VoIP%20Mobility

1
VoIP Mobility

• Prakash Kolan
• University of North Texas

2
Agenda

• Mobile Ad-hoc Networks
• VoIP in VoIP Ad-hoc Networks
• Trust in VoIP Ad-hoc Networks
• Issues for trust calculation in VoIP mobile
  Ad-hoc Networks and probable solutions
• Trust and Mobility
• Trust during Micro-Mobility
• Trust during Macro-Mobility
• Inferring a secure routing path in presence of
  malicious nodes
• Authenticating strangers in an ad-hoc network

3
Mobile Ad-hoc Networks (MANETs)

• Self configuring and adaptive networks
• Do not need any infrastructure to deploy these
  networks
• Deployed in areas deprived of any existing
  network infrastructure
• e.g., Battle zones, Villages, Areas suffering
  with natural calamities
• Every node can act as a router or a relay for
  forwarding data from other nodes in the MANET

4
VoIP Mobile Ad-hoc Networks (VoIP MANETs)

• VoIP devices can form a VoIP MANET on the fly
• New VoIP nodes can join and leave the VoIP MANETS
• Each VoIP node interacts with other VoIP nodes in
  the ad-hoc network either for requesting or
  serving VoIP services
• An Ad-hoc VoIP node can forward data between two
  other VoIP nodes
• In context of these high and anonymous
  interactions, it is imperative to understand the
  trust of the communicating nodes

5
Need for Trust in VoIP MANETs

• Open and Anonymous
• Lack of Accountability
• A central authority for maintaining the
  authentication information of each and every VoIP
  device is next to impossible particularly when
  end devices change their identity and location
• PKI Public Key Infrastructure is not enough
• Cryptographic algorithms, for instance cannot
  say if a piece of digitally signed code has been
  authored by competent programmers and a signed
  public key certificate does not tell you if the
  owner is an industrial spy

6
Trust in VoIP MANETs

• Every node learns the behavior of other VoIP
  nodes in the VoIP MANET using trust inference
• Every node can infer trust of other nodes for
  forwarding routing and secure trust information
• The nodes can co-operate with each other to know
  the trustworthiness of other nodes if they do not
  have first hand information about the possible
  forwarding nodes

7
Trust in VoIP MANETs

• Issues
• Trust and mobility in VoIP MANETs
• Secure Routing in VoIP MANETs
• Authenticating Strangers in VoIP MANETs

8

• Trust Mobility

9
Trust Mobility

• One of the biggest advantages of using VoIP is
  the ability to function and operate independent
  of the location
• On the other end, rapid advances in wireless
  networking technologies have enabled mobile
  devices to be connected anywhere, anytime
• Location independent VoIP services can be
  deployed on top of wireless networks like
  cellular, WLAN etc.

10
Trust Mobility

• Wireless handheld devices equipped with VoIP
  capabilities can roam from one network to another
  network
• Ability to connect to other devices in an ad-hoc
  fashion
• Necessity in understanding the inherent trust
  issues involved in mobility of these devices
• PKI infrastructure is a solution for
  authentication, authorization and message
  integrity issues however it does not address the
  involved trust issues

11
Trust and Mobility

• Trust in mobility can be divided into
• Trust in Micro-mobility
• Refers to the scenario where the VoIP mobile
  device moves in the coverage area of same access
  point
• Trust associations are local
• Trust in Macro-mobility
• Refers to the scenario where the VoIP mobile
  device moves from coverage area of one access
  point to another
• Need a global trust framework for inferring trust
• A trust information protocol is needed which
  advocates the trust information exchange when
  devices change access networks

12
Principles of Trust

• Trust is Subjective It is the degree of belief
  about the behavior of other entities (agents)
  upon which we depend (for example, to have a
  service delivered)
• Trust is Asymmetric Two agents need not have
  similar trust in each other
• Trust is Context Dependent Trust in a specific
  environment does not necessarily transfer to
  another
• Trust is Dynamic Tends to be reduced if entities
  are misbehaving and vice versa

13
hTrust A human trust model

• Trust Formation How trust is computed
• Trust Dissemination How trust is propagated
• Trust evolution How trust is evolved or updated
  based on an observed evidence

