狠狠撸

狠狠撸Share a Scribd company logo

Authentication in IoTProtocol mainly used in cryptography and network security. .pptx

?Download as PPTX, PDF?
?
Uma Maheswari
Uma Maheswari

Protocol mainly used in cryptography and network security.

1 of 32
Download to read offline
Authentication in IoT
? Authentication defends the universe of connectivity against attackers by verifying identities at entry points to manage security. ? This identification applies to both entities that manipulate data. ? Communicating entities should identify one another. ? Information exchanged during communication should be validated as regards its origin, time, content, and so on. ? Therefore, authentication is usually divided into two major classes: 1.Entity authentication 2.Message authentication.
? Authentication refers to the process to guarantee that an entity is who it claims to be or that information has not been changed by an unauthorized party. ? Classification of authentication based on the security objective specific to a service 1. Message authentication, 2. Entity authentication, 3. Key authentication, 4. Nonrepudiation, and 5. Access control
Authentication - classification ? Message authentication assures the integrity and origin of the information. ? Synonyms for message authentication: 1. Data integrity preserves the information from unauthorized alteration 2. Data origin authentication assures the identity of the data originator;
Authentication - classification ? Entity authentication, also named endpoint authentication or identification, assures both the identity and the presence of the claimant at the time of the process. ? The timely verification of one’s identity is either mutual or unilateral ? Mutual - when both parties (sender and receiver) are confirmed with each other ? Unilateral - if only one party is assured of the other’s identity.
Authentication - classification Key authentication ? assures the linkage of an entity and its key(s), ? Key authentication plays a vital role in the Internet age when users cannot meet face-to-face to exchange keys or know each other personally to verify the keys. ? Trusted third parties step in as the certification authority (CA) - responsible for vouching for the key’s authenticity, such as binding keys to distinct individuals, maintaining certificate usage, and revoking certifications.
Authentication - classification Nonrepudiation ? prevents an entity from denying its previous action; often, a trusted third party is needed to resolve a dispute due to an entity denying that it committed a certain action or no action. Access control ? following successful entity authentication, posts selective restrictions on an entity to use data/resources.
Entity authentication Vs Message authentication 1. Entity authentication in real time: Alice and Bob, both active in the communication, assure each other’s identity with no time delay. 2. Message authentication in an elastic time frame: Alice and Bob exchange messages with assurance of the integrity and the origin of the messages even at a later time.
Fixed-password schemes ? are considered as weak authentication because they are subjected to attacks by eavesdropping and exhaustive searching. ? Various techniques are applied to fixed- password schemes to strengthen secrecy. The password is – encrypted to make it unintelligible – salted/augmented with a random string to increase the complexity of dictionary attack.
Authentication and secrecy ? Authentication was intrinsically connected with secrecy. ? However, authentication does not require secrecy, as the discovery of hash functions and digital signatures showed.
Symmetric Vs Asymmetric key encryption ? Symmetric-key encryption is one-key cryptography with a shared secret key; ? Asymmetric-key encryption is two-key cryptography with a pair of one public key and one private key; ? A hash function is unkeyed cryptography with no key.
Hash Function ? A hash function is a one-way function that maps a binary string of arbitrary length to a binary string of fixed length, called a hash value, which serves as a compact representative of the input string. ? Two features that make hash functions useful for authentication are 1. It is computationally infeasible to find two distinct inputs with the same hash values, that is, two colliding inputs x and y such that h(x) = h(y). 2. It is computationally infeasible, given a specific hash value v, to find an input x with the hash value v, that is, given v, to preimage x such that h(x) = v.
Hash Function ? Uses: Message Authentication Digital signature Entity authentication
Message authentication ? Hash functions may be used for data integrity to authenticate messages without keeping the secrecy of the messages. A typical process of data integrity with a hash function works as follows: – Alice computes the hash value corresponding to a message and then sends the message to Bob, along with its hash value. – Bob computes the hash value corresponding to the received message and compares his computed hash value with the extracted hash value. The comparison verifies if the message has been altered or not.
