1 / 25

A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks. Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/01/20. Outline. Introduction LHAP Security Analysis Performance Analysis Conclusion. Securing Ad hoc Networks.

molimo
Download Presentation

A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/01/20

  2. Outline • Introduction • LHAP • Security Analysis • Performance Analysis • Conclusion

  3. Securing Ad hoc Networks • Most ad hoc networks do not have any provisions for restricting or regulating the traffic. • Recently researchers have proposed security extensions for authenticating routing control packets. • A simple solution is to use a network-wide key shared by all nodes.

  4. Public Key Algorithm • Two problems with shared-key: • Key management • Digital signatures (Authentication) • Key feature of public key cryptosystem • Two keys: Public Key & Private Key • Computational infeasible to determine decryption key.

  5. Public Key Algorithm (cont.) • Public Key Encryption

  6. Public Key Algorithm (cont.) • Public Key authentication

  7. Outline • Introduction • LHAP • Security Analysis • Performance Analysis • Conclusion

  8. LHAP • Lightweight hop-by-hop authentication. • A node joining an ad hoc network only needs to perform some inexpensive authentication with its neighbors. • Residing in between the data link layer and the network layer.

  9. Notation

  10. Trust Management • Trust Bootstrapping

  11. Trust Management (1) • Trust Maintenance • Each node broadcasts an KEYUPDATE message (with TTL=1) to its neighbors. • The KEYUPDATE message is authenticated with the next TESLA key in its key chain. • Preventing malicious nodes from forging traffic using the TRAFFIC keys node A has already released.

  12. Trust Management (2) • Trust Termination • When a compromised node is detected, all the node will terminate their trust relationship with that node permanently. • When a node doesn’t receive a valid KEYUPDATE message from a neighbor within a TESLA interval, it will terminate it trust of this neighbor temporarily.

  13. Lightweight Traffic Authentication • Each node generates a one-way key chain used for traffic authentication. • Node A want to broadcast a packet M: • Benefit: • Enable instant verification of traffic packets. • It is not necessary to disclose TRAFFIC keys periodically.

  14. Outline • Introduction • LHAP • Security Analysis • Performance Analysis • Conclusion

  15. Security Analysis • Outside attacks • Single outside attack • Collaborative outside attack • Hidden terminal attack • Inside attacks • Single inside attack • Insider clone attack

  16. Outside Attacks • Single outside attack

  17. Outside Attacks (1) • Collaborative outside attack • Attacker P1 and P2 have a private channel. • P1 forwards every message it eavesdropped from node A, including KEYUPDATE messages and traffic packets. • Solution: • Allow a receiving node to determine if they should be able to hear each other.

  18. Outside Attacks (2) • Hidden terminal attack • IEEE 802.11 solves the problem using CSMA/CA with ACKs and optional RTS/CTS control packet.

  19. Insider Attacks • Single insider attack • A compromised node might attempt to flood the network with many traffic packets. • Insider clone attack • When a compromised nod shares its private key with its outside conspirators. • Solution • Instruction Detection System (IDS).

  20. Outline • Introduction • LHAP • Security Analysis • Performance Analysis • Conclusion

  21. Performance Analysis • Computational Overhead • RSA digital signature verifications. • Hash computation • Latency • A node verifies a traffic packet it receives by computing one or more hashes. • Traffic Byte Overhead • A node adds a traffic key to every traffic packet it sends,…

  22. Performance Analysis (cont.) • JOIN message, a public key certificate and the size of a digital signature. • A node sends an ACK packet to every new neighbor… • KEYUPDATE message.

  23. Outline • Introduction • LHAP • Security Analysis • Performance Analysis • Conclusion

  24. Conclusion • Presented a lightweight hop-by-hop authentication protocol for network access control in ad hoc networks. • Transparent to and independent of the routing protocol.

  25. Reference • Sencun Zhu, and Shouhuai Xu, “LHAP:A lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks”, ICDCSW’03, IEEE 2003. • Adrian Perrig, and Ran Canetti, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels”, IEEE 2000.

More Related