1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL,...
-
Upload
simon-johnson -
Category
Documents
-
view
224 -
download
5
Transcript of 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL,...
![Page 1: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/1.jpg)
1
Peer-to-Peer Security in Wireless Ad Hoc Networks
+ CommonSenseNet
Jean-Pierre Hubaux
EPFL, Switzerland
![Page 2: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/2.jpg)
2
Outline
Brief presentation of the MICS/Terminodes project Mobility helps peer-to-peer security Cooperation between nodes in multi-hop wireless
networks Three more projects :
Cooperation without incentives Power-efficient broadcast in all-wireless networks Water management by means of sensor networks
![Page 3: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/3.jpg)
3
National Competence Centers in Research
Initiative of the Swiss National Science Foundation Call for proposals in late 1998, for several scientific areas
(including Medicine and Physics) Proposals have to be substantial (yearly budget around
3 Mio Euros/year) and long term (from 2001 to 2010) 200+ proposals have been submitted in the first round 14 proposals finally selected (in 2000) The Mobile Infomation and Communication Systems or
Terminodes proposal is the only selected in the area of communications; official start : November 2001
![Page 4: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/4.jpg)
4
Terminal + Node = Terminode All network functions (packet
forwarding, flow control, error control,…) and terminal functions (coding/decoding, A/D and D/A, storage, ciphering,…) are embedded in the terminode
A communication must be relayed by intermediate terminodes
The network is self-organized: it is operated by its users
All terminodes are potentially mobile
Destination
Source
Terminodes are the extreme (or academic) case of several concreteincarnations: multi-hop cellular networks, networks of vehicles,sensor networks, self-operated networks, distributed robots,…
Terminodes are the extreme (or academic) case of several concreteincarnations: multi-hop cellular networks, networks of vehicles,sensor networks, self-operated networks, distributed robots,…
![Page 5: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/5.jpg)
5
National Center for Competence in Research: Mobile Information and Communication
Systems
Academicconsortium(in CH):
EPFLUni Lausanne
Uni Bern
Uni St Gallen
Uni ZurichCSEM
ETHZ
Director of NCCRProf. M. Vetterli
Deputy director of NCCRProf. Th. Gross
Fribourg: CCTC
Industrial partners:
• IBM• Microsoft• Samsung• Siemens• Swisscom• Whitestein Technologies
+ many academic partners worldwide
www.terminodes.org
Around 25 faculty membersand 80 PhD students
![Page 6: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/6.jpg)
6
Main challenge and benefit of the research program : working accross layers
Mathem
atical foundation
Information theory
Security
EconomicsS
ystem architecture
Com
municating
embedded system
s
Information systems
Real-time services
Network layer
Physical and MAC layers
Selected application: environmental monitoring (sensor networks)Other possible applications: crisis networks, networks of cars, networks for rural areas
![Page 7: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/7.jpg)
7
Joint work with Levente Buttyan+ and Srdjan Capkun
Mobility Helps Peer-to-Peer Security
Peer-to-peer Authentication and Key Establishment in Mobile Networks
+ Now with Laboratory of Cryptography and Systems Security (CrySyS) Department of Telecommunications, Budapest University of Technology and Economics
![Page 8: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/8.jpg)
8
Secure communication with cryptography(reminder)
Alicex
EK(x) DK’(y)
Key K
y
Mallory (or Oscar)
Bob
Key K’
Sender Receiver
Attacker or opponent or intruder
x: plain texty: cipher text
Symmetric cryptography: if K’ = KAsymmetric cryptography (or public key cryptography): if K’ K
DK’(EK(x)) = x
Encrypter Decrypter
x
![Page 9: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/9.jpg)
9
Digital Signature (reminder)Alice Bob
Messagem
1 ( )APK
e m 1( ( ))A A
PK PKd e m
m
= ?
