1 / 26

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks. Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big Sky, MT, March 6-13, 2004. Outline . Introduction Related Work Models Security Operations Simulation Results Conclusion.

marcin
Download Presentation

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big Sky, MT, March 6-13, 2004

  2. Outline • Introduction • Related Work • Models • Security Operations • Simulation Results • Conclusion Dept. of Computer Science & Engineering, CUHK

  3. Mobile Ad Hoc Networks • Infrastructure-less • Multi-hops • Wireless communications • Highly mobile • Dynamic topology • Vulnerable to security attacks Dept. of Computer Science & Engineering, CUHK

  4. Introduction • Certificate-based approach • Fully distributed manner • Detect false public key certificates • Isolate dishonest users • Propose a secure, scalable and distributed authentication service • Assure correctness of public key certification Dept. of Computer Science & Engineering, CUHK

  5. Related Work • Traditional network authentication solutions rely on physically present, trust third-party servers, or called certificate authorities (CAs). • Partially-distributed certificate authority makes use of a (k,n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes. • Fully-distributed certificate authority extends the idea of the partially-distributed approach by distributing the certificate services to every node. Dept. of Computer Science & Engineering, CUHK

  6. Related Work • Pretty Good Privacy (PGP) is proposed by following a web-of-trust authentication model. PGP uses digital signatures as its form of introduction. When any user signs for another user's key, he or she becomes an introducer of that key. As this process goes on, a web of trust is established. • Self-issued certificates issue certificates by users themselves without the involvement of any certificate authority. Dept. of Computer Science & Engineering, CUHK

  7. Our Work • Propose a secure public key authentication service in mobile ad hoc networks with malicious nodes • Prevent nodes from obtaining false public keys of the others • Based on a network model and a trust model • Security operations include public key certification and trust value update Dept. of Computer Science & Engineering, CUHK

  8. Architecture • Clustering-based network model • Trust model with an authentication metric • Security operations to detect and isolate malicious nodes Dept. of Computer Science & Engineering, CUHK

  9. The Network Model • Obtain a hierarchical organization • Minimize the amount of storage for communication information • Optimize the use of network bandwidth • Direct monitoring capability is limited to neighboring nodes • Allow the monitoring work to proceed more naturally • Improve network security Dept. of Computer Science & Engineering, CUHK

  10. The Network Model • Divide the network into different regions • Each region with similar number of nodes • Unique group ID • E.g. Zonal distributed algorithm, Weight base clustering algorithm, etc Dept. of Computer Science & Engineering, CUHK

  11. The Trust Model • Define a fully-distributed trust management algorithm that is based on the web-of-trust model, in which any user can act as a certifying authority • This model uses digital signatures as its form of introduction. Any node signs another's public key with its own private key to establish a web of trust • Our trust model does not have any trust root certificate; it just relies on direct trust and groups of introducers in certification Dept. of Computer Science & Engineering, CUHK

  12. The Trust Model • Define the authentication metric as a continuous value between 0.0 and 1.0 • A direct trust is the trust relationship between two nodes in the same group • A recommendation trust is the trust relationship between nodes of different groups Dept. of Computer Science & Engineering, CUHK

  13. Security Operations • Select introducers • Send request messages • Compare certificates received • Trust value update Dept. of Computer Science & Engineering, CUHK

  14. Public Key Certification • Authentication in our network relies on the public key certificates signed by some trustable nodes. • Nodes in the same group are assumed to know each other by means of their monitoring components and the short distances among them Dept. of Computer Science & Engineering, CUHK

  15. Operation of Node • Select introducers • Send request messages to introducers • Collect and decrypt the messages • Compare the certificates, isolate dishonest nodes • Calculate trust value of the new node Dept. of Computer Science & Engineering, CUHK

  16. Vs,i1 Vi1,t Vs,i2 Vi2,t Vin,t Vs,in Trust Value Update • s denotes the requesting node • t denotes the target node • Nodes i1, i2, …, in are the introducers • Each Vs, i*and Vi*, t form a pair to make up a single trust path from s to t Dept. of Computer Science & Engineering, CUHK

  17. Trust Value Update • Compute the new trust relationship from s to t of a single path • Combine trust values of different paths to give the ultimate trust value of t • Insert trust value Vtto the trust table of s Dept. of Computer Science & Engineering, CUHK

  18. Simulation Set-Up Simulation Parameters • Network simulator Glomosim • Evaluate the effectiveness in providing secure public key authentication in the presence of malicious nodes Dept. of Computer Science & Engineering, CUHK

  19. Metrics • Successful rate • % of public key requests that lead to a correct conclusion • Failure rate • % of public key requests that lead to an incorrect conclusion • Unreachable rate • % of public key requests that cannot be made due to not enough number of introducers Dept. of Computer Science & Engineering, CUHK

  20. Ratings to Periods of Time Dept. of Computer Science & Engineering, CUHK

  21. Ratings to Malicious Nodes Dept. of Computer Science & Engineering, CUHK

  22. Ratings to Trustable Nodes at Initialization Dept. of Computer Science & Engineering, CUHK

  23. Comparison with PGP- Successful Rate Dept. of Computer Science & Engineering, CUHK

  24. Comparison with PGP - Failure Rate Dept. of Computer Science & Engineering, CUHK

  25. Comparison with PGP - Unreachable Rate Dept. of Computer Science & Engineering, CUHK

  26. Conclusions • We developed a trust- and clustering-based public key authentication mechanism • We defined a trust model that allows nodes to monitor and rate each other with quantitative trust values • We defined the network model as clustering-based • The authentication protocol proposed involves new security operations on public key certification, update of trust table, discovery and isolation on malicious nodes • We conducted security evaluation • We compared with the PGP approach to demonstrate the effectiveness of our scheme Dept. of Computer Science & Engineering, CUHK

More Related