Security in Mobile AdHoc Networks

1

• Security in Mobile Ad-Hoc Networks
• Simon Skaria
• ICS, UC Irvine

2
What is Ad-Hoc?

• No infrastructure required
• Like Bluetooth, IR Unlike 802.11
• Each node can communicate with another node if
• within the radio range, or
• a pager node is available

3
Securing Ad-Hoc Networks

• Need to provide Anywhere, Anytime security
  services
• Dynamically changing network topologies
• Resource constrained units, normally
• Jittery channel, Easy to jam and intrude

4
Authentication in Ad-Hoc Networks

• Uses Certificate-Based approach
• Intrusion Resistant, not intrusion Free
• Distributes CA functionality in each neighborhood
• Self-Initialization protocol to handle dynamic
  node membership

5
Network Setting

• Dynamic wireless ad-hoc network with N networking
  hosts/entities
• Every entity i has a globally unique nonzero ID
  vi
• Entities roam freely in the network
• Number of entities, N may change over time

6
Security Assumption

• Scheme assumes one of the following
• An entitys private key will not be exposed for a
  certain period of time, OR
• An entitys ID, vi is not forgeable by the
  intruder

7
Locally Distributing CAs

• SK, PK denote the RSA Key pair of the System CA
• Secret is distributed using Shamirs scheme
• Each entity vi holds a secret share Pvi and any K
  of such entities can collectively function the
  role of a CA

8
Individually,

• Maintains a public key pair
• Signed by CA (SK), contains Tsign, Texpire
• Used for
• Cipher-Key Exchange
• Message Privacy
• Message Integrity and
• Non-Repudiation

9
Enforcing Validity

• Implicit Certificate Revocation
• Certificate is considered invalid unless renewed
  within Trenew
• Explicit Certificate Revocation
• CRL of revoked certificates is maintained.
• An entry needs to be kept for Trenew amount of
  time

10
Basic Operations

• Involves local coalition of K share holders
• Secret Share Dealing
• Certification Services, and
• Secret Share Updates

11
Secret Share Dealing

• An entity vi obtains its secret share Pvi
• Bootstrapping phase
• Before K entities have joined the group
• Self-Initialisation phase
• Need a local coalition of K entities
• Centralized dealer is not needed any more

12
Certification Services
13
Secret Share Updates

• No adversary group having less than K
  collaborative adversaries can forge a certificate
• To resist gradual break-ins, secret share is
  updated periodically
• Update time is a system parameter

14
Certificate Revocation

• Over and above the implicit revocation scheme
• If vxs certificate is compromised, a counter
  certificate lt?vx , Tsign? gt is flooded over the
  network
• Each node maintain a subset of
  counter-certificates within the past Trenew

15
Shamirs Secret Sharing

• D is secret to be shared
• Lagrange polynomial
• F(x) D f1.x fk-1.xk-1
• fis Chosen randomly
• Each entity holds a secret share
• Pvi (f(vi) mod n)

16
Localized Certification Service
17
Interpolation over Z?(n) Problem!

• (Pvi .lvi(0) mod n) t.n d 0?t?K
• X ? Xd mod n

18
Solution Coalition Offsetting

• Y0, Product of the Signatures Received
• Z M-n mod n
• j 0 w 1
• while j ? K do
• Y Y0.W mod n W W.Z mod n
• if (M ? Ye (mod n)) then break
• j j 1

19
Self-Initialization
20
Self-Initialization, in Practice

• Uninitialized node vx broadcasts request
• Each member selects a random nonce
• ID forms a partial order
• Encrypts with of the intended receiver
• The requester routes encrypted nonces
• Nonces are added to the partial secret share

21
Issues

• Padding used in RSA do not cancel each other
• Secret Share of a new entity in the
  self-initialization process
• How do you know the K-participating entities in
  Self-Initialization?
• K is not flexible