Haiyun Luo, Petros Zerfos, Jiejun Kong, Dimitris VoutsasAdvisor: Songwu Lu

Challenges in providing security support for ad hoc wireless networks:� Wireless Networks are susceptible to attacks� Occasional break-ins may be inevitable� “Anywhere, anytime” security for mobile users� Scalable is a must for large-scale systems

Goals:� Ubiquitous service availability – mobility

support, against DoS attack� Robustness against break-ins – against

mobile adversaries� Scalability – potential large network� Communication efficiency – BW-constraint

error-prone wireless channel

Networkgenesis

Self-initializationends

Floodingcoefficientsof update

polynomial

Proactiveupdateends

Proactiveupdatestarts

Certificaterenewal

Certificaterenewal

Certificaterenewal

Floodingcoefficientsof update

polynomial

Proactiveupdateends

Proactiveupdatestarts

Certificaterenewal

Certificaterenewal

At least k nodes have secret sharesso that self-initialization is feasible

All nodes havesecret shares

All nodes havesecret share update packet

All nodes haveupdated secret shares

All nodes havesecret share update packet

All nodes haveupdated secret shares

secret shares, version 3

secret shares (version 1)

a node must seek help from nodesDuring this transition period,

with same version of secret shares

secret shares (version 2)

Sequence of Events:

NS-2 Simulation Results:

� Success ratio : Certificate Renewal vs. Central Authority

� Average delay : Certificate Renewal vs. Central Authority

� Completion time for secret share update

30 40 50 60 70 80 90 10040

50

60

70

80

90

100

# of Nodes

Succ

ess

Rat

io (%

)Success Ratio - CR vs. CA, Mobility 15m/sec

Dist. Cert. RenewCA - 1 serv.CA - 4 serv.

30 40 50 60 70 80 90 10040

50

60

70

80

90

100

# of Nodes

Succ

ess

Rat

io (%

)

Success Ratio - CR vs. CA, Mobility 5m/sec

Dist. Cert. RenewCA - 1 serv.CA - 4 serv.

30 40 50 60 70 80 90 1000

10

20

30

40

50

60

# of Nodes

Avg.

Del

ay (s

ec)

Avg. Delay - CR vs. CA, Mobility 15m/sec

Dist. Cert. RenewCA - 1 serv.CA - 4 serv.

30 40 50 60 70 80 90 1000

10

20

30

40

50

60

# of Nodes

Avg.

Del

ay (s

ec)

Avg. Delay - CR vs. CA, Mobility 5m/sec

Dist. Cert. RenewCA - 1 serv.CA - 4 serv.

Solution:� Certificate-based authentication � Threshold secret sharing – distributed

certificate renewal� Proactive secret share witness & update� Distributed self-initialization

Assumptions:� Infrastructureless ad hoc network - n nodes� BW-constraint, error-prone, insecure

wireless channel� Nodes are free to roam� Network size n is dynamically changing as

nodes join, leave, or fail� Network scale is unconstraint: n may be large

30 40 50 60 70 80 90 1000

100

200

300

400

500

600

700

800

900

# of Nodes

Com

plet

ion

Tim

e (s

ec)

Completion Time - Proactive Secret Share Update (K=5)

1m/sec3m/sec5m/sec

10m/sec15m/sec20m/sec

� High success ratio

� Minimized delay

� Bounded completion time for PVSS – Parallel execution

� Scalable to network size and mobility

Cryptographic Implementation:

* Public key encryption/decryption* Secret key encryption/decryption

RSA module

* Lagrange interpolation formula* Lagranged secret share (Pi

Polynomial and Lagrange interpolation module

* Generate large prime number* Multiplicative inverse computation* Exponentiation computation

Number Theory module

* MPI arithmetic support* Bitstream/hexadecimal string/MPI

translation routines

MPI (multi-precision integer) module

* Certificate verification* Secret share verification

* Public witness generationVerifiable secret sharing module

* Coalition offset computation* Partial certificate combination and offsetting* Multi-precision integer offsetting

K-bounded coalition offsetting module

* Certificate clear text generation* Partial certificate computation

Certificate renewal module* Secret share computation* Partial secret share shuffling

Self-initialization module* Flooding packet generation* K-out-of-N secure flooding

packet decryption

Proactive update of secret shares module

* Generate RSA key pairs

Application Demo:CMP coalition management protocol, Implementation of root-of-trustQt-based GUI, BSD socket (TCP/UDP) connection

Application Main Window Dist. Certificate Renewal Window