two-tier authentication for cluster and individual sets in mobile ad hoc networks authors: yuh-ren...
TRANSCRIPT
![Page 1: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/1.jpg)
Two-tier authentication for cluster and individual sets in
mobile ad hoc networks
Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang
Sources: Computer Networks, article in press
Reporter: Chun-Ta Li (李俊達 )
![Page 2: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/2.jpg)
2
Outline Introduction Basic assumptions and definitions Two-tier authentication
First tier: cluster authentication Second tier: individual authentication for unicast Second tier: individual authentication for a number of desti
nation nodes Second tier: route authentication for the same pair of nodes
Comments
![Page 3: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/3.jpg)
3
Introduction Motivation
Routing security in mobile ad hoc networks (session key) prevent internal and external attacks (black holes, imperso
nation) prevent routing table overflows prevent energy consumption attacks
Two-tier authentication scheme for cluster and individual sets in MANETs Source-initiated on-demand driven protocol Hash function and MAC concept in first tier (group) Secret sharing technology in second tier (individual)
![Page 4: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/4.jpg)
4
Introduction (cont.) Routing path discovery
Authentication and Confirmation packets for user authentication
![Page 5: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/5.jpg)
5
Basic assumptions and definitions M: The plaintext sent by a source node Tstamp: system time synchronization KC: A common secret key hold by all nodes A symmetric cryptosystem H(.): A collision-free hash function p, g: A large prime number and a generator IDi: The unique identity of node i Zi: An inverse of (IDi - 1) on modulo p-1 Ki,j: A set of secret shadows Λ i,j: A set of secret parameters corresponding to Ki,j, Λ i,j
= (gKi,j)Zi mod p
![Page 6: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/6.jpg)
6
Two-tier authentication First tier: cluster authentication
Source node: Step 1: generate Tstamp
Step 2: generate MACM = H(KC; Tstamp,M)
Step 3: generate the cluster signature MACT = H(KC;Tstamp)
Step 4: generate encrypted message EKC(MACM,Tstamp,M)
Step 5: transmit the output packet PKTM = {MACT,Tstamp,EKC
(MACM,Tstamp,M)}
![Page 7: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/7.jpg)
7
Two-tier authentication (cont.) Second tier: individual authentication for unicast
![Page 8: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/8.jpg)
= ga1+a0 mod p
= ga0 mod p
![Page 9: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/9.jpg)
9
Two-tier authentication (cont.) Second tier: individual authentication for a number
of destination nodes (1 source + 2 destination)IDα (Source node) IDω (destination node)
IDζ (destination node)
1. route discovery
2. generate a0 and RANDα
3. find a1 and a2 on the function
f2(x) = a2x2+a1x+a0 mod (p-1)
4. generate Γ1 and Γ2
5. Authentication packet {Γ1, Γ2, RANDα}
6. compute the common session key KS = ga0 mod p
![Page 10: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/10.jpg)
10
Two-tier authentication (cont.) generation of KS = ga0 mod p
IDω (destination node)
1.ω can compute
2.ω performs the computations as X1 and X2 together with the result of gKα,ω
3.An approaching key AK is obtained by
4. inverse element d
5.The computation of , which is identical to the session key of KS
![Page 11: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/11.jpg)
11
Two-tier authentication (cont.) Second tier: route authentication for the same pair of nodes
![Page 12: Two-tier authentication for cluster and individual sets in mobile ad hoc networks Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang Sources: Computer Networks,](https://reader036.vdocuments.pub/reader036/viewer/2022081821/56649f325503460f94c4ec9f/html5/thumbnails/12.jpg)
12
Comments Authentication message The concept of conference key Renewal of secret shadow