MANET : Overview Nodes freely roam Multi-hop communication towards - - PDF document
URSA : Providing Ubiquitous and Robust Security Support for MANET Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang University of California, Los Angeles {jkong,pzerfos,hluo,slu,lixia}@cs.ucla.edu Outline Mobile Ad-hoc Network
1
Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang
University of California, Los Angeles
{jkong,pzerfos,hluo,slu,lixia}@cs.ucla.edu
♦ Mobile Ad-hoc Network (MANET) ♦ Design goals & challenges ♦ Problems of conventional approaches ♦ Our approach – Network protocols – Cryptographic algorithms ♦ Implementation & simulations ♦ Conclusions
2
♦ Nodes freely roam ♦ Multi-hop communication towards remote nodes ♦ Shared wireless medium is error-prone
♦ Security Supports – Authentication – Service availability – Message privacy – Message integrity – Non-repudiation ♦ More difficult than the wired scenarios – Mobility – State constantly changes – Security threats over vulnerable wireless links
3
♦ Security breach – Vulnerable wireless links – Occasional break-ins may be inevitable over long time ♦ Service ubiquity in presence of mobility – Anywhere, anytime availability ♦ Network dynamics – Wireless channel errors – Node failures – Node join/leave ♦ Network scale
♦ Centralized & Hierarchical scheme – Single server – Multi-server infrastructure
Server Server Server Server
4
♦ Service performance comparison – Low success ratio: 80% – Large average delay
♦ Ubiquitous and robust service provision in the
presence of random mobility
♦ Localized algorithms and protocols ♦ One-hop wireless communication
5
♦ No single point of compromise – Hackers must break into K nodes simultaneously to compromise the system ♦ No single point of DoS attack & node failure ♦ K offers tradeoff between intrusion tolerance
and service availability
– K=1, single point of compromise, maximal availability – K=N, single point of DoS attack, maximal intrusion tolerance
♦ Each node carries a verifiable, unforgeable
personal certificate
♦ Certificate is signed by network system key
SK
♦ Certificate may be issued, renewed, or
revoked
♦ Every mobile node periodically renews its
certificate
♦ Ubiquitous services enabled by secret
sharing
6
♦ Certification services – Localized certificate issuing, renewal, revocation ♦ Self-initialization service – To provide a secret share to an entity – To provide scalable proactive secret share update service ♦ Proactive secret share update service – To resist long-term adversaries without changing the shared secret
♦ Broadcast service request ♦ Compute partial certificates ♦ Combine K partial certificates
Service request Return partial certificates (K=5)
7
♦ Polynomial-based threshold secret sharing – Given a secret d and a random polynomial of degree K-1 f(x) = d + f1•x + f2 • x2 + …… + fK-1 • xK-1 mod n – Each entity vi obtains its secret share “f(vi) mod n” – d can be recovered by Lagrange interpolation ♦ In RSA cryptosystem, the d in the signing key
SK=(d,n) is shared and distributed
f(0)=secret f(x1) f(x2) f(x3) f(x4) f(x5) x5 x4 x3 x2 x1
Polynomial with degree K-1
= =
≡
=
K j j K j j j
n d n lv v f d f
1 ___ 1
) (mod ) mod ) ( ) ( ( ) (
) ( ) )( ( ) ( ) ( ) )( ( ) ( ) (
1 1 1 1 1 1 K j j j j j j K j j j
v v v v v v v v v x v x v x v x x lv − − − − − − − − =
+ − + −
L L L L
8
♦ Threshold secret sharing reveals d to a
coalition
♦ d is not revealed if partial certificates are
used
– The cornerstone is the equation Xd1 • Xd2 • … • XdK = X(d1 + d2 + … + dK) – Each coalition member contributes a signed partial certificate XSKi = (Xdi mod n) which corresponds to an RSA SK-signing in computation – The certification service requester combines K partial-certificates and obtains a correctly-signed certificate XSK = (Xd mod n)
♦ Implementation in C – Minimized extension: RSA-compatible operations – Optimized for wireless low-end devices
– Coded as value-added plug-in to existing security systems ♦ Simulation in ns-2 – Communication efficiency dimensions: network size (scalability), node mobility, wireless channel errors – Performance metrics: success ratio, average delay, average # of attempts
9
♦ Comparable performance with standard RSA
signing
♦ Little impact of K on computation overhead
(K=5, time unit: milli-second)
♦ Self initialization and proactive secret share update
inversing, and less than K degree exponentiation), thus incur little computation overhead
=1.37 SPEC =12.1 SPEC =20.5 SPEC Key 2.528 24.414 0.754 5.245 0.473 1.420 2048 2.006 10.251 0.630 3.480 0.460 0.798 1536 1.996 8.215 0.840 4.926 0.411 0.561 1280 1.847 7.024 0.781 3.321 0.319 0.490 1024 1.497 5.163 0.443 2.588 0.382 0.459 768 1.196 3.861 0.378 1.145 0.288 0.413 512 Sum Partial Sum Partial Sum Partial (bit)
10
♦ Our approach: Reliable and predictable
behavior
♦ Centralized & hierarchical approaches:
Unreliable and/or unpredictable behavior
♦ Mobility does not affect the protocols very much ♦ Scale well to the network size
11
♦ “Explosion” effect: as more and more entities
task is getting easier and faster
♦ Certification-based approach – Secret sharing – Multi-signature ♦ Localized and distributed protocols – Faster and more robust than other approaches – Service ubiquity – Scalable ♦ Flexible trade-off between intrusion
tolerance & service availability