PRIVACY BY DESIGN FOR DELAY TOLERANT NETWORKS

Transcription

1 PRIVACY BY DESIGN FOR DELAY TOLERANT NETWORKS 9th ETSI Security Workshop Sophia Antipolis, France, on 15th 16th January 2014 Dr. Haitham Cruickshank Naveed Ahmad

2 Outline Introduction State of the Art Research Motivation & Problem Research Scenario Research Contribution Pseudonym Credential Phase Pseudonym Certificate Issuance Phase Conclusion 2

3 Introduction Challenged Network: - High latency/low data rate, disconnection, long queuing times and intermittent end-to-end path. Examples: Military, environmental monitoring and rural area networks. Internet: Fails because of its assumptions such as bidirectional end-to-end path, short round-trips, symmetric data rates, low error rates. Delay Tolerant Network (DTN): An overlay on top of regional networks, including the Internet. operates above transport layer and provides store-andforward functionality for the challenged networks. Privacy: Voluntary/temporary condition of separation from public domain and control distribution of information. Privacy by Design (PbD):- Integration of privacy measures in the design process rather an add on functionality. Anonymity: A state of being non identifiable among of set of subjects-the anonymity set size. Pseudonyms: Conditional anonymity, which can be revoked under certain conditions. 3

4 State of the Art-1 Onion Routing Mixnet Pseudonym identity and certificate 4

5 State of the Art-2 Anonymity in DTN : Self generated pseudonyms, separate for each user and gateway, also the kiosk are trusted entity (Kate et al). Threshold Pivot Scheme :- Based on Onion Routing and Mixnet type of techniques, a special node i.e. Pivot node is trusted and know user s identity (Jansen et al). Anonymous Routing for DTN:- Deployed Onion Routing and Mixnet techniques, a special node i.e. Pawn is vulnerable to attacker and know user s identity (Vakde et al). Common shortcomings:- analysed for network metrics only, lack of adversary models, lack of formal modelling, lack of privacy measurements, complete trust on certificate authorities, also all based on techniques not suitable for DTN. 5

6 Research Scenario A patient (user) in Rural Area DTN (RA-DTN) does not want to reveal his real identity to a kiosk, gateway or doctor, while sending his medical record. 6

7 Phase 1 - Pseudonym Credential Establishment VCA -Verifying Certificate Authority BT-Blinded Token PK-Public Key Id-Identity req-request ρ- Digital signature -Partial Challenge -Full Challenge SHK -Shared symmetric key sbt - Signed blinded token --Random number 7

8 Privacy Attacks Analysis Repudiation attack :- is the one in which user denying that he/she performed a particular. - Countermeasure:- Trust bit assignment and random selection of blinded tokens. Impersonation attack:- compromise the identity of the legitimate user in the network and thus claim message sent to/from real user. - Countermeasure:- Full and partial decryption challenge. Influence Attack:- is the low intensity version of impersonation, in which the attacker influence or force an entity to perform a particular action. - Countermeasure:- Challenge response mechanism. 8

9 Formal Modelling Simulation Tool CSP:- Communication Sequential Processes (CSP), is a mathematical framework for the description and analysis of the system, components interacting via exchange of messages. Casper:- Compiler for the Analysis of Security Protocol (Casper), translate CSP to CSPm. FDR:- Failure Divergence Refinement (FDR) check certain security requirements, implementation is refinement of specifications. Dolev Yao Model:- can obtain any message, decompose into parts and reassemble, act as legitimate user of the network, can become the receiver to any sender, can send messages to any entity by impersonating any other entity. 9

10 Using Groups to Enhance Anonymity To ensure anonymity, user join one of the group to build anonymity set size. Group is identified by Group ID (GID) and Group Symmetric Key. Composed of sole sub region or two or more sub-regions. 10

11 Phase 2 - Pseudonym Certificate Issuance (I) shows intra sub-regional certificate request. (II) shows inter sub-regional certificate request. Issuing Certificate Authority (ICA) PCReq- Pseudonym certificate request. PCRes- Pseudonym certificate response. PC-Pseudonym certificate PT-Pseudonym Token PCr:- Pseudonym credential K- Group symmetric key T- Time stamp TPK- Threshold public key ppk- Pseudonymised public key 11

12 Quantification of Anonymity Entropy:- Measure of the uncertainty about the random variable. Degree of Anonymity (DoA):- The degree is based on the probabilities an attacker, after observing the system, assigns to the different users of the system as being the originators of a message. 12

13 Quantification Results (1/3) Passive Internal Attack:- Passively observe the group, no information about group size, compromise random node such as Intermediate Hop (IH), divide anonymity set size into two list. The probability P is assigned to first anonymity set size and the rest to another anonymity set size. Adversary observe each user equal probable being sender of message. 13

14 Quantification Results (2/3) Percentage Compromised Nodes:- The minimum and maximum DoA by compromising percentage of IH such as 10% to 80%. Multiple adversaries observing passively IH in the group without collaborating with each other. Ci- the percentage compromised nodes in the group. For N<60 increase in Ci is approximately the same. DoA is calculated for single message. 14

15 Quantification Results (3/3) Group Degree of Anonymity (GDoA):- Average DoA of the all user in the group. 15

16 Conclusion DTN concept relaxes some of the assumptions such as high error rate and intermittent connectivity. Paper contributions: Phase1:- User securely generate pseudonym credential, where it is not possible for Certificate Authority to becomes Big Brother. Phase2:- User is granted with multiple pseudonym identities/certificates by multiple certificate authority, this ensures privacy since these identities/certificates cannot be linked with each other and to the user. Group communication allow user to build anonymity set size and unlinkability. 16