Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation...

Trust-Level Based Authentication Services in Mobile Ad Hoc Networks

MPhil Term 2 Presentation (Spring 2003)by Edith NgaiAdvisor: Prof. Michael R. Lyu

Department of Computer Science and Engineering, The Chinese University of Hong Kong 2

Outline

BackgroundRelated WorkTrust-Level Based Authentication ServicesSelf-InitializationCertificate RenewalFuture WorkDiscussion & Conclusion


Mobile Ad Hoc Network

An ad hoc network is a collection of nodes that do not need to rely on predefined infrastructure to keep the network connected.Nodes of ad hoc networks are often mobile, apply wireless communication (MANET)Applications– Personal area networks– Military communications– Sensor networks– Disaster area networks

Background


Characteristics

Dynamic network topologyLimited physical securityLimited bandwidthEnergy constrained nodesNatures of ad hoc networks make them vulnerable to security attacks

Passive eavesdroppingDenial of service attacks by malicious nodesAttacks from compromised entities or stolen devices

Background


Vulnerabilities – Traditional network vs Ad hoc network

Wired network– Adversary must gain physical access to wired link– Adversary has to sneak through security holes at

firewalls or routers

Ad hoc network– Wireless links give poor physical protection– Mobile nodes are capable of roaming independently– Decentralized management

Background


Key Management

Security in networks widely rely on key management mechanismsTrust third party (TTP) is an entity trusted by all users and is often used to provide key management servicesCertificate authorities (CA) is a public key management system responsible for issuing and revoking certificatesA certificate binds the identity of an entity to its public key

Background


Public Key Encryption

We use public key encryption to secure the networkIt can obtain non-repudiation, confidentiality, integrity and authenticationAdversary can defeat the system by impersonation when entities are exchanging public keys, or alter the public file containing public keysPublic key cryptography requires the authenticity of public keys

Background


Related Work

Traditional network authentication solutions rely on TTP or CAPopular network authentication architectures include X.509 and Kerberos.Some model on hierarchical CAsAd hoc network is infrastructurelessNo centralized server for key management

Related Work


Related Work

Pretty Good Privacy (PGP) is proposed following a web of trust authentication model. A node rely on trusted PGP users to introduce othersThreshold secret sharing can distribute the functionality of centralized CA server among a fixed group of serversProactive secret sharing can improve robustness by updating secret keys periodically

Related Work


Related Work

Partially distributed certificate authority – makes use of a (k,n) threshold scheme to distribute the

services of CA to a set of specialized server nodes– requires rich network connectivity among group of servers

Fully distributed certificate authority– extends certificate services to every nodes and a threshold

number of neighboring nodes can collaboratively act as a authentication server

– requires enough neighboring nodes

Related Work


Related Work

Self-issued certificates– Issues certificates by users themselves without the

involvement of any certificate authority– Any pair of users can find certificate chains to each

other using their certificate repositories– Problem exists if certificates issued did not reach

certain amont

Related Work


Primitives

Adopt fully distributed certificate authorities approachCombine the authentication services with trust level conceptApply weighted threshold secret sharing instead of general threshold secret sharing schemeExtend certificate services not limited to neighboring nodes using trust chains

Trust-Level Based Authentication Services


Authentication Services Flowchart


With valid certificate state

High increase in trust level

Request for one more

polynomial share

Join into the network

Request for a polynomial share

Request for a certificate

With valid certificate

Certificate renewal

Certificate expires?

Yes

Yes

No


Trust Model

A trust model defines how the nodes in the network trust each otherPast work on authentication services just define trust model to be - a node with valid certificate can be trusted in the networkWe add in the concept of trust levelWe define that each node keeps a trust value to each of its neighboring nodes



Trust-Level Concept

We define the trust value to be floating number between 0.0 and 1.0Trust value from node vj to node vi represents the level of trust that node vj towards viThe value is based on the observation on node’s behaviorGenerally, a node is believed to be trustable if its trust value is above the level of 0.5



Trust-Level Concept

Neighboring nodes received request message will check the trust level of the nodes send / forward it the message

r

r

0.6

0.7

0.8

0.4

0.5 0.3

0.30.9

0.6

0.4

0.6

0.9

r

1. Send request message 3. Reply the message

2. Check trust levels



Assumptions

Each node has a unique IDEach node can discover its one-hop neighboursCommunication link within one-hop neighbours is reliable.The mobility is characterized by maximum node moving speedEach node maintains a trust value to each neighborsA node holds a limited number of polynomial sharesTrust values on a path can form a trust chain.



Number of Polynomial Shares per Node

Each node holds a number of polynomial shares for initialization and certificationA node can hold maximum c sharesEach node and each share has a unique ID

Self-Initialization

Node ID Share IDs

1 1, 2, …, c

2 c+1, c+2, …, 2c

3 2c+1, 2c+2, …, 3c

… …

k (k-1)*c+1, (k-1)*c+2, …, k*c

… …

n (n-1)*c+1, (n-1)*c+2, …, n*c


Request for More Polynomial Share

A node gets 1 polynomial share when it joins the networkIt can request for more polynomial share if its trust level is high enough some time laterA field “trust level increased” can be added in the reply message in certificationA node can make more contribution to certification and initialization if it holds more shares

Self-Initialization


Algorithm

Apply the localized self-initialization algorithmA node vi broadcasts its request for a polynomial shareNodes reply to vi with their partial sharesLet a1, a2, … ak be the polynomial share IDs received by vi, the corresponding polynomial share are Pa1, Pa2, … Pak

Self-Initialization


Algorithm

Each node calculates their partial share and return it to vi:

