Security in Self-organizing Systems - PowerPoint PPT Presentation

About This Presentation
Title:

Security in Self-organizing Systems

Description:

System or Network consists of a Collection of Ordinary ... [Bechler et al, INFOCOM'04] Based on threshold cryptography. PROs: distributed, self-organized ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 17
Provided by: abelardFl
Category:

less

Transcript and Presenter's Notes

Title: Security in Self-organizing Systems


1
Security in Self-organizing Systems
Refik Molva Institut EURECOM refik.molva_at_eurecom.f
r http//www.eurecom.fr/ce/researchce/nsteam.en.ht
m
2
Self-organizing Systems
  • System or Network consists of a Collection of
    Ordinary Components
  • No fixed infrastructure
  • No (or limited) organization
  • Ad Hoc Networks
  • Sensor Networks
  • P2P Applications
  • Ubiquitous computing

3
Security Challenges
  • Comm. Security
  • Self-organizing
  • No(or limited) infrastructure
  • Lack of organization
  • Wireless Mobile
  • Scarcity of Resources
  • Limited Energy
  • Lack of physical security
  • Lack of connectivity
  • Key management
  • Trust Management
  • Cooperation
  • Privacy

Context-awareness
4
Communication Security
  • Secure Routing
  • ARAN, SRP, ARIADNE, SEAD,TIK
  • New Challenges
  • Network coding and security Gkantsidis,
    Rodriguez
  • Data aggregation Girao, Schneider, Westhoff
    Castellucia, Tsudik

5
Secure Routing Proposals for MANET
  • ARIADNE Hu, et al.
  • SRP Papadimitriou, Haas
  • security associations between source end
    destination only
  • ARAN Dahill, et al.
  • PK certificates for IP _at_
  • SEAD HU, et al.
  • proactive routing - authenticated hash chains
  • TESLA with instant key disclosure (TIK)
  • can cope with wormhole attack

6
Key Management Challenges
  • Lack of (or limited)
  • Security infrastructure
  • Key servers (KDC, CA, RA)
  • Organization (a priori trust)
  • p2p
  • Authentication is not sufficient to build trust
  • ? Bootstrapping security associations from
    scratch
  • ? Fully distributed
  • ? Minimum dependency

7
Key Management
  • Symmetric
  • Key pre-distribution
  • Key agreement
  • Asymmetric Keys
  • PK Certificate (ID,PK)CA
  • Self-organized CA
  • Web of trust(PGP)
  • Certificate-less
  • Crypto-based IDs ID h(PK)
  • ID-based Crypto PK f(ID)
  • Context-awareness
  • Distance Bounding Protocols
  • Seeing-is-believing

8
Key pre-distribution
  • Sensor Networks TTP-based
  • Eschenauer, Gligor ACM CCS02, H. Chan, A.
    Perrig et al, Oakland03
  • Wenliang Du et al, INFOCOM04
  • Ad Hoc version no TTP A. Chan, INFOCOM04
  • Distributed key setup by randomly choosing key
    rings from a public key space
  • Cover-Free Family Algorithm
  • Neighbors determine intersection of their key
    rings using homomorphic encryption

9
(ID, PK) binding Self-organized CA Zhou,
Haas Kong, et al. Yi, Kravets Lehane, et
al.Bechler et al, INFOCOM04
  • Based on threshold cryptography
  • PROs distributed, self-organized
  • CONs share distribution during bootstrap phase,
    network density, Sybil attack

cert(PKi)SK1
cert(PKi)SK2
PKi
cert(PKi)SKi
Verification of CERT(PKi)SK by any node using
well known PK
10
(ID, PK) binding Web of Trust (PGP) Hubaux,
Buttyan, Capkun
  • No CA
  • Alice ? Bob and Bob ? Eve ? Alice ? Eve
  • Merging of certificate repositories
  • PROs no centralized TTP
  • CONs initialization, storage, transitivity of
    trust