14
Trust Formation

• Whenever an agent a (trustor) has to decide
  whether to trust another agent b (trustee),
  trust information about b has to be collected
• Sources of trust information
• Direct experiences Represents an agent history
  of interaction (past interaction b/w trustor
  trustee. They are kept in the trustors local
  environment by the TMF
• Credentials Represents what other agents thought
  of us in previous interactions (e.g., what agent
  x thought about trustee b. They are kept in the
  trustees local environment by TMF
• Recommendations Trust information coming from
  other agents in the social context

15
Trust Formation

• The process that enables a trustor agent to
  predict a trustees trustworthiness before the
  interaction
• Trust data model A trustor a forms a trust
  opinion about a trustee b based on
• as direct experience
• bs credentials
• recommendations coming from social context

16
Trust Formation Direct Experiences

• Single aggregated trust information tuple
• a, b, l, s, c, k, t i.e, agent a trusts
  agent b at level l to carry on services s
  in context c
• The trust l varies in range -1 1 with -1
  meaning complete distrust and 1 meaning blind
  trust
• k is defined as degree of knowledge to
  distinguish dont trust from dont know (lack
  of evidence) at time t
• Higher the number of direct experiences between
  trustor and trustee, higher the degree of
  knowledge
• k decays with time i.e, trustor knowledge
  decays with time

17
Trust Formation Recommendations

• When theres no previous direct experience, the
  trustor may ask other agents in the social
  context to provide him with recommendations
• A recommendation tuple sent by agent x
  regarding trustee b is
• x, b, l, s, c, k, t SKX ? R (R being set
  of all recommendations)
• Each recommendation is signed using the
  public key of the recommender

18
Trust Formation Credentials

• Each agent b carries with him (i.e, in his
  local environment) a portfolio of credentials
  i.e, a set of letters of presentation detailing
  how trustworthy b has been in one or more
  previous interactions. Each credential looks like
  
• x, b, l, s, c, nfrom, nto, t SKx
• Agent x considers b trustworthy at level l
  to carry on service s in context c after
  series of transaction from nfrom to nto
• This trust refers to a set of transactions
  happened in the past between x and b

19
Trust Formation
20
Trust Dissemination

• Trust information is disseminated upon request
  from the trustor
• Step 1 a -gt b req-for-credentials(m) A
  request from a to b to see his credentials.
• m indicates the maximum no. of letters a is
  willing to accept
• Step 2 b -gt a Cti , i ? 1, m The trustee
  b replies with a set of utmost m letters of
  presentation (the one he considers to be the best
  for his own reputation)
• Step 3 TMF decrypts the letters of presentation
  and checks the validity of public keys of all
  agents who recommended the trustee b with an
  identity management system
• Step 4 If a then decides to communicate with
  b, then after communication a and b
  exchange a letter of presentation
• a -gt b a, b, l, n, n, tSKa
• b -gt a b, a, l, n, n, tSKb

21
Trust Evolution

• Continuous self-adaptation of trust information
  kept in agents local environment
• Updating trust based on the just finished
  transaction
• Updating trust based on the credentials it has
  received from the trustee
• h3 (l1, l2) w1xl1 w2xl2 with w1w21 0ltwilt1
• l1 -gt newly perceived trustworthiness
• l2 -gt old opinion

h4(l1, l2, l3) w1xl1 w2xl2 w3xl3
w1w2w31 0ltwilt1 l1 -gt bs trust worthiness
as perceived by a l2 -gt opinion previously held
by a about b l3 -gt bs expected
trustworthiness based on received credentials
22

• Secure Routing in VoIP MANETs

23
Routing in MANETs

• Nodes communicate among themselves
• No central authority in supervising behavior of
  nodes in MANETs
• Nodes themselves act as routers and relays for
  forwarding data and control packets
• Multi-hop support makes communication possible
  with nodes outside of coverage area

24
Secure Routing

• Current research assumes that all the nodes in
  the network share similar goals and would
  co-operate with each other
• Presence of compromised nodes
• Become antagonistic to other uncompromised nodes
• Not reliable for retrieving routing information
  for actual routing
• Nodes with disparate goals
• Need external co-operation for communication
• Limiting factors such as power conservation etc.

