Yi Lu-SECURITY IN MOBILE NETWORKS.ppt

SECURITY IN MOBILE NETWORKS Bharat Bhargava CERIAS and Computer Sciences Departments Purdue University, W. Lafayette, IN 47907 bb@ Mobile Computing Environment Vulnerable to failures, intrusion, and eavesdropping. Adhoc mobile systems has everything moving (hosts, base-stations, routers/agents, subnets, intranet). Need survivability from intentional and unintentional attacks. Research Ideas Integrate ideas from Science and Engineering of security and fault-tolerance. Examples: Need to provide access to information during failures ? need to disallow access for unauthorized users. Duplicate routers functions, duplicate authentication functions, duplicate secrete session key database, secure database that provides public keys. Auditing, logging, check-pointing, monitoring, intrusion detection, denial of service. Adaptability: Adapt to timing, duration, severity, type of attack. Election Protocols – selection of back-up base station. Deficiency in Mobile IP Authentication Authentication is through a home agent (HA). If HA is out of service, mobile host will be homeless and not be able to communicate. Deficiency in Mobile IP Key Management Data packets are encrypted before sending, and decrypted after receiving. Requires exchange of secret keys and public keys between sender and receiver. Mobile IP does not provide multi-cast session key management. Manual distribution implies N(N–1)/2 pairs of keys. Does not scale well. Research Questions Difficulty in initial authentication. How quickly a public key can be established without any prior knowledge between communicating parties? Maintaining authentication. The session key and its life-time have to be made available to all other base stations in case MH moves across cells. Further complicates the problem of key distribution. Note session key information is not completely replicated in the database of base stations. Hierarchical authentication of mobile base stations. Mobile base stations must authenticate one another.