11
(ID, PK) binding Crypto-based ID
  • SPKI Rivest
  • Statistically Unique Cryptographically Verifiable
    IDs OShea, Roe Montenegro, Castellucia
  • IPv6 _at_ NW Prefix h(PK)
  • DSR using SUCV-based IP addresses
  • Bobba, et al
  • PROs no certificates, no CA
  • CONs generation of bogus IDs

12
(ID, PK) binding ID-based CryptoHalili, Katz,
Arbaugh
Based on Boneh, Franklin, CRYPTO 2001
  • ID-based
  • PK h(ID)
  • SK computed by TTP
  • Threshold Crypto to distribute TTP
  • PROs no certificates, no centralized server
  • CONs distribution of initial shares

13
Trust
  • Managed environment
  • A-priori trust
  • Authentication ? trustworthiness
  • But
  • requirement for infrastructure
  • scarcity of computing resources (sensors)
  • lack of connectivity (sensors, ad hoc nw)
  • Open environment
  • No a-priori trust
  • authentication does not guarantee correct
    operation
  • ? New paradigms
  • Trust establishment protocols (history, e-cash,
    ) Bussard, Molva, Roudier, PerCom04,
    PerSec04, iTrust04
  • Reputation

14
Cooperation enforcement
  • Token-based Yang,Meng,Lu
  • Nuglets Buttyan,Hubaux
  • SPRITE Zhong, Chen, Yang
  • CONFIDANTBuchegger,Le Boudec
  • CORE Michiardi,Molva
  • Beta-Reputation Josang,Ismail

Threshold cryptography
Micro-payment
Reputation-based
Built-in with Application
Bittorrent (P2P)
15
Summary
  • Main research focus
  • Bootstrapping from scratch
  • New trust paradigms
  • Optimization (computation, bandwidth)
  • Solutions yet to come . . .
  • Interesting applications of cryptography
  • Some untruths and non-sense
  • ? Room for creativity

16
New Challenges
  • Opportunistic Communications
  • No end-to-end connectivity
  • Collapsed system (Applicationnetwork)
  • Data eventually reaches destination
  • Trust management
  • Forwarding of encrypted data
  • Network coding and cryptography
  • Data aggregation

17
  •  
  • Selected Publications
  • "Analysis of Coalition Formation and Cooperation
    Strategies in Mobile Ad hoc Networks in Ad Hoc
    Networks Journal Volume 3, Issue 2 , March
    2005, Pages 193-219
  • Pocket Bluff- A Cooperation enforcing scheduled
    pocket switching protocol submitted to Sigcomm
    Hotnets IV, July 2005
  • Non cooperative forwarding in ad hoc networks
    Networking 2005, 4th IFIP International
    Conference on Networking, May 2 - 6, 2005,
    Waterloo, Canada - Springer LNCS Vol 3462, 2005 ,
    pp 486-498
  • Policy-based Cryptography Financial
    Cryptography 2005, Dominica, February 2005.
  • Ad Hoc Network Security Chapter 12 in Mobile Ad
    Hoc Networking, S. Basagni, M. Conti, S.
    Giordano, I. Stojmenovic (Editors) ISBN
    0-471-37313-3 June 2004, Wiley-IEEE Press
  • IDHC ID-based Hash-Chains for broadcast
    authentication in wireless networks, EURECOM
    Technical Report RR-04-111
  •  
  • History-based Trust Establishment Protocols in
    PerCom04 and iTrust04, March 2004.
  • CORE a collaborative reputation mechanism to
    enforce node cooperation in mobile ad hoc
    networks CMS'2002, Communication and Multimedia
    Security 2002 Conference, September 26-27, 2002,
    Portoroz, Slovenia / Also published in the book
    Advanced Communications and Multimedia Security
    /Borka Jerman-Blazic Tomaz Klobucar, editors,
    Kluwer Academic Publishers, ISBN 1-4020-7206-6,
    August 2002 , 320 pp
  • "Ad Hoc Network Security" Chapter to appear in
    Handbook of Information Security, H. Bidgoli
    (Editor), Wiley Sons
  • Other papers on http//www.eurecom.fr/ce/researchc
    e/nsteam.fr.htm
Write a Comment
User Comments (0)
About PowerShow.com