A secure protocol for Spontaneous Wireless Ad Hoc Networks Creation

A Secure Protocol forSpontaneous Wireless

Ad Hoc Networks Creation

SAHIL BAJAJ RAGHVENDRA YADAV

Ad-Hoc Networks

In Latin, ad hoc means “for this purpose only” An ad-hoc network is a small network, in which some of

network devices are part of the network that are part of network only for short duration

Peer to peer communication by use of Wi-Fi and Bluetooth technology

Devices or nodes in the network are mobile in nature The wireless hosts in such networks, communicate with each

other without the existing of a fixed infrastructure and without a central control

Ad Hoc Networks

Wireless Network Topology

Characteristics

No Infrastructure needed Can be deployed quickly, where there is no wireless

communication infrastructure present Can act as an extension to an existing networks Cost effective Nodes are mobile and hence have dynamic network topology Nodes in ad hoc network play role of both router and terminal It is self-configuring

Multi hop communication

May need to traverse multiple links to reach destination Mobility causes route change

Examples

Classroom Ad hoc network between student PDAs and workstation of

the instructor Large IT campus

Employees of a company moving within a large campus with PDAS, laptops and cell phones

Disaster response A mobile network as big as needed

Vehicles Communicating with other vehicles for safety purpose

Protocol

Creates a network which allows sharing resources and offering new services among users

Protocol includes all functions needed to operate without any external support

Provides access to information anywhere, user friendliness, and easy deployment

Builds a network consisting of mobile nodes that can communicate with each other, share resources, services during a limited period of time and in a limited space

Have little or no dependence on a centralized administration

Enables the user to have instant service without any external infrastructure

Services in spontaneous networks depend significantly on network size, the nature of the participating nodes and running applications

Tasks to be performed include: user identification, their authorization, address assignment, and safety

Energy constraints, node variability, and bandwidth limitations mandate the design

Existing methods are not enough because they need an initial configuration (i.e., network configuration) or external authorities (for example, central authorities)

The network and protocol proposed can establish a secure self-configured environment for distribution of data and sharing of resources and services among users.

A user is able to join the network because he/she knows someone that belongs to it, and hence in this way the certification authority is distributed between the users that trust the new user

The network management is also distributed, which allows the network to have a distributed name service

A mechanism is suggested which allows nodes to check the authenticity of their IP addresses while not generating duplicated IP addresses.

Asymmetric cryptography is applied for device identification , where each device has a public-private key pair and symmetric cryptography to exchange session keys between nodes

Secure Spontaneous Network

Network members and services may vary because devices are free to join or leave the network

Steps for the creation of a network 1. Joining Procedure 2. Services Discovery 3. Establishing trusted chain and changing trust level

Joining Procedure System is based on the use of an IDentity Card (IDC) and a

certificate IDC contains public and private components Public component contains a Logical Identity (LID), which is

unique for each user and allows nodes to identify it LID includes information such as name, photograph, user’s public

key (Ki), the creation and expiration dates, an IP proposed by the user, and the user signature

The user signature is generated using the Secure Hash Algorithm (SHA-1) on the previous data to obtain the data summary

Data summary is signed with the user’s private key Private component contains the private key (ki)

Certificate Cij of the user i consists of a validated IDC, signed by a user j that gives its validity No central certification authority is used to validate IDC The certification authority for a node could be any of the trusted nodes All nodes can be both clients and servers, can request or serve

requests for information or authentication of other nodes The first node creates the spontaneous network and generates a

random session key, which will be exchanged with new nodes after the authentication phase

When node B wants to join an existing network, it must choose a node within communication range to authenticate with(e.g., node A) A will send its public key Then, B will send its IDC signed by A’s public key Next, A validates the received data Finally, A will send its IDC data to B This data will be signed by B’s public key will validate A’s IDC and will

establish the trust If A does not reply to the joining request, B must select another

network node (if one exists)

Symmetric key is used as a session key to cipher the confidential messages between trust nodes

It has less energy requirements than the asymmetric key The asymmetric key encryption scheme is used for distribution

of the session key and for the user authentication process

Services discovery

A user can ask other devices in order to know the available services.

It has an agreement to allow access to its services and to access the services offered by other nodes

The fault tolerance of the network has to be maintained Services provided by B are available only if there is a path to

B, and disappear when B leaves the network

Establishing trusted chain and changing trust level

There are only two trust levels Node A either trusts node B Node A does not trust node B.

If node A do not establish trust level with node B directly, it can be established through trusted chains If A trusts C and C trusts B, then A may trust B

Trust relationship can be asymmetric Trust level can change over time

Node A may decide not to trust node B although A still trusts C and C trusts B

It can also stop trusting if it discovers that previous trust chain does not exist anymore

Protocol and Network Management

Avoids the need for a central server, making the tasks of building the network and adding new members very easy

Each node is identified by an IP address Services are shared using TCP connections Short-range technology (Bluetooth) is used to allow

authentication of nodes when they join the network After the authentication process, each node learns the public

information about other nodes

Depending on the type of service, each node requests the services From all the nodes that it trusts From all nodes in the network

Request to multiple nodes is made through diffusion processes Protocol prioritizes access to information through trusted nodes When the information cannot be obtained through these nodes, it

can then ask other nodes Nodes may request information from other nodes

The node replying to this request must sign this data ensuring the authenticity

Network Creation

The first node in the network will be responsible for setting the global settings of the spontaneous network (SSID, session key, ...)

