WP4:Trusted communities

1
WP4Trusted communities secure communications

• M7-M12 Achievements

2
Outline

• Security in the HAGGLE node architecture
• Security manager
• Implementation and application
• Ongoing research
• Security in network coding
• Secure data aggregation

3
Security in the HAGGLE node architecture

• Internship started oct06 Marianna Carrera,
  Lorenzo Odorico
• Review of the current HAGGLE architecture
• Trials with the existing demos
• Still have some difficulties
• Preliminary implementation of Security Mgr
• Interfaces with other managers
• Simple HAGGLE application
• Secure mail

4
The new HAGGLE node architecture
Application

• Dedicated Functions
• Confidentiality
• Authentication
• Integrity

Name Mgr

• Shared Functions
• Key mgt
• trust establishment
• cooperation

Data Mgr
Security Mgr
Resource Mgr
Forwarding Mgr
Protocol Mgr
Connectivity Mgr
Interface
5
Current SMTP Application

• Create DO
• Create FO
• Send Data (serialized)

Application SMTP Deamon (haggle.app.mailproxy.SM
TPDeamon)
Haggle Application Interface (haggle.appInterface
.AppInterface.java)

Haggle Network Interface
Connectivities (WiFi ah-hoc network)
6
Sending an email with integrity check

• Two Integrity levels
• Application
• Integrity Input DO, Body
• New DO-attribute Body-Integrity
• Protocol
• Integrity Input Serialized Msg
• New segment Msg-Integrity

Name Mgr
Data Mgr
Security Mgr
Resource Mgr
Forwarding Mgr
Protocol Mgr
Connectivity Mgr
7
DO attribute Integrity (application level)

• Att1

Security Mgr
8
Integrity for serialized data (protocol)
12
3
FO_Type


HTL


exp


3
16
1
FO_Type


1
-10
2
SM_Hash
160

1
SM_Hash_type
4
sha1

attributes
attr
attr
attr
ch
ch
ch
FO_type fo_hash SM_Hash hash_value SM_Hash_type
sha1
12
FO_Type head hopsToLive expire
FO_Type fo_senders
MimeType Name Value
FO_Type fo_names
MimeType Name Value

FO_Type fo_data
MimeType mail Sender sender_name Receiver
recv_name Body headerbody
9
Security in Network Coding
S

• Existing Solutions
• Rodriguez et al. 06
• Based on El Gamal
• Initial broadcast of hash values
• Jain et al. 06
• Based on pairings
• Initial broadcast of EC-Points
• Our Solution
• ID-Based with pairings
• No initial broadcast

F b1b2
b1
b2
h1,h2
h1,h2
I
I
b1
b2
b1
I
b2
b1b2
b1b2
h1,h2
I
I
h1,h2
h1,h2
10
Secure data aggregation (EWSN07)

• Challenge
• aggregation of encrypted data in WSN, by
  intermediate nodes
• intended for many-to-one applications
• can be extended to one-to-one applications
• Our solution
• Aggregation operation
• Additive homomorphic encryption CTRM encryption
• layered mechanism
• suppress some encryption layers
• aggregate
• add new encryption layers
• Related key attribution algorithm
• Only the sink is able to suppress all encryption
  layers
• Security Robustness
• generic confidentiality protection against
  eavesdropping
• end-to-end confidentiality protection against
  node compromise
• protection against bogus message injection
• protection against message losses

11
Publications Future work

• Publications
• Secure data aggregation with multiple encryption,
  to appear in EWSN07
• Optimistic fair exchange for secure forwarding,
  submitted to ICDCS07
• Presentation to CISCO Security in
  self-organizing networks
• Future work
• HAGGLE node one dedicated application
• Proof for secure network coding
• Ciphered content based forwarding