1 / 18

Authentication in Mobile Ad-hoc Network (MANET)

Authentication in Mobile Ad-hoc Network (MANET). Student Ståle Jonny Berget sjberget@start.no Superviser Chik How Tan. Introduction/justification. The problem in MANET is mostly related to

cbrock
Download Presentation

Authentication in Mobile Ad-hoc Network (MANET)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget sjberget@start.no Superviser Chik How Tan

  2. Introduction/justification • The problem in MANET is mostly related to • that there isn’t any central management system or access to a trusted third party (TTP), witch contain a repository of the identity of al legal node • It must be assumed that node have restricted computation power, power and memory capacity. • Node may frequently change location or new one is entering the network. • It must be assumed that the network will be exposed for passive and active attack from an unauthorised source, witch may have more computation power, power and memory capacity then legal nodes • Justification • A MANET may be useful in many situations where no infrastructure (fixed or cellular) is available, or wireless public access in urban areas to providing quick deployment and extended coverage. • Without any appropriate authentication protocol it’s possible that the network may be used by user that don’t follows legal principle or isn’t a legal user of the network. • At this moment there aren’t any standards that describe a proper authentication protocol that may be use in MANET.

  3. Research questions/method • Research questions • Description of the scenario for the rescue operation. • What kind of threat that may be expected for MANET in this scenario. • Consideration on what kind of different authentication method and cryptographic algorithm that may be appropriate against the threat and useful in a MANET. • Design of a new and better authentication protocol that is suited for this scenario. • Method: • Consider different threat that has been identified in earlier work and literature • Mathematician and computer simulation to compute the complexity of the new and earlier authentication protocol

  4. Authentication is fundamental • Authentication is fundamental in all aspect of information security and assurance, and is the binding of an identity to a subject. Authentication may be based on: • something known (as a password, shared secret, secret, the private key corresponding to a public key etc.) • something possessed (this is typical a physical asset as a badge card, id-card, password calculator etc.) • something inherent (handwrite, fingerprint, etc.). • An authentication protocol proves the nodes identity in a given instance of time. To maintain the identity authentication additional techniques must be included. If nodes is authenticated at the start of a session, they have to ensure that they maintain the authentication during the session, so that an adversary hasn’t interfered the session. • An approach to prevent this to happen include: • perform re-authentication or for each discrete resource request (eg each message that have to be exchanged) • tying the identification to an ongoing integrity service, that each message can be tied together with session authentication.

  5. Requirement • Few computational steps • Balanced computational steps • Cheap computational step • Few messages flow • Small messages • Small program memory • Small data memory requirement • Restricted consequences of data disclosure

  6. Different crypto algorithm • Symmetric encryption • When the nodes (network) is deployed it’s hard (or impossible) to change key • If one node is compromised, the entire network is compromised • Hash and HMAC is fast • Asymmetric is slow

  7. Authentication model • The distribution of credential may be done in two ways: • encrypt the credential by the receiver nodes public key • the credential has a signature base on initiators private key • The first option require more message exchange during authenticate of its neighbour nodes, than the second option. Broadcast One-by-one

  8. The trust model/clock synchronisation • If two nodes have succeed an authentication of each other, then there is established a trust relationship between this nodes. • This mean if Node A and B has done the authentication process they trust each other, that is also true if node B and C has done the authentication process. • But this doesn’t mean that node A and C trust each other. If node A and C have to trust each other, they have to do the authentications process. • Further it is assumed that every legal node has a certificate with a unique identity and public/private key pair that is distributed and signed by an off-line TTP • The private keys are stored in a secure and tamper proof area within the node, and are only known by its owner. • Every node is equipped with a GPS-clock, and the time deviation is small (much smaller than a second).

  9. Different fast authentication protocols Leslie Lamport (LATEX?) Weakness • DoS attack • Sign every traffic key • Wormhole and insider attack • DoS attack • Sign every hash chain • Wormhole and insider attack

  10. Threat Wormhole attack Insider attack

  11. The new authentication protocol

  12. New authentication protocol(1) • The protocol include 3 hash chain • The master hash chain • Traffic hash chain • Session hash chain

  13. New authentication protocol(2)hop-by-hop

  14. New authentication protocol(3) hop-by-hop

  15. Three hash chain

  16. Some test result on my computer 1.6 GHz Centrino Duo

  17. Result from simulation Assume that Pt>Pc>Pm, Pt=xPc and r-the data ratePt-Transmit power, Pc-CPU power, Pm-power to keep memory

  18. Conclusion • The new protocol • is more secure against DoS, wormhole and insider attack • require less power than earlier proposed authentication protocol

More Related