Measures of Dispersion and Variability: Range, QD, AD and SD
A secure protocol for Spontaneous Wireless Ad Hoc Networks Creation
1. A Secure Protocol for
Spontaneous Wireless Ad
Hoc Networks Creation
SAHIL BAJAJ
RAGHVENDRA YADAV
2. Ad-Hoc Networks
In Latin, ad hoc means “for this purpose only”
An ad-hoc network is a small network, in which some of network
devices are part of the network that are part of network only for short
duration
Peer to peer communication by use of Wi-Fi and Bluetooth technology
Devices or nodes in the network are mobile in nature
The wireless hosts in such networks, communicate with each other
without the existing of a fixed infrastructure and without a central
control
4. Characteristics
No Infrastructure needed
Can be deployed quickly, where there is no wireless communication
infrastructure present
Can act as an extension to an existing networks
Cost effective
Nodes are mobile and hence have dynamic network topology
Nodes in ad hoc network play role of both router and terminal
It is self-configuring
5. Multi hop communication
May need to traverse multiple links to reach destination
Mobility causes route change
6. Examples
Classroom
Ad hoc network between student PDAs and workstation of the
instructor
Large IT campus
Employees of a company moving within a large campus with PDAS,
laptops and cell phones
Disaster response
A mobile network as big as needed
Vehicles
Communicating with other vehicles for safety purpose
7. Protocol
Creates a network which allows sharing resources and offering new
services among users
Protocol includes all functions needed to operate without any external
support
Provides access to information anywhere, user friendliness, and easy
deployment
Builds a network consisting of mobile nodes that can communicate
with each other, share resources, services during a limited period of
time and in a limited space
Have little or no dependence on a centralized administration
8. Enables the user to have instant service without any external
infrastructure
Services in spontaneous networks depend significantly on network
size, the nature of the participating nodes and running applications
Tasks to be performed include: user identification, their
authorization, address assignment, and safety
Energy constraints, node variability, and bandwidth limitations
mandate the design
Existing methods are not enough because they need an initial
configuration (i.e., network configuration) or external authorities (for
example, central authorities)
9. The network and protocol proposed can establish a secure self-configured
environment for distribution of data and sharing of resources and services
among users.
A user is able to join the network because he/she knows someone that
belongs to it, and hence in this way the certification authority is distributed
between the users that trust the new user
The network management is also distributed, which allows the network to
have a distributed name service
A mechanism is suggested which allows nodes to check the authenticity of
their IP addresses while not generating duplicated IP addresses.
Asymmetric cryptography is applied for device identification , where each
device has a public-private key pair and symmetric cryptography to exchange
session keys between nodes
10. Secure Spontaneous Network
Network members and services may vary because devices are free to
join or leave the network
Steps for the creation of a network
1. Joining Procedure
2. Services Discovery
3. Establishing trusted chain and changing trust level
11. Joining Procedure
System is based on the use of an IDentity Card (IDC) and a certificate
IDC contains public and private components
Public component contains a Logical Identity (LID), which is unique for
each user and allows nodes to identify it
LID includes information such as name, photograph, user’s public key (Ki),
the creation and expiration dates, an IP proposed by the user, and the
user signature
The user signature is generated using the Secure Hash Algorithm (SHA-1)
on the previous data to obtain the data summary
Data summary is signed with the user’s private key
Private component contains the private key (ki)
12. Certificate Cij of the user i consists of a validated IDC, signed
by a user j that gives its validity
No central certification authority is used to validate IDC
The certification authority for a node could be any of the trusted
nodes
All nodes can be both clients and servers, can request or serve
requests for information or authentication of other nodes
The first node creates the spontaneous network and generates
a random session key, which will be exchanged with new nodes
after the authentication phase
13. When node B wants to join an existing network, it must choose a node
within communication range to authenticate with(e.g., node A)
A will send its public key
Then, B will send its IDC signed by A’s public key
Next, A validates the received data
Finally, A will send its IDC data to B
This data will be signed by B’s public key will validate A’s IDC and will
establish the trust
If A does not reply to the joining request, B must select another
network node (if one exists)
14. Symmetric key is used as a session key to cipher the confidential
messages between trust nodes
It has less energy requirements than the asymmetric key
The asymmetric key encryption scheme is used for distribution of the
session key and for the user authentication process
15. Services discovery
A user can ask other devices in order to know the available services.
It has an agreement to allow access to its services and to access the
services offered by other nodes
The fault tolerance of the network has to be maintained
Services provided by B are available only if there is a path to B, and
disappear when B leaves the network
16. Establishing trusted chain and changing
trust level
There are only two trust levels
Node A either trusts node B
Node A does not trust node B.
If node A do not establish trust level with node B directly, it can be
established through trusted chains
If A trusts C and C trusts B, then A may trust B
Trust relationship can be asymmetric
Trust level can change over time
Node A may decide not to trust node B although A still trusts C and C trusts B
It can also stop trusting if it discovers that previous trust chain does not exist
anymore
17. Protocol and Network Management
Avoids the need for a central server, making the tasks of building the
network and adding new members very easy
Each node is identified by an IP address
Services are shared using TCP connections
Short-range technology (Bluetooth) is used to allow authentication of
nodes when they join the network
After the authentication process, each node learns the public
information about other nodes
18. Depending on the type of service, each node requests the services
From all the nodes that it trusts
From all nodes in the network
Request to multiple nodes is made through diffusion processes
Protocol prioritizes access to information through trusted nodes
When the information cannot be obtained through these nodes, it can
then ask other nodes
Nodes may request information from other nodes
The node replying to this request must sign this data ensuring the
authenticity
19. Network Creation
The first node in the network will be responsible for setting the global
settings of the spontaneous network (SSID, session key, ...)
