Security in ad hoc network

Security in ad hoc network

Physical attacks

This kind of attacks focuses the equipment used in the network, in order to gain access to the network by using information stored in this device [21,22].

Device cloning

Device cloning is the act of presenting false or duplicated credentials to gain access to a system resource; this threat is also called masquerading [21,22]. Using strong authentication mechanisms with digital certificates and signatures will protect against most utilizations of this threat.

Device theft

Device theft is the physical theft of any given device by an attacker [21,22]. Designing devices or systems resistant to theft is very difficult in general. However all devices should be stored in secure locations when not in use. The probability of device theft is greater in mobile systems (e.g. wireless devices), as physical security is here more difficult to enforce.

Security mechanism

Several techniques have been presented in the literature trying to solve the security problems in ad hoc network. But the large area of use is reserved to those based on encryption. Encryption plays a significant part in both the WLAN and LAN environments.
For wireless users, encryption is particularly important because the wireless platform is often the easiest for an attacker to gain access to LAN, if the flow of data isn’t encrypted.
Encryption makes the job of an attacker much more difficult and helps protect the users from such exploits. Two kind of encryption can be used in ad hoc network, Symmetric encryption (conventional encryption) and Asymmetric encryption (public key encryption).

Security Standards for infrastructure based WLAN

Wired Equivalent Privacy (WEP)

The current standard for protecting wireless communication from eavesdropping is the WEP algorithm. A secondary function of the WEP algorithm is to prevent unauthorized access to a wireless network.WEP is a symmetric cryptosystem, which relies on a secret key being shared between the nodes in the network. The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. The WEP standard does not specify any techniques for key distribution, but in practice, most installations use a single key that is manually shared between all nodes.

IEEE-802.11x

The IEEE 802.11x is a port based standard [2], in which a new user connects to RADUIS server via an insecure port to be authenticated, if the authentication success then the user is authorized to use the secure port otherwise it is excluded. The process of login is as follow:First the user must introduce its login and password these two identifiers are transferred over the insecure port to the RADUIS server situated in the wired network. If the user is authenticated the a grant response is forwarded to him followed by the symmetric encryption key allowing him to use secured port , otherwise an access denied alert is sent to this user.Any other mechanism can be imagined to enforce security like proactive key update or Public Key Infrastructure to be used over this protocol to enforce security.

IEEE 802.11i

The IEEE 802.11i standard is recently developed, and it’s intended to improve the WLAN security. Among other things defined in the 802.11i specification are some new encryption key protocols including the Temporal Key Integrity Protocol (TKIP) and the Advanced Encryption Standard (AES). The 802.11i standard will correct the security problems associated with WEP, e.g. TKIP uses an extended 48-bit IV, compared to the 24-bit IV in WEP. It would take approximately 100 years for a key to be reused when using a 48-bit IV under heavy traffic conditions [2].

