IDENTIFICACIÓN DE LAS AFECTACIONES A LA ESTRUCTURA Y FUNCIONES DEL SISTEMA AMBIENTAL REGIONAL

Using Equation 7.9 to calculate near optimal values for p, q and cn, Figures 7.2

and 7.3 show results for a sample setting. Besides theoretically obtained results, simulation results show the real ratio of nodes that can be identified and detected as Byzantine nodes. For each combination p, q, R and n, i.e., for each marker in the graphs, we ran 100 simulation runs and counted the ratio of tags that allowed us to verify, back trace and detect a Byzantine node, respectively. Figures 7.2 and 7.3 show that the simulation results are close to our theoretical results.

7.6 Configuration and results 0 5 10 15 20 25 30 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to identify by verification Verification success in simulations c_n/32

q p

(a) Identification by verification.

0 5 10 15 20 25 30 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to identify by back tracing Back tracing success in simulations c_n/32

q p

(b) Identification by back tracing.

0 5 10 15 20 25 30 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to detect a Byzantine node Detection ratio of Byz. nodes in simulations c_n/32

q p

(c) Detecting a Byzantine node.

Figure 7.2: Example results for a number of R = 10 packets. S = 30, rmax= 5 and the tag length is varied.

ities for different tag lengths and the route length of r = rmax = 5. We only show

the results for path length r = 5, the probabilities for shorter routes would be even higher. The number of nodes potentially modifying the tag is set to |S| = 30, and R = 10 packets are used for analysing the tags. The tag length n was set to 1, 2, 4, and multiples of 4 up to 32 and the weights sv, st and sB are set to sv = st= sB =

1

3. Figure 7.3 retains the same setting but varies the number of packets R used for

analysis while fixing n = 8 bits.

As the Figures 7.2 and 7.3 show, both the length of the authentication tag and the number of packets can be increased to achieve path identification and detection of Byzantine nodes with a desired probability. We also observe that even a very small number of R = 2 packets can be sufficient to achieve high probabilities if a

7.6 Configuration and results 0 5 10 15 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to identify by verification Verification success in simulations c_n/10

q p

(a) Identification by verification.

0 5 10 15 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to identify by back tracing Back tracing success in simulations c_n/10

q p

(b) Identification by back tracing.

0 5 10 15 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

Prob. to detect a Byzantine node Detection ratio of Byz. nodes in simulations c_n/10

q p

(c) Detecting a Byzantine node.

Figure 7.3: Example results for a tag length of n = 8 bits. S = 30, rmax= 5 and the number of packets R is varied.

sufficiently long tag is used, and vice-versa.

Figures 7.2 and 7.3 show that for sufficiently large R (_{≥ 4), the optimal value for} cnis n, i.e., the tag is divided into sub-tags each of length one bit; also, the calculated

optimal value for p is 0. Note that p = 0 means that the composition operator Aggregate is seldom used; only OverW rite and KeepIdentical operators are used by the (honest) nodes in the path. Simulations for different settings have affirmed that splitting the authentication into smaller sub-tags increases the probabilities for identification of the path and especially the detection of Byzantine nodes. Informally this result can be explained by the fact that it is better to have many small but probabilistic pieces of evidence than one perfect piece of evidence that rarely occurs.

7.7 Summary

Finally, we observe that the probability of path identification by verification or back tracing, and the detection of Byzantine nodes are satisfactory (> 0.9) for R = 10 or more packets and n = 8 bits. This amply demonstrates the efficacy of our path authentication scheme while operating under minimal communication overhead.

7.7

Summary

In this chapter we developed a path authentication scheme feasible for MANETs. The tag length in our probabilistic scheme is scalable, starting with a tag length of 1 bit, and the required computations are cheap (comparable to a hash function). Our scheme uses composite MACs, a new cryptographic primitive which facilitates not only the authentication of paths but also the detection of adversarial nodes. Results show that the combination of evidence from several packets allows to authenticate a path with high probability, even for small tag sizes of only 2–8 bits. The design of our path authentication scheme shows how a probabilistic approach combined with symmetric key cryptography can help to design a scheme that meets the efficiency requirements of MANETs.

