Upload
lillian-caldwell
View
217
Download
0
Embed Size (px)
Citation preview
A Study on Certificate Revocation in Mobile Ad Hoc Networks Wei Liu, Hiroki Nishiyama,Nirwan Ansari & Nei Kato ICC 2011
Nadia Adem 10/27/2014
Attacks in MANEN• Self-organized • Wireless • Dynamic
Security attacks
Certificates
Isolation
Promptly
Accurately Revoked Accused
Outline• Some MANETS security schemes• Clustering-based scheme• Scheme main idea • The way it works• Issues • Performance Analysis• Contributions• Weak aspects
• Summary
MANET Security Schemes
• Certificate control approach-CA • Digital certificate expires • Valid certificate nodes- certificates revoked
• Voting-based scheme- NO CA• Nodes vote - variable weight• Ticket revoked
• Suicide-based approach- NO CA• Node sacrifice itself
Clustering-based Scheme
False Accusation
Malicious Attack
Overhead communications
Time
How does it work?
CA
CM2
CH
CM1CM2CH CM1
CM2CM1
ADP CRP
CM2CH CM1
CM3
detect false
accusations
Quick revocation/recoverySmall overheadResolve false accusation/recovery
Issues and SolutionsAccuser nodes Warned
Recovery
requester
Can not accuse
Node Release Method
• Threshold approach• Accuser in warning list till K nodes or more accuse the accused
node
AccuserMISBEHAVING
LEGITIMATE
Performance EvaluationSimulation Parameters
Parameter Value
Number of nodes 50 normal nodes and 10 - 60 malicious nodes
Mobility model Random-Waypoint
Node placement Random
Routing protocol AODV
Pause time 5 sec
Transmission range 250 m
Terrain dimensions 1 km2
Performance Evaluation
Performance Evaluation
Node release threshold sch. Applied Not applied
Performance Evaluation
False accusations
Threshold
Detection time
Contributions • Quickly revoke certificates of accused nodes • Distinguish false accusation• Restore a node’s accusation ability
Weak Aspects• Existence of CA• Threshold determination
• Malicious nodes communicate with all other nodes in the cluster!
Summary• Security Scheme for MANETs • Certificate revocation scheme • Advantages• Performance • shortcoming