Signature: sig or σ Verification: ver
( ) : s= mod
In RSA-bas
(
ed s
, ) if mo
ign :
d
aturea
bver m s true m
sig m
s
n
n
m
( ) : s= mod
In RSA-bas
(
ed s
, ) if mo
ign :
d
aturea
bver m s true m
sig m
s
n
n
m
A certificate is an identity or a public keysigned by another entity
A certificate is an identity or a public keysigned by another entity
1
: public key of Alice
: private key of Alice
A
A
PK
PK 1
: public key of Alice
: private key of Alice
A
A
PK
PK
![Page 10: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/10.jpg)
10
Does mobility increase or reduce security ?
Very often, people move to increase security: Face to face meetings Transport of assets and physical documents Authentication by physical presence
In spite of the popularity of PDAs and cellular phones, this mobility has not been exploited so far to provide digital security
Mobility is usually perceived as a major security challenge: Wireless channel Unpredictable location of the user Sporadic availability of the user Higher vulnerability of the device Smaller computing capability of the device
So far, client-server security has been considered as the priority (e-business, cellular telephony,…)
Peer-to-peer security is still in its infancy
![Page 11: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/11.jpg)
11
Security of cellular networksExample: GSM
Mobile station(key stored in The SIM card)
Shared, symmetric key
Base station AuthenticationCenter
ChallengeResponse
Setting up of the encryption key
• The key stored in the SIM card incarnates the contract between the subscriber and the operator• It is established manually when the contract is signed• Only symmetric cryptography is used
• The key stored in the SIM card incarnates the contract between the subscriber and the operator• It is established manually when the contract is signed• Only symmetric cryptography is used
![Page 12: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/12.jpg)
12
Example of security for wireless LANs: standard IEEE 802.1x (*)
Supplicant(Mobile Station)
Authenticator(Access Point)
Authentication Server
EAPOL(over IEEE 802.11)
Encapsulated EAP,Typically on RADIUS
EAP: Extensible Authentication Protocol (RFC 2284, 1998)EAPOL: EAP over LANRADIUS: Remote authentication dial in user service (RFC 2138, 1997)
Features of IEEE 802.1x: - Supports a wide range of authentication schemes, thanks to the usage of EAP- One-way authentication- Optional encryption and data integrity
EAP: Extensible Authentication Protocol (RFC 2284, 1998)EAPOL: EAP over LANRADIUS: Remote authentication dial in user service (RFC 2138, 1997)
Features of IEEE 802.1x: - Supports a wide range of authentication schemes, thanks to the usage of EAP- One-way authentication- Optional encryption and data integrity
(*) Notes:• IEEE 802.1x is not specific to wireless LANs and was not designed specifically for them• New standard: IEEE 802.11i (2003)
![Page 13: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/13.jpg)
13
Wireless Transport Layer Security protocol (WTLS)
WTLS
WAPGateway
SSL
Webserver
Authentication classes of WTLS:Class 1: no authentication Class 2: authentication of the server only (similar to traditional SSL / HTTPS used with Web servers); the server certificateis usually signed by a Trusted Third Party (Verisign, Entrust, Smartrust,…)Class 3: authentication of both server and client; requires aPublic Key Infrastructure and a Wireless Identity Module (WIM);very few implementations so far
(Secure Socket Layer)
![Page 14: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/14.jpg)
14
Security in ad hoc networks
Constraints Mobile devices limited computing capabilities Sporadic connectivity prevents from relying on an on-line
server Solutions proposed so far
Some nodes have a special role; they are entitled to perform threshold cryptography operations (Cornell, 1999)
Generalization: any node can take this responsibility (UCLA, 2001)
Users are all in the same location; they agree on a common password, type it into their device; the protocol creates a strong shared key (Nokia, 2001)
Issue mutual certificates and build up a distributed certificate graph à la PGP (EPFL, 2001)
![Page 15: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/15.jpg)
15
Mobility helps security
Infrared link
(Alice, PuKAlice, XYZ)
(Bob, PuKBob , UVW)
Visual recognition, conscious establishment of
a two-way security association
Secure side channel -Typically short distance (a few meters)- Line of sight required- Ensures integrity- Confidentiality not required
Alice Bob
Problem : how to bootstrap security in a mobile network without a central authority ?