25
Reputation for Secure Routing

• Reputation of nodes can be used for instilling
  the motivation to co-operate
• It establishes trust and confidence among the
  nodes
• Motivates to act in a trustworthy fashion and not
  to maliciously tamper with any data packet
• If a node becomes indifferent to its reputation
  and continues to act maliciously, it is weeded
  out of the network

26
Reputation for Secure Routing

• The malicious behavior of the node can be
  estimated based on
• Frames received
• Data packets forwarded
• Control packets forwarded
• Data packets received
• Control packets received
• Streams established

27
Reputation for Secure Routing

• Message from A -gt C. ABC is the only path from A
  to C. To send a message to C, A sends the message
  to B. If C acknowledges receiving the message
  RepAB1

Reputation is the means of recommendations from
all nodes
28
Reputation for Secure Routing

• Every node needs to identify the next node in the
  routing path
• Polls all its neighbors for the reputation of all
  its probable next nodes
• Chooses the next node with the highest reputation
  value

29
Reputation for Secure Routing
30
Reputation for Secure Routing

• Finding Trusted Routers - Deciding Next Hop
• Shortest path to destination - Sorts all the
  available paths based on no. of hops
• Using only the reputations - Choose the next hop
  based on highest reputed neighbor
• Shortest path to destination along with the
  reputation of the neighbors - Sorts all the
  available paths based on distance and reputation
  of next.

31
Reputation for Secure Routing

• Using the Reputation Value
• Advantages
• Increase in throughput
• Non co-operative nodes are ostracized
• Disadvantage
• Poor nodes are penalized
• Solution Using resource availability
  information along with reputation value
• Achieved equilibrium in traffic management
• Good nodes receive more traffic, becomes
  overloaded, drops some packets and decreases
  their reputation
• Source nodes use 2nd rank nodes and the system
  equilibrium is established

32
Reputation for Secure Routing
33

• Authenticating Strangers in VoIP MANETs

34
Authenticating Strangers

• One of the primary requirements of ad-hoc
  networks is that nodes can join and leave the
  network on the fly
• New nodes express their willingness in joining
  the network
• No previous history with any nodes in the network
• Need to infer the behavior or trust of new nodes

35
Pre-Authentication over location-limited channel

• Provides a security mechanism for wireless
  communications via pre-authentication over a
  location limited channel
• Devices exchange a limited amount of public
  information over a privileged side-channel
• The pre-authentication is used for authenticating
  one another on the unsecured wireless link
• Provides secure authentication using almost any
  standard public key based key exchange protocol

36
Pre-Authentication over location-limited channel

• Properties of Location Limited Channel
• Demonstrative Identification Identification
  based on physical context
• Audio (both in audible and ultrasonic range)
  which has limited transmission range and
  broadcast characteristics, can be used by a group
  of PDAs in a room to demonstratively identify
  each other
• For a single communication end point (e.g.,
  printer across the room), Channels with
  directionality such as infrared
• Authenticity That it is impossible (or
  difficult) for an attacker to transmit in that
  channel, or at least to transmit within being
  detected by legitimate participants

37
Pre-Authentication over location-limited channel

• The participants use the location limited channel
  for exchanging small cryptographic material for
  authenticating one another during wireless data
  transfer
• Secure because the pre-authentication data
  exchanged over a channel with inherent physical
  limitations
• The location limited channel is therefore
  resistant to eavesdropping
• It is difficult for the attackers to mount an
  attack because of inherent limitations in the
  chosen location limited channel

38
Pre-Authentication over location-limited channel

• Standard public key exchange protocols can be
  used for bootstrapping this authentication
• The participants can exchange their public keys
  during this pre-authentication phase
• Even if the attacker manages to eavesdrop the
  communication over wireless channel, it would be
  difficult for him to impersonate as the
  participants already have their keys exchanged

39
Pre-Authentication over location-limited channel

• Basic scheme for pre-authentication
• Pre-authentication, taking place over the
  location-limited channel
• A -gt B addrA , h(PKA)
• B -gt A addrB , h(PKB)
• Authentication continues over the wireless
  channel with any standard key exchange protocol,
  e.g., SSL/TLS
• A -gt B TLS_CLIENT_HELLO ...and so on.
• The various symbols denote
• addrA, addrB As (resp. Bs) address in
  wireless space, provided strictly for
  convenience
• PKA, PKB the public key belonging to A
  (resp. B), either a long-lived key or an
  ephemeral key used only in this exchange
• h(PKA) a commitment to PKA, e.g., a
  one-way hash of an encoding of the key

