Some Security Issues - PowerPoint PPT Presentation

About This Presentation

Title:

Some Security Issues

Description:

Number of Views:38

Avg rating:3.0/5.0

Slides: 18

Provided by: uci112

Learn more at: https://ics.uci.edu

Category:

Tags: manets | issues | routing | security

Transcript and Presenter's Notes

Title: Some Security Issues

1
Some Security Issues Challenges in MANETs and
Sensor Nets

2
Outline

3
Secure Casual Multicast

An important service in MANETs and sensor
networks is the need to communicate to dynamic
subsets/clusters of nodes, e.g.,
All routers with x available bw
All nodes close to some location
All nodes with gtt power remaining
This kind of multicast can be one-time
How to distribute a group key to such subsets?
Broadcast encryption doesnt help here

4
Secure Casual Multicast

If the subset is large (around n) then broadcast
encryption techniques could be used
But what if subset size is much smaller than the
total of nodes, e.g., n/c for some constant c.
Solutions today are
encrypt the message as many times as there are
receivers or,
use group key establishment protocols
Both solutions are very expensive
Can we do better???

5
Aided Cryptographic Computations

Assume nodes have limited computation and
communication ability as well as limited energy
Computationally intensive tasks, e.g., full-blown
PK crypto operations are costly
Many setting involve a (small) number of more
powerful devices (gw-s, servers, etc.)
Can be used for off-loading crypto computations
if power needed for computing is greater than
that for communication
if time needed for computing would adversely
impact sensors other tasks

6
Aided Cryptographic Computations

Server-aided cryptography is applicable but
state-of-the-art (2-party, mediated,
server-aided, etc..) still too expensive
Designed to enforce various policies
(fine-grained control, revocation,) not to
minimize computation
Can we design an architecture that off-loads
heavy computation to more powerful devices?

7
Secure Routing/Key distribution

Most MANET routing protocols are vulnerable to
attacks that can paralyze the whole network
Existing secure MANET routing protocols (such as
Ariadne) authenticate each data and control
packet
Proposed authentication solutions are
Signatures too costly!
TESLA needs buffering, synchronization, some
complexity
Pair-wise keys not flexible - all nodes must be
updated when a new node joins the MANET.
Shared (common) group key not secure one
corruption is enough to break the system!
No general solution exists

8
Secure Routing/Key distribution

Similarly, state-of the art secure routing in
sensor networks
relies on time synchronization (is this
realistic?)
remains secure only if less that t nodes are
compromised
Since wholesale re-keying/re-initializing is
often impossible, these solutions might not be
practical!
Also, it is often difficult to identify
compromised nodes in monitoring applications
Ideally we need solutions that work even if some
nodes have been compromised
New key distribution and secure routing protocols
are required for these types of networks!

9
Privacy-Aware Routing

MANET routing is cooperative
Traffic analysis is very easy!
Some technical solutions exists onion routing,
mixes very expensive!
Can we build routing protocols that prevent
intermediate nodes from performing traffic
analysis?
Privacy-aware routing is needed!

10
Privacy of Associations

MANETs and sensor nets can operate in
multi-cultural environment
Need to tell kin from strangers (friend-or-foe)
Need to do so in private manner no
observability!
Secret Handshakes can help
Balfanz, et al.
Castelluccia, et al.
Still need to solve one-time credential issue
Group handshakes?
Sensors operating in hostile settings need to
produce signatures that are anonymous/untraceable
Group signatures? Too expensive

11
Group Key Management

Group Key Distribution (GKD) requires a center,
large groups, multicast, wireline
Group Key Agreement (GKA) distributed
(group-based), expensive, small groups, wireline
Current solutions unsuitable for MANETs
GKD no center, long messages, broadcasts
GKA multi-round, many messages, broadcasts
GKA need underlying reliable group comm.
GKA tries to minimize computation
GKD tries to minimize bw
Sometimes need to switch priorities
GKA protocols need to complete even if
membership changes in the interim
GKA center availability (partitions/failures/comp
romise)
No practical protocol tolerates malicious insiders

12
Aggregation / Minimization

MACs, signatures are examples of crypto tags
If information is collected from each node
(sensor, router, etc), much bw and storage is
wasted on tags
Need to minimize tag size aggregate signatures,
MACs, etc.
If multiple nodes report the same data, can
aggregate it
Why not aggregate tags too?
Example techniques Mykletun NDSS04, Boneh
EuroCrypt03, Mazieres IPTPS04
Much more work needed

13
DoS Resistance

14
Group Membership Control

Goal secure admission of members to a
group while tolerating adversaries both outside
and inside
Standard Model
A CA is distributed among n nodes (all or only
some)
A new node must gets a partial signature from
each of at least k (out of n) nodes
It then computes its membership certificate and
becomes a bona fide member
Can prove membership by presenting his
certificate
Can compute pair-wise keys
Can authenticate to insiders and outsiders
TS-RSA, TS-DSA, ID-based
All areTOO expensive!
New crypto algorithms/protocols needed
Distributed Eviction is harder (need to maintain
MRLs)

15
Membership Control

16
Key (pre-)distribution

Combine key pre-distribution (Blom scheme) with
secret sharing to achieve (pairwise) key
distribution in MANETs
Model
Each node (a priori) gets a share of its
secrets from k servers
Uses shares to compute a secret
This secret can be used to compute a pair-wise
key with any other node
Sometimes more appropriate than the
distributed-CA model
Members get keys not certificates!
efficientfew modular multiplications per key
computation
Extending this to INEXPENSIVE group keying