Digital Signature ? Hash functions may also be used for digital signatures. A digital signature binds an entity’s identity to an information with a tag called the signature. A typical process is shown here: – Alice signs a long message by computing its hash value and then sends the message to Bob along with its hash value, usually encrypted as her signature. – Bob receives the message, computes its hash value, and verifies that the received signature matches the hash value. ? Noncollision property of hash functions prevents Alice from claiming later to have signed another message because the signature on one message would not be the same as that on another.
Entity Authentication ? Using a one-way (nonreversible) function of the shared key and the challenge, – a claimant proves its knowledge of the shared key by providing a verifier with the hash value rather than the key, and – the verifier can check if the delivered hash value matches the computed hash value to assure the claimant’s identity. ? The challenge is to prevent replay attacks.
Entity Authentication
Parties in entity authentication ? Claimant (prover): An entity that declares its identity as a message, often in response to an earlier message as challenge–response protocols, to demonstrate that it is the genuine entity. ? Verifier: Another entity that corroborates that the identity of the claimant is indeed as declared by checking the correctness of the message, thereby preventing impersonation. ? Trusted third party: An entity that mediates between two parties to offer an identity verification service as a trusted authority.
Objectives of entity authentication ? Conclusive: The outcome of entity authentication is either completion with acceptance of the claimant’s identity as authentic or termination as rejection. ? Transferability: Identification is not transferable so as not to allow a verifier reuse an identification exchange with a claimant to impersonate the claimant to a third party. ? Impersonation: No entity can impersonate a claimant.
Factors of entity authentication ? Something known: The claimant demonstrates the knowledge of a secret by such means as passwords, personal identification numbers (PINs), shared secret keys, or private keys. ? Something possessed: The claimant typically presents a physical token functioning as a passport. Examples are magnetic-stripe cards, smart cards, and smartphones to provide time-variant passwords. ? Something inherent: The claimant provides the biometrics inherited in human physical characteristics and involuntary actions. Examples are fingerprints, retinal patterns, walking gait, and dynamic keyboarding characteristics. These techniques have now been extended beyond authentication of human individuals to device fingerprints.
Levels of entity authentication ? Strong authentication: Entity authentication techniques using at least two factors are called strong authentication. Challenge–response protocols are strong authentication, in which a claimant proves its identity to a verifier by demonstrating knowledge of a secret known to be associated with the claimant, without revealing the secret itself to the verifier during protocol execution. ? Weak authentication: Entity authentication schemes are considered weak if previously unknown parties verify their identities without involving trusted third parties. ? Zero-knowledge (ZK) authentication: Authentication protocols based on zero knowledge do not reveal any partial information at execution.
Challenge-response authentication ? is a group or family of protocols characterized by one entity sending a challenge to another entity. The second entity must respond with the appropriate answer to be authenticated. ? Examples: – Password authentication: The challenge is from a server asking the client for a password to authenticate the client's identity so that the client can be served. – Most smart card systems use challenge-response authentication. These systems require at least two things for authentication and entry: the smart card and the user’s password. – CAPTCHA, a form of reverse-Turing test for the system to determine if the client is a human or not. This is used to prevent spam and auto-registration of new accounts for a website or email. – Biometric systems are another form of challenge-response authentication. ? In cryptography, – zero-knowledge password proof and key agreement systems such as secure remote password, – CRAM-MD5 and secure shell's challenge-response system based on RSA are considered to be very sophisticated challenge-response algorithms.
NODE EVICTION in VANET
Objective ? To remove errant nodes from VANET. ? Node-eviction schemes accompany authentication mechanisms in network security
Node-eviction schemes Vote: ? Local eviction of attackers by voting evaluators (LEAVE) protocol. ? The CA collects accusations from different nodes that have witnessed a node’s misbehavior and, on reaching a threshold, revokes the node being accused. ? Vote schemes equip individuals with a rapid reaction and self-protection. ? However, voting becomes an injustice when there exist more deceptive nodes than honest ones.