40
Pre-Authentication over location-limited channel

• Pre-authentication must be mutual both parties
  must send and receive pre-authentication data on
  an ad-hoc node
• In some cases e.g., a server on an ad-hoc node
  providing a service to another ad-hoc node, the
  pre-authentication is only in one direction
• Depending upon the location limited channel and
  the public key based protocol during normal
  wireless data transfer during the
  pre-authentication phase, a decision can be made
  to
• Exchange public keys
• Certificates
• Secure digests of the keys using cryptographic
  hash functions

41
Pre-Authentication over location-limited channel
42
Group authentication - Multicast

• Some of location limited channels have broadcast
  capability they can reach more than one target
  simultaneously. e.g., audio
• Many applications can benefit from the ability to
  designate a group of users in a secured network.
  e.g. Networked games, Meeting support
  conferencing
• Pre-authentication can be used with two major
  families of group key exchange protocols
• Centrally managed group by designating a
  specially trusted group member as group manager
• Unmanaged groups with no group manager

43
Centrally Managed Groups

• One participant is designated to become the group
  manager (first one to start)
• The group manager establishes point to point
  links with every other group participant based on
  pre-authentication
• The group manager will then exchange the group
  shared key with the new participant
• When a member leaves a group, the group manager
  distributes a new group shared key with the
  remaining participants

44
Problems with Centrally Managed Groups

• Group manager presents a single point of attack
• Group manager is trusted to generate and
  distribute all group keys. Many applications are
  not compatible with such a distinguished trusted
  party
• The group manager cannot easily leave the group

45
Unmanaged Groups

• By using pre-authentication over a location
  limited channel, all participants do not need
  public keys as in case of Diffie-Hellman
• Every group member commit their public keys or
  shared secrets to the group and a random existing
  group member can respond, thus ensuring mutual
  authentication
• Group members can then proceed with their chosen
  group key exchange protocol over the wireless
  link

46
Unmanaged Groups
47
References

1. C. Zouridaki, B. L. Mark, M. Hejmo, R. K. Thomas,
   A quantitative trust establishment framework for
   reliable data packet delivery in MANETs, SASN
   2005 1-10
2. D. Balfanz, D. K. Smetters, P. Stewart, and H. C.
   Wong. Talking to strangers Authentication in
   ad-hoc wireless networks. In Proc. Symp. on
   Network and Distributed Systems Security (NDSS),
   2002.
3. L. Capra, "Engineering Human Trust in Mobile
   System Collaborations", In Proc. of the 12th
   International Symposium on the Foundations of
   Software Engineering (SIGSOFT 2004/FSE-12), pages
   107-116. November 2004, Newport Beach, CA, USA.
   PDF
4. Marsh, S. P. (1994), Formalizing Trust as a
   Computational Concept. Ph.D. Thesis. Department
   of Mathematics and Computer Science, University
   of Stirling
5. P. Dewan et al, Trusting Routers and Relays in
   Ad hoc Networks, In the International Conference
   in Parallel Processing Workshops, Kaohsiung,
   Taiwan, October 06-09, 2003

48
References

1. F. Stajano and R. J. Anderson. The resurrecting
   duckling Security issues for ad-hoc wireless
   networks. In 7th Security Protocols Workshop,
   volume 1796 of Lecture Notes in Computer Science,
   pages 172194, Cambridge, United Kingdom, 1999.
   Springer-Verlag, Berlin Germany.
2. M. Carbone, M. Nielsen, V. Sassone, A formal
   model for trust in dynamic networks. BRICS
3. G. Theodorakopoulos, J. S. Baras, Trust
   Evaluation in Ad-Hoc Networks, ACMWorkshop on
   Wireless Security (WiSe04), Oct. 2004
4. S. Ganeriwal, M. B. Srivastava Reputation-based
   framework for high integrity sensor networks.
   SASN 2004 66-77
5. S. Buchegger and J.-Y. L. Boudec. A Robust
   Reputation System for P2P and Mobile Ad-hoc
   Networks. In Proc. 2nd Workshop on Economics of
   Peer-to-Peer Systems, June 2004
6. W. K. Wiechers, S. Daskapan, W. G. Vree,
   Simulating the Establishment of Trust
   Infrastructures in Multi-Agent Systems, In
   Marijn Janssen, Henk Sol René Wagenaar (Eds.),
   Sixth International Conference on Electronic
   Commerce ICEC04 (pp. 255-264). AM (ISBN
   1-58113-930-6).