Key Establishment Using Secure Distance Bounding Protocols
Dave Singelee2007, 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services (MobiQuitous)
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Key establishment is one of the major challenges in Wireless Personal Area Networks, as traditional security mechanisms often do not cope with the dynamic characteristics of wireless ad-hoc networks. In this paper, we present an efficient key establishment protocol, based on the basic Diffie-Hellman protocol. It enables mutual device authentication through presence and establishes a session key between personal mobile devices which do not yet share any authenticated cryptographic material. Distance bounding protocols, which have been introduced by Brands and Chaum at Eurocrypt'93 to preclude distance fraud and mafia fraud attacks, are employed to determine an upperbound on the distance to another entity. Our solution only requires limited user-interaction: the user of a mobile device is expected to perform a visual verification within a small physical space.
Related papers
A new secure authentication based distance bounding protocol
PeerJ Computer Science, 2021
Numerous systems are being employed in daily life where two entities authenticate each other over a range of distance. The distance involved is relatively small, but still attacks were documented. The distance bounding (DB) protocol was introduced to cater to security requirements. The schemes, however, are still prone to several threats; mainly the Relay Attack (Terrorist and Mafia Fraud). In Mafia Fraud, an attempts are made to get accepted as the prover either by replaying of messages or by the help a malicious key. In Terrorist fraud, an attempt is made to extract the secret from the verifying entity, either by extracting the key from the message captured or by physically tempering the verifying/proving entity. Therefore the mitigation of these attacks needs to be done; as to not put computational overhead on the scheme. The paper presents a comprehensive and comparative performance analysis of twelve DB protocols based on defined metrics. It also proposes a protocol which incor...
Authentication in Mobile Ad Hoc Networks
Our studies show that there are performance and security problems with the existing authentication and keying mechanisms which are currently employed by wireless ad hoc networks. We propose a new authentication protocol, which solves those problems using a combination of well known cryptographic tools in RSA and Diffie-Hellman. In addition to the actual authentication, a new pairwise session is generated as a result of this mechanism. We also point out that without any central authority, e.g., a central server (which is the nature of ad hoc networks), our authentication scheme can be carried out securely by any node at any time.
Authenticated and efficient key management for wireless ad hoc networks
2003
In this paper we present a key management protocol for wireless ad hoc multi-hop networks. Two objectives were crucial in our design: (1) distributed trust to ensure robustness, and (2) strong authentication to prevent the battery drain attack. We achieve distributed trust by presenting a hierarchical and distributed public key infrastructure for ad hoc networks. Our PKI has been designed to map onto hierarchical ad hoc networks, while maintaining global connectivity and flexibility. If a misbehavior detection scheme is present on the network, then the security of our PKI can be improved through collaboration with this scheme. Next to this PKI we propose a mechanism to securely establish and maintain link keys between the different nodes in the network.
Location verification using secure distance bounding protocols
IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005., 2005
Authentication in conventional networks (like the Internet) is usually based upon something you know (e.g., a password), something you have (e.g., a smartcard) or something you are (biometrics). In mobile ad-hoc networks, location information can also be used to authenticate devices and users. We will focus on how a prover can securely show that (s)he is within a certain distance to a verifier. Brands and Chaum proposed the distance bounding protocol as a secure solution for this problem. However, this protocol is vulnerable to a socalled "terrorist fraud attack". In this paper, we will explain how to modify the distance bounding protocol to make it resistant to this kind of attacks. Recently, two other secure distance bounding protocols were published. We will discuss the properties of these protocols and show how to use it as a building block in a location verification scheme.
How to Bootstrap Security for Ad-Hoc Network: Revisited
IFIP Advances in Information and Communication Technology, 2009
There are various network-enabled and embedded computers deployed around us. Although we can get enormous conveniences by connecting them together, it is difficult to securely associate them in an ad-hoc manner. The difficulties originate from authentication and key distribution problems among devices that are strangers to each other. In this paper, we review the existing ways of initiating secure communication for ad-hoc network devices, and propose another solution. Exploiting Pairing-based cryptography and the notion of location-limited channel, the proposed solution bootstraps security conveniently and efficiently. Further, it supports ownership enforcement and key-escrow.
Design a secure composite key-management scheme in Ad-Hoc Networks using Localization
2009
Summary A mobile Ad-Hoc network is a collection of wireless mobile nodes, dynamically forming a temporary network without the use of any existing network infrastructure or centralized Administra- tion. Providing security support for mobile Ad-Hoc networks is hard to achieve due to the vulnerability of the links, the limited physical protection of the nodes, and also this fact that wireless networks are susceptible to attacks ranging from passive eavesdropping to active interfering and also mobile users demand "anywhere, anytime" services. In this paper, we present a new Composite Key Management scheme in Ad-Hoc networks. our approach works to decrease complexity of PKI in traditional public-key certificated-based systems and securely improves key-revocation and key-renewal approaches in ID-based systems. in this approach third trusted party (TTP), in which gives offline secret shared-key to each user, securely generates users private key( like PKG in ID-based systems) and ...