Node-eviction schemes Police: ? The police class is effective for revocation in transportation, but largely unexplored in VANET. ? A special vehicle, such as a police car, patrols the network of roads and revokes any misbehaving nodes immediately on detection. ? This class is accurate, as the evidence is first hand, but its speed depends on the chance of a node being caught, though the eviction is made instantly.
Node-eviction schemes Abstinence: ? At the extreme of reputation schemes, the abstinence class keeps its ratings of others to itself. ? On experiencing a bad node’s misbehavior, the node takes a passive role of staying away from the bad node but provides no reporting, expecting other nodes to eventually remove the bad node from the network. ? Each node can take one of the three actions in a revocation process: abstain, vote, or commit suicide.
? Various factors affect the performance of node-eviction schemes: ? The topology of roads, spread of RSUs, speed of vehicles, drivers’ behavior, and number of malicious nodes are just some examples.
Simulation ? Node eviction scheme is simulated using Recursive porous agent simulation toolkit (Repast). ? It separates the malicious nodes from the honest nodes between the two network classes.
? The simulation scenario consists of a circular road setup in the grid, where vehicles at different speeds cycle around the road and communicate with one another or the RSU when in close proximity. ? The RSU relays information to the CA. The behavior of the system components is dependent on the scheme used.
? Node eviction process separates all nodes into two subnets: Subnet I and Subnet II. ? A node, which is good or bad, initially joins any of the two subnets by convenience. ? A state transition occurs when a node moves from Subnet I to Subnet II, or vice versa. ? Subnet I or Subnet II will finally converge into the same kind of nodes, i.e., good or bad only in each subnet. ? Each node maintains a List of other nodes Valid Certificates (LVC).
? The vote class performed the best in terms of average vulnerability time, because every incident triggers segregation, and only half of the population is required to vote a node out by our setting the threshold at 0.5. ? The police class took second place, since it segregated a bad node once the police catches a node sending a rogue message. ? The abstinence class performs the worst, since a bad node is moved to Subnet II only if all nodes remove it from their LVC.

More Related Content

Authentication in IoTProtocol mainly used in cryptography and network security. .pptx

  • 2. ? Authentication defends the universe of connectivity against attackers by verifying identities at entry points to manage security. ? This identification applies to both entities that manipulate data. ? Communicating entities should identify one another. ? Information exchanged during communication should be validated as regards its origin, time, content, and so on. ? Therefore, authentication is usually divided into two major classes: 1.Entity authentication 2.Message authentication.
  • 3. ? Authentication refers to the process to guarantee that an entity is who it claims to be or that information has not been changed by an unauthorized party. ? Classification of authentication based on the security objective specific to a service 1. Message authentication, 2. Entity authentication, 3. Key authentication, 4. Nonrepudiation, and 5. Access control
  • 4. Authentication - classification ? Message authentication assures the integrity and origin of the information. ? Synonyms for message authentication: 1. Data integrity preserves the information from unauthorized alteration 2. Data origin authentication assures the identity of the data originator;
  • 5. Authentication - classification ? Entity authentication, also named endpoint authentication or identification, assures both the identity and the presence of the claimant at the time of the process. ? The timely verification of one’s identity is either mutual or unilateral ? Mutual - when both parties (sender and receiver) are confirmed with each other ? Unilateral - if only one party is assured of the other’s identity.
  • 6. Authentication - classification Key authentication ? assures the linkage of an entity and its key(s), ? Key authentication plays a vital role in the Internet age when users cannot meet face-to-face to exchange keys or know each other personally to verify the keys. ? Trusted third parties step in as the certification authority (CA) - responsible for vouching for the key’s authenticity, such as binding keys to distinct individuals, maintaining certificate usage, and revoking certifications.
  • 7. Authentication - classification Nonrepudiation ? prevents an entity from denying its previous action; often, a trusted third party is needed to resolve a dispute due to an entity denying that it committed a certain action or no action. Access control ? following successful entity authentication, posts selective restrictions on an entity to use data/resources.
