Publications and Presentations
Books and book chapters
- Chapter: Analyzing the Effectiveness of Self-Organized Public Key Management on MANETs under Lack of Cooperation and Impersonation attacks. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. E-Business and Telecommunication. Series: Communications in Computer and Information Science - Springer, November 2009.
[PDF] [Abstract] [Bibtex]
Abstract
Among the key management schemes for MANETs, the Self-Organized Public Key Management System (PGP-Like) is the main chaining-based key management scheme. It is fully self-organized and does not require any certificate authority. Two kinds of misbehavior attacks are considered to be great threats to PGP-Like: lack of cooperation and inpersonation attacks. This work quantifies the impact of such attacks on the PGP-Like. Simulation results show that PGP-Like was able to maintain its effectiveness when submitted to the lack of cooperation attack, contradicting previously theoretical results. It correctly works even in the presence of more than 60\% of misbehaving nodes, although the convergence time is affected with only 20\% of misbehaving nodes. On the other hand, PGP-Like is completely vulnerable to the impersonation attack. Its functionality is affected with just 5\% of misbehaving nodes, confirming previously theoretical results.
Articles in Magazines
- Identity-Based Key Management in Mobile Ad Hoc Networks: Techniques and Applications. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P.Albini. Special issue on "Dependability Issues with Ubiquitous Wireless Access" - IEEE Wireless Communications Magazine, October 2008.
[PDF] [Abstract] [ BibTex]
Abstract
Security is one of the major issues in MANETs. Their natural characteristics make them vulnerable to numerous severe attacks. It is widely acknowledged that cryptography provides a set of strong techniques against most vulnerabilities. Several cryptographic mechanisms for MANETs can be found in the literature. Among them, identity-based cryptographic mechanisms and key management schemes are proposed to simplify key management and to reduce the memory storage cost. This article presents the most important ID-based key management schemes, discussing their approaches, strengths, and weaknesses, and comparing their main features. It also presents the main ID-based key management application fields on MANETs. In this way it can be useful for users and researchers as a starting point on ID-based key management and its possible uses in MANETs.
Conferences
- Implications of misbehaving attacks on probalistic quorum system for MANETs. Elisa Mannes, Eduardo da Silva, Michele Nogueira Lima, Aldri Luiz Santos. International Conference on Security and Cryptography (SECRYPT 2009), p. 189-195, Athens, Greece. July, 2010
[PDF] [Abstract] [Bibtex] [Slides]
Abstract
Reliable storage supports different data sharing services, such as mobility and cryptographic key management and distributed naming. Mobile Ad hoc NETworks (MANETs) present issues in guaranteeing the consistency of data on concurrent read and write due to dynamism of nodes, the inexistence of a central control entity and support infrastructure. Probabilistic quorum systems, as PAN (Probabilistic Ad Hoc Quorum System), were designed for MANETs to improve the efficiency of data replication by relaxing consistency constraints, comprising a set of quorums with relaxed intersections among themselves. PAN ensures high probability of consistency between replicated data by an asymmetric quorum construction and by a gossip-based multicast protocol. However, it does not consider the presence of malicious or selfish nodes in its operations. This work assesses the impact of lack of cooperation, timeout and data manipulation attacks against PAN. Simulation results show that PAN is vulnerable to these attacks, particularly, the data manipulation attack
- Gerenciamento de chaves públicas sobrevivente baseado em grupos para MANETs. Eduardo da Silva, Aldri Luiz Santos, Luiz Carlos P. Albini. Concurso de Teses e Dissertações (CTD) - CSBC2010, p. 73-80. Belo Horizonte, Julho, 2010.
[PDF] [Abstract] [Bibtex] [Slides] (Brazilian Conference)
Abstract
Dentre os diversos sistemas de gerenciamento de chaves propostos para as MANETs, o Sistema de Gerenciamento de Chaves Públicas Auto-organizado tem sido o mais indicado, por ser completamente distribuído e auto-organizável. Contudo, ele é totalmente vulnerável a ataques Sybil. Este trabalho apresenta um sistema de gerenciamento de chaves públicas sobrevivente a tais ataques, chamado de SG-PKM. Nesse sistema, os nós formam grupos a partir das suas relações de amizade e emitem certificados entre os membros do grupo. Além disso, os grupos emitem certificados entre si para garantir a autenticidade das suas chaves públicas. Para autenticarem-se, dois nós sem uma relação direta devem formam no mínimo duas cadeias de certificados ligando os grupos a que pertencem. Resultados obtidos via simulações mostram a sobrevivência do sistema diante de ataques Sybil, garantindo mais de 70% de autenticações não comprometidas para grupos com cinco ou seis membros diante de 40% de nós maliciosos.
