Xiaodong Lin, Rongxing Lu, Haojin Zhu, Pin-Han Ho, Xuemin Shen , Zhenfu Cao
description
Transcript of Xiaodong Lin, Rongxing Lu, Haojin Zhu, Pin-Han Ho, Xuemin Shen , Zhenfu Cao
ASRPAKE: AN ANONYMOUS SECURE ROUTING PROTOCOL WITH AUTHENTICATED KEY EXCHANGE FOR WIRELESS AD-HOC NETWORKS
Xiaodong Lin, Rongxing Lu, Haojin Zhu, Pin-Han Ho, Xuemin Shen, Zhenfu Cao
WINC- Paper Summary
2
OUTLINE
Problem
Statement
Motivation
Main Contribution
Paper Details
SLOWSumm
ary
WINC- Paper Summary
3
PROBLEM STATEMENT
In MANET, network is very dynamic and there is no fixed infrastructure, and each node is a host and router in the same time.
In this environment; nodes may not have sufficient protection from malicious attacks.
So providing security and anonymity in such environment is not a straightforward task.
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
4
MOTIVATION
Because establishing anonymous secure route in a MANET is not a trivial work as that in wired network. Why?
To protect the network from snare attack What is the snare attack? How harmful
could it be?
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
5
MAIN CONTRIBUTION
Providing anonymous route between source and destination with the integration of authenticated key exchange mechanisms to the routing algorithm design.
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
6
ANONYMOUS AUTHENTICATED KEY AGREEMENT PROTOCOL
Group Authentication mechanism where the verifier can be convinced that the message was signed by one member of a certain group
Node need to authenticate a message that came from a certain group
Any node can assign the message on behalf of a set of member including himself
WINC- Paper Summary
7
ANONYMOUS AUTHENTICATED KEY AGREEMENT PROTOCOL
WINC- Paper Summary
8
RING AUTHENTICATION ALGORITHM (TERMINOLOGY)
Elliptic Curve (E): Where over Zp • p is a large prime number• E(Zp) group for the set of solutions (x,y)
ϵ Zp Х Zp
• A generator point P = (xp,yp) it’s order is a large prime number over E(Zp)
• So A subgroup G over E(Zp) is constructed
)(mod32 pbaxxy )(mod0274 23 pba
WINC- Paper Summary
9
RING AUTHENTICATION ALGORITHM (TERMINOLOGY)
Signers U = {U1 , U2, …….,Un } Have a private key X = {x1, x2, …….,xn}
xi ϵ Z*q
Have a public key Y = {x1P, x2P, …….,xnP}
Choose a secure hash function H: G X G→ Z*
q
WINC- Paper Summary
10
RING AUTHENTICATION ALGORITHM (RING SIGN ALGORITHM)
1- Ri = aiP
2- Choose random a ϵ Z*q
3- Computeif Ru = O or Ru = Ri for some I not equal U, go to step
2 else go to step 44- Compute 5- signature of xP → (R1,…Rm,Y1,….Ym,σ)
m
uiiiiu YRxPHaPR
,1
),(
qRxPHxaa uu
m
uiii mod),(
,1
WINC- Paper Summary
11
RING AUTHENTICATION ALGORITHM (VERIFIER SIGN ALGORITHM)
1- Compute for all 1 ≤ i ≤ m 2- Check the equation
),( ii RxPHh )(
1ii
m
ii YhRP
PaxhaPPaPxhaP
RYhaPYhR
YhaPR
YhRYhRYhR
m
uiiiuu
m
uiiiuu
m
uiiiuuii
m
ii
m
uiiiiu
ii
m
uiiiuuuii
m
ii
)(
)(
)()(
,1,1
,11
,1
,11
Proof:
WINC- Paper Summary
12
RING AUTHENTICATION ALGORITHM (ANONYMOUS AUTHENTICATED KEY AGREEMENT PROTOCOL)
Alice Bob
xP
xP, R1 …….Rm ,Y1,….Ym,σ
yP
yP, R1 …….Rm ,Y1,….Ym,σ