  • 8. Entity authentication Vs Message authentication 1. Entity authentication in real time: Alice and Bob, both active in the communication, assure each other’s identity with no time delay. 2. Message authentication in an elastic time frame: Alice and Bob exchange messages with assurance of the integrity and the origin of the messages even at a later time.
  • 9. Fixed-password schemes ? are considered as weak authentication because they are subjected to attacks by eavesdropping and exhaustive searching. ? Various techniques are applied to fixed- password schemes to strengthen secrecy. The password is – encrypted to make it unintelligible – salted/augmented with a random string to increase the complexity of dictionary attack.
  • 10. Authentication and secrecy ? Authentication was intrinsically connected with secrecy. ? However, authentication does not require secrecy, as the discovery of hash functions and digital signatures showed.
  • 11. Symmetric Vs Asymmetric key encryption ? Symmetric-key encryption is one-key cryptography with a shared secret key; ? Asymmetric-key encryption is two-key cryptography with a pair of one public key and one private key; ? A hash function is unkeyed cryptography with no key.
  • 12. Hash Function ? A hash function is a one-way function that maps a binary string of arbitrary length to a binary string of fixed length, called a hash value, which serves as a compact representative of the input string. ? Two features that make hash functions useful for authentication are 1. It is computationally infeasible to find two distinct inputs with the same hash values, that is, two colliding inputs x and y such that h(x) = h(y). 2. It is computationally infeasible, given a specific hash value v, to find an input x with the hash value v, that is, given v, to preimage x such that h(x) = v.
  • 13. Hash Function ? Uses: Message Authentication Digital signature Entity authentication
  • 14. Message authentication ? Hash functions may be used for data integrity to authenticate messages without keeping the secrecy of the messages. A typical process of data integrity with a hash function works as follows: – Alice computes the hash value corresponding to a message and then sends the message to Bob, along with its hash value. – Bob computes the hash value corresponding to the received message and compares his computed hash value with the extracted hash value. The comparison verifies if the message has been altered or not.
  • 15. Digital Signature ? Hash functions may also be used for digital signatures. A digital signature binds an entity’s identity to an information with a tag called the signature. A typical process is shown here: – Alice signs a long message by computing its hash value and then sends the message to Bob along with its hash value, usually encrypted as her signature. – Bob receives the message, computes its hash value, and verifies that the received signature matches the hash value. ? Noncollision property of hash functions prevents Alice from claiming later to have signed another message because the signature on one message would not be the same as that on another.
  • 16. Entity Authentication ? Using a one-way (nonreversible) function of the shared key and the challenge, – a claimant proves its knowledge of the shared key by providing a verifier with the hash value rather than the key, and – the verifier can check if the delivered hash value matches the computed hash value to assure the claimant’s identity. ? The challenge is to prevent replay attacks.
  • 18. Parties in entity authentication ? Claimant (prover): An entity that declares its identity as a message, often in response to an earlier message as challenge–response protocols, to demonstrate that it is the genuine entity. ? Verifier: Another entity that corroborates that the identity of the claimant is indeed as declared by checking the correctness of the message, thereby preventing impersonation. ? Trusted third party: An entity that mediates between two parties to offer an identity verification service as a trusted authority.
  • 19. Objectives of entity authentication ? Conclusive: The outcome of entity authentication is either completion with acceptance of the claimant’s identity as authentic or termination as rejection. ? Transferability: Identification is not transferable so as not to allow a verifier reuse an identification exchange with a claimant to impersonate the claimant to a third party. ? Impersonation: No entity can impersonate a claimant.
  • 20. Factors of entity authentication ? Something known: The claimant demonstrates the knowledge of a secret by such means as passwords, personal identification numbers (PINs), shared secret keys, or private keys. ? Something possessed: The claimant typically presents a physical token functioning as a passport. Examples are magnetic-stripe cards, smart cards, and smartphones to provide time-variant passwords. ? Something inherent: The claimant provides the biometrics inherited in human physical characteristics and involuntary actions. Examples are fingerprints, retinal patterns, walking gait, and dynamic keyboarding characteristics. These techniques have now been extended beyond authentication of human individuals to device fingerprints.
