Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget [email protected]...
-
date post
18-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget [email protected]...
Authentication in Mobile Ad-hoc Network (MANET)
StudentStåle Jonny [email protected]
SuperviserChik How Tan
Master hash chain
Traffic hash chain
Session hash chain
Introduction/justification
• The problem in MANET is mostly related to– that there isn’t any central management system or access to a
trusted third party (TTP), witch contain a repository of the identity of al legal node
– It must be assumed that node have restricted computation power, power and memory capacity.
– Node may frequently change location or new one is entering the network.
– It must be assumed that the network will be exposed for passive and active attack from an unauthorised source, witch may have more computation power, power and memory capacity then legal nodes
• Justification– A MANET may be useful in many situations where no infrastructure
(fixed or cellular) is available, or wireless public access in urban areas to providing quick deployment and extended coverage.
– Without any appropriate authentication protocol it’s possible that the network may be used by user that don’t follows legal principle or isn’t a legal user of the network.
– At this moment there aren’t any standards that describe a proper authentication protocol that may be use in MANET.
Research questions/method• Research questions
– Description of the scenario for the rescue operation.– What kind of threat that may be expected for MANET
in this scenario.– Consideration on what kind of different authentication
method and cryptographic algorithm that may be appropriate against the threat and useful in a MANET.
– Design of a new and better authentication protocol that is suited for this scenario.
• Method:– Consider different threat that has been identified in
earlier work and literature– Mathematician and computer simulation to compute
the complexity of the new and earlier authentication protocol
Authentication is fundamental
• Authentication is fundamental in all aspect of information security and assurance, and is the binding of an identity to a subject. Authentication may be based on:
– something known (as a password, shared secret, secret, the private key corresponding to a public key etc.)
– something possessed (this is typical a physical asset as a badge card, id-card, password calculator etc.)
– something inherent (handwrite, fingerprint, etc.).• An authentication protocol proves the nodes identity in a
given instance of time. To maintain the identity authentication additional techniques must be included. If nodes is authenticated at the start of a session, they have to ensure that they maintain the authentication during the session, so that an adversary hasn’t interfered the session.
• An approach to prevent this to happen include:– perform re-authentication or for each discrete resource request (eg
each message that have to be exchanged) – tying the identification to an ongoing integrity service, that each
message can be tied together with session authentication.
Requirement
• Few computational steps• Balanced computational steps• Cheap computational step• Few messages flow• Small messages• Small program memory• Small data memory requirement• Restricted consequences of data
disclosure
Different crypto algorithm
• Symmetric encryption– When the nodes (network) is deployed
it’s hard (or impossible) to change key– If one node is compromised, the entire
network is compromised• Hash and HMAC is fast• Asymmetric is slow
NB1 NB2 NB3
NB4 NB5
NB6NB7 NB8
Eve
NewNode
NA
Authentication model• The distribution of credential may be done in two ways:
– encrypt the credential by the receiver nodes public key– the credential has a signature base on initiators private key
• The first option require more message exchange during authenticate of its neighbour nodes, than the second option.
NewNode
NA
NB1 NB2 NB3
NB4 NB5
NB6NB7 NB8
1
2
34
5
6
8 9
NewNode
NA
NB1 NB2 NB3
NB4 NB5
NB6NB7 NB8
One-by-one Broadcast
The trust model/clock synchronisation
• If two nodes have succeed an authentication of each other, then there is established a trust relationship between this nodes. – This mean if Node A and B has done the authentication
process they trust each other, that is also true if node B and C has done the authentication process.
– But this doesn’t mean that node A and C trust each other. If node A and C have to trust each other, they have to do the authentications process.
• Further it is assumed that every legal node has a certificate with a unique identity and public/private key pair that is distributed and signed by an off-line TTP
• The private keys are stored in a secure and tamper proof area within the node, and are only known by its owner.
• Every node is equipped with a GPS-clock, and the time deviation is small (much smaller than a second).