Problem : how to bootstrap security in a mobile network without a central authority ?
![Page 16: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/16.jpg)
16
Friends mechanism
IR
Colin
Bob(Colin’s friend)
Alice
(Alice, PuKAlice, XYZ)
(Alice, PuKAlice, XYZ)
Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations they have set up with other users
Colin and Bob are friends:• They have established a Security Association at initialisation• They faithfully share with each other the Security Associations they have set up with other users
![Page 17: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/17.jpg)
17
Mechanisms to establish Security Associations
Friendship : nodes know each others’ triplets
Exchange of triplets over the secure side channelTwo-way SA resulting from a physical encounter
i j i knows the triplet of j ; the triplet has been obtained from a friend of i
i
f
j i
f
j
i
f
j i
f
j
i j i ja) Encounter and activation of the Secure Side Channel
b) Mutual friend
c) Friend + encounter
Note: there is no transitivity of trust (beyond your friends)
![Page 18: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/18.jpg)
18
Protocols
![Page 19: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/19.jpg)
19
Pace of establishment of the security associations (1/2)
- Depends on several factors: - Area size- Number of communication partners: s- Number of nodes: n- Number of friends- Mobility model and its parameters (speed, pause times, …)
Established security associations :Desired security associations :
Convergence :
![Page 20: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/20.jpg)
20
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
100 1000 10000 100000 1000000
time (s)
per
cen
tage
of
secu
rity
ass
ocia
tion
s
s=99, f=0, pause=100 s, sr=5 m, v=5 m/s s=99, f=2, pause=100 s, sr=5 m, v=5 m/ss=99, f=0, pause=100 s, sr=5 m, v=20 m/s
5m/s, 2 friends5m/s, 0 friends
20m/s, 0 friends
Pace of establishment of the security associations (2/2)
![Page 21: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/21.jpg)
21
Conclusion on Mobility Helps Security
• Mobility can help security in mobile ad hoc networks, from the networking layer up to the applications
• The proposed solution also supports re-keying• The proposed solution can easily be implemented with both symmetric and
asymmetric cryptography
S. Capkun, J. P. Hubaux, and L. ButtyanMobility Helps Security in Ad Hoc NetworksFourth ACM Symposium on Mobile Networking and Computing (MobiHoc),Annapolis, June 2003
S. Capkun, L. Buttyan, and J.-P. HubauxSelf-Organized Public-Key Management for Mobile Ad Hoc NetworksIEEE Transactions on Mobile Computing, Vol. 2, Nr. 1, 2003
![Page 22: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/22.jpg)
22
Cooperation between Nodes in Hybrid Ad Hoc Networks
Jean-Pierre Hubaux1
Joint work with Naouel Ben Salem1, Levente Buttyan2, and Markus Jakobsson3
1 EPFL/School of Information and Communication 2 Budapest University of Technology and Economics
3 RSA Labs
![Page 23: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/23.jpg)
23
S
D
Hybrid ad hoc networks (1/2)
Set of base stations connected to a backbone (like in cellular)
Potentially, multi-hop communication between the mobile station and the base station (unlike in cellular)
Principle usable for both “classical”, voice centric cellular networks and wireless LANs (e.g., IEEE 802.11)
![Page 24: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/24.jpg)
24
Hybrid ad hoc networks (2/2)
Expected benefits: Energy consumption of the mobile stations can be reduced Immediate side effect: Reduced interference Number of base stations (fixed antennas) can be reduced Coverage of the network can be increased Closely located mobile stations can communicate
independently from the infrastructure (ad hoc networking)
Problem: How to encourage the nodes to relay packets for the benefit of other nodes?
