|
|
Survivable Group-based Public Key Management for Mobile Ad Hoc Networks
|
Description
The characteristics of mobile ad hoc networks (MANETs), as the dynamic environment and the lack of infrastructure, make it difficult the implementation of effective security solutions. Cryptographic techniques are at the center of security solutions for wireless ad hoc networks. Public key infrastructures
(PKIs) are essential for their efficient operation. Among the proposed PKIs systems for MANETs, the Self-Organized Public Key Management System for MANETs (PGP-Like) has been considered more suitable, as it is totally distributed, self-organized, and does not rely on any certificate authority. However, results show that PGP-Like is fully vulnerable to Sybil attacks.
Thus, this project aims to propose a survivable PKI whose goal is to allow its operation even in face of misbehavior attacks. This new PKI is called Survivable Group-based Public Key Management for MANETs (SG-PKM). It is designed to be more resistant to Sybil attacks than PGP-Like. In SG-PKM, nodes form groups based on users relationship, and issue certificates for each other. SG-PKM also stablishes that groups can issue certificates to other groups. Any two nodes, that do not have a direct connection between them, are able to authenticate themselves through certificate chains binding their groups. Moreover, the scheme requires at least two disjoint certificate chains for authentication, increasing the resistance to Sybil attacks. Finally, proposed scheme employs different evidences to prove the liability of users for their keys as well as social relationships for helping public key exchanges.
Analytical and simulation results show the improvements attained by our proposal in terms of effectiveness and survivability to different attacks. Results show that SG-PKM mantains its effectiveness in face of lack of cooperation attacks, even under 40% of selfish nodes, similarly to PGP-Like. More important, SG-PKM mitigates the impact of Sybil attacks, supporting the non-compromissing authentication rate above than 70%.
Accomplishments
- Survey of the weaknesses and vulnerabilities of the PGP-like
- Definition of metrics for quantifying the impacts of misbehavior attacks on the PGP-Like
- Evaluation of the PGP-Like in scenarios with lack of cooperation and Sybil attacks
- Specification of a key management scheme that keeps its performance under lack of cooperation attacks and is more resilient to Sybil ones, called SG-PKM
- Analysis of the friends social networks in order to evaluate group formation and their relationships
- Definition of metrics for evaluating SG-PKM under lack of cooperation and Sybil attacks
- Evaluation of the SG-PKM in scenarios with lack of cooperation and Sybil attacks
Period
03/2007 - 07/2009 (finished)
Team
Eduardo da Silva
Michele Nogueira Lima
Aldri Luiz dos Santos
Luiz Carlos Pessoa Albini
Publications
- Gerenciamento de chaves públicas sobrevivente baseado em grupos para MANETs. Eduardo da Silva, Aldri Luiz Santos, Luiz Carlos P. Albini. Concurso de Teses e Dissertações (CTD) - CSBC2010, p. 73-80. Belo Horizonte, Julho, 2010.
[PDF] [Abstract] [Bibtex] [Slides] (Brazilian Conference)
Abstract
Dentre os diversos sistemas de gerenciamento de chaves propostos para as MANETs, o Sistema de Gerenciamento de Chaves Públicas Auto-organizado tem sido o mais indicado, por ser completamente distribuído e auto-organizável. Contudo, ele é totalmente vulnerável a ataques Sybil. Este trabalho apresenta um sistema de gerenciamento de chaves públicas sobrevivente a tais ataques, chamado de SG-PKM. Nesse sistema, os nós formam grupos a partir das suas relações de amizade e emitem certificados entre os membros do grupo. Além disso, os grupos emitem certificados entre si para garantir a autenticidade das suas chaves públicas. Para autenticarem-se, dois nós sem uma relação direta devem formam no mínimo duas cadeias de certificados ligando os grupos a que pertencem. Resultados obtidos via simulações mostram a sobrevivência do sistema diante de ataques Sybil, garantindo mais de 70% de autenticações não comprometidas para grupos com cinco ou seis membros diante de 40% de nós maliciosos.
- Gerenciamento de chaves públicas sobrevivente baseado em grupos para MANETs. Eduardo da Silva. Master Dissertation. July, 2009.
[PDF] [Abstract] [Bibtex] [Slides]
Abstract
The characteristics of mobile ad hoc networks, as the dynamic environment and the lack of infrastructure, make it difficult the implementation of effective key management systems. Among the proposed systems, the Self-Organized Public Key Management System for MANETs (PGP-Like) has been well considered, as it is totally distributed, self-organized, and does not rely on any certificate authority. Firstly, this work quantifies the impacts of lack of cooperation and Sybil attacks on PGP-Like. Results show that PGP-Like mantains its effectiveness even in face of 40% of selfish nodes, but it is fully vulnerable to Sybil attacks. Thus, the Survivable Group-based Public Key Management for MANETs (SG-PKM) is presented. It is designed to be more resistant to Sybil attacks than PGP-Like. In SG-PKM, nodes form groups based on users relationship, and issue certificates for each other. SG-PKM also stablishes that groups can issue certificates to other groups. Any two nodes, that do not have a direct connection between them, are able to authenticate themselves through certificate chains binding their groups. Moreover, the scheme requires at least two disjoint certificate chains for authentication, increasing the resistance to Sybil attacks. Results show that SG-PKM mantains its effectiveness in face of lack of cooperation attacks, even under 40% of selfish nodes, similarly to PGP-Like. More important, SG-PKM mitigates the impact of Sybil attacks, supporting the non-compromissing authentication rate above than 70% for groups with five or six members, even in presence of 40% of malicious nodes.