Each node must configure its own data (including the first node) such
as IP, port, user data
This information will allow the node to become part of the network
After this data are set in the first node, it changes to standby mode
The second node first configures its user data
20. Then, the greeting process starts
Find a device that will give trust to it
The node that belongs to the network, and is responsible for validating
the new node’s data, will perform a diffusion process
These nodes will forward the received packets to their neighbours until
the data reach all nodes in the network
This process verifies uniqueness of the new node’s data
It authenticates against the first node
Each additional node authenticates with any node in the network
21. Illustration
Steps for authentication of new device B
The receiver node A validates the received data
It then sends a broadcast message to check if these data are not used in
the network (even the IP address)
This IP checking packet is sent randomly to all devices
When the authentication device receives the IP checking reply, it sends
the authentication reply to the new device
If any step is wrong, an error message is sent to the new device
When the node is authenticated, it is able to perform several tasks
22. Tasks performed by authenticated node
The authenticated node can perform the following tasks
Display nodes
Modify trust of nodes
Update the information
• Allows a node to learn about other nodes in the network
• update could be for only one user or for all users in the network
Process an authentication request
• Reply to an information request requested information will be sent directly to
the requesting node or routed if the node is not on the communication range
23. Forward an information request
• The request will be forwarded if it is a broadcast message
Send data to one node
• It can be sent symmetrically or asymmetrically encrypted, or unencrypted
Send data to all nodes
• Done by flooding system
• It can be sent symmetrically encrypted or unencrypted
Leave the network
24. Protocol Implementation
Developed 16 packets for the proper running of the protocol
To join a spontaneous network start the process by sending a
Discovery request packet (01)
Contains the Logical IDentity of the user in order to let the destinations know the
sender device
Receivers will reply with the Discovery reply packet (02)
Contains Logical Identity and their IP address
Authentication request packet (03) - used for the new device
authentication
25. Authentication reply packet (04) - confirms that the proposed IP and
the email are unique, so the new device is authenticated
In case of duplication - error packet sent
IP and e-mail checking packet (05) – used by the authenticator device
verifies that no one in the network has the same email or IP address as
the one proposed by the new device
IP and e-mail checking reply packet (06) - sent to authenticator
device
verify that the IP and e-mail are unique
26. If IP is duplicated, device must restart the authentication process
after the generation of a new IP
Update request to one node (07) - to request information to a specific
known node
Update reply from one node (08) - to reply with information
requested by update request packet to one node
Update request to all network nodes packet(09) – request made from
all nodes in the network, by flooding
Update reply to all network nodes packet (10) - reply with the
information requested
27. Certificate request to trusted nodes (11) - request the certificate
from all trusted nodes
Certificate request to known nodes (12) - request the certificate from
all known nodes
Certificate reply packet (13) – Reply to above two packets
Data are sent using the Packet for sending data (14)
Error packet (15) - to indicate that this operation is not possible
Authentication has failed
Node does not have the required data
Acknowledge packet(16) - to confirm to sender that the packet has
arrived at its destination correctly
28. ID Packet Name Description
01 P_DISCOVERY Discovery request
02 R_DISCOVERY Discovery reply
03 P_AUTHENT Authentication request
04 R_AUTHENT Authentication reply
05 P_IP IP and Email checking
06 R_IP Ip and Email checking reply
07 P_ACTUALIZA Update request to one node
08 R_ACTUALIZA Update request from one node
09 P_BROADCAST Update request to all network node
10 R_BROADCAST Update reply to all network node
11 P_NODO_CONF Certificate request to trusted node
12 P_NODO Certificate request to known node
13 R_NODO Certificate reply
14 P_DATOS Packet for sending data
15
16
P_ERROR
P_ACK
Error
Acknowledge
29. Session Key Revocation
Session key has an expiration time, so it is revoked periodically
A node that leaves the spontaneous network will keep the session key
until it expires
It will let the user return to the network if it has joined previously(the
spontaneous network is usually set up for a limited period of time)
However, if a node is disconnected from the network during the
period of time when the session key has been renewed, it will not be
able to access the network until it is authenticated again with
someone from the network
30. PERFORMANCE ANALYSIS
Java programming
Protocol may work on devices with limited resources, Java 2 Platform,
Micro Edition (J2ME) is used
Also has a small and fast virtual machine (KVM) that allows us to run
the software without overloading the device
Devices must have a minimum of 160 KB memory to store theJava
technology stack
It can run when there are computing and process limitations, and for
low-power devices
Allows the implementation of communication protocols over both
WiFi and Bluetooth technologies
31. CONCLUSION
We show the design of a protocol that allows the creation and
management of a spontaneous wireless ad hoc network
A user without advanced technical knowledge can set up and
participate in a spontaneous network
Storage and volatile memory needs are quite low and the protocol can
be used in regular resource-constrained devices (cell phones, PDAs...)
32. References
[1].Raquel Lacuesta, Jaime Lloret, Miguel Garcia, Lourdes Pen ˜alver , “A
Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation” IEEE
TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 24, NO. 4,
APRIL 2013
[2]. https://en.wikipedia.org/wiki/Wireless_ad_hoc_network
[3]. https://www.youtube.com/watch?v=Jmfd4KPGPp0
[4]. http://www.cs.jhu.edu/~cs647/intro_adhoc.pdf