Skip to main content
Department of Information Technology

Security in Mobile Peer-to-Peer Systems

A VINNOVA fundet research project on security for the future of the Internet. The project is driven by Christian Rohner with help of the talented students Anna Otto, Tobias Bandh, Fredrik Bjurefors, and Ioana Ungurean. Per Gunningberg and Mats Björkman are valuable resource persons for brainstorming and guidance.

Project Description

A peer-to-peer network is a virtual network in which a set of devices executes a common protocol or application as equals. While peer-to-peer networks are well established on today's Internet, we believe that they are in particular qualified for environments with personal devices to support collaboration. However, environments with personal devices have fundamentally different characteristics than the Internet because personal devices are increasingly small mobile devices carried around and using wireless connectivity for interaction. Sensitive personal and private information stored on devices has therefore to be protected by security mechanisms.

In this research program, we focus on security aspects in mobile peer-to-peer networks. We identify, investigate, and evaluate the basic mechanisms needed to securely execute common protocols and applications in a mobile environment. A special focus is on support for personal devices with limited resources.

Presentation:

  • Christian Rohner, Security Management for Mobile Peer-to-Peer Systems | pdf

Project Structure

The Project is structured into three parts:

Security Bootstrapping

As the user is a central component of the system, we investigate bootstrapping mechanisms to build up associations between users and their devices. These associations are used to build well-defined dependencies for security configuration and to build security and trust relations between devices of the same owner. These relations are then used to build up federations of devices that can secure interact with each other.

We presented an improved variation of the classical "Resurrecting Duckling Policy Model" for key exchange and policy managment. The work includes an ownership model to build secure relations between devices, a security policy definition language to assign rights to secure relations, and support for delegation.
Ongoing work is investigating two new approaches to distance bounding (i.e., proximity based key negotiation) using sensor information. A prototye implementation will soon be ready. We belief that work complements our ownership model and is crucial for security bootstrapping on small devices without user interface.

Article:

  • Christian Rohner, Security Bootstrapping for Networked Devices | pdf
  • Christian Rohner, Building Secure Communities in Spontaneously Networked Environments | pdf
  • Christian Rohner, An Ownership Model and a Security Policy Definition Language to Security Bootstrap Ad-hoc Distributed Systems| pdf
  • Anna Otto, From Probability Distributions to Common Secrets (Masters Thesis) | pdf
  • Henrik Andersson, Secure Drag&Drop Key Exchange (Masters Thesis) | pdf
  • Christian Rohner, Sense the Key: Security Bootstrapping for Small Devices | pdf
  • Christian Rohner, Henrik Andersson, Ioana Ungurean, Secure Drag&Drop Key Exchange (Demo) | pdfposter
  • Patrik Jansson, Magnus Rundlöf, Using sensor data to generate random bit-strings | pdf

Security proxy and protocol negotiation

Some devices do not have enough computational resources to execute the required security operations by themselves. One research issue is whether or how protocols can be separated in such a way that a more powerful device can take over some of the operations of a limited device. Such separation could range from pre-computation of parameters, to delegation of all operations to another device.

Our work so far resulted in a prototype implementation on both, computer and mobile phone. The concept of virtual services has been proposed. Virtual services augment services of weak devices and run on the security proxy instead of on the weak device. The cost of authentication protocols has been mathematicaly analysed and compared with an implementation on a mobile phone.

Article:

  • Tobias Bandh, Evaluation of Authentication Algorithms for Small Devices (Masters Thesis) | pdf | poster
  • Annika Karlsson, Anna Sandström, Low-Cost RFID Technology - an Overview | pdf
  • Andreas Achtzehn Christian Rohner, Ioana Rodhe, ARPD: Asynchronous random key predistribution in the LEAP framework for Wireless Sensor Networks | pdf
  • Ioana Rodhe, Christian Rohner, Andreas Achtzehn, n-LQA: n-Layers Query Authentication in Sensor Networks | pdf
  • Christian Rohner, Security Aspects in the Sami Network Connectivity Project | pdf

Support for clouds of devices and agreement

The main research issue are efficient join and leave algorithms for groups of entities in group communication and agreement protocols. Instead of assigning each individual entity of one group to another group, a mechanism is needed to build an agreement between the two groups to join. Caching of previously joined groups is one option to explore, others include the extension of existing protocols for single join and leave.

Mechanisms to recognize groups of entities and agreements to recognize a group even with small changes to the composition of entities within groups have to be developed.

Article:

  • Andreas Achtzehn, Zinaida Benenson, Christian Rohner, Implementing Agreement Protocols in Sensor Networks | pdf
  • Zinaida Benenson, Secure Group Communication for Mobile P2P Groups: A Survey | pdf
  • Zinaida Benenson, Felix C. Freiling, Birgit Pfitzmann, Christian Rohner, Michael Waidner, Verifiable Agreement: Limits of Non-Repudiation in Mobile Peer-to-Peer Ad Hoc Networks | pdf

Collaborations

We collaborated with the Vinnova Sami Network Connectivity project, SSF Winternet project, University of Mannheim, EU Haggle project, and Ulf Dellborg.

Contact

You are very welcome to contact Christian Rohner (christian.rohner@it.uu.se) for more information.

Updated  2007-07-02 14:09:30 by Christian Rohner.