SECURITY, PRIVACY AND TRUST IN NETWORKED EMBEDDED SYSTEMS
Ahmet Onur Durahim
Computer Science and Engineering, Ph.D. Dissertation, 2012
Assoc. Prof. Erkay Savaş (Thesis Supervisor), Assoc. Prof. Albert Levi,
Assoc. Prof. Cem Güneri, Asst. Prof. Selim Balcısoy,
Asst. Prof. Selçuk Baktır (Bahçeşehir University)
Date &Time: February 2nd, 2012 – 15:00
Place: FENS G029
Keywords: embedded systems, anonymous authentication, group signatures, direct anonymous attestation, pairing based cryptography, wireless mesh networks
With the advent of public key cryptography, digital signature schemes have been extensively studied in order to minimize the signature sizes and to accelerate their execution while providing necessary security properties. Due to the privacy concerns pertaining to the usage of digital signatures in authentication schemes, privacy-preserving signature schemes, which provide anonymity of the signer, have attracted substantial interest in research community.
Group signature algorithms, where a group member is able to sign on behalf of the group anonymously, play an important role in many privacy-preserving authentication/identification schemes. On the other hand, a safeguard is needed to hold users accountable for their (suspected) malicious behaviors. To this end, a designated opening/revocation manager is introduced to open a given anonymous signature to reveal the identity of the user. If the identified user is indeed responsible for malicious activities, then s/he can also be revoked by the same entity. A related scheme named direct anonymous attestation is proposed for attesting the legitimacy of a trusted computing platform while maintaining its privacy.
This dissertation studies the proposed group signature and direct anonymous attestation schemes. These schemes are analyzed, and adapted to wireless networks comprising resource-constrained embedded devices that are required to communicate securely and be authenticated anonymously, while malicious behavior needs to be traced to its origin. Privacy-aware devices that are used to anonymously connect to wireless networks need to secure their communication via efficient symmetric key cryptography, as well.
In this dissertation, we propose an efficient, anonymous and accountable mutual authentication and key agreement protocol applicable to wireless networks. The proposed scheme is adapted to hybrid wireless mesh networks, where users can also act as relaying agents. The proposed scheme is implemented and simulated using cryptographic libraries and simulators that are widely deployed in academic circles. The results demonstrate that the proposed scheme is effective, efficient and feasible in the context of wireless networks.
The primary contribution of this thesis is a novel privacy-preserving anonymous authentication scheme consisting of a set of protocols designed to reconcile user privacy and accountability in an efficient and scalable manner in the same framework. The three-party join protocol, where a user can connect anonymously to the wireless network with the help of two semi-trusted parties (comprising the network operator and a third party), is efficient and easily applicable in wireless networks settings. Furthermore, two other protocols, namely two-party identification and revocation protocols enable the network operator to trace back to the origins of suspected malicious behavior and revoke users due to malicious activities. The last two protocols can only be executed when the two semi-trusted parties cooperate to provide accountability. Therefore, the scheme is protected against an omni-present authority (e.g. network operator) violating the privacy of network users at will. We also provide arguments and discussions for security and privacy of the proposed scheme.