- Analisando o Desempenho de um Sistema de Quóruns Probabilístico para MANETs diante de Ataques Maliciosos. Elisa Mannes, Eduardo da Silva, Aldri L. dos Santos. IX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg 2009), Campinas, Setembro, 2009.
[PDF] [Abstract] [BibTex] [Slides] (Brazilian Conference)
Abstract
Due to their characteristics, such as dynamic topology and lack of infrastructure, Mobile Ad Hoc Networks (MANETs) are highly vulnerable to attacks. These characteristicsmake hard the design of reliable and secure network management systems. Quorum systems are effective tools for data sharing on traditional networks, ensuring data availability and consistency. Recently, these systems have been applied in MANETs, being PAN, a probabilistic quorum system for ad hoc networks, the first one to consider the characteristics of MANETs. However, such systems do not take into account malicious nodes in the environment. This work analyzes the impact of lack of cooperation, timing and data manipulation attacks against PAN. Two metrics were used in the evaluation: reliability degree and percentage of malicious nodes on the reading operations. Results show that PAN is vulnerable to these attacks, specially to the data manipulation, in which the system correctly conclude only 2% of reading when submitted to 30% of attackers in the writing operations.
- Resistindo a Ataques de Personificação no Gerenciamento de Chaves Públicas em Redes Ad Hoc Móveis: Virtual Public-Key Management System. Renan Fischer e Silva, Eduardo da Silva, Luiz C. P. Albini. X Workshop de Testes e Tolerância a Falhas (WTF 2009), João Pessoa, Agosto, 2009.
[PDF] [Abstract] [BibTex] [Slides] (Brazilian Conference)
Abstract
Chaining-based key management schemes seams to be the ones that best fit the MANET paradigms. The main chaining-based scheme is the Self-Organized Public Key Management System (PGP-Like). However, it is fully vulnerable to impersonation attacks. In order to reduce such vulnerability, this article introduces a new public-key management system for MANETs, the Virtual Key Management System (VKM). VKM uses a virtual structure to indicate the trust between nodes and the certicate chains formation. VKM is a flexible key management scheme. It can behave in a restrict way, being able to tolerate impersonation attacks to a certain level, or it can behave similarly to the PGP-Like, just by changing a simple parameter. Thus, VKM can suite any user needs with its ability to switch between the two models dynamically, without any network reinitialization or reconfiguration.
- Resisting Impersonation Attacks in Chaining-based Public-key Management on MANETs: the Virtual Public-key Management. Renan Fischer e Silva, Eduardo da Silva, Luiz C. P. Albini. International Conference on Security and Cryptography (SECRYPT 2009), p. 155-158, Milan, Italy. July, 2009
[PDF] [Abstract] [BibTex]
Abstract
Chaining-based key management schemes seams to be the ones that best fit the MANET paradigms. The main chaining-based scheme is the Self-Organized Public Key Management System (PGP-Like). However it is fully vulnerable to impersonation attacks. In order to reduce such vulnerability, this article introduces a new public-key management system for MANETs, the Virtual Key Management System (VKM). VKM uses a virtual structure to indicate the trust between nodes and the certicate chains formation. VKM is a very flexible key management scheme. It can behave in a very restrict way, being able to tolerate impersonation attacks to a certain level, or it can behave similarly to the PGP-Like, just by changing a simple parameter. Thus, VKM can suite any user needs with its ability to switch between the two models dynamically, without any network reinitialization or reconfiguration.
- Survivable Keying for Wireless Ad Hoc Networks. Michele N. Lima, Eduardo Silva, Luiz C. P. Albini, Aldri L. dos Santos, Guy Pujolle. 11th IFIP/IEEE International Symposium on Integrated Network Management (IM 2009) - Mini-Conference, New York, June, 2009.
