10 septembre 2012 à 14h en salle C06 / TSP/EVRY

« Authentification dans les réseaux maillés sans-fils avec la cryptographie basée sur l’identité »

à 14h en salle C06.

Composition du jury:

— Mr. Christophe BIDAN—–Maître de conférences, Supélec, Rennes—–Rapporteur

— Mr. Mohamed HAMDI—–Maître de conférences, Sup’Com, Tunisie—–Rapporteur

— Mme. Houda LABIOD—–Maître de conférences, Télécom ParisTech—–Examinatrice

— Mr. Jalel BEN OTHMAN—–Professeur, Université Paris 13—–Examinateur

— Mr. Marcelo DIAS DE AMORIM—–Professeur, Université Paris 6—–Examinateur

— Mme. Maryline LAURENT—–Professeur, Télécom SudParis—–Directrice de thèse

Abstract :

Wireless Mesh Network (WMN) is a very promising technology for extending existing networks with its easy-to-deploy architecture. The wireless backbone serves to interconnect different networking technologies through Mesh Routers (MRs).

MRs act either as Access Points (APs) for end users, as gateways to external networks (such as the Internet), or as routers relaying traffic between WMN stations. Unfortunately, security issues still remain unsolved in WMNs.

Some reliable authentication and access control mechanisms are highly needed so the selected authentication method is tightly suited to the resource constraints of the stations (energy and processing).

Nowadays, authentication in WMNs refers to IEEE802.1X standard authentication methods
or a pre-shared key authentication, and makes use of certificates or shared secrets.

In wireless environments, management of certificates is disadvantageous.

Certificates require deploying a Public Key Infrastructure (PKI) and a Certification Authority (CA). The CA defines a certificate management policy to control the generation, transmission and revocation of certificates.

Management of certificates is a cumbersome task and does not match the limited (power and memory) resources available at wireless nodes. Moreover, it does not match the non permanent connectivity to the CA.
In order to get rid of PKI disadvantages, we investigate in this thesis, the use of ID-Based Cryptography (IBC) for authentication in WMNs.

IBC proposes to derive an entity public key from its identity directly. As such, IBC avoids the deployment of the PKI and the CA. IBC relies on a Private Key Generator (PKG) for the computation of stations private keys.

As such, the PKG is able to impersonate as any station by illegally generating signature or deciphering encrypted traffic. For mitigating that Key Escrow Attack (KEA), a strong assumption is usually made necessary that the PKG is a trustworthy entity.

In this thesis, we first present an ID-Based Password Authentication Protocol (IBPAP) that relies on IBC and a shared secret to authenticate mesh station to the network Authentication Server (AS).We propose to use the AS as a PKG.

As such, the AS generates the ID-based private key of the supplicant station at the end of a successful authentication. Meanwhile, the supplicant station uses the shared secret to authenticate the AS and its ID-based public parameters.

The latter are needed for the good usage of ID-based signature and encryption algorithms. Second, we propose a Key Escrow Resistant ID-Based Authentication Protocol (KERIBAP).

That is, we make each supplicant station participate to the generation of its ID-based private key. We show how to change the existing ID-based signature and encryption algorithms to take into consideration the new format of private keys.

We discuss also the possibility of distributing the private key generation between a set of ASs in order to avoid the key escrow attack.

We verify that our authentication protocols are all secure in the formal model using the protocol verification tool ProVerif. In addition, we discuss their security resistance to some well-known attacks such as replay, collision and denial of service attacks.

Finally, we propose some implementation results to confirm IBC advantages compared to PKI. We show how IBC usage reduces the memory consumption of stations.

---