Different fast authentication
protocols
Leslie Lamport (LATEX?)Weakness
h0
h1
h2
hj-1
hj
hn
hn-1
hj+1
Has
h ch
ain
gene
ratio
n
Has
h ch
ain
disc
lous
er
k0
k1
kn-2
kj-1
kj
kn
kn-1
kj+1
•DoS attack•Sign every traffic key•Wormhole and insider attack
•DoS attack•Sign every hash chain•Wormhole and insider attack
NB1 NB2 NB3
NB4 NB5
NB6NB7 NB8
Eve
NewNode
NA
Threat
N1 N2 N3
N4 N5
N6 N7N8
Eve
End
NB
m
k
Node
NA
Eve
Eve
NewNode
NA
Eve NC1
NB1 NB2 NB3
NB4 NB5
NB6 NB7 NB8
NC2
NC3 NC4
Wormhole attack Insider attack
The new authentication protocol
End-to-end authentication
Node A
Node B Node C Node D
Node E
A B: mA, MAC(mA|KAT(jA+nA+1))
A B: A, KAT(jA+nA+1)
B C: mA, MAC(mA|KBT(jB+nB+1))
B C: B, KBT(jB+nB+1)
C D: mA, MAC(mA|KCT(jC+nC+1))
C D: C, KCT(jC+nC+1)
D E: mA, MAC(mA|KDT(jD+nD+1))
D E: D, KDT(jD+nD+1)
Hop-by-hopauthentication
Hop-by-hopauthentication
Hop-by-hopauthentication
Hop-by-hopauthentication
A E: A,m’A,MAC(A|m’A|KATE(j+nA+1))
E A: E, KETE(j+nE+1)
A E: A, KATE(j+nA+1)
*Where mA is equal to: A E: A,m’A,MAC(A|m’A|KATE(j+nA+1)) or A E: A, KA
TE(j+nA+1), in the other direction mE is equal to E A: E, KETE(j+nE+1).
New authentication protocol(1)
The protocol include 3 hash chain
1. The master hash chain
2. Traffic hash chain
3. Session hash chain
Some test result on my computer 1.6 GHz Centrino DuoType of operation
Benchmark
(time in ms)
Test program
(time in ms)
1024 bit DSA 160 bit exponent
Setup 10,343Generation 5,780signature no precomputation 2,810 2,984signature w. precomputation 0,580Verification 3,290 3,406
1024 bir RSA
RSA key generation 273,5001024 bit signature* 7,140 7,4681024 bit RSA verification e=3* 0,0401024 bit RSA verification e=65537* 0,250 0,500
160 bit ECDSA
Key generation 0,032signature no precomputation 7,290 7,437signature w. precomputation 1,550verification 9,780 10,156
Master hash chain based on SHA-1 (10x10000 hash key) 1078,000Traffic hash chain (10000 hash key) based on SHA-1 16,000
Session hash chain (10 session and 1000 hash key) based on SHA-1 9,400HMAC/SHA-1 0,050
Result from simulation
-20
-10
0
10
20
30
40
50
60
70
00,
020,
040,
060,
08 0,1
0,12
0,14
X/R
E-E
ner
gy
Node A: E(Alg12)-E(Alg2)
Node B: E(Alg12)-E(Alg2)
Node A: E(Alg12)-E(Alg3)
Node B: E(Alg12)-E(Alg3)
Based on RSA
Message length in
byteComputation
in ms
Message length in
byteComputation
in msSignature generation
Alg 12 552 1,86 485 1,11 7,468Alg 2 240 8,562 300 8,562 7,468Alg 3 128 8,515 128 8,515 7,468
A B
The difference between RSA and ECDSA
-30
-20
-10
0
10
00,
020,
040,
060,
08 0,1
0,12
0,14
X/r
(Ers
a-E
ecd
sa)/
Pc
Assume that Pt>Pc>Pm, Pt=xPc and r-the data ratePt-Transmit power, Pc-CPU power, Pm-power to keep memory