Securing ad hoc networks
1 Introduction
Ad hoc networks are a new paradigm of wireless communication for mobile computers (which we call nodes). In an ad hoc network, there is no fixed infrastructure such as base stations and mobile switching centers. Mobile nodes located within range of each other to communicate directly via a wireless link, while those who are far rely on other nodes to relay messages as routers. The mobile node in an ad hoc network causes frequent changes in network topology. Military tactics are still the main
Application of ad hoc networks today. For example, military units (eg soldiers, tanks or aircraft), equipped with wireless communication, can form an ad hoc network when they move into a battlefield. Ad hoc networks can also be used in an emergency, police and rescue missions. From an ad hoc network can be deployed rapidly to a relatively low cost, it becomes an attractive option for commercial applications such as sensor networks or virtual classrooms.
1. 1 Objectives Security
Security is an important issue for ad hoc networks, including security-sensitive applications. To ensure an ad hoc network, consider the following attributes: availability, confidentiality, integrity, authentication and non-repudiation.
Availability ensures the survival of network services despite denial of service. A denial of service could be launched at any layer of an ad hoc network. In the physical layer and Media Access Control, an adversary could employ interference interfere with communication on physical channels. In the network layer, an adversary could disrupt the routing protocol and disconnect from the network. In the upper layers, an adversary could bring down high level services. A goal is the key management service, an essential service for any security structure.
Make sure that the confidentiality of certain information is not disclosed to unauthorized entities. Network Transmission of sensitive information, such as information and strategic or tactical military requirements for confidentiality. The leaking of this information to the enemy could have devastating consequences. The routing information also must remain confidential, in some cases because the information may be valuable to identify and locate enemy targets in a battlefield.
Ensures the integrity of a message being transferred is not damaged. A message can be damaged due to benign failures, such as radio propagation impairment, or due to malicious attacks on the network.
Authentication allows a node to ensure the identity of the node pairs are communicating with. Without authentication, an adversary could hide a node, and therefore unauthorized access to resources and sensitive information and interfering with the operation of other nodes.
Finally, the rejection does not guarantee that the origin of a message can not deny having sent the message. Non-repudiation is useful for the detection and isolation of involved nodes. When a node A receives an error message from a node B, non-repudiation can accuse B using this message and to convince other nodes that are compromised B.
There are security objectives (eg, authorization) that are of interest for some applications, but we will not keep these issues in this document.
1. 2 Challenges
The main characteristics of ad hoc networks have challenges and opportunities in achieving these security goals.
First, the use of wireless links makes an ad hoc network capable of linking the attacks ranging from passive listening to active impersonation, message replay and message distortion. Espionage could give adversaries access to secret information in violation of confidentiality. Active attacks might allow the adversary to delete messages, inject erroneous messages, edit messages, and impersonate a node, thus violating the availability, integrity, authentication and non-repudiation.
Secondly, nodes, roaming in a hostile environment (eg, a battlefield) with relatively poor physical protection, they have negligible probability of being compromised. Therefore, we must not only consider malicious attacks from outside a network, but also take into account the attacks launched from inside the network of nodes at risk. Therefore, to achieve high survival, ad hoc networks should be 2 distributed architecture with no central body. The introduction of any central entity of our security solution could lead to vulnerabilities, that is, if it undertakes this centralized entity, then the whole network is interrupted.
Third, an ad hoc network is dynamic due to frequent changes in topology of its two members (ie, nodes frequently join and leave the network). Trust relationship between nodes also changes, for example, when some nodes are detected as being compromised. Unlike other wireless mobile networks such as Mobile IP [21, 48, 34], nodes in an ad hoc network to dynamically join in May with the administrative areas. Any security solution with a static configuration is not enough. It is desirable that our security arrangements on the fly to adapt to these changes.
Finally, an ad hoc network in May of hundreds or thousands of nodes. Security mechanisms must be scalable to handle such a broad network.
1. 3 Protocol routing and threats
The routing protocols for ad hoc networks are actively seeking. There is no single standard routing protocol. Therefore, we seek to understand the threats to human security and to provide guidelines to secure routing protocols. In most routing protocols, routers exchange information about the topology of the network to establish connections between nodes. This information could become the target of malicious adversaries who seek to make the network down. There are two sources of threats to routing protocols. The first comes from external attackers. By injecting erroneous routing information, repeating the old routing information or distorting routing information, an attacker could successfully partition the network or introduce excessive traffic load on the network by the routing and transmission ineffective.
Threats The second and most serious type of involved nodes come and could announce incorrect routing information to other nodes. The detection of such false information is difficult: only requires information on the route to be signed by each node does not work, because it involves the lymph nodes are able to generate valid signatures using their private keys.