Efficient Anonymous Key Exchange Protocol for Roaming in Wireless Networks
2018
Group signature schemes existentially provide anonymity, non-repudiation and can make a mobile device untraceable. But using group signature only in designing anonymous key exchange system is time wasting and consumes much of other computing resources hence the use of it must be minimal especially when deployed on resources-constrained mobile devices. In .this paper, we propose the combined use of group signature because of its inherent security properties which are very important when a mobile user roams in the insecure wireless network and message authentication code to reduce the huge computational burden occasioned by group signature’s expensive public key operations resulting in unbearable authentication latency. In this paper, we built two authenticators, a signature based authenticator and a message authentication code based authenticator. These models are based on the Canetti-Krawczyk model. We implemented the design using Java 8 on Android Studio 2.2 and tested it on Genymo...
A Secure Wireless Communication Protocol using Diffie - Hellman Key Exchange
International Journal of Computer Applications, 2015
In 1976, Diffie and Hellman in their path breaking paper [5] proposed a two party key agreement protocol based on finite field. Diffie-Hellman Key Exchange Protocol [DH protocol] has unique importance in two party wireless communication scenarios. After this protocol several protocols have been proposed bases on DH protocol but the Man in the middle attack raises a serious security concern on this protocol. Researchers have been working to overcome this security concern to design a new protocol. This paper proposes an authenticated key agreement protocol which is secure against Man in the middle attack. The authors also prove security issues of this protocol.
Information Security Journal: A Global Perspective A secure and privacy-preserving lightweight authentication protocol for wireless communications
In wireless networks, seamless roaming allows a mobile user (MU) to utilize its services through a foreign server (FS) when outside his home server (HS). However, security and efficiency of the authentication protocol as well as privacy of MUs are of great concern to achieve an efficient authentication protocol. Conventionally, authentication involves the participation of three entities (MU, HS, and FS); however, involving an HS in the authentication process incurs heavy computational burden on it due to huge amount of roaming requests. Moreover, wireless networks are often susceptible to various forms of passive and active attacks. Similarly, mobile devices have low processing, communication, and power capabilities. In this paper, we propose an efficient, secure, and privacy-preserving lightweight authentication protocol for roaming MUs in wireless networks without engaging an HS. The proposed authentication protocol uses unlinkable pseudo-IDs and lightweight time-bound group signature to provide strong user anonymity, and a cost-effective cryptographic scheme to achieve security of the authentication protocol. Similarly, we implement a better billing system for MUs and a computationally efficient revocation scheme. Our analysis shows that the protocol has better performance than other related authentication protocols in wireless communications in terms of security, privacy, and efficiency.
Novel and Secure Protocol for Trusted Wireless Ad-hoc Network Creation
JETIR2303246, 2023
In order to share the initial data and the secret keys that will be used to encrypt the data, a secure protocol is presented in this research for spontaneous wireless ad hoc networks that leverages a hybrid symmetric/asymmetric scheme and the trust between users. Users' confidence in one another is established through their initial physical interaction. Our proposed solution is an end-to-end self-configuring secure protocol that can set up the network and provide secure services independently of any preexisting physical or virtual infrastructure. In a protected setting, users are able to pool resources and provide one other with access to innovative services. All necessary features for functioning independently are built within the protocol. We have created and refined it in low-powered devices. Communication, protocol messages, and network management, as well as the various processes involved in the formation of a network, are all broken down and described. Our solution is already in place, and is being used to evaluate the protocol's functionality and efficiency. Finally, we offer a security analysis of the system and compare the protocol to other protocols used in spontaneous ad hoc networks to emphasise its unique qualities.
Local Broadcast and Transitive Authentication Based Key Establishment Scheme for Wireless Ad-hoc Network
A wireless ad-hoc network is an autonomous system that is made up of collaborative mobile nodes. Nodes in wireless ad-hoc networks have limited capabilities. The communication security in these networks is commonly based on cryptographic techniques which are based on shared secret keys. The procedure for creating such a common secret for a group of communicating entities is called group key management. Due to the salient nature of the network implementing a secure and efficient key management is a challenging task and is vulnerable to man in the middle (MITM) attack. In this paper we proposed a key management scheme which is based on both key agreement and key transport algorithms. It is also based on local broadcast which means that nodes are allowed to exchange the key establishment protocol messages with only its immediate neighbors, during the setup phase, using local broadcast. This prevents MITM attack. These groups of immediate neighbors agree on a common key using the proposed transitive authentication technique. The proposed scheme support dynamic membership operation and consider the dynamic behavior of the network topology.
Securing Mobile Ad Hoc Networks with Certificateless Public Keys
This paper studies key management, a fundamental problem in securing mobile ad hoc networks (MANETs). We present IKM, an ID-based key management scheme as a novel combination of ID-based and threshold cryptography. IKM is a certificateless solution in that public keys of mobile nodes are directly derivable from their known IDs plus some common information. It thus eliminates the need for certificate-based authenticated public-key distribution indispensable in conventional public-key management schemes. IKM features a novel construction method of ID-based public/private keys, which not only ensures high-level tolerance to node compromise, but also enables efficient network-wide key update via a single broadcast message. We also provide general guidelines about how to choose the secret-sharing parameters used with threshold cryptography to meet desirable levels of security and robustness. The advantages of IKM over conventional certificate-based solutions are justified through extensive simulations. Since most MANET security mechanisms thus far involve the heavy use of certificates, we believe that our findings open a new avenue towards more effective and efficient security design for MANETs.
