Splash project inria eurecom uc irvine
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

SPLASH Project INRIA-Eurecom-UC Irvine PowerPoint PPT Presentation


  • 42 Views
  • Uploaded on
  • Presentation posted in: General

SPLASH Project INRIA-Eurecom-UC Irvine. November 2006. SPLASH project review. Security of Wireless Adhoc Networks From MANET security… To WSN (Wireless Sensor Network) Security! Many contributions in many different areas. Outline. MANET Security Membership Management

Download Presentation

SPLASH Project INRIA-Eurecom-UC Irvine

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Splash project inria eurecom uc irvine

SPLASH ProjectINRIA-Eurecom-UC Irvine

November 2006


Splash project review

SPLASH project review

  • Security of Wireless Adhoc Networks

    • From MANET security…

    • To WSN (Wireless Sensor Network) Security!

  • Many contributions in many different areas...


Outline

Outline

  • MANET Security

    • Membership Management

    • Collaboration Enforcement

  • WSN Security

    • The security Challenges

    • Secure Aggregation

  • Conclusions


What is a manet

Distributed and scalable security services required

What is a MANET?

  • No centralized control

  • No hierarchy

  • Fault-tolerant

  • Dynamic membership

  • Set of nodes (5-50) that establish

  • A network

  • Wireless and multi-hop

  • Does not rely on any fixed infrastructure

  • Spontenuous (no prior association)

MANET


Manet two main security challenges

MANET two main Security Challenges

  • Membership Management

    • How does a new node become a member of the MANET without relying on a trusted membership controller?

  • Secure Routing/Collaboration Enforcement

    • How can we make sure that all node collaborate i.e. relays others’ packets?


Membership management the centralized approach

Membership Management: The Centralized Approach

E

D

F

Membership

manager

A

C

B


Our approach distributed membership management

Our Approach:Distributed Membership Management

E

F

A

C

B


Our approach admission control

Vote2

Vote1

Mnew

Vote2

Vote2

Our approach:Admission Control

  • New member (Mnew) wants to join the group

  • A quorum of t current members need to issue Mnew a group membership certificate (GMC)

  • If no quorum found, membership is denied

  • Step 1: Join request

  • Step 2: Join commit (Vote)

Mnew

  • Step 3: GMC issuance &

    share acquisition


Contributions

Contributions

  • Solution based on secret sharing technique + polynomial interpolation.

    • Only One round (instead of t) is necessary to become a member of the group.

  • Once a node becomes a member it receives a token (private key) that can be used to:

    • Vote for new member

    • Establish a key with any other MANET member

    • Prove membership

  • More infos?:

    • Robust Self-Keying Mobile Ad Hoc Networks, Claude Castellucia, Nitesh Saxena, and Jeong H. Yi, Elsevier Computer Networks, April 2007.


Secure collaboration

Secure Collaboration

  • How to make sure that members are not selfish?

    • Some nodes might drop packets to save energy or to perform DoS attacks

  • We have developped:

    • a reputation based solution (CORE)

    • a Cryptographic solution


How to enforce collaborations

How to enforce collaborations?

  • Problem statement:

C

C

A

A

B


How to enforce collaborations1

How to enforce collaborations?

  • Problem statement:

C

A

B

C

A


Our solution

Our solution

  • Some packets addressed to B are routed via C

    • Boomerang routing ;-)

C

A

B

A

C

A

B

C

C

A

B

A

A

B

B

A


Our solution1

Our solution

  • If B drops packets…it may drop some of its packets …

  • It is forced to collaborate since he does not know the final destination…

  • Reference:Pocket bluff (INRIA Research Report)

C

A

B

A

C

A

B


Wireless sensor networks

Wireless Sensor Networks

  • Another type of adhoc networks

  • Network of sensors that usually monitor the environment

  • Sensors are very small and cheap devices

  • They usually send their monitored data to the sink (a more powerful device)


Application spectrum

Interactive VR

Game

Wearable

Disaster Recovery

Environmental Monitoring

Computing

Earth Science &

Exploration

Context-Aware

Computing

Wireless Sensor

Immerse

Environments

Networks

Biological

Monitoring

Hazard

Detection

Smart

Environment

Linear Structure

Military Surveillance

Protection

Urban Warfare

Application Spectrum


Manet vs wsn

MANET vs WSN

  • MANET and WSN look similar but they are quite different..

