Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks

Presented by Edith Ngai

28 October 2003

2

Introduction

A mobile ad hoc network (MANET) is a collection of nodes with no infrastructureConnected with wireless communicationDynamic TopologyNodes are often mobileVulnerable to security attacks

3

Introduction

Security of networks widely relies on the use of key management mechanisms

An ad hoc network is infrastructureless without centralized server

Traditional solutions do not meet the requirements of mobile ad hoc networks

4

Related Work

Traditional network authentication solutions rely on physically present, trust third-party servers, or called certificate authorities (CAs).

Partially distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes.

Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node.

5

Related Work

Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web or trust is established.

Self-issued certificates issue certificates by users themselves without the involvement of any certificate authority.

6

Our Work

Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes

Prevent nodes from obtaining false public keys of the others

Based on a network model and a trust model

Security operations include public key certification and trust value update

7

Architecture

8

The Network Model

Obtain a hierarchical organization of a network

Minimize the amount of storage for communication information

Optimize the use of network bandwidth

Direct monitoring capability is limited to neighboring nodes

Allow the monitoring work to proceed more naturally

Improve network security

9

The Network Model

10

The Trust Model

Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority

This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust

Our trust model does not have any trust root certificate, it just relies on direct trust and groups of introducers in certification

11

The Trust Model

Define the authentication metric as a continuous value between 0.0 and 1.0Define a direct trust relationship as the trust relationship between two nodes in the same group and a recommendation trust as the trust relationship between nodes of different groups. The first formula calculates the trust value of a new recommendation path:

The second formula draws a consistent conclusion when there are several derived trust relationships between two entities:

1221 )1(1 VVVV

,

1 1

1 (1 )i

i

m n

ncom i j

i j

V V

12

Security Operations

Public key certification

Trust value update

13

Public Key Certification

Authentication in our network relies on the public key certificates signed by some trustable nodes.

Nodes in the same group are assumed to know each other by means of their monitoring components and the short distances among them

14

Public Key Certification

15

Trust Value Update

,, , , , ,1 (1 )

k

k k k k

Vs is i t s i i t i tV V V V

, ,

1

1 (1 )k

n

t s i t

k

V V

16

Trust Value Update

s denotes the requesting node

t denotes the target node

Nodes i1, i2, …, in are the introducers

Each Vs, i* and Vi*, t form a pair to make up a single trust path from s to t

Compute the new trust relationship from s to t of a single path

Combine trust values of different paths to give the ultimate trust value of t

Insert trust value Vt to the trust table of s

17

Simulation Results

Network simulator Glomosim

Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes

Network # of nodes 100

# of groups 5

% of trustable nodes at initialization p

% of malicious nodes m

Public key request

Max # of introducers for each request 3

Min # of reply for each request 1

Simulation Time 45000s

# of query cycles 40

# of requests per cycle 100

18

Ratings to Malicious Nodes

19

Ratings to Trustable Nodes at Initialization

20

Comparison on Successful Rate

21

Comparison on Failure Rate

22

Comparison on Unreachable Rate

23

Conclusion

We developed a trust- and clustering-based public key authentication mechanism

We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values

We defined the network model as clustering-based

The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation on malicious nodes

We conducted security evaluation

We compared with the PGP approach to demonstrate the effectiveness of our scheme