![Page 1: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/1.jpg)
SPLASH Sécurisation des ProtocoLes dans les
réseAux mobileS ad Hoc
http://www.inrialpes.fr/planete/splash.html
12 Décembre 2003
Refik MolvaInstitut EURECOM
![Page 2: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/2.jpg)
MANET Security Requirements
Wireless & Mobile• Limited Energy• Lack of physical security
Ad Hoc• Lack of(or limited)
infrastructure• Lack of a priori trust
• Cooperation Enforcement
• Secure Routing
• Key management
[Recent security solutions for mobile ad hoc networks In “Ad Hoc Networks” IEEE Press - Wiley Ed]
![Page 3: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/3.jpg)
Key Management Objectives
• Bootstrapping from scratch
• Fully distributed
• Minimum dependency
![Page 4: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/4.jpg)
Key Management Approaches• Symmetric crypto [Basagni et al.]
• (ID, PK) binding– Certificate = (ID,PK)CA
• Self-organized Authorities [Zhou, Haas] [Kong, et al.] [Yi, Kravets] [Lehane, et al.]
• Web of trust(PGP) [Hubaux, Buttyan, Capkun]
– Certificate-less• Crypto-based IDs: ID = h(PK) [Montenegro, Castellucia] [O’Shea,
Roe] [Bobba, et al] • ID-based Crypto: PK = f(ID) [Halili, Katz, Arbaugh]
• Context-dependent authentication– location-limited channels [Balfanz, et al.] – Shared passwords [Asokan, Ginzborg]
![Page 5: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/5.jpg)
Self-organized Admission Control
Performance Comparison
• Centralized (simple signatures)– member gets t signatures from other members– Server grants GMC when t or more signatures are shown.
• Distributed (threshold signatures)– member gets “partial” certificates (mSKi) from other members.– member combines t certificates to get a GMC
GMC = mSK1 mSK2 mSK3.. mSKt = mSK
Threshold signatures are NOT suitable in MANET and sensor networks.
• Currently investigating Bilinear mappings
[Admission Control in Peer-to-Peer: Design and Performance Evaluation, ACM SASN Workshop, October 2003.]
[On the Utility of Distributed Cryptography in P2P and MANETs, ICNP 2003.]
![Page 6: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/6.jpg)
(ID, PK) binding without a PKI
Crypto-Generated Addresses (CGA)
• Statistically Unique Cryptographically Verifiable IDs [Montenegro,
Castellucia] [O’Shea, Roe] IPv6 @ = prefix | h( prefix | PK )
• Secure Routing using CGA: AODV [Castellucia, Montenegro] DSR[Bobba, et al]
PROs: no certificates, no PKI CONs: generation of bogus IDs
• New: CGA based on the small primes variation of the Feige-Fiat-Shamir (MFFS)
[Statistically Unique and Cryptographically Verifiable Addresses: concepts and applications. ACM TISSEC, Feb. 2004]
[Protecting AODV against impersonation attacks, ACM MC2R, October 2002]
![Page 7: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/7.jpg)
Cooperation enforcement mechanisms
Token-based [Yang,Meng,Lu]
Nuglets [Buttyan,Hubaux]SPRITE [Zhong, Chen, Yang]
CONFIDANT[Buchegger,Le Boudec] CORE [Michiardi,Molva]Beta-Reputation [Josang,Ismail]
Reputation-based
Threshold cryptography
Micro-payment
![Page 8: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/8.jpg)
Cooperation Enforcement Evaluation with Game Theory
• Cooperative GT– Study the size (k) of a coalition of cooperating nodes
– Nash Equilibrium lower bound on k
• Non-cooperative GT– Utility function with pricing
– Pricing used to guide the operating point (i.e. maximum of utility function) to a fair position
– ri : dynamic reputation of node ni evaluated by her neighbors
jjy
iyi
iriiyuikU
:sharerelative
:functionutility )()()(
),,,,,(),( irjbibPFEREselfEfjbibiu
[Michiardi,Molva,CMS’02, WiOpt’03] [Srinivasan,et al.,INFOCOM’03]
![Page 9: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/9.jpg)
Simulations: CORE – uniform traffic
![Page 10: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/10.jpg)
Simulations: TFT – uniform traffic
![Page 11: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/11.jpg)
Summary• Specific requirements
– Self organized bootstrapping of security associations
– Cooperation enforcement
• Prospects– New tools from crypto bag of tricks (Id-based crypto, . . .)
– Integrated mechanisms: reputation + key management
• Participation in MOBILEMAN project on Ad Hoc Networks
• ESAS 2004 1st European Workshop on Security in Ad-Hoc and Sensor Networks. (5.-6. August, 2004)
![Page 12: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/12.jpg)
ESORICS 2004 – RAID 2004
September 13-17
Institut EURECOMSophia Antipolis - FRANCE
![Page 13: SPLASH Sécurisation des ProtocoLes dans les réseAux mobileS ad Hoc 12 Décembre 2003 Refik Molva Institut EURECOM](https://reader030.vdocuments.pub/reader030/viewer/2022032703/56649d2b5503460f94a00dce/html5/thumbnails/13.jpg)
THANK YOU