- Chapter: Analyzing the Effectiveness of Self-Organized Public Key Management on MANETs under Lack of Cooperation and Impersonation attacks. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. E-Business and Telecommunication. Series: Communications in Computer and Information Science - Springer, November 2009.
[PDF] [Abstract] [Bibtex]
Abstract
Among the key management schemes for MANETs, the Self-Organized Public Key Management System (PGP-Like) is the main chaining-based key management scheme. It is fully self-organized and does not require any certificate authority. Two kinds of misbehavior attacks are considered to be great threats to PGP-Like: lack of cooperation and inpersonation attacks. This work quantifies the impact of such attacks on the PGP-Like. Simulation results show that PGP-Like was able to maintain its effectiveness when submitted to the lack of cooperation attack, contradicting previously theoretical results. It correctly works even in the presence of more than 60\% of misbehaving nodes, although the convergence time is affected with only 20\% of misbehaving nodes. On the other hand, PGP-Like is completely vulnerable to the impersonation attack. Its functionality is affected with just 5\% of misbehaving nodes, confirming previously theoretical results.
- Survivable Keying for Wireless Ad Hoc Networks. Michele N. Lima, Eduardo Silva, Luiz C. P. Albini, Aldri L. dos Santos, Guy Pujolle. 11th IFIP/IEEE International Symposium on Integrated Network Management (IM 2009) - Mini-Conference, New York, June, 2009.
[PDF] [Abstract] [BibTex]
Abstract
Cryptographic techniques are at the center of security solutions for wireless ad hoc networks. Public key infrastructures (PKIs) are essential for their efficient operation. However, the fully distributed organization of these networks makes a challenge to design PKIs. Moreover, changes in network paradigms and the increasing dependency on technology require more dependable, survivable and scalable PKIs. This paper presents a survivable PKI whose goal is to preserve key management operations even in face of attacks or intrusions. Our PKI is based on the adaptive cooperation among preventive, reactive and tolerant defense lines. It employs different evidences to prove the liability of users for their keys as well as social relationships for helping public key exchanges. Simulation results show the improvements achieved by our proposal in terms of effectiveness and survivability to different attacks.
- Identity-Based Key Management in Mobile Ad Hoc Networks: Techniques and Applications. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P.Albini. Special issue on "Dependability Issues with Ubiquitous Wireless Access" - IEEE Wireless Communications Magazine, October 2008.
[PDF] [Abstract] [ BibTex]
Abstract
Security is one of the major issues in MANETs. Their natural characteristics make them vulnerable to numerous severe attacks. It is widely acknowledged that cryptography provides a set of strong techniques against most vulnerabilities. Several cryptographic mechanisms for MANETs can be found in the literature. Among them, identity-based cryptographic mechanisms and key management schemes are proposed to simplify key management and to reduce the memory storage cost. This article presents the most important ID-based key management schemes, discussing their approaches, strengths, and weaknesses, and comparing their main features. It also presents the main ID-based key management application fields on MANETs. In this way it can be useful for users and researchers as a starting point on ID-based key management and its possible uses in MANETs.
- Quantifying Misbehaviour Attacks Against the Self-Organized Public Key Management on MANETs. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. International Conference on Security and Cryptography (SECRYPT 2008), Porto, Portugal, p. 128-135, July, 2008.
[PDF] [Abstract] [BibTex] [Slides]
Abstract
Among the key management schemes for MANETs, the Self-Organized Public Key Management System (PGP-Like) is the main chaining-based key management scheme. It is fully self-organized and does not require any certificate authority. Two kinds of misbehavior attacks are considered to be great threats to PGP-Like: the impersonating and the lack of cooperation attacks. This work quantifies the impact of such attacks on the PGP-Like. Simulation results show that PGP-Like was able to maintain its effectiveness when submitted to the lack of cooperation attack, contradicting previously theoretical results. It correctly works even in the presence of more than 60% of misbehaving nodes, although the convergence time was affected with only 20% of misbehaving nodes. On the other hand, PGP-Like was completely vulnerable to the impersonating attack. Its functionality is affected with just 5% of misbehaving nodes, confirming previously theoretical results.
- Segurança em Redes Ad Hoc. Angelo Bannack, Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. In XXVI Simpósio Brasileiro de Telecomunicações (SBrT) 2008, Rio de Janeiro. Setembro 2008.
[PDF] [Abstract] [Bibtex]
Abstract
In the wireless networks the stations usually communicate with each other by radio frequency. This networks can operate eithei in infrastructure mode or infrastructure-less (ad hoc) mode. The infrastructured networks have a base station to control all network communications. Already in the ad hoc networks, wireless hosts have no centralized entity to control their activities, neitheir in the network formation. All activities in the ad hoc networks, including the routing and the network management, should be performed by the stations themselves. Furthermore, due to the characteristics of ad hoc networks, they are highly vulnerable to attacks. So, it is necessary that the design protocols to ad hoc networks take into account the presence of attackers and be resiliente to the attacks of them. Hence, in recent years, the network researches are developing new security solutions to ad hoc networks, considering the key management, the secure routing, and the cooperation enforcemento between the stations.
Awards
- Dissertation awarded in third place at Concurso de Teses e Dissertações 2010 of Brazilian Computing Society.
|