Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris Voutsas...
1
Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris Voutsas Advisor: Songwu Lu Challenges in providing security support for ad hoc wireless networks: Wireless Networks are susceptible to attacks Occasional break-ins may be inevitable “Anywhere, anytime” security for mobile users Scalable is a must for large-scale systems Goals: Ubiquitous service availability – mobility support, against DoS attack Robustness against break-ins – against mobile adversaries Scalability – potential large network Communication efficiency – BW-constraint error-prone wireless channel Network genesis Self-initialization ends Flooding coefficients of update polynomial Proactive update ends Proactive update starts Certificate renewal Certificate renewal Certificate renewal Flooding coefficients of update polynomial Proactive update ends Proactive update starts Certificate renewal Certificate renewal At least k nodes have secret shares so that self-initialization is feasible All nodes have secret shares All nodes have secret share update packet All nodes have updated secret shares All nodes have secret share update packet All nodes have updated secret shares secret shares, version 3 secret shares (version 1) a node must seek help from nodes During this transition period, with same version of secret shares secret shares (version 2) Sequence of Events: NS-2 Simulation Results: Success ratio : Certificate Renewal vs. Central Authority Average delay : Certificate Renewal vs. Central Authority Completion time for secret share update 30 40 50 60 70 80 90 100 40 50 60 70 80 90 100 # of Nodes Success Ratio (%) Success Ratio - CR vs. CA, Mobility 15m/sec Dist. Cert. Renew CA - 1 serv. CA - 4 serv. 30 40 50 60 70 80 90 100 40 50 60 70 80 90 100 # of Nodes Success Ratio (%) Success Ratio - CR vs. CA, Mobility 5m/sec Dist. Cert. Renew CA - 1 serv. CA - 4 serv. 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 # of Nodes Avg. Delay (sec) Avg. Delay - CR vs. CA, Mobility 15m/sec Dist. Cert. Renew CA - 1 serv. CA - 4 serv. 30 40 50 60 70 80 90 100 0 10 20 30 40 50 60 # of Nodes Avg. Delay (sec) Avg. Delay - CR vs. CA, Mobility 5m/sec Dist. Cert. Renew CA - 1 serv. CA - 4 serv. Solution: Certificate-based authentication Threshold secret sharing – distributed certificate renewal Proactive secret share witness & update Distributed self-initialization Assumptions: Infrastructureless ad hoc network - n nodes BW-constraint, error-prone, insecure wireless channel Nodes are free to roam Network size n is dynamically changing as nodes join, leave, or fail Network scale is unconstraint: n may be large 30 40 50 60 70 80 90 100 0 100 200 300 400 500 600 700 800 900 # of Nodes Completion Time (sec) Completion Time - Proactive Secret Share Update (K=5) 1m/sec 3m/sec 5m/sec 10m/sec 15m/sec 20m/sec High success ratio Minimized delay Bounded completion time for PVSS – Parallel execution Scalable to network size and mobility Cryptographic Implementation: * Public key encryption/decryption * Secret key encryption/decryption RSA module * Lagrange interpolation formula * Lagranged secret share (Pi Polynomial and Lagrange interpolation module * Generate large prime number * Multiplicative inverse computation * Exponentiation computation Number Theory module * MPI arithmetic support * Bitstream/hexadecimal string/MPI translation routines MPI (multi-precision integer) module * Certificate verification * Secret share verification * Public witness generation Verifiable secret sharing module * Coalition offset computation * Partial certificate combination and offsetting * Multi-precision integer offsetting K-bounded coalition offsetting module * Certificate clear text generation * Partial certificate computation Certificate renewal module * Secret share computation * Partial secret share shuffling Self-initialization module * Flooding packet generation * K-out-of-N secure flooding packet decryption Proactive update of secret shares module * Generate RSA key pairs Application Demo: CMP coalition management protocol, Implementation of root-of-trust Qt-based GUI, BSD socket (TCP/UDP) connection Application Main Window Dist. Certificate Renewal Window
Transcript of Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris Voutsas...
Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris VoutsasAdvisor: Songwu Lu
Challenges in providing security support for ad hoc wireless networks:� Wireless Networks are susceptible to attacks� Occasional break-ins may be inevitable� “Anywhere, anytime” security for mobile users� Scalable is a must for large-scale systems
Goals:� Ubiquitous service availability – mobility
support, against DoS attack� Robustness against break-ins – against
mobile adversaries� Scalability – potential large network� Communication efficiency – BW-constraint
error-prone wireless channel
Networkgenesis
Self-initializationends
Floodingcoefficientsof update
polynomial
Proactiveupdateends
Proactiveupdatestarts
Certificaterenewal
Certificaterenewal
Certificaterenewal
Floodingcoefficientsof update
polynomial
Proactiveupdateends
Proactiveupdatestarts
Certificaterenewal
Certificaterenewal
At least k nodes have secret sharesso that self-initialization is feasible
All nodes havesecret shares
All nodes havesecret share update packet
All nodes haveupdated secret shares
All nodes havesecret share update packet
All nodes haveupdated secret shares
secret shares, version 3
secret shares (version 1)
a node must seek help from nodesDuring this transition period,
with same version of secret shares
secret shares (version 2)
Sequence of Events:
NS-2 Simulation Results:
� Success ratio : Certificate Renewal vs. Central Authority
� Average delay : Certificate Renewal vs. Central Authority
� Completion time for secret share update
30 40 50 60 70 80 90 10040
50
60
70
80
90
100
# of Nodes
Succ
ess
Rat
io (%
)Success Ratio - CR vs. CA, Mobility 15m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 10040
50
60
70
80
90
100
# of Nodes
Succ
ess
Rat
io (%
)
Success Ratio - CR vs. CA, Mobility 5m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 1000
10
20
30
40
50
60
# of Nodes
Avg.
Del
ay (s
ec)
Avg. Delay - CR vs. CA, Mobility 15m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
30 40 50 60 70 80 90 1000
10
20
30
40
50
60
# of Nodes
Avg.
Del
ay (s
ec)
Avg. Delay - CR vs. CA, Mobility 5m/sec
Dist. Cert. RenewCA - 1 serv.CA - 4 serv.
Solution:� Certificate-based authentication � Threshold secret sharing – distributed
certificate renewal� Proactive secret share witness & update� Distributed self-initialization
Assumptions:� Infrastructureless ad hoc network - n nodes� BW-constraint, error-prone, insecure
wireless channel� Nodes are free to roam� Network size n is dynamically changing as
nodes join, leave, or fail� Network scale is unconstraint: n may be large
30 40 50 60 70 80 90 1000
100
200
300
400
500
600
700
800
900
# of Nodes
Com
plet
ion
Tim
e (s
ec)
Completion Time - Proactive Secret Share Update (K=5)
1m/sec3m/sec5m/sec
10m/sec15m/sec20m/sec
� High success ratio
� Minimized delay
� Bounded completion time for PVSS – Parallel execution
� Scalable to network size and mobility
Cryptographic Implementation:
* Public key encryption/decryption* Secret key encryption/decryption
RSA module
* Lagrange interpolation formula* Lagranged secret share (Pi
Polynomial and Lagrange interpolation module
* Generate large prime number* Multiplicative inverse computation* Exponentiation computation
Number Theory module
* MPI arithmetic support* Bitstream/hexadecimal string/MPI
translation routines
MPI (multi-precision integer) module
* Certificate verification* Secret share verification
* Public witness generationVerifiable secret sharing module
* Coalition offset computation* Partial certificate combination and offsetting* Multi-precision integer offsetting
K-bounded coalition offsetting module
* Certificate clear text generation* Partial certificate computation
Certificate renewal module* Secret share computation* Partial secret share shuffling
Self-initialization module* Flooding packet generation* K-out-of-N secure flooding
packet decryption
Proactive update of secret shares module
* Generate RSA key pairs
Application Demo:CMP coalition management protocol, Implementation of root-of-trustQt-based GUI, BSD socket (TCP/UDP) connection
Application Main Window Dist. Certificate Renewal Window
![An Auxin Transport Inhibitor Targets Villin-Mediated · An Auxin Transport Inhibitor Targets Villin-Mediated Actin Dynamics to Regulate Polar Auxin Transport1[OPEN] Minxia Zou,a Haiyun](https://static.fdocuments.net/doc/165x107/5f495bd623de363ead44b1aa/an-auxin-transport-inhibitor-targets-villin-an-auxin-transport-inhibitor-targets.jpg)
