Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks

Similar documents
X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Public-key Cryptography: Theory and Practice

Models of Authentications in Ad Hoc Networks and Their Related Network Properties

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

SECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS

Overview. SSL Cryptography Overview CHAPTER 1

Cryptography and Network Security

Public Key Management Scheme with Certificate Management Node for Wireless Ad Hoc Networks

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

A Security Infrastructure for Trusted Devices

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Public Key Infrastructure

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Authentication and Key Distribution

ECA Trusted Agent Handbook

Cryptography and Network Security Chapter 14

Certificates, Certification Authorities and Public-Key Infrastructures

Certificateless Public Key Cryptography

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

SIP-Based Multimedia Services Provision in Ad Hoc Networks

CT30A8800 Secured communications

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

AAA and PKI in Ad Hoc Networks

Add or remove a digital signature in Office files

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Authentication Methods

The most common type of certificates are public key certificates. Such server has a certificate is a common shorthand for: there exists a certificate

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Authentication Technology for a Smart eid Infrastructure.

Outline Key Management CS 239 Computer Security February 9, 2004

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Key Management and Distribution

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Cryptographic Protocols 1

The SafeNet Security System Version 3 Overview

Key management. Pretty Good Privacy

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

A Framework of Decentralized PKI Key Management Based on Dynamic Trust

Network Security Essentials

Key Management and Distribution

Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

Public-key Infrastructure Options and choices

ECE 646 Lecture 3. Key management

Some Lessons Learned from Designing the Resource PKI

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

But where'd that extra "s" come from, and what does it mean?

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

Security in NFC Readers

FPKIPA CPWG Antecedent, In-Person Task Group

Security in Ad Hoc Networks Attacks

Lecture Notes 14 : Public-Key Infrastructure

Digital Certificates Demystified

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Server-based Certificate Validation Protocol

WHITE PAPER. Secure communication. - Security functions of i-pro system s

Using Cryptography CMSC 414. October 16, 2017

Most Common Security Threats (cont.)

Network Security and Cryptography. December Sample Exam Marking Scheme

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Fall 2010/Lecture 32 1

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Secure Communications on VoIP Networks

Understanding HTTPS CRL and OCSP

Network Security and Cryptography. 2 September Marking Scheme

(2½ hours) Total Marks: 75

CS Computer and Network Security: PKI

About & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017

Chapter 9: Key Management

Configuring Certificate Authorities and Digital Certificates

Diffie-Hellman. Part 1 Cryptography 136

Send documentation comments to

Lecture 15 Public Key Distribution (certification)

Public Key Algorithms

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Managing Certificates

CS3235 Seventh set of lecture slides

User Authentication. Modified By: Dr. Ramzi Saifan

CERN Certification Authority

Grandstream Networks, Inc. GWN7000 OpenVPN Site-to-Site VPN Guide

Crypto meets Web Security: Certificates and SSL/TLS

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Apple Inc. Certification Authority Certification Practice Statement

Pretty Good Privacy (PGP)

Verteilte Systeme (Distributed Systems)

Certificate implementation The good, the bad, and the ugly

Security in Ad Hoc Networks *

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

CompTIA E2C Security+ (2008 Edition) Exam Exam.

Computers and Security

Apple Corporate Certificates Certificate Policy and Certification Practice Statement. Apple Inc.

CPSC 467b: Cryptography and Computer Security

Managing AON Security

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

Transcription:

