Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008
Share Embed Flag
Download ePaper

Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008

Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008 Département Réseau, Sécurité et Multimédia Rapport d'Activités 2008

departements.telecom.bretagne.eu
from departements.telecom.bretagne.eu More from this publisher
12.07.2015 Views

1) Normal Node behavior simulation: Westarted our simulation with the normalbehaviors of nodes without any attack. In thiscase, we noticed that none of the nodeschooses the future malicious node as MPR.2) Attack simulation: A malicious mechanism isnow implemented in the OLSR code of onenode which plays the role of a lying node byclaiming incorrect links. This time, weobserved that the malicious node achievedmanipulating the routing tables of other nodes.A normal node changes its routing table with afalse routing information. This change affectsthe routing tables of its neighbors. Without ouranalysis mechanism, none of the nodes candetect the malicious behavior.3) Use of the analysis mechanism: In thisstep, all nodes except the malicious node runthe same OLSR code in which the detectionmechanism is implemented. As for the normalnode behavior simulation, we notice that noneof the nodes chooses the malicious node asMPR. Our approach can thus detect anincorrect node behavior and the algorithmchooses another path where this incorrectnode behavior is not included.Conclusion and future workIn [3], our approach to detect maliciousbehaviors in MANET is further explained.Through this study, we chose the OLSRprotocol to analyze the availabilityrequirements for MANETs. Several propertiesrelated to the availability have been expressedbased on the specification of the protocolOLSR (these properties are compliant with theRFC3626) and malicious node profiles andused to deploy an intrusion detection andresponse technique. Each MANET nodeobserves the messages received by itsneighbors which provides means to check if itsneighbor is malicious or not. This approachseems the most adapted for MANETs.As a main result, we provide a securityextension to OLSR. Our primary issue withrespect to securing MANET routing protocols isto ensure the network integrity, even inpresence of malicious nodes.We are currently investigating secury protocolfor group management, in large and dynamicad hoc networks [4]. The protocol we suggestrelies on the TGDH protocol. In comparisonwith the previous solution, our algorithm helpsto uniformly dispatch the group key calculuson each node, and the global cryptographictree is optimized. Moreover, we propose anauthentication algorithm. Our algorithmprovides several well-known securityproperties, such as nodes authentication,messages freshness, passive attacks resistanceand known key attack resistance.As future work, we plan to develop reputationevaluation for such goup management protocoland define actice reaction mechanisms,including automatic exclusion of a maliciousnode from its group, based on this reputationevaluation.References[1] F. Cuppens, N. Cuppens-Boulahia et T.Sans. Nomad: A Security Model with NonAtomic Actions and Deadlines. 18th IEEEComputer Security Foundations Workshop(CSFW'05), Aix-en-Provence, France, June2005.[2] F. Cuppens, N. Cuppens-Boulahia, S. Nuonand T. Ramard. Property Based IntrusionDetection to Secure OLSR. Third InternationalConference on Wireless and MobileCommunications (ICWMC), Gosier,Guadeloupe, March 2007.[3] F. Cuppens, N. Cuppens-Boulahia, T.Ramard. Misbehaviors Detection to EnsureAvailability in OLSR. The 3rd InternationalConference on Mobile Ad-hoc and SensorNetworks (MSN), Beijing, China, December2007.[4] F. Cuppens, N. Cuppens-Boulahia, J.Thomas. S-TGDH, secure enhanced groupmanagement protocol in ad hoc networks.International Conference on Risk and Securityof Internet and Systems (CRiSIS). Marrakech,Morocco. 2-5 July 2007.48 Extract of Pracom’s Annual Report 2008

Access ControlSecurity of Web ServicesResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia – Ph.D. Student: Diala Abi HaidarKeywords : Access Control, XACML, Trust negotiationApplications : Web Service SecurityPartners & Funding : partially funded by France Telecom R&D, ANRT through a CIFRE grant, part ofresearch work within the RNRT project POLITESS.IntroductionWith the emergence of web services, sharingdata between entities from different securitydomains raises the issue of protecting sensitiveresources. Access control and trustmanagement are research topics that offersolutions to such an issue. Access controlmodels offer a way of defining policies andrules for accessing protected data. In addition,many works have been done concerning thelanguages used to express the securityrequirements. These works have lead to anOASIS (Organization for the Advancement ofStructured Information Standards) standard,the eXtensible Access Control MarkupLanguage (XACML). Furthermore, trustmanagement is essential in a public worldinteraction. That is, entities need to negotiateto establish a certain level of trust betweenthem. A prototype for trust establishmentcalled TrustBuilder was proposed in theliterature [1]. It allows negotiating trust acrossorganizational boundaries due to iterativeexchanges of policies and certified attributes.Access control is important for private dataprotection and trust management isunavoidable if one needs to negotiate theaccess. This is why access control and trustmanagement should be done simultaneously inheterogeneous worlds such as the webservices. We consider that the negotiation fortrust establishment is an usptream of accesscontrol management. We have been workingon this idea to find a flexible framework thatallows the expression of multiple accesscontrol models in web services.This research work is part of a thesisundertaken within a collaboration betweenTELECOM Bretagne and France Telecom R&D.It is also supported by ANRT through CIFREunder a contract number 1026/2005. It is alsopart of research work within the RNRT projectPOLITESS.RealizationWe have defined XeNA [2, 3] (XACMLNegotiation of Access), a framework tointegrate the negotiation for trustestablishment within an access controlarchitecture based on XACML. XeNAincorporates our proposed negotiationarchitecture [4] based on two modules; (1) thenegotiation module that implements a resourceclassification based negotiation methodologyand (2) the exception treatment module that iscalled whenever exceptions are raised in thenegotiation process.According to our proposed resourceclassification based negotiation, resources areclassified at three different levels. Ressourcesclassified at level 1 are managed by directpolicies without negotiation. Ressources atlevel 2 are managed by public access controlpolicies that can be revealed. Within the class3 are resources managed by policies thatcannot be revealed. That is, we have definedtwo strategies for obfuscation that are used toobfuscate such resources' negotiation policies.Besides, we have formalized a derivationprocess that allows obtaining attribute-basedpolicies, i.e. negotiation policies, used withinthe negotiation process. This derivationprocess is a correlation between the accesscontrol policies and the mapping policies.These mapping policies define the conditionsof mapping concrete entities (subject, action,and object) into corresponding organizationalentities (role, activity, view and context).Furthermore, we have specified thenegotiation protocol that is used at the level ofthe negotiation module. This protocol canimplement four different strategies ofPracom’s Annual Report 2008 49