Chapter 8

Summary and conclusions

Contents

8.1 Summary . . . 184

8.2 Directions for future work . . . 187

8.2.1 Improving MANET mobility models . . . 187

8.2.2 Increasing our propagation model’s accuracy . . . 189

8.2.3 Cryptographic protocols for dynamic MANETs . . . 190

8.2.4 Adversary model for network protocols . . . 191

8.3 Conclusions . . . 193

8.1

Summary

In this thesis we have investigated the development of protocols that satisfy some of the requirements for security, reliability and efficiency presented by MANETs. In particular, we have explored the management of a security architecture within MANETs, which provides the basis for distributed security protocols. Furthermore, we have shown on the example of path authentication how to design protocols that avoid costly computations and how to meet the high security requirements in mili- tary MANETs. Whilst the primary driver for this research been military networks,

8.1 Summary

many of the results obtained are generalisable to other environments that share the constraints presented by these networks.

As preliminary work we created a simulation environment to validate the effi- ciency and reliability of our security architectures and protocols in military scenarios. This simulation environment (see Chapter 3) includes a radio propagation model and a mobility model, which together facilitate the creation of simulation scenarios in urban environments. Scenarios that incorporate splitting groups and communica- tion interruptions caused by buildings are more challenging than commonly used scenarios, which are characterised by random node mobility in free space. While in random mobility scenarios a partitioning of the network happens only for short time periods, groups in military applications might split for minutes.

In Part I of this thesis we examined the bootstrapping of security architectures within MANETs. Most security protocols require a trusted authority, which does not exist in a MANET per se. Therefore, a set of nodes in the MANET can be as- signed as a distributed TA that requires TA nodes to collaborate in order to perform security critical TA computations. The TA nodes either need to be pre-established during the MANET pre-configuration phase or elected/changed dynamically during deployment. To establish a dynamic trust authority, we developed a cluster algo- rithm in Chapter 4. Efficiency and reliability of this algorithm has been validated in the simulation scenarios defined in Chapter 3. To make our algorithm secure against an active adversary, we incorporated a trust metric into the cluster creation mechanism. To provide stronger security properties for our approach, an adversary model for network protocols would be required. The development of such an adver- sary model is a challenging but crucial task to provide better security of network protocols, and is discussed in the future work, Section 8.2.4.

8.1 Summary

cryptographic keys. We have investigated the distribution and efficient storage of symmetric keys in Chapter 5. We proposed two schemes for non-interactive key agreement, which are resilient against a large number of malicious nodes, and due to their computational efficiency suitable for MANETs. For small hierarchies of depth 2 or 3, as can be found in small military MANETs, the size of the keys is only a few KB. This allows online key distribution, as might be required in military networks, when a certain number of nodes got compromised.

In Part II of this thesis we investigated how to efficiently perform distributed computations in MANETs. In Chapter 6 we developed an algorithm for enhancing the efficiency and robustness of distributed trust authority protocols for MANETs. Our algorithm selects a set of TA nodes that are best suited to perform a distributed computation using a suite of metrics for measuring the efficiency and reliability of candidate nodes. Furthermore, our algorithm proposes a routing strategy to contact the selected set of TA nodes. Simulation results showed that the proposed routing strategy considerably reduces the communication cost compared to traditional ap- proaches.

Concluding, in Chapter 7 we developed a path authentication scheme suitable for MANETs. Our scheme is unforgeable and facilitates up to a certain accuracy the detection of malicious nodes on the route. While traditional schemes for path authentication require public key operations, our scheme builds on message authen- tication codes and therefore only requires symmetric key operations. The use of message authentication codes makes our scheme not only computationally efficient, but also allows the selecion of the length of the authentication tag to any length starting from one bit. Our scheme for path authentication shows how symmetric keys can be effectively used to develop more efficient and flexible algorithms for MANETs.