Decentralized access control with authentication anonymous of data stored in cloud
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks
description
Transcript of Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks
![Page 1: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/1.jpg)
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks
Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux
SECURECOMM, 2009
![Page 2: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/2.jpg)
2
Wireless Trends• Phones
– Always on (Bluetooth, WiFi)– Background apps
• New hardware going wireless– Cars, passports, keys, …
![Page 3: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/3.jpg)
3
Peer-to-Peer Wireless Networks
1
MessageIdentifier
2
• Share information with other users• Authenticate message sender
Certificate
![Page 4: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/4.jpg)
4
Examples
• Urban Sensing networks• Delay tolerant networks• Peer-to-peer file exchange
MiFiSocial networks
![Page 5: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/5.jpg)
5
Anonymity Problem
Adversary can track activities of pseudonymous users
Passive adversary monitors identifiers used in peer-to-peer communications
MessageJulienFreudiger CertificatePseudonym
![Page 6: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/6.jpg)
6
Reputation
Privacy
Anonymous Authentication
![Page 7: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/7.jpg)
7
Previous Work (1)Multiple Pseudonyms
[1] A. Beresford and F. Stajano. Mix Zones: User Privacy in Location-aware Services. Pervasive Computing and Communications Workshop, 2004
MessagePseudonym 1 Certificate 1
+ Simple for users- Costly for operator (pseudonym management)- Limited privacy- Sybil attacks
Pseudonym 2Pseudonym 3Pseudonym 4 Certificate 2Certificate 3Certificate 4
Nodes change pseudonyms
![Page 8: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/8.jpg)
8
Previous Work (2)Group Signatures
+ Good anonymity- Central management- Traceable
[2] D. Boneh, X. Boyen and H. Shacham. Short Group Signatures. Crypto, 2004
[3] D. Chaum and E. van Heyst. Group Signatures. EuroCrypt, 1991
MessageGroup Identifier
Group Certificate
CentralAuthority
![Page 9: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/9.jpg)
9
+ No need for infrastructure+ Exploit inherent redundancy of mobile networks - Privacy?
New ApproachSelf-Organized Anonymity
MessageRandomIdentifier
Many Certificates
Network-generated privacy
![Page 10: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/10.jpg)
10
Outline
1. Ring Signatures
2. Anonymity Analysis
3. Evaluation
![Page 11: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/11.jpg)
11
Cryptographic PrimitiveRing Signatures
• Procedure1. Select a set of pseudonyms (including yours) in a ring2. Sign messages with ring
• Properties– Anonymity: Signer cannot be distinguished– Unlinkable: Signatures cannot be linked to same signer– Setup free: Knowledge of others’ pseudonym is sufficient
Anonymous authentication: Member of ring signed the message
[4] R. L. Rivest , A. Shamir , Y. Tauman. How to Leak a Secret. Communications of the ACM, 2001
![Page 12: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/12.jpg)
12
Ring Signatures Explained
vz =+
Ek
+
Ek
+
Ek
+
Ek
…
…
+
y1=g( )
y2=g( )
xs=g-1( )
yr-1=g( )y0=g( )x0
x1
x2
ys
xr-1
ys=g( )xs
k=H(m)v is the glue valuexi are random values
![Page 13: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/13.jpg)
13
Ring Construction in MANETs• Nodes record pseudonyms in rings of neighbors– Store pseudonyms in history – Node i creates ring by selecting pseudonyms
from with strategy
• Rings are dynamically and independently created
![Page 14: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/14.jpg)
14
Illustration
1
3
4
2 6
5
t1: S1 = [] R1 = [P1]
t2: S1 = [2, 3, 4] R1 = [P1, P2, P4]
t3: S1 = [2, 3, 4, 6]R1 = [P1, P4, P6]
![Page 15: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/15.jpg)
15
Outline
1. Ring Signatures
2. Anonymity Analysis
3. Evaluation
![Page 16: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/16.jpg)
16
Anonymity
• Adversary should not infer user i from Ri
…
Pj
…
Pi
User i
Ri
Attack: Given all rings, adversary can infer most
probable ring owner
![Page 17: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/17.jpg)
17
Anonymity Analysis
• Bipartite graph model
is set of nodes
is set of pseudonyms
is set of edges
Captures relation between nodes and rings
![Page 18: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/18.jpg)
18
Attacking Ring Anonymity (1)Example
Find a perfect matching: Assignment of nodes to pseudonyms
![Page 19: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/19.jpg)
19
Attacking Ring Anonymity (2)Analysis
• Find most likely perfect matching– Weight edges– Max weight perfect matching
• Bayesian inference– A priori weights– A posteriori weights
• Entropy metric
![Page 20: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/20.jpg)
20
Optimal Construction
• Maximize anonymity
Theorem: Anonymity is maximum iif• Graph is regular• All subgraphs
are isomorphic to each other
![Page 21: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/21.jpg)
21
Outline
1. Ring Signatures
2. Anonymity Analysis
3. Evaluation
![Page 22: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/22.jpg)
22
Validation of Theoretical Results
• LEDA C++ library for graph manipulation• 10 nodes• K=4 (ring size)
u1
Random graphs
P1
P2
P10
u2
u10
… …
u1
K-out graphs
P1
P2
P10
u2
u10
… …
u1
Regular graphs
P1
P2
P10
u2
u10
… …
![Page 23: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/23.jpg)
23
Entropy Distribution of Random Graphs with edge density p
![Page 24: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/24.jpg)
24
Minimum & Mean Entropy Distribution for Random and Regular Graphs
![Page 25: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/25.jpg)
25
Entropy distribution of random, K-out and regular graphs
![Page 26: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/26.jpg)
26
Fraction of matched nodes for various graph constructions
![Page 27: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/27.jpg)
27
Evaluation in Mobile Ad Hoc Network
• 100 nodes• K=4 (ring size)• Static– Learn pseudonyms as far as graph connectivity allows– Select pseudonyms randomly
• Mobile: Restricted Random Waypoint– Least popular: Select leas popular pseudonyms– Most popular: Select most popular pseudonyms– Random: Randomly select pseudonyms
![Page 28: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/28.jpg)
28
Average Anonymity Set size over time
Least
Random
Static
Mobile
![Page 29: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/29.jpg)
29
Conclusion
• Self-organized anonymous authentication– Network generated anonymity– Analysis with graph theory
• Results– Regular constructions near optimal– K-out constructions perform well– Mobility helps anonymity– Knowledge of popularity of pseudonyms helps
![Page 30: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/30.jpg)
30
Future Work• Stronger adversary model– Active adversary
• Self-Organized Location Privacy– Linkability Breaks Anonymity
![Page 31: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/31.jpg)
31
BACKUP SLIDES
![Page 32: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/32.jpg)
32
Compute Weights• A priori weight• Probability of an assignment
• Probability of an assignment given all assignments
• A posteriori weight of an edge between ui and pj
![Page 33: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/33.jpg)
33
Revocation
• Keys can be black listed using traditional CRLs• Misbehaving nodes can be excluded by
revoking all keys in a ring– Nodes can reclaim their key to CA– Nodes misbehaving several times would be
detected• Accountability of group of users
![Page 34: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/34.jpg)
34
Cost
• Computation overhead
• Transmission overhead– Group of prime order q– q = 283 (128-bit security), M = log2(q)
![Page 35: Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks](https://reader035.fdocuments.us/reader035/viewer/2022062323/568160c4550346895dcfef38/html5/thumbnails/35.jpg)
35
CDF of the average anonymity set size