Principles of Ad Hoc Networking Michel Barbeau and Evangelos - - PowerPoint PPT Presentation

Principles of Ad Hoc Networking

Michel Barbeau and Evangelos Kranakis November 12, 2007

Wireless security challenges Network type Challenge Wireless Open medium Mobility Handover implies change of security parameters Ad hoc Infrastructure based security not applicable Sensor In-network processing

2

Signature

• 1. Unforgeability: proof that the signer signed the document
• 2. Authenticity: convincing of the document’s authenticity
• 3. Unreusability: signature cannot be “moved” elsewhere
• 4. Unalterability: document cannot be changed after signing
• 5. Unrepudiatability: signer cannot later claim: did not sign the

document

3

Digital signature

• Set of messages: P; Set of signatures: A; Set of keys: K
• Signing algorithm: Sigk : P → A, with k ∈ K
• Verification algorithm: V erk : P × A → {true, false}
• V erk(x, y) =
• true

if y = Sigk(x) false if y = Sigk(x).

4

RSA signature

• An integer n = pq, the product of two distinct primes p and

q

• Two integers e, d such that ed ≡ 1 mod φ(n), φ(n) is the Euler

totient function

• n, e are public; p, q, d are private
• Signature: Sig(M) ≡ Md mod n
• Verification: V er(M, N) = true ⇔ M ≡ Ne mod n

5

ElGamal signature

• 6

Constructing one-way hash chains

v H H H H H H H v v v v v v

n−1 n−2 n−3 n−4 2 1

later values earlier values

GENERATE CHAIN USE/REVEAL

7

Authentication in one-way hash chains

H H v H H H H

i

v j H (v ) = v

i j i−j

8

Forming a Merkle tree

v v v v v v v v

1 2 3 4 5 6 7

9

Blinding in Merkle authentication trees

v v v v v v v v

1 2 3 4 5 6 7

u u u u u u u u

1 2 3 4 5 6 7

H H H H H H H H

10

Recursive hashing in Merkle authentication trees

v v v v v v v v

1 2 3 4 5 6 7

u u u u u u u u

1 2 3 4 5 6 7

u u u u67

23 01 45

u u u

03 47 07

11

Example of Merkle authentication trees

v v v v v v v v

1 2 3 4 5 6 7

u u u u u u u u

1 2 3 4 5 6 7

u u u u67

23 01 45

u u u

03 47 07

path path path path path sibling sibling sibling

12

The RC4 encryption

1001100 1001111 1000111 1001001 1001110

L O G I N

Message

Text

Message

in ACSII

Key

Stream

Ciphertext 1000100 1000001 1010110 1001001 1000100 0001000 0001110 0010001 0000000 0001010

XOR

13

Cracking RC4 messages

Ciphertext

1

0001000 0001110 0010001 0000000 0001010

XOR

Ciphertext

2

0001110 0010100 0011010 0000000 0000101 0000110 0011010 0001011 0000000 0001111

J U L I A

2nd Message

Text

1001100 1001111 1000111 1001001 1001110 1001010 1010101 1001100 1001001 1000001 2nd Message

in ACSII XOR

XOR of un encrypted messages

1st

Message

(LOGIN )

in ACSII

14

ZigBee frame with auxiliary header

Encrypted Payload Message Integrity Code Network Header MAC Header Physical Header

Auxiliary

Header Encrypted Payload Message Integrity Code Network Header MAC Header Physical Header

Auxiliary

Header Encrypted Payload Message Integrity Code MAC Header Physical Header

Auxiliary

Header (a)

(b)

(c) Application

Header

15

ZigBee network entry

Joiner Router Trust Center (1) Beacon Request (2) Beacon (3) Association Request (5) Association Response

(4) Update-Device

(8) Transport-Key(Network Key)

(7) Transport-Key Joiner-Trust Center Link Key Setup Using SKKE

(9) Transport-Key(Network Key)

(6) Transport-Key

16

Key establishment using the fuzzy commitment protocol Initiator

Responder

Generate common symmetric key k Derive feature

value v

Compute

e = v xor k

Derive feature

value v'

[hash(k), e]

Compute

k'

= v'xor e

hash(

k)=hash(k'

)?

17

ECG with IPI markers

IPI

18

Initiator calculation in the fuzzy commitment protocol

1 1 2 2 3 3 4 4 5 5 6 7 8 6

v=(8.26,1.37)

c=(4,5)

19

Responder calculation in the fuzzy commitment protocol

1 1 2 2 3 3 4 4 5 5 6 7 8 6

v'=(7.76,0.96)

f(v' - d) = (4,5)

v'-d=(3.50,4.59) 20

Fuzzy encryption protocol

Sender Receiver Get message m Generate symmetric

key k Derive value v Derive value v' Using v',decommitk

[E [m], C(k, v)]

k

D [E [m]]

k k

21

Authentication using the fuzzy commitment protocol

m' = D [E [m]]

k k

Sender Receiver Get message m Generate symmetric

key k Derive value v Derive value v' Using v',decommit k

[E [m], MAC [m], C(k, v)]

k k

MAC [

m'

] = MAC [m]?

k k 22

Example of SEAD implementation (only indices are depicted)

15 14 13 12 11 10 9 7 8 6 5 4 3 2 1

23

Example of hash tree chain. One-way chain generation

24

Merkle tree

25

Example of using the hash tree chain

H( ) v H( ) H( ) H( ) vi || vi || v || i || i H H H H H H H H 1 2 3 b b b b

2 3 1

H( ) H( ) b0 ||b1 b2 b3 || = b01 = b23 H H H H b01 ||b23 H( ) H H v v i−1 i Hash−Tree

26

The bin-and-balls signature scheme

s1 s2 s3 s4 st Gh

27

A single verifier v (inside region R) and a prover p (not depicted)

R v

28

A single verifier at the center of a circular region R where there is an upper bound of ∆p on the processing delay

v s ∆p

R = RoA(v,0)

p

∆

RoA(v, )

29

Wormhole attack

X Y A B

30

Impact on routing protocols: one hop tunneling

X Y A B C

31

Partitioning the range of the sensors into six zones numbered 1, 2, . . . , 6 clockwise

1 2 3 4 5 6

32

Bidirectional communication link

A B

33

Wormhole vulnerability in the first protocol

B Region I Region II Y X A C 2 3 4 5 6 1 1 2 3 4 5 6

34

Cooperating with neighbors to prevent protocol vulnerabilities

B Region I Region II Y X 1 2 3 4 5 6 1 2 3 4 5 6 D A C

35

Verifier region

B A

36

Worawannotai attack

A B V X

37

Preventing the Worawannotai attack A B V X a b

38

Verifier region

A B V X a b c d

39

Sequence number attacks

s a b c d e f g v source malicious destination 4 hops 3 hops

40

Impact of location of base stations on disrupting traffic in a sensor network delimited by a square region

41

Omnidirectional and directional antennas

Directional Omnidirectional A B A B

42