MANET 환경에서 강인한 OTP-EKE 인증기법
- Author(s)
- 이철승
- Issued Date
- 2007
- Abstract
- Recently demands in construction of the stand-alone networks and interconnection between convergence devices have led an increase in research on IETF MANET working group, Bluetooth, and HomeRF working group and much attention has been paid to the application of MANET as a Ubiquitous network which is growing fast.
With performance both as hosts and routers, easy network configuration, and fast response, mobile nodes participating in MANET are suitable for Embedded computing, but have vulnerable points, such as lack of network scalability and dynamic network topology due to mobility, passive attacks, active attacks, which make continuous security service impossible. MANET has no fixed infrastructure and lack of CA leads to mobile nodes cooperative key distribution and key management, resulting in higher risk of attack by malicious nodes.
Authentication of mobile nodes in IETF MANET working group using Threshold encryption authentication technique, LHAP authentication technique, PKI authentication technique, and One Time Password authentication technique is available but research is conducted on it on the assumption that it is safe. So, routing security and authentication are not perfect. For perfect MANET setting, very reliable authentication is required which can guarantee security and efficiency through secure routing.
This study analyzes MANET authentication techniques to solve security vulnerabilities and suggests a very reliable OTP-EKE authentication technique providing authentication, confidentiality, integrity, availability and non-repudiation service. OTP-EKE authentication technique consists of routing for securing safe communication path, and verification and key exchange for source node authentication. In routing, hashed AODV is used to protect from counterfeiting messages by malicious nodes in the course of path finding and setting, and disguising misrouted messages as different mobile nodes and inputting them into the network. In verification and key exchange, EtoE session keys are set and safe exchange of session keys are performed through encryption as a verifier of the hashed password for safe packet transmission and data encryption using OTP S/key authentication technique and DH-EKE to verify source node's possession of the password.
The Linux-based NS2 simulator is used for testing the OTP-EKE authentication technique. Stability and efficiency are measured through comparing the authentication mechanisms using OTP S/Key authentication technique performing the AODV routing, DH-EKE authentication technique performing the H(AODV) routing, and the proposed OTP-EKE authentication mechanism.
The result shows that routing messages are protected from counterfeiting and routing may be secured against impersonation and eavesdropping. Security can be achieved against a replay attack, a man-in-the-middle attack, password guessing, Denning-sacco, and a Stolen-verifier attack. For determining efficiency exponent operation, packet delivery fraction and routing overhead are measured. The numbers of message transmission, encryption, and exponent operation are lowered by one respectively than those of DH-EKE authentication technique. Packet transmission rate can be said to be effective because existing AODV routing protocols and approximate packet transmission rate after 400 seconds are achieved. Measurement of routing overhead shows increase in overhead for path search, resulting from no intervention of malicious nodes. With man-in-the-middle attacks by malicious nodes, the proposed authentication can be more effective than the current mechanism because of the decrease in the routing overhead. Therefore, OTP-EKE authentication mechanism can be said to be a very reliable authentication technique with enhanced security and efficiency.
- Alternative Author(s)
- Cheol-seung Lee
- Affiliation
- 조선대학교 대학원 컴퓨터공학과
- Department
- 일반대학원 컴퓨터공학과
- Awarded Date
- 2008-02
- Table Of Contents
- Ⅰ. 서 론 1
Ⅱ. MANET 보안 환경 및 인증기법 3
A. AODV 라우팅 프로토콜 5
B. 위협과 공격유형 10
C. MAENT 인증기법 12
1. OTP를 이용한 인증기법 14
2. OTP를 이용한 인증기법의 문제점 23
Ⅲ. 패스워드 기반 키 교환 프로토콜 26
A. 패스워드 암호화를 위한 세션키 생성 27
B. 세션키를 이용한 인증키 교환 프로토콜 30
1. EKE 프로토콜 32
2. DH-EKE 프로토콜 35
Ⅳ. OTP-EKE 인증기법 39
A. OTP-EKE 보안 요구사항 42
B. 안전한 통신 경로 확보를 위한 라우팅 44
1. 라우팅을 위한 해시테이블 생성 46
2. 라우팅 탐색 및 설정 47
3. 라우팅 유지 및 관리 53
C. 인증을 위한 검증 및 키 교환 55
1. SN 등록 및 검증 56
2. 인증키 교환 단계 58
Ⅴ. OTP-EKE 인증기법 실험 및 결과분석 63
A. 시뮬레이션 환경 64
1. NS2 시뮬레이터 65
2. MANET 모델 설계 68
B. 시뮬레이션 결과 분석 70
1. SN의 검증자 생성 및 전송 71
2. 인증키 교환 72
C. OTP-EKE 인증기법의 안전성 및 효율성 분석 77
1. 안전성 분석 및 검증 77
2. 효율성 분석 81
Ⅵ. 결 론 88
- Degree
- Doctor
- Publisher
- 조선대학교 대학원
- Citation
- 이철승. (2007). MANET 환경에서 강인한 OTP-EKE 인증기법.
- Type
- Dissertation
- URI
- https://oak.chosun.ac.kr/handle/2020.oak/6997
http://chosun.dcollection.net/common/orgView/200000235890
-
Appears in Collections:
- General Graduate School > 4. Theses(Ph.D)
- Authorize & License
-
- AuthorizeOpen
- Embargo2008-02-19
- Files in This Item:
-
Items in Repository are protected by copyright, with all rights reserved, unless otherwise indicated.