To defend against such threats first, nodes can protect routing information in the same way that protect data traffic, I. e. , By using cryptographic systems such as digital signature. Compromised hosts, however, this defense is not effective against attacks. Worse, as we said, we can not overlook the possibility of nodes to engage in an ad hoc network. The detection of involved nodes by the routing information is also difficult in an ad hoc network due to its dynamic evolution of the network: when a piece of routing information is held invalid, the information can be generated by a node compromise, or could lose their validity after topology changes. It is difficult to distinguish the two cases.
Moreover, we can use certain properties of ad hoc networks to achieve secure routing. Note that routing protocols for ad hoc networks must handle outdated routing information to accommodate topology changes dynamically. False routing information generated by the nodes at risk could, to some extent, be regarded as outdated information. While it is not enough correct nodes, the routing protocol must be able to find routes passing through these nodes involved. Such a capacity for routing protocols is usually based on the inherent redundancy – multiple, possibly disjoint, routes between nodes – in ad hoc networks.
2. Key Management Service
We use cryptographic systems, such as digital signatures to protect the routing information and data traffic. The use of these systems generally require a key management service. We took a public key infrastructure, due to its superiority in distributing keys and in achieving integrity and non-repudiation. Efficient Secret key systems are used for secure communications after additional nodes authenticate each other and establish a shared secret session key. In a public key infrastructure, each node has a couple of key public sector. The public key can be distributed to other nodes, while the private key must remain confidential to individual nodes. He is known as a trusted certification authority (CA) [11, 47 and 26] for key management. The CA has a public key pair with your public key known to each node, and sign the necessary public key certificates for nodes. The trusted CA must stay online to reflect the current links, as links may change over time: a public key must be revoked if the owner node is no longer trusted or is out of the network node freshening May its key pair periodically to reduce the chances of successful brute force attack on your private key. It is problematic to establish a key management service with a single CA in ad hoc networks. The Board, responsible for security throughout the network, a network is sensitive: if the CA is unavailable, nodes can not obtain the public key of other nodes or to establish a secure communication with others. If the CA is compromised and leaks its private key to the adversary, the adversary can sign a false certificate using its private key to impersonate any node or revoke a certificate.
A standard method for improving the availability of a replication service. However, a simple replica of the CA makes the service more vulnerable to compromise in any single replica, which has the private key service could lead to the collapse of the entire system. To resolve this problem, the trust will be distributed to a set of nodes allowing these nodes share the responsibility for key management.
3. Push! Photo: Photo Sharing informal ad hoc networks
As mobile phones have become all parts of the camera in practice the evolution of photography. Camera phone pictures are usually taken with participation in mind. Meanwhile, online photo sharing public has become increasingly popular with websites like Flickr. Push! The photo is a mobile photo sharing application where photos can be made public and immediately accessible by anyone nearby. The application also automatically searches for photos on nearby devices to find relevant and interesting photos. Push! The photo shows how you can share digital photos is as easy as paper files.
Shoot!
Know!
Discover!
Enjoy!
3. 1 THE PUSH! PROTOTYPE PHOTOS
The current prototype of Push! Photo Gallery allows to be made public, and users can browse your own collection of photos and those of others nearby. When the devices are close to each other, automatically begins searching collections of photos of public and another for
The photographs are involved in a car. These photographs are presented as a multi-image presentation, which extends as new photos were found. To browse the images of an event included in a particular image, the user can click on the image in the slideshow. The application will download all the pictures taken on camera about this event. Thus, if a user finds an interesting picture in the slideshow, you can easily find more pictures of the process. To decide
That two photos are of the same event, information on who else was shooting everywhere and used. The application implements a service discovery to find other devices when in range of Wi-Fi. Thus, the application is always aware that another person (using Push Picture) is approximately at a given time. Since a picture is taken, the resulting image is tagged with this information in time and the identity of the photographer. The current prototype is an application that runs on
Pocket PC with WiFi and external SD cameras
3. 2 relative WORK
In previous work with Push! Music [2], the music files have been replaced by media staff have been said, that lets you copy autonomously between devices themselves in an ad hoc network. The agents of the media trying to find his
