Principles of Ad Hoc Networking

Size: px

Start display at page:

Download "Principles of Ad Hoc Networking"

Megan Gordon
6 years ago
Views:

1 Principles of Ad Hoc Networking Michel Barbeau and Evangelos Kranakis November 12, 2007

2 Wireless security challenges Network type Wireless Mobility Ad hoc Sensor Challenge Open medium Handover implies change of security parameters Infrastructure based security not applicable In-network processing 2

3 Signature 1. Unforgeability: proof that the signer signed the document 2. Authenticity: convincing of the document s authenticity 3. Unreusability: signature cannot be moved elsewhere 4. Unalterability: document cannot be changed after signing 5. Unrepudiatability: signer cannot later claim: did not sign the document 3

4 Digital signature Set of messages: P ; Set of signatures: A; Set of keys: K Signing algorithm: Sig k : P A, with k K Verification algorithm: V er k : P A {true, false} V er k (x, y) = { true if y = Sigk (x) false if y Sig k (x). 4

5 RSA signature An integer n = pq, the product of two distinct primes p and q Two integers e, d such that ed 1 mod φ(n), φ(n) is the Euler totient function n, e are public; p, q, d are private Signature: Sig(M) M d mod n Verification: V er(m, N) = true M N e mod n 5

6 ElGamal signature 6

7 Constructing one-way hash chains USE/REVEAL v H H H H H H H v v v v v v n 1 n 2 n 3 n later values earlier values GENERATE CHAIN 7

8 Authentication in one-way hash chains H H H H H H v j i j H (v j ) = v i v i 8

9 Forming a Merkle tree v v v v v v v v

10 Blinding in Merkle authentication trees u u u u u u u u H H H H H H H H v v v v v v v v

11 Recursive hashing in Merkle authentication trees u 07 u u u 01 u 23 u 45 u 67 u u u u u u u u v v v v v v v v

12 Example of Merkle authentication trees u 07 path u path u sibling u 01 u 23 path u 45 u 67 sibling u u u u path u u u u sibling path v 0 v 1 v 2 v 3 v 4 v 5 v 6 v 7 12

13 The RC4 encryption Message Text L O G I N Message in ACSII Key Stream XOR Ciphertext

14 Cracking RC4 messages Ciphertext Ciphertext 2 XOR of un encrypted messages XOR 1st Message (LOGIN ) in ACSII XOR 2nd Message in ACSII nd Message Text J U L I A 14

15 ZigBee frame with auxiliary header (c) Physical Header MAC Header Network Header Application Header Auxiliary Header Encrypted Payload Message Integrity Code (b) Physical Header MAC Header Network Header Auxiliary Header Encrypted Payload Message Integrity Code (a) Physical Header MAC Header Auxiliary Header Encrypted Payload Message Integrity Code 15

16 ZigBee network entry Joiner (1) Beacon Request Router Trust Center (2) Beacon (3) Association Request (5) Association Response (7) Transport-Key (4) Update-Device (6) Transport-Key Joiner-Trust Center Link Key Setup Using SKKE (9) Transport-Key(Network Key) (8) Transport-Key(Network Key) 16

17 Key establishment using the fuzzy commitment protocol Initiator Responder Generate common symmetric key k Derive feature value v Derive feature value v' Compute e = v xor k [hash(k), e] Compute k'= v' xor e hash(k)= hash(k')? 17

18 ECG with IPI markers IPI 18

19 Initiator calculation in the fuzzy commitment protocol 6 5 c=(4,5) v=(8.26,1.37)

20 Responder calculation in the fuzzy commitment protocol f(v' - d) = (4,5) v'-d=(3.50,4.59) v'=(7.76,0.96)

21 Fuzzy encryption protocol Get message m Generate symmetric key k Derive value v Sender [E [m], C(k, v)] k Receiver Derive value v' Using v',decommitk D [E [m]] k k 21

22 Authentication using the fuzzy commitment protocol Sender Receiver Get message m Generate symmetric key k Derive value v [E k[m], MAC k[m], C(k, v)] Derive value v' Using v',decommit k m' = D [E [m]] k k MAC k [m'] = MAC k [m ]? 22

23 Example of SEAD implementation (only indices are depicted)

24 Example of hash tree chain. One-way chain generation 24

25 Merkle tree 25

26 Example of using the hash tree chain vi H( vi 0 ) H H H( v i 1 ) H H H( v i 2 ) H H H H( v i 3 ) H b b b b H H H H H( b 0 b 1 ) = b 01 H H( b 01 b 23 ) H H( b 2 b 3 ) = b 23 v i 1 Hash Tree 26

27 The bin-and-balls signature scheme s 1 s 2 s 3 s 4 s t G h 27

28 A single verifier v (inside region R) and a prover p (not depicted) v R 28

29 A single verifier at the center of a circular region R where there is an upper bound of p on the processing delay v RoA(v, p) R = RoA(v,0) s p 29

30 Wormhole attack A X Y B 30

31 Impact on routing protocols: one hop tunneling A C X Y B 31

32 Partitioning the range of the sensors into six zones numbered 1, 2,..., 6 clockwise

33 Bidirectional communication link A B 33

34 Wormhole vulnerability in the first protocol 5 6 A 5 6 B 4 X 1 4 Y C 3 2 Region I Region II 34

35 Cooperating with neighbors to prevent protocol vulnerabilities D A B 4 X 1 4 Y 1 C Region I Region II 35

36 Verifier region A B 36

37 Worawannotai attack V A X B 37

38 Preventing the Worawannotai attack V a A X b B 38

39 Verifier region V A a c X b d B 39

40 Sequence number attacks malicious 4 hops destination a b c e d source s v f 3 hops g 40

41 Impact of location of base stations on disrupting traffic in a sensor network delimited by a square region 41

42 Omnidirectional and directional antennas A B A B Omnidirectional Directional 42

Chapter 10 Mobile Communication Systems

Chapter 10 Mobile Communication Systems Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 1 Outline Cellular System Infrastructure Registration Handoff Parameters and Underlying