![Page 25: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/25.jpg)
25
Possible solution : systematic micro-payments
A i1 BSA Bj1BSB
Initiator
Correspondent
• Principle: for every packet, the initiator is charged and all relay nodes are rewarded
• Strength : all cheating attempts will be detected
• Weakness : overhead (increase of the communication cost around 3 to 12%)
N. Ben Salem, L. Buttyan, J. P. Hubaux, and M. Jakobsson,"A Charging and Rewarding Scheme for Packet Forwarding in Multi-hop Cellular Networks"Fourth ACM Symposium on Mobile Networking and Computing (MobiHoc), Annapolis, June 2003
![Page 26: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/26.jpg)
26
Alternative solution : probabilistic micro-payments
Model for the network: Multi-hop up-link Single-hop down-link
S
D
Proposals for probabilistic payments: D. Wheeler(1996) Jarecki and Odlyzko (1997) S. Micali and R. Rivest (2002) …
![Page 27: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/27.jpg)
27
The solution in three easy steps – Step 1
Assume that all packet sending/receiving events can be observed by an observer
The observer could tell who originated a packet (whom to charge) who forwarded a packet (whom to remunerate) who dropped a packet (whom to punish?)
![Page 28: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/28.jpg)
28
The solution in three easy steps – Step 2
Assume that every node honestly reports its own sending/receiving events to the operator
The operator could tell who originated a packet (whom to charge) who forwarded a packet (whom to remunerate) who dropped a packet (whom to punish?)
Problems: nodes may not be motivated to send reports nodes may lie (send false reports) reporting all events may be a huge overhead
![Page 29: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/29.jpg)
29
The solution in three easy steps – Step 3
Nodes get paid for their reports nodes are motivated to send reports
• Events to be reported are selected probabilistically this drastically reduces the overhead
• Neighbors are remunerated as well this further increases the motivation to cooperate
• Based on the received reports, the operator performs statistical analysis (auditing) this allows detection of cheating behavior
![Page 30: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/30.jpg)
30
Assumptions
Hybrid ad hoc network with multi-hop up-link and single-hop down-link
Symmetric-key crypto, each node shares a long-term symmetric key with the operator (base stations)
The operator manages numerous base stations and one accounting center
The operator is trusted by every node for not revealing secret keys correctly transmitting packets correctly performing billing and auditing
Users are not trusted to act according to the protocol users behave rationally they can tamper with their devices they can collude
![Page 31: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/31.jpg)
31
Protocol
Setup users register with the operator each registered user u gets an id and a symmetric key Ku Ku is shared by the user and the operator (base stations)
Maintaining connectivity information each user u keeps a list of triplets (ui, di, Li), where
• ui is a neighbor
• with distance (in hops) di from the base station and
• with reward level Li
the list is sorted in terms of increasing values of di and Li
Reward levels packets have reward levels too a higher reward level means higher charge for the originator and
higher reward for the forwarders ui is willing to forward packets with a reward level higher than Li
![Page 32: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/32.jpg)
32
Packet origination
Originator o wants to send payload p o selects a reward level L
computes a MAC: = MACKo( L | p )
transmits [ o | L | p | ] according to the Packet Transmission Protocol
MAC : Message Authentication Code
![Page 33: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/33.jpg)
33
Packet transmission
User u – originator or forwarder – wants to transmit packet P = [ o | L | p | ]1. u selects his first as yet unselected entry (ui, di, Li) where Li < L
2. sends a forward request to ui (contains L and possibly more info)
3. waits for an ack from ui
• if received, then u sends P to ui
• if not received, then u increases i by one and goes to step 2in any case: if u is not the originator, then u performs the Reward
Recording Protocol
u y
z
x
(u=y, d=2, L=53)
(u=z, d=3, L=82)
(u=x, d=3, L=70)
![Page 34: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/34.jpg)
34
Packet processing by the base station
The base station receives a packet P = [ o | L | p | ] it looks up the secret key Ko of the originator o
verifies the MAC
• if not correct, then drops the packet
• if correct, then transmits the packet to the destination keeps a count of the number of packets transmitted for o records a fraction of all triplets (, L, u), where u is the id of the user from
which it received the packet [ o | L | p | ] periodically sends the recorded information to an accounting center
S
D
Accounting Center
21 3
45
6
Retrieve Ko
Verify
P
![Page 35: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/35.jpg)
35
Reward recording
User u has forwarded a packet P = [ o | L | p | ] u interprets as a lottery ticket
the ticket is winning for u iff f(, Ku) = 1 for some function f
if is winning, then u records (u1, u2, , L), where
• u1 is the user from which he received P
• u2 is the user (or base station) to which he forwarded P
u1 u2 (or base station)u
f(, Ku) = 1 ?
