Refik Molva

Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks

Countermeasures for node misbehavior and selfishness are mandatory requirements in MANET. Selfishness that causes lack of node activity cannot be solved by classical security means that aim at verifying the correctness and integrity of an operation. We suggest a generic mechanism based on reputation to enforce cooperation among the nodes of a MANET to prevent selfish behavior. Each network entity keeps track of other entities’ collaboration using a technique called reputation. The reputation is calculated based on various types of information on each entity’s rate of collaboration. Since there is no incentive for a node to maliciously spread negative information about other nodes, simple denial of service attacks using the collaboration technique itself are prevented. The generic mechanism can be smoothly extended to basic network functions with little impact on existing protocols.

Systematic design of a family of attack-resistant authentication protocols

Most existing designs for two-way cryptographic authentication protocols suffer from one or more limitations. Among other things, they require synchronization of local clocks, they are subject to export restrictions because of the way they use cryptographic functions, and they are not amenable to use in lower layers of network protocols because of the size and complexity of messages they use. Designing suitable cryptographic protocols that cater to large and dynamic network communities but do not suffer from these problems presents substantial problems. It is shown how a few simple protocols, including one proposed by ISO, can easily be broken, and properties that authentication protocols should exhibit are derived. A methodology for systematically building and testing the security of a family of cryptographic two-way authentication protocols that are as simple as possible yet resistant to a wide class of attacks, efficient, easy to implement and use, and amenable to many different networking environments is described. Examples of protocols of that family that presents various advantages in specific distributed system scenarios are discussed. >

Computer Security – ESORICS 2004

Constraints are an integral part of access control policies. Depending upon their time of enforcement, they are categorized as static or dynamic; static constraints are enforced during the policy compilation time, and the dynamic constraints are enforced during run time. While there are several logic-based access control policy frameworks, they have a limited power in expressing and enforcing constraints (especially the dynamic constraints). We propose dynFAF, a constraint logic programming based approach for expressing and enforcing constraints. To make it more concrete, we present our approach as an extension to the flexible authorization framework (FAF) of Jajodia et al. [17]. We show that dynFAF satisfies standard safety and liveliness properties of a safety conscious software system.

Privacy preserving social networking through decentralization

The recent surge in popularity of on-line social network applications raises serious concerns about the security and privacy of their users. Beyond usual vulnerabilities that threaten any distributed application over Internet, on-line social networks raise specific privacy concerns due their inherent handling of personal data. In this paper we point to the centralized architecture of existing on-line social networks as the key privacy issue and suggest a solution that aims at avoiding any centralized control. Our solution is an on-line social network based on a peer-to-peer architecture. Thanks to its fully distributed nature, the peer-to-peer architecture inherently avoids centralized control by any potentially malicious service provider. In order to cope with the lack of trust and lack of cooperation that are akin to peer-to-peer systems and to assure basic privacy among the users of the social network, our solution leverages the trust relationships that are part of the social network application itself. Privacy in basic data access and exchange operations within the social network is achieved thanks to a simple anonymization technique based on multi-hop routing among nodes that trust each other in the social network. Similarly cooperation among peer nodes is enforced based on hop-by-hop trust relationships derived from the social network.

KryptoKnight Authentication and Key Distribution System

This paper describes KryptoKnight, an authentication and key distribution system that provides facilities for secure communication in any type of network environment. KryptoKnight was designed with the goal of providing network security services with a high degree of compactness and flexibility. Message compactness of KryptoKnights protocols allows it to secure communication protocols at any layer, without requiring any major protocol augmentations in order to accommodate security-related information. Moreover, since KryptoKnight avoids the use of bulk encryption it is easily exportable. Owing to its architectural flexibility, KryptoKnight functions at both endpoints of communication can perform different security tasks depending on the particular network configuration. These and other novel features make KryptoKnight an attractive solution for providing security services to existing applications irrespective of the protocol layer, network configuration or communication paradigm.

