Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris VoutsasAdvisor: Songwu Lu
Challenges in providing security support for ad hoc wireless networks:� Wireless Networks are susceptible to attacks� Occasional break-ins may be inevitable� “Anywhere, anytime” security for mobile users� Scalable is a must for large-scale systems
Goals:� Ubiquitous service availability – mobility
support, against DoS attack� Robustness against break-ins – against
mobile adversaries� Scalability – potential large network� Communication efficiency – BW-constraint
error-prone wireless channel
Networkgenesis
Self-initializationends
Floodingcoefficientsof update
polynomial
Proactiveupdateends
Proactiveupdatestarts
Certificaterenewal
Certificaterenewal
Certificaterenewal
Floodingcoefficientsof update
polynomial
Proactiveupdateends
Proactiveupdatestarts
Certificaterenewal
Certificaterenewal
At least k nodes have secret sharesso that self-initialization is feasible
All nodes havesecret shares
All nodes havesecret share update packet
All nodes haveupdated secret shares
All nodes havesecret share update packet
All nodes haveupdated secret shares
secret shares, version 3
secret shares (version 1)
a node must seek help from nodesDuring this transition period,
with same version of secret shares
secret shares (version 2)
Sequence of Events:
NS-2 Simulation Results:
� Success ratio : Certificate Renewal vs. Central Authority
� Average delay : Certificate Renewal vs. Central Authority
� Completion time for secret share update
30 40 50 60 70 80 90 10040
50
60
70
80
90
100
# of Nodes
Succ
ess
Rat
io (%
)Success Ratio - CR vs. CA, Mobility 15m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 10040
50
60
70
80
90
100
# of Nodes
Succ
ess
Rat
io (%
)
Success Ratio - CR vs. CA, Mobility 5m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 1000
10
20
30
40
50
60
# of Nodes
Avg.
Del
ay (s
ec)
Avg. Delay - CR vs. CA, Mobility 15m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 1000
10
20
30
40
50
60
# of Nodes
Avg.
Del
ay (s
ec)
Avg. Delay - CR vs. CA, Mobility 5m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
Solution:� Certificate-based authentication � Threshold secret sharing – distributed
certificate renewal� Proactive secret share witness & update� Distributed self-initialization
Assumptions:� Infrastructureless ad hoc network - n nodes� BW-constraint, error-prone, insecure
wireless channel� Nodes are free to roam� Network size n is dynamically changing as
nodes join, leave, or fail� Network scale is unconstraint: n may be large
30 40 50 60 70 80 90 1000
100
200
300
400
500
600
700
800
900
# of Nodes
Com
plet
ion
Tim
e (s
ec)
Completion Time - Proactive Secret Share Update (K=5)
1m/sec3m/sec5m/sec
10m/sec15m/sec20m/sec
� High success ratio
� Minimized delay
� Bounded completion time for PVSS – Parallel execution
� Scalable to network size and mobility
Cryptographic Implementation:
* Public key encryption/decryption* Secret key encryption/decryption
RSA module
* Lagrange interpolation formula* Lagranged secret share (Pi
Polynomial and Lagrange interpolation module
* Generate large prime number* Multiplicative inverse computation* Exponentiation computation
Number Theory module
* MPI arithmetic support* Bitstream/hexadecimal string/MPI
translation routines
MPI (multi-precision integer) module
* Certificate verification* Secret share verification
* Public witness generationVerifiable secret sharing module
* Coalition offset computation* Partial certificate combination and offsetting* Multi-precision integer offsetting
K-bounded coalition offsetting module
* Certificate clear text generation* Partial certificate computation
Certificate renewal module* Secret share computation* Partial secret share shuffling
Self-initialization module* Flooding packet generation* K-out-of-N secure flooding
packet decryption
Proactive update of secret shares module
* Generate RSA key pairs
Application Demo:CMP coalition management protocol, Implementation of root-of-trustQt-based GUI, BSD socket (TCP/UDP) connection
Application Main Window Dist. Certificate Renewal Window