Upload
tuyet
View
26
Download
0
Embed Size (px)
DESCRIPTION
Secure and efficient key management in mobile ad hoc networks. Authors: Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, and Spyros Magliveras Sources: Journal of Network and Computer Applications, 30(3), pp. 937-954, 2007. Reporter: Chun-Ta Li ( 李俊達 ). Outline. Motivation - PowerPoint PPT Presentation
Citation preview
1
Secure and efficient key management in mobile ad hoc networks
Authors: Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, and Spyros Magliveras
Sources: Journal of Network and Computer Applications, 30(3), pp. 937-954, 2007.
Reporter: Chun-Ta Li (李俊達 )
222
Outline Motivation Secure and Efficient Key Management (SEKM) Comments
3
Motivation Key management (PKI)
CA (certificate authority)
Secret sharing (distribute the central trust to multiple entities)
4
Motivation Secure and Efficient Key Management (SEKM)
Share updating Certificate updating Certificate expiration/revocation
5
Secure and Efficient Key Management Notations
Structure of a certificate
6
SEKM scheme (cont.) Server group substructure snapshot in SEKM
7
SEKM scheme (cont.) Group creation {IDi, SEQi, TTL, [h(IDi, SEQi)]Ki
-1
||(TTL)Ki-1
}JoinServeReq
JoinServeReq
Server node 1 14, 20
{ID1, SEQ1, TTL, [h(ID1, SEQ1)]K1-1
||(TTL)K1-1
}
Forwarding node 20 9, 21
{ID1, SEQ1, TTL-1, [h(ID1, SEQ1)]K1-1
||(TTL-1)K20-1
}
JoinServeReply
8
SEKM scheme (cont.) Server group mesh and table snapshot
Group maintenance (soft state) JoinServerRequest and JoinServerReply
9
SEKM scheme (cont.) Share updating (k, m)
Selects k active servers to perform the share update phase Each active server i generates a (k-1)-degree polynomial
Server i broadcasts the witness for polynomial coefficient and its hashed signature to the server group
Each active server i computes a share for server j with Sij=gi(j) mod p and sends {[Sij]
Kj} to the corresponding server j (1< j < k)
Server j’s new share k
i jijj SSS1
'
10
SEKM scheme (cont.) Certificate updating
k=3, node 1 receives a certificate updating request from regular node 14 or itself
• Regular node 14 1 CertUpdateReq m’
CertUpdateReq = {ID14, SEQ5, [h(m’)]K14-1
}
• Server node 1 20 (2 tickets)
• Server node 1, 16 and 22 produces a partial certificate for regular node 14 by computing Certj=1,16,22i=14 = (K14)Sj*lj(0) mod p
• Server node 1 combines 3 partial certificates into one certificate by computing
3
1 14
)0(*
14)0(*
14
3
1 1414
13
1 mod)(mod cajjjj KlSlSj KpKpKCertCert
11
SEKM scheme (cont.) Handling certificate expiration and revocation
Expired certificate off-line or in-person reconfiguration
Certificate revocation Refuse to issue certificates Issues wrong partial certificates Any misbehavior or malicious attacks
Accusation (signature of initiator) CRL (Certificate Revocation List)
12
Comments Group communications
N1 N2 N3 N4
<{1}, {g}, gN1>
<{1,2}, {gN2,gN1}, gN1N2>
<{1,2,3}, {gN2N3,gN1N3,gN1N2}, gN1N2N3>
N4 multicasts <{1,2,3,4}, {gN2N3N4,gN1N3N4,gN1N2N4,gN1N2N3}> to the group
The group key = gN1N2N3N4
Attacker intercepts the packets and multicasts <{1,2,3,4}, {gN2N3N4’,gN1N3N4’,gN1N2N4’,gN1N2N3}> to the group
For N1, N2 and N3, the group key = gN1N2N3N4’
For N4, the group key = gN1N2N3N4 Signature
13
Comments (cont.) Solutions
Group key validation process
Symmetric encryption
N1 N2 N3 N4
EDH12{<{1}, {g}, gN1>}
EDH23{<{1,2}, {gN2,gN1}, gN1N2>}
EDH34{<{1,2,3}, {gN2N3,gN1N3,gN1N2}, gN1N2N3>}
N1, N2 and N3 send EGK{IDi, T} to N4