Mutual Authentication and Key Exchange Protocols for Roaming Services in Wireless Mobile Networks
IEEE Transactions on Wireless Communications, 2006
Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved.
Secure and efficient key management in mobile ad hoc networks
Journal of Network and Computer Applications, 2007
Secure Public Key Protocol for Ad-Hoc Wireless Networks
2012
As part of the security within distributed systems, various services and resources need protection from unauthorized use. Remote authentication is the most commonly used method to determine the identity of a remote client. This paper investigates a systematic approach for authenticating clients by three factors, namely password, smart card, and biometrics. A generic and secure framework is proposed to upgrade two-factor authentication to three-factor authentication. In multi hop wireless networks, selfish nodes do not relay other nodes’ packets and make use of the cooperative nodes to relay their packets, which has negative impact on the network fairness and performance. Incentive protocols use credits to stimulate the selfish nodes’ cooperation, but the existing protocols usually rely on the heavyweight public-key operations to secure the payment. In this paper, we propose secure cooperation incentive protocol that uses the public-key operations only for the first packet in a serie...
A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks
This paper presents a new public key distribution scheme adapted to ad hoc networks called TAKES for Trustful Authentication and Key Exchange Scheme. Its originality lies in performing authentication and key distribution with no need for a trusted authority or access to any infrastructure-based network, thanks to the use of Cryptographically Generated Addresses. Moreover the solution is very convenient having a simple operational mode at no extra hardware cost. TAKES aims to build a trust association between a person, his/her communicating device, the IP address of the device, and his/her public key. As a direct result, new security functions like associating a misbehaving node to its owner, securing end-toend communications through tunnels, or even implementing a light naming system can be enabled on top of ad hoc networks. TAKES is formally proven using BAN logic and a proof-ofconcept implementation demonstrates its feasibility within ad hoc networks.
An Efficient Secure Key Management in Mobile Ad Hoc Networks
In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge in this unique network en-vironment. Usually cryptography techniques are used for secure communications in wired and wireless networks. The asymmetric cryptography is widely used
UGSP: Authentication based secure protocol for AD-HOC networks
e-Business and Telecommunication Networks, 2006
A wireless ad-hoc network is a collection of mobile nodes with no fixed infrastructure. Security in such networks poses serious challenges due to (i) the network connectivity could be intermittent and hence on-line authentication is not guaranteed, and (ii) susceptible to wide range of attacks due to broadcast communication and large scale number of users. In this paper, we propose a security protocol, called UGSP, for wireless ad-hoc networks using a tamper-proof hardware. We show that the proposed protocol fits well with the resurrecting duckling security paradigm (Stajano and Anderson, 1999). Once the hardware is imprinted for authentication, UGSP is robust to man-in-the-middle attack, passive eavesdropping, active impersonation attacks ensuring source authentication, data confidentiality and data integrity for communication amongst nodes with identically configured hardware. The system is amenable to dynamic addition of new members whose hardware has also been imprinted with authentication information. We provide a comparative evaluation of UGSP with other approaches and show that UGSP is scalable and cost-effective.
Proximity-Based Security Techniques for Mobile Users in Wireless Networks
IEEE Transactions on Information Forensics and Security, 2013
In this paper, we propose a privacy-preserving proximity-based security system for location-based services (LBS) in wireless networks, without requiring any pre-shared secret, trusted authority or public key infrastructure. In this system, the proximity-based authentication and session key establishment are implemented based on spatial temporal location tags. Incorporating the unique physical features of the signals sent from multiple ambient radio sources, the location tags cannot be easily forged by attackers. More specifically, each radio client builds a public location tag according to the received signal strength indicators (RSSI), sequence numbers and MAC addresses of the ambient packets. Each client also keeps a secret location tag that consists of the packet arrival time information to generate the session keys. As clients never disclose their secret location tags, this system is robust against eavesdroppers and spoofers outside the proximity range. The system improves the authentication accuracy by introducing a nonparametric Bayesian method called infinite Gaussian mixture model in the proximity test and provides flexible proximity range control by taking into account multiple physical-layer features of various ambient radio sources. Moreover, the session key establishment strategy significantly increases the key generation rate by exploiting the packet arrival time of the ambient signals. The authentication accuracy and key generation rate are evaluated via experiments using laptops in typical indoor environments. I. INTRODUCTION The pervasion of smartphones and social networks has boosted the rapid development of location-based services (LBS), such as the request of the nearest business and the location-based mobile advertising. Reliable and secure location-based services demand secure and accurate proximity tests, which allow radio users and/or service providers to determine whether a client is located within the same geographic region [1]-[4]. In order to support the business or financial oriented LBS services, proximity tests have to provide location privacy protection and location unforgeability [5]-[9]. Consequently, privacy-preserving proximity tests have recently drawn considerable research attention [10]-[16]. Based
Related topics
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.