    MANETWSN

Nodes are Fixed

Nodes are Mobile

1000/10000 Nodes

10-50 Nodes

Nodes belong to same entity

Nodes belong to different entities

Nodes sends to BS

Nodes have very

Limited CPU/memory/energy

P2P communication

Nodes can easily be physically

corrupted


Manet security challenges

Manet Security Challenges

  • MANET WSN

Scalability

Access/Membership control

Collaboration enforcement/

Secure routing

Energy/CPU efficient security protocols

Sensor revocation


Some contributions

Some Contributions

  • Key establishment/pairing

    • Shake them Up! (presented last year)

  • Secure Aggregation

    • Aggregation is a useful technique to save energy

    • User is often more interested in the aggregate (i.e. average in a give area) than each individual value

    • Instead of sending each value to the sink, the values are added by intermediate nodes…

    • Less packets are transmitted, i.e. energy is saved…


Secure aggregation

Secure Aggregation

  • Aggregation is simple without security

    • Intermediate nodes process data of their children

  • But what happens if the data sent by each sensor is encrypted using a key that it shares with the sink?

    • Data processing is no more possible…or is it?

    • We’ve developed a new additively homomorphic cipher

      • Enc(k1, msg1) + Enc(k2, msg2) = Enc(k1+k2, msg1+msg2)

      • Intermediate nodes can add the ciphers they receive from children …and the sink can still recover the sum of the plaintexts.

      • But intermediate nodes do not have access to the plaintext values, i.e. privacy is provided…

  • More info?:

    • Efficient Aggregation of Encrypted Data in Wireless Sensor Networks, Conference Presentation Mobiquiotous 2005, July 2005


Conclusions

Conclusions

  • The SPLASH project was a very productive and successful project

    • Pars Mutaf (INRIA) visited Eurecom for 1 year.

    • Claude Castelluccia (INRIA) visited UCI for 2 years.

  • The scientific contributions were numerous and many papers were published

  • We participated in many conf. PC and launched ESAS (Europeen Workshop on Security in Adhoc and Sensor Network)

  • We have deployed 2 testbeds

    • MANET (Eurecom) to evaluate CORE

    • WSN (INRIA)


Some papers

Some Papers

  • Key distribution/Membership Management in MANET

    • Robust Self-Keying Mobile Ad Hoc Networks, Elsevier Computer Networks, April 2007.

    • Ad hoc network security, book chapter in Mobile Adhoc networking, 2004 and in Handbook of Information Security (2006).

  • Secure and Private MANET routing protocol

    • Packet coding for strong anonymity in ad hoc networks, IEEE Securecomm 2006,

    • Securing Route Discovery in DSR, IEEE Mobiquitous'05

  • Collaboration Enforcement in MANET

    • CORE: a collaborative reputation mechanism to enforce node cooperation in MANET (Michiardi phd thesis, 2004 + 6-7 publications)

    • Pocket Bluff, INRIA Tech. Report, 2005.

  • WSN Security

    • Shake Them Up! Mobisys 2005.

    • Efficient Aggregation of Encrypted Data in Wireless Sensor Networks IEEE Mobiquitous'05

    • Authenticated Interleaved Encryption, eprint, 2006.

    • More to come soon ;-)


Visibility

Visibility

  • European Workshop on Security in Ad-Hoc and Sensor Networks (2004)

    • Refik Molva and Gene Tsudik (UCI) were chairing ESAS2005

    • C.Castelluccia is in the steering com.

    • ESAS and IEEE WISE will merge to create an new IEEE conference: IEEE WISEC (Wireless Security)!

  • We have chaired/were in the PC on numerous conf./workshop: Securecom, Mobiquitous, ESAS, Globecom, UbiSec,…


  • Login