Title: Security in Self-organizing Systems
1Security in Self-organizing Systems
Refik Molva Institut EURECOM refik.molva_at_eurecom.f
r http//www.eurecom.fr/ce/researchce/nsteam.en.ht
m
2Self-organizing Systems
- System or Network consists of a Collection of
Ordinary Components - No fixed infrastructure
- No (or limited) organization
- Ad Hoc Networks
- Sensor Networks
- P2P Applications
- Ubiquitous computing
3Security Challenges
- Self-organizing
- No(or limited) infrastructure
- Lack of organization
- Wireless Mobile
- Scarcity of Resources
- Limited Energy
- Lack of physical security
- Lack of connectivity
Context-awareness
4Communication Security
- Secure Routing
- ARAN, SRP, ARIADNE, SEAD,TIK
- New Challenges
- Network coding and security Gkantsidis,
Rodriguez - Data aggregation Girao, Schneider, Westhoff
Castellucia, Tsudik
5Secure Routing Proposals for MANET
- ARIADNE Hu, et al.
- SRP Papadimitriou, Haas
- security associations between source end
destination only - ARAN Dahill, et al.
- PK certificates for IP _at_
- SEAD HU, et al.
- proactive routing - authenticated hash chains
- TESLA with instant key disclosure (TIK)
- can cope with wormhole attack
6Key Management Challenges
- Lack of (or limited)
- Security infrastructure
- Key servers (KDC, CA, RA)
- Organization (a priori trust)
- p2p
- Authentication is not sufficient to build trust
- ? Bootstrapping security associations from
scratch - ? Fully distributed
- ? Minimum dependency
7Key Management
- Symmetric
- Key pre-distribution
- Key agreement
- Asymmetric Keys
- PK Certificate (ID,PK)CA
- Self-organized CA
- Web of trust(PGP)
- Certificate-less
- Crypto-based IDs ID h(PK)
- ID-based Crypto PK f(ID)
- Context-awareness
- Distance Bounding Protocols
- Seeing-is-believing
8Key pre-distribution
- Sensor Networks TTP-based
- Eschenauer, Gligor ACM CCS02, H. Chan, A.
Perrig et al, Oakland03 - Wenliang Du et al, INFOCOM04
- Ad Hoc version no TTP A. Chan, INFOCOM04
- Distributed key setup by randomly choosing key
rings from a public key space - Cover-Free Family Algorithm
- Neighbors determine intersection of their key
rings using homomorphic encryption
9(ID, PK) binding Self-organized CA Zhou,
Haas Kong, et al. Yi, Kravets Lehane, et
al.Bechler et al, INFOCOM04
- Based on threshold cryptography
- PROs distributed, self-organized
- CONs share distribution during bootstrap phase,
network density, Sybil attack
cert(PKi)SK1
cert(PKi)SK2
PKi
cert(PKi)SKi
Verification of CERT(PKi)SK by any node using
well known PK
10(ID, PK) binding Web of Trust (PGP) Hubaux,
Buttyan, Capkun
- No CA
- Alice ? Bob and Bob ? Eve ? Alice ? Eve
- Merging of certificate repositories
- PROs no centralized TTP
- CONs initialization, storage, transitivity of
trust
11(ID, PK) binding Crypto-based ID
- SPKI Rivest
- Statistically Unique Cryptographically Verifiable
IDs OShea, Roe Montenegro, Castellucia - IPv6 _at_ NW Prefix h(PK)
- DSR using SUCV-based IP addresses
- Bobba, et al
- PROs no certificates, no CA
- CONs generation of bogus IDs
12(ID, PK) binding ID-based CryptoHalili, Katz,
Arbaugh
Based on Boneh, Franklin, CRYPTO 2001
- ID-based
- PK h(ID)
- SK computed by TTP
- Threshold Crypto to distribute TTP
- PROs no certificates, no centralized server
- CONs distribution of initial shares
13Trust
- Managed environment
- A-priori trust
- Authentication ? trustworthiness
- But
- requirement for infrastructure
- scarcity of computing resources (sensors)
- lack of connectivity (sensors, ad hoc nw)
- Open environment
- No a-priori trust
- authentication does not guarantee correct
operation - ? New paradigms
- Trust establishment protocols (history, e-cash,
) Bussard, Molva, Roudier, PerCom04,
PerSec04, iTrust04 - Reputation
14Cooperation enforcement
- Token-based Yang,Meng,Lu
- Nuglets Buttyan,Hubaux
- SPRITE Zhong, Chen, Yang
- CONFIDANTBuchegger,Le Boudec
- CORE Michiardi,Molva
- Beta-Reputation Josang,Ismail
Threshold cryptography
Micro-payment
Reputation-based
Built-in with Application
Bittorrent (P2P)
15Summary
- Main research focus
- Bootstrapping from scratch
- New trust paradigms
- Optimization (computation, bandwidth)
- Solutions yet to come . . .
- Interesting applications of cryptography
- Some untruths and non-sense
- ? Room for creativity
16New Challenges
- Opportunistic Communications
- No end-to-end connectivity
- Collapsed system (Applicationnetwork)
- Data eventually reaches destination
- Trust management
- Forwarding of encrypted data
- Network coding and cryptography
- Data aggregation
17-
- Selected Publications
- "Analysis of Coalition Formation and Cooperation
Strategies in Mobile Ad hoc Networks in Ad Hoc
Networks Journal Volume 3, Issue 2 , March
2005, Pages 193-219 - Pocket Bluff- A Cooperation enforcing scheduled
pocket switching protocol submitted to Sigcomm
Hotnets IV, July 2005 - Non cooperative forwarding in ad hoc networks
Networking 2005, 4th IFIP International
Conference on Networking, May 2 - 6, 2005,
Waterloo, Canada - Springer LNCS Vol 3462, 2005 ,
pp 486-498 - Policy-based Cryptography Financial
Cryptography 2005, Dominica, February 2005. - Ad Hoc Network Security Chapter 12 in Mobile Ad
Hoc Networking, S. Basagni, M. Conti, S.
Giordano, I. Stojmenovic (Editors) ISBN
0-471-37313-3 June 2004, Wiley-IEEE Press - IDHC ID-based Hash-Chains for broadcast
authentication in wireless networks, EURECOM
Technical Report RR-04-111 -
- History-based Trust Establishment Protocols in
PerCom04 and iTrust04, March 2004. - CORE a collaborative reputation mechanism to
enforce node cooperation in mobile ad hoc
networks CMS'2002, Communication and Multimedia
Security 2002 Conference, September 26-27, 2002,
Portoroz, Slovenia / Also published in the book
Advanced Communications and Multimedia Security
/Borka Jerman-Blazic Tomaz Klobucar, editors,
Kluwer Academic Publishers, ISBN 1-4020-7206-6,
August 2002 , 320 pp - "Ad Hoc Network Security" Chapter to appear in
Handbook of Information Security, H. Bidgoli
(Editor), Wiley Sons - Other papers on http//www.eurecom.fr/ce/researchc
e/nsteam.fr.htm