k = x(yP) k = y(xP)
WINC- Paper Summary
13
SECURE ROUTING PROTOCOL
System Formulation Local
neighborhood table
Local Route Table
Description of Protocol 1. The key pre-
distribution phase2. Neighborhood
Discovery phase3. Route Discovery
Phase4. The Route Reverse
Phase5. Data Forwarding
Phase
Neighbor Address
Session Key
Life Time
Rt_sequence
Dest_id
Ancenstor
Sucessor
Life Time
WINC- Paper Summary
14
SECURE ROUTING PROTOCOLKEY DISTRIBUTION PHASE
Offline security manager (SM) for identity check and private key redistribution
<G1,G2,e^,q,G,Ppub,H1,SIDA> Where G1: an additive group of prime
order q G2 Multiplicative group with same order
G1 X G1→ G2 be the bilinear pairing H1: {0,1}* → G1 (hash function S is master key; Ppub = sG (public key for SM) IDA: is the ID of A; QIDA = H1(IDA); SIDA = s QIDA
WINC- Paper Summary
15
SECURE ROUTING PROTOCOLNEIGHBOR DISCOVERY PHASE
A→* : n1,xP N1→A; n2,yP, R’1 …….R’m ,Y’1,….Y’m,σ’,
MACsk(N1_addr||n1||n2) A→N1 : R1 …….Rm ,Y1,….Ym,σ,
MACsk(A_addr||n1||n2); sk = xyP If authentication succeeded;
insert |A_Addr|xyP|TN1|, |N1_Addr|xyP|TA| in A,N1 neighborhood table successfully.
WINC- Paper Summary
16
SECURE ROUTING PROTOCOLROUTE DISCOVERY PHASE
Step1 S generates its unique sequence number src_seq# Rt_seqno = H(S_Addr||src_seq#) Select random number a ϵ [1,p-1] to compute ga and H(ga||Ksd||0)
Ksd=e^(H(IDD),SIDs), H(.): one cryptographic hash function. Then source(S) makes Ms
Such that Ms = [IDs,IDD,ga, H(ga||Ksd||0)]
IDD : real identity of D IDS : real identity of S Cs=E(EID MS); using IBE scheme.
ARREQ=<rt_seqno,HopCount,Cs>
WINC- Paper Summary
17
SECURE ROUTING PROTOCOLROUTE DISCOVERY PHASE
In the End: S adds the entry |rt_seqno|IDD|N|A|?|TS|
First field records the route sequence number Second field records the real identity of the
destination Third field Upstream node (not applicable in
the source) Fourth field Downstream node Fifth field is the timer of the route
WINC- Paper Summary
18
SECURE ROUTING PROTOCOLROUTE DISCOVERY PHASE
Step2 Upon receiving ARREQ
Check if it is from one of its trusted neighbor nodes based on its sender’s address.(Reject|Accept)
Check for duplicate ARREQ Check if the node is the destination by decypting
CS with the private key of the node. If it has a meaning then I am the destination.
If not broadcast ARREQ after checking that (HopCount--) ≥ 0
WINC- Paper Summary
19
SECURE ROUTING PROTOCOLROUTE DISCOVERY PHASE
Step2 If the node is the receiver, it parse IDD ,ga ,
H(ga||KSD||0) KSD = e^(H(IDD),SIDs) = e^(H(IDs),SIDd), so
destination authenticate the source S.
WINC- Paper Summary
20
SECURE ROUTING PROTOCOLROUTE REVERSE PHASE
Step1 D makes MD = [IDs,IDD,gb, H(gb||Ksd||1)]
CD = EIDs(MD)ARREP =<rt_seqno,CD,MACKDIn(rt_seqno,CD)>
SKSD = (ga)b.
WINC- Paper Summary
21
SECURE ROUTING PROTOCOLROUTE REVERSE PHASE
Step2 Any node receives the ARREP it check the MAC It search rt_seqno if found it continues else it stop It looks to the upstream of the next node in the
route table and create new hash for sequence number and encrypted.
And then it forward to the next node.