Untraceability in mobile networks

User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user’s reai identity during the authentication process, or other procedures specific to mobile networks. Such disclosure allows an unauthorized third-party to track the m.obile user’s movements and current whereabouts. Depending ou the context, access to auy information related to a mobile user’s location without his consent can be a serious violation of his privacy. This new issue might be seen as a conflicting requirement with respect to authentication: untraceability requires hiding the user’s identity while authentication requires the user’s identity to be revealed in order to be proved. What is needed is a single mechanism reconciling both authentication and privacy of a mobile user’s identification. The basic :solution to this problem is the use of uliases. Aliases insure untraceability by hiding the user’s real identity as well as his relationship with domain authorities. In this paper, we present a classification scheme to identify the various degrees of untraceability requirements. We then present an efficient method for the computation of aliases and apply It to a new set of inter-domain authentication protocols. We demonstrate that these protocols can be designed to meet various degrees of untraceability requirements. In designing these protocols, we try to avoid the drawbacks of authentication protoc:ols in existing mobile network architectures such as CDPD and GSM.

The KryptoKnight family of light-weight protocols for authentication and key distribution

An essential function for achieving security in computer networks is reliable authentication of communicating parties and network components. Such authentication typically relies on exchanges of cryptographic messages between the involved parties, which in turn implies that these parties be able to acquire shared secret keys or certified public keys. Provision of authentication and key distribution functions in the primitive and resource-constrained environments of low-function networking mechanisms, portable, or wireless devices presents challenges in terms of resource usage, system management, ease of use, efficiency, and flexibility that are beyond the capabilities of previous designs such as Kerberos or X.509. This paper presents a family of light-weight authentication and key distribution protocols suitable for use in the low layers of network architectures. All the protocols are built around a common two-way authentication protocol. The paper argues that key distribution may require substantially different approaches in different network environments and shows that the proposed family of protocols offers a flexible palette of compatible solutions addressing many different networking scenarios. The mechanisms are minimal in cryptographic processing and message size, yet they are strong enough to meet the needs of secure key distribution for network entity authentication. The protocols presented have been implemented as part of comprehensive security subsystem prototype called KryptoKnight. >

IDAMN: an intrusion detection architecture for mobile networks

We present IDAMN (intrusion detection architecture for mobile networks), a distributed system whose main functionality is to track and detect mobile intruders in real time. IDAMN includes two algorithms which model the behavior of users in terms of both telephony activity and migration pattern. The main novelty of our architecture is its ability to perform intrusion detection in the visited location and within the duration of a typical call, as opposed to existing designs that require the reporting of all call data to the home location in order to perform the actual detection. The algorithms and the components of IDAMN have been designed in order to minimize the overhead incurred in the fixed part of the cellular network.

Non-cooperative forwarding in ad-hoc networks

A wireless Ad-hoc network is expected to be made up of energy aware entities (nodes) interested in their own perceived performance. An important problem in such a scenario is to provide incentives for collaboration among the participating entities. Forwarding packets of other nodes is an example of activity that requires such a collaboration. However, it may not be in interest of a node to always forward the requesting packets. At the same time, not forwarding any packet may adversly affect the network functioning. Assuming that the nodes are rational, i.e., their actions are strictly determined by their self-interest, we view the problem in framework of non-cooperative game theory and provide a simple punishing mechanism considering end-to-end performance objectives of the nodes. We also provide a distributed implementation of the proposed mechanism. This implementation has a small computational and storage complexity hence is suitable for the scenario under consideration.

Analysis of coalition formation and cooperation strategies in mobile ad hoc networks

This paper focuses on the formal assessment of the properties of cooperation enforcement mechanisms used to detect and prevent selfish behavior of nodes forming a mobile ad hoc network. In the first part, we demonstrate the requirement for a cooperation enforcement mechanism using cooperative game theory that allows us to determine a lower bound on the size of coalitions of cooperating nodes. In the second part, using non-cooperative game theory, we compare our cooperation enforcement mechanism CORE to other popular mechanisms. Under the hypothesis of perfect monitoring of node behavior, CORE appears to be equivalent to a wide range of history-based strategies like tit-for-tat. Further, adopting a more realistic assumption taking into account imperfect monitoring due to probable communication errors, the non-cooperative model puts in evidence the superiority of CORE over other history-based schemes.