MANET 환경에서 강인한 OTP-EKE 인증기법

Abstract

Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on IETF MANET working group, Bluetooth, and HomeRF working group and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast. With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. MANET has no fixed infrastructure and lack of CA leads to mobile nodes cooperative key distribution and key management, resulting in higher risk of attack by malicious nodes. Authentication of mobile nodes in IETF MANET working group using Threshold encryption authentication technique, LHAP authentication technique, PKI authentication technique, and One Time Password authentication technique is available but research is conducted on it on the assumption that it is safe. So, routing security and authentication are not perfect. For perfect MANET setting, very reliable authentication is required which can guarantee security and efficiency through secure routing. This study analyzes MANET authentication techniques to solve security vulnerabilities and suggests a very reliable OTP-EKE authentication technique providing authentication, confidentiality, integrity, availability and non-repudiation service. OTP-EKE authentication technique consists of routing for securing safe communication path, and verification and key exchange for source node authentication. In routing, hashed AODV is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network. In verification and key exchange, EtoE session keys are set and safe exchange of session keys are performed through encryption as a verifier of the hashed password for safe packet transmission and data encryption using OTP S/key authentication technique and DH-EKE to verify source node's possession of the password. The Linux-based NS2 simulator is used for testing the OTP-EKE authentication technique. Stability and efficiency are measured through comparing the authentication mechanisms using OTP S/Key authentication technique performing the AODV routing, DH-EKE authentication technique performing the H(AODV) routing, and the proposed OTP-EKE authentication mechanism. The result shows that routing messages are protected from counterfeiting and routing may be secured against impersonation and eavesdropping. Security can be achieved against a replay attack, a man-in-the-middle attack, password guessing, Denning-sacco, and a Stolen-verifier attack. For determining efficiency exponent operation, packet delivery fraction and routing overhead are measured. The numbers of message transmission, encryption, and exponent operation are lowered by one respectively than those of DH-EKE authentication technique. Packet transmission rate can be said to be effective because existing AODV routing protocols and approximate packet transmission rate after 400 seconds are achieved. Measurement of routing overhead shows increase in overhead for path search, resulting from no intervention of malicious nodes. With man-in-the-middle attacks by malicious nodes, the proposed authentication can be more effective than the current mechanism because of the decrease in the routing overhead. Therefore, OTP-EKE authentication mechanism can be said to be a very reliable authentication technique with enhanced security and efficiency.