  • 21. Levels of entity authentication ? Strong authentication: Entity authentication techniques using at least two factors are called strong authentication. Challenge–response protocols are strong authentication, in which a claimant proves its identity to a verifier by demonstrating knowledge of a secret known to be associated with the claimant, without revealing the secret itself to the verifier during protocol execution. ? Weak authentication: Entity authentication schemes are considered weak if previously unknown parties verify their identities without involving trusted third parties. ? Zero-knowledge (ZK) authentication: Authentication protocols based on zero knowledge do not reveal any partial information at execution.
  • 22. Challenge-response authentication ? is a group or family of protocols characterized by one entity sending a challenge to another entity. The second entity must respond with the appropriate answer to be authenticated. ? Examples: – Password authentication: The challenge is from a server asking the client for a password to authenticate the client's identity so that the client can be served. – Most smart card systems use challenge-response authentication. These systems require at least two things for authentication and entry: the smart card and the user’s password. – CAPTCHA, a form of reverse-Turing test for the system to determine if the client is a human or not. This is used to prevent spam and auto-registration of new accounts for a website or email. – Biometric systems are another form of challenge-response authentication. ? In cryptography, – zero-knowledge password proof and key agreement systems such as secure remote password, – CRAM-MD5 and secure shell's challenge-response system based on RSA are considered to be very sophisticated challenge-response algorithms.
  • 24. Objective ? To remove errant nodes from VANET. ? Node-eviction schemes accompany authentication mechanisms in network security
  • 25. Node-eviction schemes Vote: ? Local eviction of attackers by voting evaluators (LEAVE) protocol. ? The CA collects accusations from different nodes that have witnessed a node’s misbehavior and, on reaching a threshold, revokes the node being accused. ? Vote schemes equip individuals with a rapid reaction and self-protection. ? However, voting becomes an injustice when there exist more deceptive nodes than honest ones.
  • 26. Node-eviction schemes Police: ? The police class is effective for revocation in transportation, but largely unexplored in VANET. ? A special vehicle, such as a police car, patrols the network of roads and revokes any misbehaving nodes immediately on detection. ? This class is accurate, as the evidence is first hand, but its speed depends on the chance of a node being caught, though the eviction is made instantly.
  • 27. Node-eviction schemes Abstinence: ? At the extreme of reputation schemes, the abstinence class keeps its ratings of others to itself. ? On experiencing a bad node’s misbehavior, the node takes a passive role of staying away from the bad node but provides no reporting, expecting other nodes to eventually remove the bad node from the network. ? Each node can take one of the three actions in a revocation process: abstain, vote, or commit suicide.
  • 28. ? Various factors affect the performance of node-eviction schemes: ? The topology of roads, spread of RSUs, speed of vehicles, drivers’ behavior, and number of malicious nodes are just some examples.
  • 29. Simulation ? Node eviction scheme is simulated using Recursive porous agent simulation toolkit (Repast). ? It separates the malicious nodes from the honest nodes between the two network classes.
  • 30. ? The simulation scenario consists of a circular road setup in the grid, where vehicles at different speeds cycle around the road and communicate with one another or the RSU when in close proximity. ? The RSU relays information to the CA. The behavior of the system components is dependent on the scheme used.
  • 31. ? Node eviction process separates all nodes into two subnets: Subnet I and Subnet II. ? A node, which is good or bad, initially joins any of the two subnets by convenience. ? A state transition occurs when a node moves from Subnet I to Subnet II, or vice versa. ? Subnet I or Subnet II will finally converge into the same kind of nodes, i.e., good or bad only in each subnet. ? Each node maintains a List of other nodes Valid Certificates (LVC).
  • 32. ? The vote class performed the best in terms of average vulnerability time, because every incident triggers segregation, and only half of the population is required to vote a node out by our setting the threshold at 0.5. ? The police class took second place, since it segregated a bad node once the police catches a node sending a rogue message. ? The abstinence class performs the worst, since a bad node is moved to Subnet II only if all nodes remove it from their LVC.