Table des matières

General Introduction 
Chapter I Introduction to ad hoc networks and cryptography
I- Presentation of wireless network
I-1 Introduction
I-2- Standards
I-2-1 IEEE 802.11
I-2-2 IEEE 802.15
I-2-3 IEEE 802.16
I-2-4 IEEE 802.20
I-3- Architectures of WLAN
I-3-1 BSS mode
I-3-2 IBSS mode
I-4- Ad hoc network
I-4-1 Benefits of ad hoc networks
I-5- Characteristics of Ad hoc network
I-6- Applications of ad hoc networks
I-7- Problematic
I-7-1 Routing protocols for ad hoc networks
I-7-2 Security problematic in ad hoc networks
I-8- Security in ad hoc network
I-8-1 need of security
I-8-2 The security goals
I-8-3 Identification of attacks
I-8-3-1 Passive Attack
I-8-3-2 Active Attacks
I-8-3-3 Physical attacks
I-9- Security mechanism
I-9-1 Security Standards for infrastructure based WLAN
I-9-2 Security Standards for ad hoc networks
II- Cryptography background
II-1 Cryptography
II-2 Symmetric encryption
II-2-1 Example of symmetric algorithms
a- Data Encryption Standard DES
b- The Advanced Encryption Standard AES
II-3 Hash algorithm theory
II-3-1 Examples of hash algorithms
a- MD5
b- SHA-1
II-4 Asymmetric encryption
II-4-1 Example of asymmetric algorithms
a- RSA
b- Diffie-Hellman
II-4-2 Threshold Cryptography
a- Secret Sharing
b- Shamir’s Secret Sharing
c- Proactive Secret Sharing
II-4-3 Problematic
II-4-4 Security and cryptography
II-5 The Digital Signature
II-6 Public Key Infrastructure
II-6-1 The Digital Certificate
II-6-2 Public Key Infrastructure components
a- The Certificate Authority CA
b- The Registration Authority RA
c- Certificate Distribution and publishing
e- Certificate Revocation List CRL
II-6-4 X509 standard
II-7 PKI in ad hoc networks
Chapter II State of the art
1- Key Management 
2- Evaluation Criteria 
2-1 Confidentiality
2-2 Availability
2-3 Freshness
2-4 Scalability
3- PKI based key management schemes 
3-1 Partially Distributed Certificate Authority
3-1-1 System structure
3-1-2 Certificate services
a.Certificate Issuing
b.Certificate Renewal
c.Certificate verification, revocation
d- System Maintenance
3-1-3 Analysis
3-1-4 Examples of use
3-2 Fully Distributed Certificate Authority
3-2-1 System structure
3-2-2 System Bootstrapping
3-2-3 Share Initialization
3-2-4 Share Update
a- Certificate Issuing
b- Certificate Renewal
d- Certificate Revocation
3-2-5 Analysis
3-3 Self Issued Certificates
3-3-1 System structure
3-3-2 Analysis
3-4 SEKEN (Secure and Efficient Key Exchange for Sensor Networks)
3-4-1 The protocol
a- Key Setup Phase
b- Key authentication
3-4-2 Analysis
4- Other key management schemes 
4-1 Secure Pebblenets
4-1-1 Overview
4-1-2 Bootstrapping
4-1-3 Cryptographic Parameters
4-1-4 Cryptographic Functions
4-1-5 Cluster Generation Phase
4-1-6 Key update operation
4-1-7 Analysis
4-2 Demonstrative Identification
4-2-1 Overview
4-2-2 Example of use
4-3 Password Authenticated Key Exchange
4-3-1 The Hypercube Protocol
4-3-2 Password Authentication Extension
4-3-3 Analysis
5 Conclusion
Chapter III Cluster based PKI
1. Introduction
2. Models for our design 
2.1 System and network models
2.2 Adversary models
3 System Architecture 
3.1 Clustering
3.2 Used clustering algorithm
3.3 Primitives and Notations
4. System Bootstrapping
4.1 The elaboration of cluster architecture
4.1.1 Secure area elaboration
4.1.1.1 Demonstrative authentication
4.1.1.2 Password authentication
4.2 Election procedure
4.3 services launching
5- Network maintenance
5-1 Clusters management
5-1-1 Cluster Creation
5-1-1-1 Clusters birth
5-1-1-2 Cluster division
5-1-3 Cluster merging
5-2 Node management
5-2-1 Joining the network
5-2-2 Roaming
5-2-3 Leaving the network
5-2-3-1 explicit leaving
5-2-3-2 Implicit leaving
5-2-4 Link failure
6- Certificate authority services 
6-1 Certificate structure
6-2 registration
6-4 Certificate Revocation and CRL
6-5 renewal
7- Security services
7-1 Identification of nodes
7-2 Key update
8- Analysis
8-1 Resistance to attacks
8-2 Key management characteristics
8-3 Comparison with other PKI key management schemes
9- Implementation
9-1 Class diagram
9-2 Description of some process
9-2-1 User handled operations
9-2-1-1 Key generation
9-2-1-2 Registration
9-2-1-3 Revocation
9-2-1-4 Certificate Renewal
9-2-1-5 Leaving the network
9-2-1-6 Getting information about the network
9-2-2 Background operations
9-2-2-1 Beaconing
9-2-2-2 Getting traffic key
9-2-2-3 Moving in the area of the network
9-2-2-4 Roaming
9-3 feature for real implementation
10- Conclusion
Chapter IV Secured Clustering Algorithm
1-Clustering
1-1Advantages
1-2 Criteria on clustering algorithm
2- State of the art
2-1 Highest-Degree Algorithm
Analysis
2-2 Lowest-ID algorithm
Analysis
2-3 Mobility-based d-Hop Clustering Algorithm
Analysis
2-4 Weight base Clustering Algorithm (WCA)
Analysis
2-5 A double manager k-hop clustering algorithm in mobile ad hoc networks
Analysis
Conclusion
3- Secured Clustering Algorithm SCA
3-1 Basis for our algorithm
3-1-1 Cluster management criteria
3-1-2 Election criteria
3-1-3 Node status
3-2 Computing trust value
3-3 Computing The Stability (mobility)
3-4 Beaconing
3-4-1 Mechanisms of beaconing
3-4-2 Structure of beacons
a- Identity field
b- Action code field
3-5 Cluster-Head election procedure
3-5-1 Discovery stage
3-5-2 Computing weight
3-5-3 Elaboration of the backbone
3-5-4 The algorithm
3-5-5 Algorithm executed by CM
3-5-6 Security feature
3-6 Cluster maintenance
3-6-1 Initialisation of nodes
3-6-2 Receiving Beacons
3-6-5 Cluster division
3-6-6 Cluster size reduction
3-6-7 Cluster merging
3-6-9 Cluster size extension
3-6-10 Other scenarios
4- Experiment results 
4-1 Simulation environment
4-2 The scope of simulation
4-3 proving the unfeasibility of one hope clusters
4-5 Test of performance of SCA for dense networks
5-Conclusion
Conclusion

Télécharger le rapport complet