Team Challenger

Brian PadalinoSammy Lin

Arnold PerezHelen Chen

Group Communication

Authentication

Huang, Q. et al “Fast Authenticated Key Establishment Protocols for Self-Organizing Sensor Networks” (2003) International Conference on Sensor Wireless Networks and Applications pp.141

Sensor Networks

Background: Supports dynamic scenarios, large

scale, real-time data processing Does not require any centralized

administration or fixed infrastructure

Authentication between sensor nodes and security managers

Sensor Networks

Problems Sensors have limited power supply

and computational resources

Should only send out packets when necessary to help save power

Accurately authenticate with a security manager without using an online centralized database

Sensor Networks

Authentication solutions

A hybrid authentication key establishment protocol

symmetric key cryptographic operations elliptic curve implicit certificates

Sensor Networks

Implementation Elliptic Curve Cryptography Symmetric-Key Operations Certificates

Certificate contains public key, device ID and certification expiration date, digitally signed

Certificates are acquired before a sensors can join the network

Trust Groups Keoh, S.L. et al “Towards flexible

Credential Verification in Mobile Ad-hoc Networks” (2002) Annual International Workshop on Principles of Mobile Computing, Toulouse, France pp. 58

System Implementation

Key Management Every device maintains a key ring that

contains a list of trusted public keys and their associated trustworthiness level.

Ensures that only trusted public keys are considered when checking assertions.

XML Credential Generator Used to group the user’s credentials together

in order to create a readable credential assertion statement (CAS).

Security Assertion Module Main functionality is to issue assertions to

other users after verifying credentials listed in the CAS successfully.

Verification and Validation Module

Used to determine whether a CAS is authentic and based on authentic credentials. When a user presents his/her CAS together with the corresponding ASSs, the V&V checks the signatures against the key ring to determine whether the assertions can be trusted.

Group Communication

Security

Contributory key agreement 1) Group Diffie-Hellman key

exchange 2) Key trees

Diffie-Hellman Key exchange

Alicepicks BK=x

BobPicks BK=y

1

p, , K=x mod p

2

K= y mod p

Alice computes

K BK = (y mod p)x

= xy mod p

Bob computes

K BK = (x mod p)y = xy mod p

The shared secret key

Key trees

<0,0>

<1,0> <1,1>

<2,0> <2,1> <2,2> <2,3>

<3,0> <3,0> <3,6> <3,7>

K p =( BK (L) ) K (R) mod p

=( BK (R) ) K (L) mod p

= K (L) K (R) mod p

= f (K (L) K (R))

Problems and Solutions Join, Leave, Partition and Merge by

Updating Current Tree

<0,0>

<1,0> <1,1>

<2,0> <2,1> <2,2> <2,3>

<3,0> <3,0> <3,6> <3,7>

Project Idea

Will be implementing system outlined by “Towards Flexible Credential Verification in Mobile Ad-hoc Networks”

Will be adding certificate/assertion revocations and some sort of black listing policy for untrustworthy nodes to increase security of the proposed system.

Project Idea (cont.)

Will be building a game on top of our system to demo what it can do.

Social engineering game geared towards building and losing trust.

Player must try and obtain as much ASS as possible. Then use that ASS to get more ASS.

Papers to be used… “Towards a human trust model for

mobile ad-hoc networks,” Licia Capra

“A certificate revocation scheme for wireless ad-hoc networks,” Claude Crepeau and Carlton Davis

“Trust and establishment of ad-hoc communities,” Sye Long Keoh and Emil Lupu