1) Normal Node behavior simulation: Westarted our simulation with the normalbehaviors of nodes without any attack. In thiscase, we noticed that none of the nodeschooses the future malicious node as MPR.2) Attack simulation: A malicious mechanism isnow implemented in the OLSR code of onenode which plays the role of a lying node byclaiming incorrect links. This time, weobserved that the malicious node achievedmanipulating the routing tables of other nodes.A normal node changes its routing table with afalse routing information. This change affectsthe routing tables of its neighbors. Without ouranalysis mechanism, none of the nodes cand<strong>et</strong>ect the malicious behavior.3) Use of the analysis mechanism: In thisstep, all nodes except the malicious node runthe same OLSR code in which the d<strong>et</strong>ectionmechanism is implemented. As for the normalnode behavior simulation, we notice that noneof the nodes chooses the malicious node asMPR. Our approach can thus d<strong>et</strong>ect anincorrect node behavior and the algorithmchooses another path where this incorrectnode behavior is not included.Conclusion and future workIn [3], our approach to d<strong>et</strong>ect maliciousbehaviors in MANET is further explained.Through this study, we chose the OLSRprotocol to analyze the availabilityrequirements for MANETs. Several propertiesrelated to the availability have been expressedbased on the specification of the protocolOLSR (these properties are compliant with theRFC3626) and malicious node profiles andused to deploy an intrusion d<strong>et</strong>ection andresponse technique. Each MANET nodeobserves the messages received by itsneighbors which provides means to check if itsneighbor is malicious or not. This approachseems the most adapted for MANETs.As a main result, we provide a securityextension to OLSR. Our primary issue withrespect to securing MANET routing protocols isto ensure the n<strong>et</strong>work integrity, even inpresence of malicious nodes.We are currently investigating secury protocolfor group management, in large and dynamicad hoc n<strong>et</strong>works [4]. The protocol we suggestrelies on the TGDH protocol. In comparisonwith the previous solution, our algorithm helpsto uniformly dispatch the group key calculuson each node, and the global cryptographictree is optimized. Moreover, we propose anauthentication algorithm. Our algorithmprovides several well-known securityproperties, such as nodes authentication,messages freshness, passive attacks resistanceand known key attack resistance.As future work, we plan to develop reputationevaluation for such goup management protocoland define actice reaction mechanisms,including automatic exclusion of a maliciousnode from its group, based on this reputationevaluation.References[1] F. Cuppens, N. Cuppens-Boulahia <strong>et</strong> T.Sans. Nomad: A Security Model with NonAtomic Actions and Deadlines. 18th IEEEComputer Security Foundations Workshop(CSFW'05), Aix-en-Provence, France, June2005.[2] F. Cuppens, N. Cuppens-Boulahia, S. Nuonand T. Ramard. Property Based IntrusionD<strong>et</strong>ection to Secure OLSR. Third InternationalConference on Wireless and MobileCommunications (ICWMC), Gosier,Guadeloupe, March 2007.[3] F. Cuppens, N. Cuppens-Boulahia, T.Ramard. Misbehaviors D<strong>et</strong>ection to EnsureAvailability in OLSR. The 3rd InternationalConference on Mobile Ad-hoc and SensorN<strong>et</strong>works (MSN), Beijing, China, December2007.[4] F. Cuppens, N. Cuppens-Boulahia, J.Thomas. S-TGDH, secure enhanced groupmanagement protocol in ad hoc n<strong>et</strong>works.International Conference on Risk and Securityof Intern<strong>et</strong> and Systems (CRiSIS). Marrakech,Morocco. 2-5 July 2007.48 Extract of Pracom’s Annual Report <strong>2008</strong>

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!