Considerations about the Architecture Solutions for PKI in Ad-hoc-Networks MIHAI-LICĂ PURA, VICTOR-VALERIU PATRICIU Military Electronic and Informatics Systems Faculty Military Technical Academy 81-83 George Coşbuc Bulevard, District 5, Bucharest Romania E-mails: mpura@mta.ro, vip@mta.ro Abstract: Ad hoc networks are a relative new technology build with the need for ubiquitous connectivity in mind. All the things around us are coming to life. They are being equipped with computing and communication devices. But for this equipment to achieve its goals, interconnectivity is needed. Here is where ad hoc networks come into place, offering communications with out any preinstalled infrastructure. Here is where security comes into place too, because the data exchanged has to be made safe. In common networks, security is assured using PKI. Are classic solutions suitable for this new type of network? Key-words: ad hoc network, PKI, CA, certificate, public key, private key 1 Introduction When we talk about ad hoc networks we talk about connectivity. Being an implementation of the Distributed Transient Network paradigm, ad hoc networks focus on assuring the communications between the entities that want to form a network. The main characteristic of such a network is that each of its nodes acts like a router by retransmitting all the packets that it receives. This means that even if two nodes are outside of each others cover area, they can still communicate through the nodes that are between them. From the point of view of communications, the connectivity can be achieved only if the data are retransmitted by each node it reaches in order to get to all the devices in the network. From the point of view of security the fact that data gets to all the nodes is a risk factor. But in network security a new trend emerged: we no longer propose to keep the intruders out of the network (this thing had proved to be very difficult to achieve), but to protect the data from being accessed by unauthorized users. The simplest way for doing this is through public key cryptography. Public key cryptography is based on a public key infrastructure that consists out of three elements: private keys, public keys and the Certification Authority. As presented in [2], every node of the network has a private key that only it knows and a corresponding public key that can be obtain by every node that wants it. The Certification Authority is a trusted third party that is used for key management. The CA has also a public/private key pair. The private key is used by the CA to sign certificates that bind every node to its public key. The CA public key is known by all the nodes and can be used to verify the certificate of a node. The CA has to be always online and accessible by all the nodes because it is responsible for reflecting all the changes that can appear: some certificates have to be revoked (if the corresponding nodes are no longer trusted, if they were compromised or they had left the

network), other certificates have to be renew and the new nodes that join the ad hoc network need to obtain certificates. 2 Solutions with a CA The implementation of the above model in ad hoc networks has to take into consideration several aspects. The most obvious one is how the CA can be implemented. If the CA functions are taken by a single node of the network, this node becomes a single point of failure for the network. In military applications, for example, if this node is destroyed by the enemy, the whole network will seize to function. A solution for this problem would be the cloning of the CA on more than one node. This way the nodes that need the CA functions are more likely to be able to get them. But if the enemy will compromise one of this mirror node by getting the public key all the others are also compromised. Anyway, this approach has other weak points. The CA node will have to have special resources, different from an average node of the network: more storage resources, higher computational power (requested by all the calculation needed to be perform in key generation and in answering to all the different requests of the network nodes) and of course more battery power (unlike the other nodes, the CA will have to always be online, will have to route the packets that it receives like every other node of an ad hoc network, and of course it will have to serve all the requests concerning certificates of all the other nodes). So this node will have to be very different from the others and will act as a server. Thus a characteristic of ad hoc network is broken: the nodes have to be equal. A solution to some of these problems is the distribution of the CA s functions to an n number of nodes in the network ([1]). This means that for every request concerning certificates, a node must obtain an answer from at least k out of the n CA nodes. These k nodes have to be present at the initialization of the ad hoc network in order to receive a share of the CA private key. Then, if a node requests a certificate for another node it wants to communicate with and needs its public key, it will broadcast the request. At least k of the CA nodes will have to receive it in order to obtain a correct answer. After receiving the request, each of the k nodes must sign the requested public key with its share of the systems private key. The resulted partial signatures are than send to a combiner node C that computes the whole signature and sends it to the requesting node. The problems of this implementation are exactly the ones that can be seen as advantages. So there is not a single failure point in the network, but the fact that k+1 nodes have to be able to communicate in order to achieve a result (getting a certificate as in the example above) is a very restrictive need. Because the topology of the ad hoc network is very dynamic and the routes change very often, the communication channel can be occupied with the packets for route building between the requesting node and the k CA nodes and never with the actually exchanged data. Of course, this is an extreme situation, but if the implementation wants to be dependable it has to cover all the aspects. Beside this, the problem with nodes resources is not solved because all n CA nodes have to have lot of memory resources (they have to store the certificates for all the nodes in the network). So instead of one server node, we get n server nodes. 3 Solutions without a CA As we have seen above the implementation of key management