WINC- Paper Summary
22
SECURE ROUTING PROTOCOLROUTE REVERSE PHASE
Step3 When the sender receive the message it
checks the MAC Then it check the rt_seqno, if found it
continue else it stops In the entry found S updates the successor
field along with the timer field. Then use its private key to decrypt message
and pase IDD ,gb , and H( gb||KSD ||1) which must be equal H( gb||e^(H(IDD),SIDs)||1)
WINC- Paper Summary
23
SECURE ROUTING PROTOCOLDATA FORWARDING PHASE
S begin to send data to D Use the session key to encrypt data Examine the route table to find the
downstream node. It encrypts rt_seqno with the session key
between it and the downstream node (RI) and calculate and MAC of the message using the same key
And it sends (RI ,C,MAC KSI1(C))
WINC- Paper Summary
24
SNARE ATTACKVERY IMPORTANT NODE (VIN)
A node may be compromised, then the compromised node may be used to lure a VIN to communicate with then the adversary can easily intercept and eavesdrop any transmission in the network, so the adversary may identify the physical location of the VIN by analyzing some routes. How can we solve this problem?
WINC- Paper Summary
25
SNARE ATTACKVERY IMPORTANT NODE (VIN)
A node may be compromised, then the compromised node may be used to lure a VIN to communicate with then the adversary can easily intercept and eavesdrop any transmission in the network, so the adversary may identify the physical location of the VIN by analyzing some routes. How can we solve this problem?
WINC- Paper Summary
26
DECOY MECHANISMVERY IMPORTANT NODE (VIN)
Decoy: a person or advice used as a source of distraction.
In MANET, several nodes can serve as Decoys in order to protect the VIN
VIN chooses n nodes to be decoys D1 to Dn
Each decoy shares a secret key with the VIN When VIN receives a request from a legitimate
user S, V may randomly choose one Decoy D i to answer this request and asks Di to establish an active route corresponding to the request.
WINC- Paper Summary
27
DECOY MECHANISMVERY IMPORTANT NODE (VIN)
To do that MV = [IDS,IDV,gb, H(gb||KSV||1)]
SKSV = gab
DRREP=<ESi(IDDi,IDS,rt_seqno,MV,SKSV),HopCount> Any decoy node will try to decrypt with session
key. Decoy node will encrypt Mv with source public
key after receiving DRREP Then it form ARREP =<rt_seqno,CV,MACKDIn(rt_seqno,CV)>
WINC- Paper Summary
28
ANONYMOUS AND SECURITY ANALYSIS
First ASRPAKE maintains the end to end anonymity
of a route provided that not all the intermediate nodes along the route are in collusion.
Secondly, We can examine the security of ASRPAKE in
terms of the following mechanisms Known session key security Forward Secrecy No key compromise impersonation No unknown key share
WINC- Paper Summary
29
SLOWSTRENGTHS, LIMITATIONS, OPPORTUNITIES, WEAKNESSES
Limitations All the intermediate nodes must be in
collusion. If the network was very dynamic, I think
this routing table, because this scheme not converge
An offline security manager must be exist which is not an applicable in a self-configurable network
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
30
SLOWSTRENGTHS, LIMITATIONS, OPPORTUNITIES, WEAKNESSES
Strengths They modify anonymous authenticated key
agreement protocol to provide a security level on demand by tuning number of chosen signing group.
They introduce the decoy mechanism and the snare attack.
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
31
SLOWSTRENGTHS, LIMITATIONS, OPPORTUNITIES, WEAKNESSES
Weakness They didn’t explain how the snare attack
actually route. They didn’t justify the timers fields in the
route table or neighbor table, how they must be tuned to gain high performance.
They didn’t analyze the complexity of their algorithms nor providing the overhead of anonymous property w.r.t to normal routing
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
32
SLOWSTRENGTHS, LIMITATIONS, OPPORTUNITIES, WEAKNESSES
Opportunities Improve route efficiency while preserving
the security and anonymity(author suggestion)
Modify the scheme to relax the assumption that all the intermediate nodes are in collusion.
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
33
SUMMARY
In this paper they have done the following Proposed a ring anonymous authenticated
key agreement protocol Then an anonymous security routing
protocol Then they introduce a snare attack and
proposed the decoy mechanism to defend against this attack
Problem Statement
Motivation
Main Contributio
n
Paper Details SLOW Summ
ary
WINC- Paper Summary
34
Feel free to ask any question?
ANY QUESTIONS ?
WINC- Paper Summary
35
REFERENCE
ASRPAKE: An Anonymous Secure routing protocol with authenticated key exchange for wireless ad-hoc networks
WINC- Paper Summary
36
THANK YOU