[PDF] [Abstract] [BibTex]
Abstract
Cryptographic techniques are at the center of security solutions for wireless ad hoc networks. Public key infrastructures (PKIs) are essential for their efficient operation. However, the fully distributed organization of these networks makes a challenge to design PKIs. Moreover, changes in network paradigms and the increasing dependency on technology require more dependable, survivable and scalable PKIs. This paper presents a survivable PKI whose goal is to preserve key management operations even in face of attacks or intrusions. Our PKI is based on the adaptive cooperation among preventive, reactive and tolerant defense lines. It employs different evidences to prove the liability of users for their keys as well as social relationships for helping public key exchanges. Simulation results show the improvements achieved by our proposal in terms of effectiveness and survivability to different attacks.
- Quantifying Misbehaviour Attacks Against the Self-Organized Public Key Management on MANETs. Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. International Conference on Security and Cryptography (SECRYPT 2008), Porto, Portugal, p. 128-135, July, 2008.
Among the best papers of the conference
[PDF] [Abstract] [BibTex] [Slides]
Abstract
Among the key management schemes for MANETs, the Self-Organized Public Key Management System (PGP-Like) is the main chaining-based key management scheme. It is fully self-organized and does not require any certificate authority. Two kinds of misbehavior attacks are considered to be great threats to PGP-Like: the impersonating and the lack of cooperation attacks. This work quantifies the impact of such attacks on the PGP-Like. Simulation results show that PGP-Like was able to maintain its effectiveness when submitted to the lack of cooperation attack, contradicting previously theoretical results. It correctly works even in the presence of more than 60% of misbehaving nodes, although the convergence time was affected with only 20% of misbehaving nodes. On the other hand, PGP-Like was completely vulnerable to the impersonating attack. Its functionality is affected with just 5% of misbehaving nodes, confirming previously theoretical results.
Tutorials
- Segurança em Redes Ad Hoc. Angelo Bannack, Eduardo da Silva, Michele N. Lima, Aldri L. dos Santos, Luiz C. P. Albini. In XXVI Simpósio Brasileiro de Telecomunicações (SBrT) 2008, Rio de Janeiro. Setembro 2008.
[PDF] [Abstract] [Bibtex]
edu
Abstract
In the wireless networks the stations usually communicate with each other by radio frequency. This networks can operate eithei in infrastructure mode or infrastructure-less (ad hoc) mode. The infrastructured networks have a base station to control all network communications. Already in the ad hoc networks, wireless hosts have no centralized entity to control their activities, neitheir in the network formation. All activities in the ad hoc networks, including the routing and the network management, should be performed by the stations themselves. Furthermore, due to the characteristics of ad hoc networks, they are highly vulnerable to attacks. So, it is necessary that the design protocols to ad hoc networks take into account the presence of attackers and be resiliente to the attacks of them. Hence, in recent years, the network researches are developing new security solutions to ad hoc networks, considering the key management, the secure routing, and the cooperation enforcemento between the stations.
Thesis
- Gerenciamento de chaves públicas sobrevivente baseado em grupos para MANETs. Eduardo da Silva. Master Dissertation. July, 2009. Awarded as the 3rd best 2009 brazilian computing dissertations
[PDF] [Abstract] [Bibtex] [Slides]
Abstract
The characteristics of mobile ad hoc networks, as the dynamic environment and the lack of infrastructure, make it difficult the implementation of effective key management systems. Among the proposed systems, the Self-Organized Public Key Management System for MANETs (PGP-Like) has been well considered, as it is totally distributed, self-organized, and does not rely on any certificate authority. Firstly, this work quantifies the impacts of lack of cooperation and Sybil attacks on PGP-Like. Results show that PGP-Like mantains its effectiveness even in face of 40% of selfish nodes, but it is fully vulnerable to Sybil attacks. Thus, the Survivable Group-based Public Key Management for MANETs (SG-PKM) is presented. It is designed to be more resistant to Sybil attacks than PGP-Like. In SG-PKM, nodes form groups based on users relationship, and issue certificates for each other. SG-PKM also stablishes that groups can issue certificates to other groups. Any two nodes, that do not have a direct connection between them, are able to authenticate themselves through certificate chains binding their groups. Moreover, the scheme requires at least two disjoint certificate chains for authentication, increasing the resistance to Sybil attacks. Results show that SG-PKM mantains its effectiveness in face of lack of cooperation attacks, even under 40% of selfish nodes, similarly to PGP-Like. More important, SG-PKM mitigates the impact of Sybil attacks, supporting the non-compromissing authentication rate above than 70% for groups with five or six members, even in presence of 40% of malicious nodes.
|