1 / 22

Authenticated Service Discovery Protocol for Ad Hoc Networks

Create a secure and authenticated service discovery protocol for ad hoc networks, incorporating authentication for services and consumer nodes. Use out-of-band communications and verify legitimacy of nodes online or offline.

teressam
Download Presentation

Authenticated Service Discovery Protocol for Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authenticated Service Discovery Team 6: Melanie Agnew Trevor Clarke John Folkerts Cory Virok Authenticated Service Discovery

  2. Overview • Project Description (Cory) • Example Applications (Cory) • Secure Virtual Whiteboard • Secure Roaming Surveillance System • Project Requirements (John) • Design Choices (John) • Use Case Analysis (Melanie) • Timeline (Melanie) Authenticated Service Discovery

  3. Project Description • Goal • Create a service discovery protocol for ad hoc networks which operates on top of M2MI and incorporates authentication, both for services and consumer nodes. • Assumptions • Trusts may be established in advance using a Certificate Authority • Out of band communications are possible to allow certain nodes to validate the legitimacy of other nodes • Verification may be done on-line or off-line • Off-line verification is done using PGP-like “web of trust” model • On-line verifiers will have access to resources such as CA’s and CRL’s. Authenticated Service Discovery

  4. Example Application:Secure Whiteboard • Why have a secure whiteboard? • Because it’s cool! • More security never hurt anyone • Group level communication within a globally visible stage • Managers could scribble red lines over future ideas that only other managers could see. Authenticated Service Discovery

  5. Tom doesn’t like the MineSweeper Plugin and Kathy is falling asleep watching these developers design. Manager - Tom Developer - Dave Developer - Nicole Manager - Kathy Authenticated Service Discovery

  6. Secure Whiteboard • Why use Service Discovery to do this? • Ability to “plug in” new resources. • Ex: Use each other’s printers/webcams/desktop Authenticated Service Discovery

  7. Example Application:Secure Roaming Surveillance System • What is a “Roaming Surveillance System”? • Mobile system that allows authorized users to access nearby surveillance equipment • Example • SWAT Team moving around a building while watching all nearby cameras for criminal activity and danger Authenticated Service Discovery

  8. SWAT Team 1 Could keep surveillance on all Terrorists while Team 2 would just be concerned with the group directly in front/behind/adjacent to them. Instead of visually choosing camera to view, physical mobility would do it for you – Only showing you what was pertinent to the current location. Authenticated Service Discovery

  9. Project Requirements • Service Discovery: • The protocol must be able to advertise services provided by multiple devices • Potential clients must be able to get the appropriate API information • Unique service identities must be generated / maintained • The protocol should allow users to select between multiple providers of the service (in order to choose the most suitable provider) • The protocol must allow clients to refine their query • If time permits, add things like service quality level Authenticated Service Discovery

  10. Project Requirements (cont.) • Authentication: • Use some kind of signing authority for services (assume a normal CA only signs real services) • Verification will be distributed throughout the network • Security assertions will only be good for a pre-determined amount of time • If time permits, authenticate prior to service advertisement • If time permits, encrypt entire communication Authenticated Service Discovery

  11. Design Decisions • Service Discovery: • Service discovery will implement a protocol of the team’s design • Based on performance of the service discovery protocol, we may decide to cache service information • Service discovery will accommodate services which span multiple devices, allowing negotiation of actual device providing the service if necessary • Services will be able to use both advertisement and discovery • Services will be addressable by group, much the same way a URI is constructed • Services will be discoverable by name and keywords • Authentication: • Authentication will use signed XML security assertions, as in paper by … • Keys will follow X.509 certificate standard and Java-native libraries to create and manage • Certificates will contain a URI attribute to assure authenticity of service Authenticated Service Discovery

  12. Using Security Assertions 1 2 Client generates assertion request • Assertor verifies client’s • signature and credentials • Generates security assertion and sends it toclient Assertion Request Assertor Signed: client Client Security Assertion Signed: assertor 3 Client presents security assertion to service 4 Service performs verification on the signature using its trusted key ring and individual policies Service Authenticated Service Discovery

  13. Client • Broadcast a request for an asserter. • Choose an asserter, sends credentials. • Get the assertion. • Broadcast a request for service. • Choose a provider. • Contact that provider and hand off communication to the authentication protocol. Authenticated Service Discovery

  14. Get initial Assertion Service Request Authenticated Service Discovery

  15. End-to-End Authentication Result: Direct connection set up Authenticated Service Discovery

  16. Provider • Provider obtains certificate from authorized source. • Broadcast a join service announcement only to providers of the same service • Get authorized by similar providers • Receive unihandles of providers in the same service • Wait to receive client requests, at which time check for authorization and send a unihandle Authenticated Service Discovery

  17. Provider Use Cases Get initial Assertion Join Service network Authenticated Service Discovery

  18. Service Peer Assertion validation End result: New Service Provider in Service network Authenticated Service Discovery

  19. Architecture Authenticator Policy Engine AssertionBuilder Authenticator Key Management Service Discovery Provider Client Advertisement Request HandleManager Authenticated Service Discovery

  20. Attacks • Assumes out-of-band authentication of certificates • Nodes are vulnerable to hijacking • Group certificates are vulnerable to a single member attack • Authenticity and integrity is optional • Denial of service vulnerabilities Authenticated Service Discovery

  21. Timeline Authenticated Service Discovery

  22. Bibliography • Sumi Helal, Nitin Desai, Varum Verma and Choonhwa Lee, "Konark – A Service Discovery and Delivery Protocol for Ad-hoc Networks," Proceedings of the Third IEEE Conference on Wireless Communication Networks (WCNC), New Orleans, March 2003. • Sye Loong Keoh and Emil Lupu, “Towards Flexible Credential Verification in Mobile Ad-hoc Networks”, Proceedings of the second ACM international workshop on Principles of mobile computing (POMC), Toulouse, France, Oct 2002. Authenticated Service Discovery

More Related