A few challenges in security

1
A few challenges in security privacy in the
context of ubiquitous computing

• Gene Tsudik
• SCONCE Secure Computing and Networking Center
• UC Irvine
• http//sconce.ics.uci.edu/
• 06/13/2005

2
Some Challenges

• Location privacy, network unobservability and
  location verification
• Distributed decision-making in MANETs
• Privacy-preserving authentication and
  authorization
• Secure data and tag aggregation
• Device pairing with varying degrees of human
  intervention

3
Secure Membership Control in MANETs
Membership control is the foundation of all
security features/services in a MANET

• Why is Membership Control Hard?
• No omni-present centralized/trusted authority
• Dynamic topology
• Sporadic connectivity
• Frequent outages/failures
• New nodes can appear at any time, esp. in a
  battlefield setting
• Trust in nodes is ephemeral, e.g., captured
  nodes/units must be evicted from network

Objective A set of practical, robust and secure
techniques for distributed decision-making in
multi-hop MANETs. Employ (and design)
state-of-the-art (threshold and proactive)
cryptographic methods to construct protocols for
distributed admission and eviction of nodes in a
MANET. Implement in a general-purpose toolkit
integrate with sample applications experiment
with limited deployment scenarios.

• Technical Approach
• Architecture consider security needs of various
  applications.
• Short-lived versus long-lived MANETs/groups
• Interaction with outside closed vs open groups
• Is non-repudiation needed?
• Is communication pair-wise or group-wise?
• RSA doesnt work
• DSA, Schnorr, ID-based techniques for long-lived
  groups
• Bivariate polynomial secret sharing for
  short-lived groups

http//sconce.ics.uci.edu/gac
4
Some Recent Results
An Attack on the Proactive RSA Signature Scheme
in the URSA Ad Hoc Network Access Control
Protocol, Stanislaw Jarecki, Nitesh Saxena and
Jeong H. Yi, ACM Workshop on Security of Ad Hoc
and Sensor Networks (SASN), October
2004. Identity-based Access Control for Ad Hoc
Groups, Nitesh Saxena, Gene Tsudik and Jeong H.
Yi, International Conference on Information
Security and Cryptology (ICISC),  December
2004. Futher Simplifications in Proactive RSA
Signature Schemes, Stanislaw Jarecki and Nitesh
Saxena,  Theory of Cryptography Conference (TCC),
February 2005. Efficient Node Admission for
Short-Lived MANETs Nitesh Saxena, Gene Tsudik and
Jeong H. Yi, in submission.
5
Privacy-preserving Authentication and
Authorization

• A few basic concepts
• Oblivious Envelopes
• Alice is an informant, has secret info for police
• Bob claims to be a cop, doesnt want to show his
  credentials
• See, e.g., Li, et al. PODC03
• Secret Handshakes
• Alice wants to talk to Bob iff Bob is a CIA agent
• Bob wants to talk to Alice iff Alice is a CIA
  agent
• Must be unobservable to others, anonymous,
  unlinkable
• Generalizable to groups?
• See, e.g., Balfanz, et al. SP03, Castelluccia,
  et al. AC04
• Privacy-Preserving Trust Negotiation (Hidden
  Credentials)
• Alice wants to access one of Bobs resources
• Bob doesnt want to divulge his access control
  policies
• More generally, Alice has many credentials
  doesnt want Bob to know them as long as at
  least one satisfies one of Bobs policies
• See, e.g., Bradshaw et al. CCS04

6
Secure Data and Tag Aggregation

• Data Aggregation how to reduce bw if only
  interested in statistical values?
• E.g., in sensor nets and MANETs
• Tag Aggregation how to reduce bw consumed by
  multiple MACs, signatures, etc?
• E.g., in reliable multicast, sensor nets, MANET
  routing, etc.
• Aggregated MACs are easy, but
• Aggregated signatures by same signer are cheap
  (e.g., RSA)
• Aggregated signatures by different signers are
  viable but expensive (e.g., BLS ID/pairing-based)
• Some require partial interaction, e.g.,
  Schnorr-based ASM

7
Some Recent Results
Securing Route Discovery in DSR. Jihye Kim and
Gene Tsudik IEEE Mobiquitous, July 2005. Secure
and Robust Acknowledgement Aggregation Claude
Castelluccia, Stas Jarecki and Gene
Tsudik Security in Computer Networks
(SCN). September 2004. Aggregation of Encrypted
Data in WSNs Claude Castelluccia, Einar Mykletun
and Gene Tsudik IEEE Mobiquitous July
2005. Authentication and Integrity for
Outsourced Data Maithili Narasimha, Einar
Mykletun and Gene Tsudik Network and Distributed
System Security (NDSS) February 2004.
8
Secure Device Pairing

• Two devices must be securely paired on-the-fly
• No prior association
• No specialized connection
• No common PKI ? authentication irrelevant
• Involving human as an aid
• E.g., Seeing-is-believing (SP05) or
  Shake-them-up (Mobihoc05)
• What if we want to pair more than 2 devices?

9
The end