through CA is very easy to develop, but the results are far from satisfactory. Ad hoc network were build for situations where there is no infrastructure. Therefore, the presence of the CA reduces the ad hoc character of the network. So, a simplistic solution would be to consider that all the nodes are equal. There is no CA (distributed or not) in the network, but all the operations with certificates demand a group answer of the network nodes ([1]). For instance, if a node wants to obtain another node s certificate it has to identify itself to any t of the network nodes. The authors of this implementation suggest that the identification should be made through physical contact or through a secure side-channel. But this request is very restrictive and might that suite in some real implementations. Plus, the combination of the partial signatures from the t nodes requires some heavy calculations and so the performance of the network depends on the resources of the nodes. Another proposed model is based on the ID of the nodes, as in [3]. This way when two nodes want to communicate they do not need to exchange certificates in order to get one another s public key, but the ID of the nodes is used as a certificate and as the public key too. The authors suggest using human readable and unique identities as the public key, such as e-mail addresses, names, etc. This model requires the presence of a CA only at the initialization phase of the network s existence and its role is to assign to each node a secret key based on the identity used by it and to assign an expiration date to the pair thus resulted. After this step is completed the CA becomes redundant. The main advantages of this model are that no certificates are needed to bind a node to its public key and no exchange of the public key is need prior to the actual communication. The disadvantages of the model are given by the fact that after the initialization the CA knows the secret key for all the nodes in the network. This means that if it is compromised the communications in the network are not secure. Also, the necessity of a secure channel between the CA and every of the nodes in order to transmit the secret keys is also consider to be a drawback. When implementing this model some aspects are to be very carefully examined. For example, how does a new node that joins the network receives a secret key? Haw are renewed the identity-secret key pairs after the expiration date? Haw can be identified and banned a compromised node? A somehow similar model is the selfcertified public key model. Its defining characteristic is that the certificate (thus the identity of the node) is included in the node s public key. So the identity of the node is not used itself as the public key, like in the previous discussed model. Therefore, for two nodes to be able to communicate they have to first change public keys. The authenticity of the keys is provided by the keys themselves. For the generation of the self-certified public keys a CA is needed, but just in the initialization phase, exactly like in the previous model. Based on the device s public key and identity and on the CA s secret key, the CA generates the selfcertified public key. So the authentication of a node in a network is based on this self-certified public key. It can be observed that the CA does not know the secret keys of the nodes. A problem is this way solved, but another emerges: signing and encryption using these selfcertified public keys are different from regular asymmetric schemes because there is no direct correspondence between the self-certified public key and the secret key. A more suitable model for the ad hoc character of the ad hoc networks is the

self-organization model. As presented in [3], this model is based on PGP. Therefore the entities that form the ad hoc network issue certificates for each other based on their personal trust. This means that the model presumes that some nodes trust each other from the initialization phase of the ad hoc network. The difference from the PGP model is given by how these certificates are stored and distributed. In PGP there are special on-line servers called certificate directories that perform the storage and distribution tasks. In the self organization model, on the other hand, each of the nodes maintains a local certificate repository. A node s repository can be divided into two lists: a list of certificates that where issue by this node for the nodes that this node trust, and a list of certificates that were issue for this node by the nodes that trust it. The model presumes that each node has a public/private key pair. In the initialization phase, the nodes that trust each other issue certificates for one another for the public keys they each have. For example if node A and node B trust each other, A issues a certificate for B with is signed with A s private key, and B issues a certificate for A, witch is signed by B s private key. Node A stores the certificate it issued for B in its repository in the list of certificates of the nodes it trusts, and the certificate it receives from B, in the list of certificates from the nodes that trust it. The same thing does B to. Let s presume that after a while node A finds another node that it trust, called C. A and C do the same thing as A did with B. So when B and C will want to communicate, they merge theirs two types of certificate lists and try to find a trusted path between them. So C sends to B the certificates it receives from the nodes that trust it and the certificates that it issued for the nodes it trust. So B will receive also the certificate that A issued for C. B trusts A, and A trusts B. So B checks A s signature on the certificate issued by A for C and if it is correct B will trust C also and will issue a certificate for it. Figure 1 In [1] the authors observe that in order to verify a certificate of a node N (in the manner that B did with C) in the best case a node M has to verify only the certificates from the M s list of certificates that where issued for M. In the worst case, N will have to verify all the certificates from the trusted path, except the one that it issued. It is now obvious that the performances of this model depend on the length of the trusted path. For this, the authors propose the utilization of a PGP like graph and special algorithm for finding the shortest trust path. The authors from [1] consider that the disadvantages of the algorithm are the fact that for authentication a node has to verify more than one certificate and that the lists of certificates are changed over an insecure channel, witch makes the model vulnerable to man-in-themiddle attacks. But on the other hand this model solves many of the problems of the precedent models: there are no special nodes in the network, the nodes