Example for f : f(, Ku) = 1 iff dHamming(, Ku) h
• Note: If f is not one-way, then all claims should be encrypted during transmission
![Page 36: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/36.jpg)
36
Reward claim
User u has a list M of reward records when u is adjacent to a base station, he transmits a claim
[ u | M | MACKu(M) ] to the base station
the base station verifies the MAC
• if incorrect, then ignores the claim
• if correct then records the claim and sends an ack when u receives the ack, he deletes M from memory the base station sends the recorded reward claims to the
accounting center
u
Accounting Center
[ u | M | MACKu(M) ]
![Page 37: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/37.jpg)
37
Accounting
The accounting center receives reward claims of the form: “u claims (u1, u2, , L)”
traffic info recorded by the base stations of the form: “(, L, u) from o”
All originators whose identity has been recorded by a base station are charged
All users whose identity figures as a claimant in an accepted reward claim are credited
All users whose identity appears as sending or receiving neighbor in an accepted reward claim are also credited
![Page 38: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/38.jpg)
38
Auditing
The probability for a ticket to win is independent of the identity of the user who evaluates it
each user should appear as a claimant with approximately the same frequency as he figures as either sending or receiving neighbor of a claimant
![Page 39: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/39.jpg)
39
Examples of abuses and their detection
Packet droppingDescription: the user agrees to forward, but he doesn’t forward
Detection: receiving neighbor freq. > sending neighbor freq.
Ticket sniffingDescription: the user claims credit for overheard packets
Detection: claimant freq. > receiving neighbor or sending neighbor freq. conflicting claims
a b c
d
b claims (a, c, , L)
d claims (b, c, , L)
![Page 40: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/40.jpg)
40
Conclusion on the probabilistic encouragement for collaboration
Cooperation between nodes can be fostered by micro-payments
Probabilistic micro-payments can drastically reduce the overhead
The operator can fine tune the detection mechanisms according to the level of observed cheating
Future work Study attacks by malicious users Pricing issues (e.g., computation of the reward levels)
M. Jakobsson, J. P. Hubaux, and L. Buttyan A Micro-Payment Scheme Encouraging Collaboration in Multi-hop Cellular NetworksProceedings of Financial Crypto 2003
![Page 41: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/41.jpg)
41
Cooperation without incentivesin pure ad hoc networks
0)( xi
Examples of strategies:
Strategy Function
Initial cooperation
level
AllD (always defect)
AllC (always cooperate)
TFT (Tit-For-Tat)
0
1
1
1)( xi
xxi )(
σiAi
yi
xi
Conclusion: In a static network, the conditions for spontaneous cooperation are extremely unlikely to be met; but mobility improves things.
Conclusion: In a static network, the conditions for spontaneous cooperation are extremely unlikely to be met; but mobility improves things.
