Upload
ethan-jacobs
View
220
Download
0
Embed Size (px)
Citation preview
Team Challenger
Brian PadalinoSammy Lin
Arnold PerezHelen Chen
Group Communication
Authentication
Huang, Q. et al “Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks” (2003) International Conference on Sensor Wireless Networks and Applications pp.141
Sensor Networks
Background: Supports dynamic scenarios, large
scale, real-time data processing Does not require any centralized
administration or fixed infrastructure
Authentication between sensor nodes and security managers
Sensor Networks
Problems Sensors have limited power supply
and computational resources
Should only send out packets when necessary to help save power
Accurately authenticate with a security manager without using an online centralized database
Sensor Networks
Authentication solutions
A hybrid authentication key establishment protocol
symmetric key cryptographic operations elliptic curve implicit certificates
Sensor Networks
Implementation Elliptic Curve Cryptography Symmetric-Key Operations Certificates
Certificate contains public key, device ID and certification expiration date, digitally signed
Certificates are acquired before a sensors can join the network
Trust Groups Keoh, S.L. et al “Towards flexible
Credential Verification in Mobile Ad-hoc Networks” (2002) Annual International Workshop on Principles of Mobile Computing, Toulouse, France pp. 58
System Implementation
Key Management Every device maintains a key ring that
contains a list of trusted public keys and their associated trustworthiness level.
Ensures that only trusted public keys are considered when checking assertions.
XML Credential Generator Used to group the user’s credentials together
in order to create a readable credential assertion statement (CAS).
Security Assertion Module Main functionality is to issue assertions to
other users after verifying credentials listed in the CAS successfully.
Verification and Validation Module
Used to determine whether a CAS is authentic and based on authentic credentials. When a user presents his/her CAS together with the corresponding ASSs, the V&V checks the signatures against the key ring to determine whether the assertions can be trusted.
Group Communication
Security
Contributory key agreement 1) Group Diffie-Hellman key
exchange 2) Key trees
Diffie-Hellman Key exchange
Alicepicks BK=x
BobPicks BK=y
1
p, , K=x mod p
2
K= y mod p
Alice computes
K BK = (y mod p)x
= xy mod p
Bob computes
K BK = (x mod p)y = xy mod p
The shared secret key
Key trees
<0,0>
<1,0> <1,1>
<2,0> <2,1> <2,2> <2,3>
<3,0> <3,0> <3,6> <3,7>
K p =( BK (L) ) K (R) mod p
=( BK (R) ) K (L) mod p
= K (L) K (R) mod p
= f (K (L) K (R))
Problems and Solutions Join, Leave, Partition and Merge by
Updating Current Tree
<0,0>
<1,0> <1,1>
<2,0> <2,1> <2,2> <2,3>
<3,0> <3,0> <3,6> <3,7>
Project Idea
Will be implementing system outlined by “Towards Flexible Credential Verification in Mobile Ad-hoc Networks”
Will be adding certificate/assertion revocations and some sort of black listing policy for untrustworthy nodes to increase security of the proposed system.
Project Idea (cont.)
Will be building a game on top of our system to demo what it can do.
Social engineering game geared towards building and losing trust.
Player must try and obtain as much ASS as possible. Then use that ASS to get more ASS.
Papers to be used… “Towards a human trust model for
mobile ad-hoc networks,” Licia Capra
“A certificate revocation scheme for wireless ad-hoc networks,” Claude Crepeau and Carlton Davis
“Trust and establishment of ad-hoc communities,” Sye Long Keoh and Emil Lupu