Raphael Frank20 October 2007

Authentication & Intrusion Prevention for Multi-Link Wireless Networks

2

Overview

11 Introduction Introduction

22 Authentication in WMN using exisitng protocols Authentication in WMN using exisitng protocols

33 Emerging Security Issues Emerging Security Issues

44 Authentication protocol based on WMN properties Authentication protocol based on WMN properties

55 Security Analysis Security Analysis

66 Conclusion Conclusion

3

IntroductionWhat is Wireless Mesh Network (WMN)?

Mesh Nodes: Devices with at least two radio interfacesMesh nodes form together a wireless network (Ad-Hoc)Second interface (AP) is used by mobile clients to connect to the networkHot Spots (HS): Mesh Nodes equipped with a wired internet connectionTransient Access Points (TAP): Mesh Nodes without wired internet connection

Provide Internet Access to Mobile Clients by using the WMN as a backhaul

4

Authentication in WMN using existing protocols (1)

Authentication protocols for the State of the Art of Wireless Networks

IEEE 802.11:First WiFi standard released in 1997

Provides Data encryption and authentication

IEEE 802.11i:Most recent security standard released in 2004

Provides a robust data encryption and includes an external authentication framework

5

Authentication in WMN using existing protocols (2)

IEEE 802.11Encryption Protocol Wired Equivalent Privacy (WEP), based on shared-key (Key length 64 or 128 bit)Authentication based on the knowledge of the shared-keySecurity Goals:

Prevent Eavesdropping PRIVACYPrevent Message Modification INTEGRITYNetwork Access Control AUTHENTICATION

Weaknesses – None of the security goals are met: Key stream reuse PRICACY CRC attacks INTEGRITY Authentication Spoofing AUTHENTICATION

6

Authentication in WMN using existing protocols (3)

IEEE 802.11iEncryption Protocol WiFi Protected Access 1 & 2 (WPA1 & WPA2)

Provides robust security properties

Authentication performed using the Extensible Authentication Protocol (EAP)

Needs a centralize authentication server

Different authentication possibilities (EAP methods)

7

Authentication in WMN using existing protocols (4)

Extensible Authentication Protocol (EAP)Used in wireless and fixed networks

Port Based Network Access

Authentication framework

Currently about 40 different EAP methodsCommonly used methods : EAP-TLS, EAP-TTLS

8

Emerging Security issues (1)

Problems with the standard protocols

Originally developed for the State of the Art of Wireless NetworksSecurity only for the first wireless link no End-To-End features

Privacy: No data encryption after the first hopAuthentication: No Layer 2 authentication after the first hop

Single point of failure: Centralized Authentication ServerMesh nodes cannot be considered as trustworthyNo topology authentication

9

Emerging Security issues (2)

What are the problems related to the architecture of a WMN?

Mesh nodes cannot be considered as trustworthyThey are often deployed in a hostile environment

An attacker can spoof and/or take over a mesh node

No topology authenticationAn attacker can easily inject a malicious node into the WMN

Gain access to the network

Perform Denial of Service (DoS)

Perform Man in the Middle Attacks (MitM)

10

Definition of a new authentication protocol (1)

Why a new protocol?No standardized security protocols for WMN

The existing protocols do not meet the requirements

What should the protocol provide?“Real-time/Continuous” Authentication Acceptable performance

Authentication of every participating node of WMN Topology authentication

Authentication of the network traffic

Trustworthy mesh nodes Mesh Node Access Control

Attack Detection/Reaction mechanism

11

Definition of a new authentication protocol (2)

How does it work?Based on digital signatures to verify integrity and authenticity

Hybrid authentication protocol using symmetric and asymmetric cryptography

Offers the best properties in terms of security and performance

The administrator plays the role of the CAProvides the needed keys to the Nodes

12

Definition of a new authentication protocol (3)

What are the required keys?Every node is in possession

Personal Public KeyPersonal Private KeyPersonal Secret Key symmetricPublic Key of the AdministratorNodelist Containing the allowed communication neighborsAfter initialization different public/secret keys of neighbor nodes

The procedure can be subdivided in two operations:

I) Initialization of a new node

II) Information transmission

} asymmetric

13

Definition of a new authentication protocol (4)

Initialization of a new node (asymmetric)

Node A wants register to the WMNNodelist Cert(A) WMNSignature

broadcast

Initialization message

The receiving node BChecks if it is included in the node list (NL)

Checks the signature Using the Public Key of the Admin

B encrypts its secret key and sends it to A

After a successful decryption, A encrypts its secret key and sends it to B

A :

14

Definition of a new authentication protocol (5)

Initialization of a new node (asymmetric)Node A wants register to the WMN

Node B

(1) Broadcast: NL, Cert(A), SIG{[NL,Cert(A)], PrivK(Admin)}

(2) ENC{[Cert(B),K(B),T1], PubK(A)}

(3) ENC{[K(A),T2], PubK(A)}

Node A

15

Definition of a new authentication protocol (6)

Information transmission (symmetric)Every node needs to have the secret key of its neighbor nodes Initialization

Symmetric Signature Message Authentication Code (MAC) = Fingerprint encrypted using a secret key Faster

Node A wants to send a message to node C via node B

Data Timestamp CSignature

Message to be transferred

A :Send via node B

16

Definition of a new authentication protocol (7)

Information transmission (symmetric)Signature verification and newly generated at every hop of the transmission path

A different Timestamp guarantees a different signature

Node A Node B Node C

(1) MSG, T1, SIG{(MSG,T1), K(A)} (2) MSG, T2, SIG{(MSG,T2), K(B)}

(4) MSG, T4, SIG{(MSG,T4), K(B)} (3) MSG, T3, SIG{(MSG,T3), K(C)}

17

Definition of a new authentication protocol (8)

How to create trustworthy nodes?We need to guarantee that a attacker cannot retrieve the sensitive data (Keys, Nodelist, …) form a mesh node

Mesh Node Access ControlBefore an attacker gains access to a node, the keys are erased a replaced by dummy values

Consequence Neighbor nodes will fail to verify the messages form the attacked node and drop them

Passive attack detection

The node is automatically excluded form the WMN

18

Definition of a new authentication protocol (9)

19

Security Analysis (1)

Security & Performance RequirementsAcceptable performance : YES Using symmetric signatures

Topology authentication : YES Every node participating in a communication is authenticated

Authentication of the traffic : YESThe source of every message is known

Trustworthy mesh nodes : YESMesh Node Access Control

Attack Detection and Reaction : YESCorrupt Nodes are detected and excluded form the WMN

20

Security Analysis (2)

Other Security featuresNo replay attacks using timestamps

No single point of failure No centralized entity

Node Spoofing/Injection not possible Topology authentication

The attacker does not know the needed keys

Man in the Middle Attack can be used to perform DoSIf an attacker modifies a transient message, it will be discarded

21

ConclusionWhat’s next?

Extend the authentication protocolImplementation of a prototype

Client/User authentication

Add an administration procedure

Remotely reintroduce attacked node into the WMN

Attack reporting

Privacy and Performance on WMN need to be considered as well

Release of a security standard for WMNIEEE 802.11s?

22

The end …

Thank you for your attention

Questions?

Raphael.Frank@uni.luWiki.uni.lu/Secan-Lab