• Threshold Cryptography:
   – (t-out-of-n) threshold scheme allows n nodes to share the cryptographic
     capability, but requires t nodes, from the n node set, to successfully
     perform the CA’s functionality jointly.

• Distributed CA Key’s                       k




                         an1     ....      an2      ....   ann

                        K1/k1             K2/k2            Kn/kn
    Distributive
  Key Management


• Group signature:
   – (2-out-of-3) threshold scheme, message m is signed by the CA,
     two partial signatures (PS) are accepted while the third (an2)
     was corrupted. The partial signatures are combined at c and
     applied to the message.
                                   an1     PS(m,an1)


                     m           an2            c


                                 an3      PS(m,an2)
    Proactive Security

•        Share refreshing:
     –     Protect against all nodes
           becoming compromised.
     –     New key shares created.


     1.    Each authority node ani                     an1n …      an1n     … an1n
                                              ann’
           generates subshares (ani1, ani2,
           … , anin) an (t-out-of-n)
                                                .       .           .              .
           sharing of 0 (ith column)            .       .           .              .
     2.    subshares anij is sent to            .       .
                                                       an    …      .
                                                                   an       …      .
                                                                                  an
                                                        1j           ij               nj
           authority node anj.                anj’
                                                        .           .          .
     3.    all subshares (an1j, an2j , … ,     .        .           .          .
           annj), (jth row) used to            .       an11 …
                                                        .           .
                                                                   ani1     … ann1
                                                                               .
           genterate new share an1’            .
                                              an1’

                                                     an1 …   ani        …       ann
    Physically Securing
    Threshold Scheme



•        CA Nodal Selection:
     –     Most existing ad hoc network schemes assume a homogeneous
           network.
     –     Heterogeneous selection protocol creates a more physically
           secure network.
     –     Authority Nodes selected based on a certain criteria:
           •   Purpose
           •   Physical Security
           •   Computationally more powerful
           •   Position
           •   …etc
Conclusion




•       Unique Challenges faced

•       The illusion of a Trusted Third Party
•       Securing that illusion through:
    –      Heterogeneous Selection patterns
    –      Proactive key refreshing


•       What the future holds?

				
DOCUMENT INFO