Two-tier authentication for cluster and individual sets in

mobile ad hoc networks

Authors: Yuh-Ren Tsai and Shiuh-Jeng Wang

Sources: Computer Networks, article in press

Reporter: Chun-Ta Li (李俊達 )

2

Outline Introduction Basic assumptions and definitions Two-tier authentication

First tier: cluster authentication Second tier: individual authentication for unicast Second tier: individual authentication for a number of desti

nation nodes Second tier: route authentication for the same pair of nodes

Comments

3

Introduction Motivation

Routing security in mobile ad hoc networks (session key) prevent internal and external attacks (black holes, imperso

nation) prevent routing table overflows prevent energy consumption attacks

Two-tier authentication scheme for cluster and individual sets in MANETs Source-initiated on-demand driven protocol Hash function and MAC concept in first tier (group) Secret sharing technology in second tier (individual)

4

Introduction (cont.) Routing path discovery

Authentication and Confirmation packets for user authentication

5

Basic assumptions and definitions M: The plaintext sent by a source node Tstamp: system time synchronization KC: A common secret key hold by all nodes A symmetric cryptosystem H(.): A collision-free hash function p, g: A large prime number and a generator IDi: The unique identity of node i Zi: An inverse of (IDi - 1) on modulo p-1 Ki,j: A set of secret shadows Λ i,j: A set of secret parameters corresponding to Ki,j, Λ i,j

= (gKi,j)Zi mod p

6

Two-tier authentication First tier: cluster authentication

Source node: Step 1: generate Tstamp

Step 2: generate MACM = H(KC; Tstamp,M)

Step 3: generate the cluster signature MACT = H(KC;Tstamp)

Step 4: generate encrypted message EKC(MACM,Tstamp,M)

Step 5: transmit the output packet PKTM = {MACT,Tstamp,EKC

(MACM,Tstamp,M)}

7

Two-tier authentication (cont.) Second tier: individual authentication for unicast

= ga1+a0 mod p

= ga0 mod p

9

Two-tier authentication (cont.) Second tier: individual authentication for a number

of destination nodes (1 source + 2 destination)IDα (Source node) IDω (destination node)

IDζ (destination node)

1. route discovery

2. generate a0 and RANDα

3. find a1 and a2 on the function

f2(x) = a2x2+a1x+a0 mod (p-1)

4. generate Γ1 and Γ2

5. Authentication packet {Γ1, Γ2, RANDα}

6. compute the common session key KS = ga0 mod p

10

Two-tier authentication (cont.) generation of KS = ga0 mod p

IDω (destination node)

1.ω can compute

2.ω performs the computations as X1 and X2 together with the result of gKα,ω

3.An approaching key AK is obtained by

4. inverse element d

5.The computation of , which is identical to the session key of KS

11

Two-tier authentication (cont.) Second tier: route authentication for the same pair of nodes

12

Comments Authentication message The concept of conference key Renewal of secret shadow