1 Leveraging Social Contacts for Message Confidentiality in DTNs Karim El Defrawy, John Solis, Gene Tsudik Donald Bren School of Information and Computer Sciences University of California, Irvine 2 Introduction • Delay/Disruption Tolerant Networks (DTN) – Space and Inter-planetary scenarios – Developing countries and rural areas – Example Deployment: Wizzy digital Courier in South Africa • DTN Characteristics: – – – – Intermittent connectivity Frequent disruptions High delay No reliable end-to-end path 3 Motivation • DTN characteristics raise security-related challenges • Traditional security protocols – Multiple rounds – Strict ordering – Non-robust • Traditional security services – Public-Key Infrastructure (PKI) • Our focus: initial secure context establishment 4 Motivation ● Pre-sharing secret keys not scalable ● Identity Based Encryption (IBE) ● – Revocation vs Security Tradeoff – Distribution of Parameters Other possibilities? 5 Our Basic Idea ● ● Leverage social contact information to establish an initial security context Link destination to some affiliated entity (AE) – ● ● Company, University, Organization, Mutual friends …etc Assumption: AE knows destination’s public key or shares a symmetric key Use AE’s as semi-trusted intermediaries 6 Network Model • Regions defined by geographic boundaries (cities, states, countries …etc) • Nodes identified by Endpoint Identifier: EID = { Region-ID, Entity-ID} • One (or more) gateways interconnect various regions • Gateways part of a limited infrastructure 7 Intra-Region Messaging Note: No fixed order of decryption (or route traversal) necessary 8 Inter-Region Messaging ● ● ● New assumption: – Gateways know keys of nodes in the local region – Gateway public keys issued to users upon registration Idea: – Use local gateways of SRC and DST as AEs – DST gateway identified from RegionName EID field – Process same as in intra-region Gateways add secure layer of encryption 9 Inter-Region Messaging Step 1 Recover m Step t+1 Step 2 Step 3 10 Poor Man’s Approach • What if no AEs are found? Try our best! • Step 1: SRC generates K = H(K1,…,Kt), for random Ki • Step 2: SRC composes t+1 messages M 0 m PRF ( K ) M i Ki • Step 3: Send messages in different directions at different times • Step 4: DST receives all messages, re-computes K, and recovers M 11 Security Analysis ● Honest-but-Curious Adversarial Model – ● ● Adversary does not interfere, but can retain copies of messages Collusion biggest threat to confidentiality – SRC has to be careful when selecting AEs – Select large number of AEs to reduce probability of collusion but will increase delay “Poor Man’s Approach” -> Probabilistic Security 12 Intra-region Simulation ● Using DTN One Simulator – Downtown of Helsinki in Finland as simulation area (14km2) – 250 nodes move for 24hours – Speed of nodes: 0.5 to 1.5 m/s (uniformly at random) – Traffic generated first 12 hours, one message per hour – Message sizes uniformly at random between 100kB and 2 MB Delay between messages (hrs) Delivery Ratio Interception Probability Avg Hop Count Avg Delay (hrs) 1 0.86 0.34 2.80 3.06 2 0.84 0.32 2.80 4.96 3 0.83 0.27 2.80 6.16 4 0.81 0.24 2.80 7.17 5 0.81 0.21 2.79 8.11 6 0.81 0.18 2.74 9.06 13 Social Network Coverage ● ● ● ● Analyze social connections from Facebook Networks in Facebook represent countries, cities, organizations …etc Two networks: – Egypt (EGY) (900 random users) – Orange County (OC) (870 random users) Questions to answer: – Average number of friends (and FoF) of users? – Does size of social graph depend on number of (one hop) friends? 14 Social Network Coverage Need 50-100 keys to reach thousands of users 15 Limitations & Future Work ● Scalability – ● ● How many keys will AEs need to store? Unrealistic assumptions? – Will AEs know key of DST? – Honest-but-curious too weak? Alternatives: Use GSM to transmit (short) keys, and DTN to transmit bulk data 16 Conclusion ● ● ● Motivated and presented techniques for confidential messaging in DTNs Use social contact information to determine AEs for use as trusted intermediaries Several open questions/issues remain 17 Questions?