security in ad hoc wireless networks
DESCRIPTION
Security in Ad Hoc Wireless Networks. Agenda. Problem description Existing security tools/knowledge base Project goals Design overview Known problems. Problem Description. The following are known security concerns in wireless ad hoc networks: Node identity—who am I really talking to - PowerPoint PPT PresentationTRANSCRIPT
Security in Ad Hoc Wireless Networks
Joe Binder John King
Kevin Mooney Bob Wilkinson
Agenda
• Problem description
• Existing security tools/knowledge base
• Project goals
• Design overview
• Known problems
Problem Description
The following are known security concerns in wireless ad hoc networks:– Node identity—who am I really talking to– Packet insertion– Packet capture—the man in the middle
Existing Security Information
• PGP (Pretty Good Privacy)
• Diffie-Hellman Key Exchange
• Larns-Arne Mattsson Thesis
Project Goals
• Design a robust, flexible API for a secure, wireless, ad hoc network
• Develop a reference implementation to exemplify, validate, and debug the API
Design Assumptions–1
• The level of security required of a network is application dependent
• The underlying protocol of a wireless, ad hoc network is application dependent
• Most nodes in a wireless, ad hoc network will be geographically close to each other
• Members of a secure network group trust each other
Design Assumptions—2
• Nodes should be able to join the secure group at any time
• Network groups will frequently, but not always, be comprised of two or more members of a known group—a company, group of friends, etc.
Design Overview
The design of our security paradigm is comprised of three elements:– Group Announcement– Member Authentication– Group Data Transmission
Group Announcement
• Initiator of a group broadcasts the existence of a group to the network via a well-known address or handle
OR• Node asks the network which groups are
available via well-known address or handle• Each node replies with its identity and the
groups to which it belongs
Announcement Example—1
Initiator
Node 1
Node 2
Node 3
Group Annc.Group IdUser Id
This is a really Important group….
MyGroup
Node 5
Node 1
Node 2
Node 3
What groups are out there?
Gro
up A
Group BI’m Node 1 and I’m in Group B
I’m Node 2 and I’m in Group A
I’m Node 3 and I’m in Group A and Group B
Member Authentication
• Group members are authenticated using a very robust algorithm—PGP (desired) or Diffie-Hellman
• Initiator of the group authenticates the first node that requests group membership
• Subsequent requestors are authenticated by any member of the group
Node 5Node 1
Group B sounds nifty. May I join?
Group BMaybe. Who are you?
Authentication Example—1
Node 5Node 1
I’m Node 5 Group B
I can’t take your word for it. Let’s shake to make sure.
Authentication Example—2
Node 5Node 1
Group B
(A clipart rendering of Diffie-Hellman handshaking)
Authentication Example—3
Node 5Node 1
Group B
Okay, now that our transmission is
encrypted, I’ll send you the session key
Session Key
(Secret)
Authentication Example—4
Node 5Node 1
Node 2
Node 3Gro
up A
Group B
Authentication Example—5
Data Transmission
• Data is encrypted using a group session key (less robust)
• New members are sent the session key via the secure connection created during authentication
• Reliability is handled exclusively by the underlying protocol
API Specifics
• Abstracts protocol-specific details (handles, addresses, etc)
• Provides flexibility regarding the underlying protocol and level of security of the group
• Allows nodes to belong to multiple groups
What aren’t we doing?
• Writing our own encryption scheme
• Data routing
• Caching data for late joiners
• Embedding security into a specific protocol
21
Questions
Comments
Criticisms