for audience encountered by users, and as a song is automatically copied to the playlist. This way users discover new music while listening passively. Other projects have focused on mobile photo sharing. Davis et al. in mm2 uses the concept of co-presence of the simplification of the decision to share [1]. The images are automatically downloaded to a central web server where the recipient can access the distribution of photos. Kohno and Rekimoto instead of GPS information and time stamp to determine if the images are of the same race or not [4]. This is used to enable users to easily navigate through the photos that everyone standing in a group to serve as a discussion topic. The system also allows users to drag and drop files between their own and other devices. However, push! Photo aims to explore how mobile can be shared simplified, allowing the seamless exchange and use of background and photos automatically marked, interesting and relevant
4 Conclusions
In this paper we have analyzed the security threats an ad hoc network faces and presented the safety objectives to be achieved. First, the security-sensitive applications of ad hoc networks require a high degree of safety in another part, ad hoc networks are inherently vulnerable to security attacks. Therefore, security mechanisms are needed for ad hoc networks. The idiosyncrasy of ad hoc networks presents both challenges and opportunities of these mechanisms. This document focuses on how to secure routing and how to establish a secure key management in an ad hoc network. Both issues are critical to achieving our security objectives. Besides the standard security mechanisms, we take advantage of redundancies in the topology of the ad hoc network and the diversity of codes used on routes to tolerate multiple benign and Byzantine failures. To build a highly secure, high availability and the key management services, we propose to use threshold cryptography to distribute trust among a set of servers. In addition, our key management fee used to achieve security refreshing proactive and adapt to changes in the network of a scalable way. Finally, by relaxing the requirement of consistency on the servers, our service is not based on assumptions of sync. These assumptions could lead to vulnerability. A prototype of the key management function has been implemented, demonstrating their viability. This document represents the first step of our investigation to analyze security threats, understand the security requirements for ad hoc networks, and identifying existing technologies and propose new mechanisms for securing ad hoc networks. More work must be done to implement these security mechanisms
an ad hoc network and investigate the impact of these security mechanisms on network performance.
5 Acknowledgments
I want to thank my friends for their valuable contribution to this work. I am also grateful to my family and the anonymous reviewers for their comments and suggestions that helped improve the quality of paper.
I thank the Almighty for his blessings on me.
6 References
[1] E. Ayanoglu, C.-L. I, R. D. Gitlin, J. and E. Mazo. Diversity coding for transparent self-healing and
networks fault tolerant communication. IEEE Transactions on Communications, 41 (11) :1677-1686,
November 1993.
[2] M. Castro and B. Liskov. Practice Byzantine fault tolerance. In Proceedings of the 3rd USENIX
Symposium on Operating Systems Design and Implementation (OSDI’99), pages 173-186, New Orleans,
LA USA, February 22-25, 1999. USENIX Association, IEEE TCOs, and ACM SIGOPS.
[3] Y. Desmedt. Threshold cryptography. European Transactions on Telecommunications, 5 (4) :449-457
From July to August 1994.
[4] Y. Desmedt and Y. Frankel. Threshold cryptosystems. In G. Brassard, editor, Advances in Cryptology –
Crypto’89, the 9th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24
From 1989, Proceedings, volume 435 of Lecture Notes in Computer Science, pages 307-315. Springer, 1990.
[5] Y. Desmedt and S. Jajodia. Redistributing secret shares to new access structures and its applications.
Technical Report ISSE TR-97-01, George Mason University, July 1997.
[6] A. Ephremides, JE Wieselthier, and DJ Baker. A design concept for reliable mobile radio networks
frequency hopping signaling. Proceedings of the IEEE, 75 (1) :56-73, January 1987.
[7] P. Feldman. From a practical model for non-interactive verifiable secret sharing. In Proceedings of the 28th
Annual Symposium on Foundations of Computer Science, pages 427-437. IEEE, October 12-14,
1987.
[8] MJ Fischer, NA Lynch, and MS Peterson. The impossibility of distributed consensus with the poor
processor. Journal of the ACM, 32 (2) :374-382, April 1985.
[9] Y. Frankel, P. Gemmel, P. MacKenzie and M. Yung. Public resistance dynamic optimal key cryptography.
In Proceedings of the 38th Symposium on Foundations of Computer Science, pages 384-393,
Miami Beach, FL USA, October 20-22, 1997. IEEE.
[10] Y. Frankel, P. Gemmell, P. MacKenzie and M. Yung. Proactive RSA. In B. S. Kaliski Jr., editor,
Advances in Cryptology-Crypto’97, the 17th Annual International Cryptology Conference, Santa Barbara,
CA, USA, August 17-21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science,
pages 440-454. Springer, 1997.
[11] M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The architecture of digital distribution systems security.
In Proceedings of the 12th National Computer Security Conference, pages 305-319, Baltimore,
Related posts:
- Fundamentals of computer networks The exchange of fax machines, printers and modems, among...
- Methods of network management and monitoring network network management can mean different things to different people....
- Networks Networks. Networking is a complex part of computing that makes up...
- The principles and benefits of online networks Today, most people are familiar with the idea of “six...
- The importance of networks in the management of general system data The network is the most relevant exposure related to client-server...
Related posts brought to you by Yet Another Related Posts Plugin.