1

A few challenges in security & privacy in the context of

ubiquitous computing

Gene TsudikSCONCE: Secure Computing and

Networking CenterUC Irvine

http://sconce.ics.uci.edu/06/13/2005

2

Some Challenges• Location privacy, network

unobservability and location verification

• Distributed decision-making in MANETs• Privacy-preserving authentication and

authorization • Secure data and tag aggregation • Device pairing with varying degrees of

human intervention

3

Objective:A set of practical, robust and secure techniques for distributed decision-making in multi-hop MANETs. Employ (and design) state-of-the-art (threshold and proactive) cryptographic methods to construct protocols for distributed admission and eviction of nodes in a MANET. Implement in a general-purpose toolkit & integrate with sample applications; experiment with limited deployment scenarios.

Secure Membership Control in MANETs

http://sconce.ics.uci.edu/gac

Technical Approach: •Architecture: consider security needs of various applications.

•Short-lived versus long-lived MANETs/groups•Interaction with outside: closed vs open groups•Is non-repudiation needed?•Is communication pair-wise or group-wise?

• RSA doesn’t work• DSA, Schnorr, ID-based techniques for long-lived groups• Bivariate polynomial secret sharing for short-lived groups

Why is Membership Control Hard?

No omni-present centralized/trusted authority Dynamic topology Sporadic connectivity Frequent outages/failures New nodes can “appear” at any time, esp. in a battlefield setting Trust in nodes is ephemeral, e.g., captured nodes/units must be evicted from network

Membership control is the foundation of all security features/services in a MANET

4

Some Recent Results:

An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol, Stanislaw Jarecki, Nitesh Saxena and Jeong H. Yi, ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN), October 2004.

Identity-based Access Control for Ad Hoc Groups, Nitesh Saxena, Gene Tsudik and Jeong H. Yi, International Conference on Information Security and Cryptology (ICISC), December 2004.

Futher Simplifications in Proactive RSA Signature Schemes, Stanislaw Jarecki and Nitesh Saxena, Theory of Cryptography Conference (TCC), February 2005.

Efficient Node Admission for Short-Lived MANETsNitesh Saxena, Gene Tsudik and Jeong H. Yi, in submission.

5

Privacy-preserving Authentication and Authorization

A few basic concepts:• Oblivious Envelopes

– Alice is an informant, has secret info for police– Bob claims to be a cop, doesn’t want to show his credentials – See, e.g., Li, et al. PODC’03

• Secret Handshakes – Alice wants to talk to Bob iff Bob is a CIA agent– Bob wants to talk to Alice iff Alice is a CIA agent– Must be unobservable to others, anonymous, unlinkable– Generalizable to groups?– See, e.g., Balfanz, et al. S&P’03, Castelluccia, et al. AC’04

• Privacy-Preserving Trust Negotiation (Hidden Credentials)– Alice wants to access one of Bob’s resources– Bob doesn’t want to divulge his access control policies – More generally, Alice has many credentials; doesn’t want Bob to

know them; as long as at least one satisfies one of Bob’s policies– See, e.g., Bradshaw et al. CCS’04

6

Secure Data and Tag Aggregation

• Data Aggregation: how to reduce bw if only interested in statistical values?– E.g., in sensor nets and MANETs

• Tag Aggregation: how to reduce bw consumed by multiple MACs, signatures, etc?– E.g., in reliable multicast, sensor nets, MANET routing, etc.

• Aggregated MACs are easy, but…• Aggregated signatures by same signer are cheap

(e.g., RSA)• Aggregated signatures by different signers are

viable but expensive (e.g., BLS ID/pairing-based)• Some require partial interaction, e.g., Schnorr-

based ASM

7

Some Recent Results:

Securing Route Discovery in DSR.Jihye Kim and Gene TsudikIEEE Mobiquitous, July 2005.

Secure and Robust Acknowledgement AggregationClaude Castelluccia, Stas Jarecki and Gene TsudikSecurity in Computer Networks (SCN).September 2004.

Aggregation of Encrypted Data in WSNsClaude Castelluccia, Einar Mykletun and Gene TsudikIEEE MobiquitousJuly 2005.

Authentication and Integrity for Outsourced DataMaithili Narasimha, Einar Mykletun and Gene TsudikNetwork and Distributed System Security (NDSS)February 2004.

8

Secure Device Pairing

• Two devices must be securely paired on-the-fly

• No prior association• No specialized connection• No common PKI authentication irrelevant• Involving human as an aid

– E.g., “Seeing-is-believing” (S&P’05) or “Shake-them-up” (Mobihoc’05)

• What if we want to pair more than 2 devices?

9

The end…