1
Leveraging Social Contacts
for Message Confidentiality in
DTNs
Karim El Defrawy, John Solis, Gene Tsudik
Donald Bren School of Information and Computer Sciences
University of California, Irvine
2
Introduction
• Delay/Disruption Tolerant Networks (DTN)
– Space and Inter-planetary scenarios
– Developing countries and rural areas
– Example Deployment: Wizzy digital Courier in South Africa
• DTN Characteristics:
–
–
–
–
Intermittent connectivity
Frequent disruptions
High delay
No reliable end-to-end path
3
Motivation
• DTN characteristics raise security-related challenges
• Traditional security protocols
– Multiple rounds
– Strict ordering
– Non-robust
• Traditional security services
– Public-Key Infrastructure (PKI)
• Our focus: initial secure context establishment
4
Motivation
●
Pre-sharing secret keys not scalable
●
Identity Based Encryption (IBE)
●
–
Revocation vs Security Tradeoff
–
Distribution of Parameters
Other possibilities?
5
Our Basic Idea
●
●
Leverage social contact information to establish an
initial security context
Link destination to some affiliated entity (AE)
–
●
●
Company, University, Organization, Mutual friends …etc
Assumption: AE knows destination’s public key or
shares a symmetric key
Use AE’s as semi-trusted intermediaries
6
Network Model
• Regions defined by geographic
boundaries (cities, states, countries …etc)
• Nodes identified by Endpoint Identifier:
EID = { Region-ID, Entity-ID}
• One (or more) gateways interconnect
various regions
• Gateways part of a limited infrastructure
7
Intra-Region Messaging
Note: No fixed order of decryption
(or route traversal) necessary
8
Inter-Region Messaging
●
●
●
New assumption:
–
Gateways know keys of nodes in the local region
–
Gateway public keys issued to users upon registration
Idea:
–
Use local gateways of SRC and DST as AEs
–
DST gateway identified from RegionName EID field
–
Process same as in intra-region
Gateways add secure layer of encryption
9
Inter-Region Messaging
Step 1
Recover m
Step
t+1
Step 2
Step 3
10
Poor Man’s Approach
• What if no AEs are found? Try our best!
• Step 1: SRC generates K = H(K1,…,Kt), for random Ki
• Step 2: SRC composes t+1 messages
M 0  m  PRF ( K )
M i  Ki
• Step 3: Send messages in different directions
at different times
• Step 4: DST receives all messages, re-computes K,
and recovers M
11
Security Analysis
●
Honest-but-Curious Adversarial Model
–
●
●
Adversary does not interfere, but can retain copies of
messages
Collusion biggest threat to confidentiality
–
SRC has to be careful when selecting AEs
–
Select large number of AEs to reduce probability of
collusion but will increase delay
“Poor Man’s Approach” -> Probabilistic Security
12
Intra-region Simulation
●
Using DTN One Simulator
–
Downtown of Helsinki in Finland as simulation area (14km2)
–
250 nodes move for 24hours
–
Speed of nodes: 0.5 to 1.5 m/s (uniformly at random)
–
Traffic generated first 12 hours, one message per hour
–
Message sizes uniformly at random between 100kB and 2 MB
Delay between
messages
(hrs)
Delivery
Ratio
Interception
Probability
Avg Hop
Count
Avg Delay
(hrs)
1
0.86
0.34
2.80
3.06
2
0.84
0.32
2.80
4.96
3
0.83
0.27
2.80
6.16
4
0.81
0.24
2.80
7.17
5
0.81
0.21
2.79
8.11
6
0.81
0.18
2.74
9.06
13
Social Network Coverage
●
●
●
●
Analyze social connections from Facebook
Networks in Facebook represent countries, cities,
organizations …etc
Two networks:
–
Egypt (EGY) (900 random users)
–
Orange County (OC) (870 random users)
Questions to answer:
–
Average number of friends (and FoF) of users?
–
Does size of social graph depend on number of (one hop)
friends?
14
Social Network Coverage
Need 50-100 keys to reach
thousands of users
15
Limitations & Future Work
●
Scalability
–
●
●
How many keys will AEs need to store?
Unrealistic assumptions?
–
Will AEs know key of DST?
–
Honest-but-curious too weak?
Alternatives: Use GSM to transmit (short) keys, and
DTN to transmit bulk data
16
Conclusion
●
●
●
Motivated and presented techniques for confidential
messaging in DTNs
Use social contact information to determine AEs for
use as trusted intermediaries
Several open questions/issues remain
17
Questions?