Pj = Paj * Laj(ai) mod N

where mod N

By Lagrange Interpolation, vi can generate a new polynomial share Pai:Pai = f (ai) = Pa1*La1(ai) + Pa2*La2(ai) + … + Pak*Lak(ai)

= = mod N

k

jrr araj

araiaiLaj

,1)(

Self-Initialization

k

j 1

Laj(ai)*Paj

k

j 1

Pj


Number of Partial Certificate in Reply

Assume node vj holds K polynomial sharesEach share can sign one partial certificateTrust level to no. of partial certificate

Certificate Renewal

Trust level (vj to vi) No. of partial certificate vj to vi

x<1/2 0

1/2<= x <½+1/4 1

½+1/4<= x <½+1/4+1/8 2

… …

½+1/4+…1/(2^(K-1))<= x <½+1/4+…1/(2^K) K-1

½+1/4+…1/(2^K)<= x <=1 K


Number of Partial Certificates in Reply

A node decide number of partial certificates to reply based on the trust level of the requesting node

1.00 0.5 0.75 0.875

Trust value (ranges from 0.0 to 1.0)

1 2 3

K

….

Divisions of trust level

Certificate Renewal


Number of Nodes Required

Nodes may sign more partial certificates to a node with high trust levelNo. of nodes required varies though no. of partial certificates required is fixed

k No. of shares a node holds

Min. no. of nodes in a coalition

Max. no. of nodes in a coalition

5 1 5 5

5 1-2 3 5

10 1 10 10

10 1-2 5 10

10 1-3 4 10

K 1-C K/C K

Certificate Renewal


Trust Relationship of Nodes

Certification is not limited to neighboring nodes with our trust level modelNodes have never met can determine each other trustable or not by a trust chain

Trust values can be calculated to a single value with formula

vi v2 v1V2 V1

Certificate Renewal



Formula we use:V1V2 = 1 - (1-V2)V1 ,

where V1V2 represents the trust level from v1 to vi

Analysis on the formula

If V1 is high (v1 trusts v2), V1V2 will be closer to V2 (the view of trust from v2 to vi) ; vice versa

vi v2 v1V2 V1

V1 \ V2 0.3 0.6 0.9

0.3 0.1 0.24 0.49

0.6 0.19 0.42 0.75

0.9 0.27 0.56 0.87

Certificate Renewal



Trust value (v5 to vi) = 0.90.8 = 1 - (1-0.8)0.9 = 0.765

Trust value (v6 to vi) = 0.50.8 = 1 - (1-0.8)0.5 = 0.553

Number of partial certificate in reply

Partial certificates in reply

vi

v3

v4

v1

v2

v5

v62

1Trust relationship from arrow left to arrow right.

vi

v3

v4

v1

v2

v5

v6

0.8

0.9

0.5

Trust values of different nodes

Certificate Renewal


Algorithm

A node vi broadcasts certificate renewal requestNodes vj sign partial certificates by their polynomial shares and reply to viLet the k polynomial shares involved be Pa1, Pa2, … Pak

The shares can generate partial certificates using the formula:

CERTaj = (cert)Paj mod N

Certificate Renewal


Algorithm

Upon receiving at least k such partial certificates, node vi picks k to form the coalition BSuppose, vi chooses {CERTa1, CERTa2, … , CERTak}, where a1,a2, …, ak are the IDs of the corresponding polynomial shares, candidate certificate can be generated:

CERT’aj = (CERTaj)Laj(0) mod N

where mod N

vi then multiplies {CERT’a1, CERT’a2, … , CERT’ak},

CERT’ = mod N

vi can employ K-bounded coalition offsetting algorithm to recover its new certificate CERT

k

jrr jr

r

j

aa

aLa

,1

)0(

Certificate Renewal

k

jajCERT

1

'


Protocol

Certificate Renewal

q0

w0

c0

cj

aj

rj

qj

Request?

a0

< k(Certj) CERT0

Request?Certj

Request?

>=k(Certj)CERT0

Node makes the request Nodes receive the request

s2

s1

IO I: input message received

O: output message sent

Protocol on certificate renewal

Node makes the requestq0: making a requestw0: waiting for the repliesc0: received k or more replies, request successesa0:received less than k replies, request fails

Nodes received the requestqj: receive a requestrj: requesting node is trustable, send reply aj: requesting node is not trustable, no reply is sentcj:receive the new certificate from the requesting node


Future Work

Simulation will be carried outTo evaluate the performance of our authentication servicesPossible simulators can simulate ad hoc networks are Ns-2, glomosim, etcMain difficulty is how to modify the C++ and Otcl codes in Ns-2 for simulation

Future Work


Discussion

Trust-level concept– Formalizes the authentication services in network– Classifies the trust of nodes by levels– Allows weighted threshold secret sharing and trust chain be applied

Weighted threshold secret sharing– Speeds up collection of enough shares in certification and initialization– Nodes can make more contribution with high trust level– Coalition size decreases dynamically according to trust level of nodes

Trust chain– Allows nodes never met to determine the trust of each other– Reduces the problem of not enough neighboring nodes in certification and

initialization

Discussion


Conclusion

We studied the characteristics, vulnerabilities and key management techniques of mobile ad hoc networksWe proposed a scalable distributed authentication services to secure mobile ad hoc networksWe combined trust level concept and fully distributed CA approach to provide authentication servicesWe applied weighted threshold secret sharing schemeWe extended the services to non-neighboring nodes by trust chainsSimulation will be carried out in the future

Conclusion


Q & A

Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation...

Documents

Transcript of Trust-Level Based Authentication Services in Mobile Ad Hoc Networks MPhil Term 2 Presentation...