M. Felegyhazi, Levente Buttyan, and J. P. Hubaux"Equilibrium Analysis of Packet Forwarding Strategies in Wireless Ad Hoc Networks – the Static Case"Proceedings of Personal Wireless Communications (PWC `03), Venice, Italy, September 2003
![Page 42: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/42.jpg)
42
Power-efficient Broadcast in all-wireless networks,α
ijij dc 2
11}{max},{
aax
ihx
da pcp
Calculate gains
6 dacbd
da ppppg
5 eadcbe
ea pppppg
2 cac
ca ppg
6 badcb
ba ppppg
Calculate new transmission power
0},{maxarg
xa
xaa
newa
xa
ggppp
pb=8
8
2
pa=2
d
i
h
c
ab
f
jg
e
1
pc=55
55pe=4
4
pd=4
4
4
Try to remove node d:
M. Cagalj, J. P. Hubaux, and C. Enz,“Minimum-Energy Broadcast in All-Wireless Networks : NP-completeness and Distribution Issues”,Mobicom 2002
![Page 43: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/43.jpg)
43
COMMON-Sense Net:Agriculture and water management with the use of wireless
sensor networks
Joint work with IISc
![Page 44: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/44.jpg)
44
The need for water
Consequence: Growing humanitarian crises and political instability
Water supply, distribution of unserved populations
Sanitation, distribution of unserved populations
![Page 45: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/45.jpg)
45
Water and agriculture
Agriculture consumes 70% of the fresh water used worldwide by human activity
Around 40% of the fresh-water used for agriculture is lost (evaporation, spills, undue absorption)
70%
Agriculture
Industrial
Domestic
Agriculture is largely responsible for ground water’s Agriculture is largely responsible for ground water’s depletion and salinisation. depletion and salinisation.
![Page 46: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/46.jpg)
46
Assumptions
An optimized water management in agriculture is needed
Optimised water management means better information gathering on the soil’s and plants’ condition
Sensors and sensors networks can provide this enhanced information
![Page 47: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/47.jpg)
47
A concrete test case (1)
![Page 48: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/48.jpg)
48
A concrete test case (2)
25 villages over a radius of 25km Marginal farmers (< 1 ha) and small farmers (< 2 ha) No powered irrigation Cultures:
groundnut (for oil), cereals millets (finger millet -locally known as Ragi-, sorghum)rice in some irrigated patches
![Page 49: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/49.jpg)
49
User requirements
A better access to critical data and information to help farmers in their decision making processSoil: humidity, salinityGround-water: level, quality (nitrates,phosphates)Local meteorological data: temperature, radiance, wind velocity and direction...Global meteorological data: weather forecast, seasonal estimates...Cultural and social issues are critical
![Page 50: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/50.jpg)
![Page 51: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/51.jpg)
51
System characteristics
Self-organizing network of heterogenous wireless sensor-nodes (ease of deployment, non-intrusiveness)
Nodes communicate in a multihop fashion Low data-rate Scalability and adaptability to network changes Node failure detection and adaptability Internet-connectivity
![Page 52: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/52.jpg)
52
Technical requirements
Communication Range : around 500m (up to 1 km) Power-saving mechanisms: life-time of every node over 1 year
(the longer the better) Possibility to connect heterogenous sensors to a communication
node: « universal » port Costs-constraints
![Page 53: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/53.jpg)
53
Project consortium
Indian Partners Centre for Electronics Design and Technology (CEDT/IISc) Centre for Atmospheric and Oceanic Studies (CAOS/IISc) Chennakeshava Trust
Swiss Partners Laboratory for computer Communications and Applications
(LCA/EPFL) Laboratory of Hydrology and Planning (HYDRAM/EPFL) HEC, Lausanne (UNIL)
![Page 54: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/54.jpg)
54
COMMON-Sense Agenda
June 2003: Build-up of the consortium July-August 2003: Project proposal Fall 2003: Development of first prototype August 31st: Project submitted to SDC/EPFL cooperation fund January 2004: Project approved February 2004: Project meeting in Bangalore March-April 2004: Gathering of final user requirements May 2004: System High-Level Design June-November 2004: Work on first release December 2004: Outdoor testing of prototype
![Page 55: 1 Peer-to-Peer Security in Wireless Ad Hoc Networks + CommonSenseNet Jean-Pierre Hubaux EPFL, Switzerland.](https://reader035.fdocuments.in/reader035/viewer/2022062422/56649eb05503460f94bb63ea/html5/thumbnails/55.jpg)
55
Conclusion
Ad hoc and sensor networks raise new challenges in a number of areas
Security in particular needs to be redesigned from scratch
The solutions very much depend on the presence and role of an authority
This is an exciting and promising research area…
Presented papers available online at:http://lcawww.epfl.ch/hubaux/or Google (hubaux) home page