Each node must configure its own data (including the first node) such as IP, port, user data

This information will allow the node to become part of the network

After this data are set in the first node, it changes to standby mode

The second node first configures its user data

Then, the greeting process starts Find a device that will give trust to it The node that belongs to the network, and is responsible for

validating the new node’s data, will perform a diffusion process These nodes will forward the received packets to their neighbours

until the data reach all nodes in the network This process verifies uniqueness of the new node’s data It authenticates against the first node

Each additional node authenticates with any node in the network

Illustration Steps for authentication of new device B

The receiver node A validates the received data It then sends a broadcast message to check if these data are not

used in the network (even the IP address) This IP checking packet is sent randomly to all devices When the authentication device receives the IP checking reply, it

sends the authentication reply to the new device If any step is wrong, an error message is sent to the new device When the node is authenticated, it is able to perform several tasks

Tasks performed by authenticated node

The authenticated node can perform the following tasks Display nodes Modify trust of nodes Update the information

• Allows a node to learn about other nodes in the network• update could be for only one user or for all users in the network

Process an authentication request• Reply to an information request requested information will be sent

directly to the requesting node or routed if the node is not on the communication range

Forward an information request• The request will be forwarded if it is a broadcast message

Send data to one node• It can be sent symmetrically or asymmetrically encrypted, or

unencrypted Send data to all nodes

• Done by flooding system• It can be sent symmetrically encrypted or unencrypted

Leave the network

Protocol Implementation

Developed 16 packets for the proper running of the protocol To join a spontaneous network start the process by sending a

Discovery request packet (01) Contains the Logical IDentity of the user in order to let the destinations

know the sender device Receivers will reply with the Discovery reply packet (02)

Contains Logical Identity and their IP address Authentication request packet (03) - used for the new device

authentication

Authentication reply packet (04) - confirms that the proposed IP and the email are unique, so the new device is authenticated

In case of duplication - error packet sent IP and e-mail checking packet (05) – used by the authenticator

device verifies that no one in the network has the same email or IP

address as the one proposed by the new device IP and e-mail checking reply packet (06) - sent to

authenticator device verify that the IP and e-mail are unique

If IP is duplicated, device must restart the authentication process after the generation of a new IP

Update request to one node (07) - to request information to a specific known node

Update reply from one node (08) - to reply with information requested by update request packet to one node

Update request to all network nodes packet(09) – request made from all nodes in the network, by flooding

Update reply to all network nodes packet (10) - reply with the information requested

Certificate request to trusted nodes (11) - request the certificate from all trusted nodes

Certificate request to known nodes (12) - request the certificate from all known nodes

Certificate reply packet (13) – Reply to above two packets Data are sent using the Packet for sending data (14) Error packet (15) - to indicate that this operation is not

possible Authentication has failed Node does not have the required data

Acknowledge packet(16) - to confirm to sender that the packet has arrived at its destination correctly

ID Packet Name Description

01 P_DISCOVERY Discovery request 02 R_DISCOVERY Discovery reply03 P_AUTHENT Authentication request04 R_AUTHENT Authentication reply05 P_IP IP and Email checking06 R_IP Ip and Email checking reply07 P_ACTUALIZA Update request to one node08 R_ACTUALIZA Update request from one node09 P_BROADCAST Update request to all network node10 R_BROADCAST Update reply to all network node11 P_NODO_CONF Certificate request to trusted node12 P_NODO Certificate request to known node13 R_NODO Certificate reply14 P_DATOS Packet for sending data1516

P_ERRORP_ACK

ErrorAcknowledge

Session Key Revocation

Session key has an expiration time, so it is revoked periodically

A node that leaves the spontaneous network will keep the session key until it expires

It will let the user return to the network if it has joined previously(the spontaneous network is usually set up for a limited period of time)

However, if a node is disconnected from the network during the period of time when the session key has been renewed, it will not be able to access the network until it is authenticated again with someone from the network

PERFORMANCE ANALYSIS

Java programming Protocol may work on devices with limited resources, Java 2

Platform, Micro Edition (J2ME) is used Also has a small and fast virtual machine (KVM) that allows us

to run the software without overloading the device Devices must have a minimum of 160 KB memory to store

theJava technology stack It can run when there are computing and process limitations,

and for low-power devices Allows the implementation of communication protocols over

both WiFi and Bluetooth technologies

CONCLUSION

We show the design of a protocol that allows the creation and management of a spontaneous wireless ad hoc network

A user without advanced technical knowledge can set up and participate in a spontaneous network

Storage and volatile memory needs are quite low and the protocol can be used in regular resource-constrained devices (cell phones, PDAs...)

References

[1].Raquel Lacuesta, Jaime Lloret, Miguel Garcia, Lourdes Pen ˜alver , “A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 24, NO. 4, APRIL 2013

[2]. https://en.wikipedia.org/wiki/Wireless_ad_hoc_network [3]. https://www.youtube.com/watch?v=Jmfd4KPGPp0 [4]. http://www.cs.jhu.edu/~cs647/intro_adhoc.pdf