do not need special resources (no have computations are need), and there is no need for a CA, not even in the initialization phase. The self-organization model that was last presented suits an ad hoc network in the best way. The reason is that ad hoc networks try to copy the way humans naturally relate and speak to each other. 4 Testing architecture The theoretical approaches of ad hoc networks implementation are many. But the actual implementations are rare. When it is about ad hoc routing protocols there are quite a few implemented and tested. But when it comes about security, the tests are relatively rare. If we focus only on security matters it is not very important what ad hoc routing protocol it is used. But after the security models are tested, the actual implementation of such a model will have to take into consideration the particularities of the routing protocol that it will be based on. The tests that we performed were made using Jadhoc 0.2 and WinAODV implementations of AODV ad hoc routing protocol. Jadhoc is a Java implementation of AODV protocol developed ad the University of Bremen and WinAODV is a C implementation of the same protocol from David West from Trinity College, Dublin. Booth implementations are open source and available for free on the internet. We implemented an ad hoc network of laptops used for exchanging text messages using a SIP based Java program. In the future we will extend it to multimedia messages. Over this network we tested the security models based on a CA, using an open source CA implementation available on the internet. These models were the simplest to test because the CA didn t need to be implemented and the modifications required by the PKI architecture to the message exchange program where easy to make. But in the future we propose to implement the PGP based security model that was last discussed. Some implementation details will be given in the next paragraph. 5 Conclusions The self-organization model that was last presented suits an ad hoc network in the best way. The reason is that ad hoc networks try to copy the way humans naturally relate and speak to each other. The relationships between humans are based on trust. This trust can be based on previous experience. For example, two persons that worked together and saw each other in real situations know if each can trust the other. But the trust can also be based on an already establish relation of trust. For example Mihai can trust Vlad because Andrei (witch is trusted by Mihai) trust Vlad. For these relations of trust to work, people have to be able to identify one another. If the trust relation is direct, the people recognize one another by the looks. If the trust relation was derived, the persons can identify one another through recommendations. If we take the example with Mihai and Vlad, Mihai can identify and trust Vlad if Vlad presents to Mihai a recommendation from Andrei that Mihai can verify to be authentic. After the verification of the recommendation the trust relationship between Mihai and Vlad becomes a direct one. Let s presume that two people meet. They do not know each other and they do not have common trustees either. Can a trust relation be established between the two? Why not? They observe one another for a period of time. And after seeing haw each acts in given situations they can get to trust each other. But even close friends can disappoint you some times, right? In this

case people decide simply not to trust the friend in cause anymore and tell everybody that that person cannot be trusted anymore. The self-organization model tries to implement these human behaviors for ad hoc networks. And the resulted implementation is not forced at all because, of course, behind every node of the network (PDA, laptop, etc.) is a human operator. Each of these nodes has to have a public/private key pair and the necessary software to be able to sign, encrypt, verify and decrypt data and generate certificates for their own public keys. At the initialization phase of the network is a high chance that lots of these nodes already knows each other and thus trust or not each other. The one that do trust each other can issue certificates for one another. The mutual identification of the nodes can be done by physical contact and the exchange of certificates must be done on a peer-topeer channel. Than the network starts to exist fulfilling the purpose it was created for. The nodes of the network that want to communicate but do not have a prior trust relationship must get into physical contact and see if they can establish a common trust path as was discussed before. If the mutual trust path does not exist they can choose to trust each other based on the observations of each other s behavior. The revocation of a trust relationship based on present observation can be made known to other nodes by sending a revocation list to all the nodes of the certificates from the certificate repository. Of course, there are many theoretical studies of the ad hoc network security. What lacks are actual implementations. [2] Arun Kumar Bayya, Siddhartha Gupte, Yogesh Kumar Shukla, Anil Garikapati, Security in Ad-Hoc Networks [3] Refik Molva, Pietro Michiardi, Security in Ad Hoc Networks [4] Srdjan Capkun, Jean-Pierre Hubaux, Levente Buttyan, Mobility Helps Security in Ad Hoc Networks [5] Vesa Karpijoki, Security in Ad Hoc Networks References: [1] Katrin Hoeper, Guang Gong, Model of Authentications in Ad Hoc Networks and Their Related Network Properties

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback