authentication & intrusion prevention for multi-link wireless networks
DESCRIPTION
Authentication & Intrusion Prevention for Multi-Link Wireless Networks. Raphael Frank 20 October 2007. Overview. 1. 2. 3. 4. 5. 6. Introduction. Authentication in WMN using exisitng protocols. Emerging Security Issues. Authentication protocol based on WMN properties. - PowerPoint PPT PresentationTRANSCRIPT
Raphael Frank20 October 2007
Authentication & Intrusion Prevention for Multi-Link Wireless Networks
2
Overview
11 Introduction Introduction
22 Authentication in WMN using exisitng protocols Authentication in WMN using exisitng protocols
33 Emerging Security Issues Emerging Security Issues
44 Authentication protocol based on WMN properties Authentication protocol based on WMN properties
55 Security Analysis Security Analysis
66 Conclusion Conclusion
3
IntroductionWhat is Wireless Mesh Network (WMN)?
Mesh Nodes: Devices with at least two radio interfacesMesh nodes form together a wireless network (Ad-Hoc)Second interface (AP) is used by mobile clients to connect to the networkHot Spots (HS): Mesh Nodes equipped with a wired internet connectionTransient Access Points (TAP): Mesh Nodes without wired internet connection
Provide Internet Access to Mobile Clients by using the WMN as a backhaul
4
Authentication in WMN using existing protocols (1)
Authentication protocols for the State of the Art of Wireless Networks
IEEE 802.11:First WiFi standard released in 1997
Provides Data encryption and authentication
IEEE 802.11i:Most recent security standard released in 2004
Provides a robust data encryption and includes an external authentication framework
5
Authentication in WMN using existing protocols (2)
IEEE 802.11Encryption Protocol Wired Equivalent Privacy (WEP), based on shared-key (Key length 64 or 128 bit)Authentication based on the knowledge of the shared-keySecurity Goals:
Prevent Eavesdropping PRIVACYPrevent Message Modification INTEGRITYNetwork Access Control AUTHENTICATION
Weaknesses – None of the security goals are met: Key stream reuse PRICACY CRC attacks INTEGRITY Authentication Spoofing AUTHENTICATION
6
Authentication in WMN using existing protocols (3)
IEEE 802.11iEncryption Protocol WiFi Protected Access 1 & 2 (WPA1 & WPA2)
Provides robust security properties
Authentication performed using the Extensible Authentication Protocol (EAP)
Needs a centralize authentication server
Different authentication possibilities (EAP methods)
7
Authentication in WMN using existing protocols (4)
Extensible Authentication Protocol (EAP)Used in wireless and fixed networks
Port Based Network Access
Authentication framework
Currently about 40 different EAP methodsCommonly used methods : EAP-TLS, EAP-TTLS
8
Emerging Security issues (1)
Problems with the standard protocols
Originally developed for the State of the Art of Wireless NetworksSecurity only for the first wireless link no End-To-End features
Privacy: No data encryption after the first hopAuthentication: No Layer 2 authentication after the first hop
Single point of failure: Centralized Authentication ServerMesh nodes cannot be considered as trustworthyNo topology authentication
9
Emerging Security issues (2)
What are the problems related to the architecture of a WMN?
Mesh nodes cannot be considered as trustworthyThey are often deployed in a hostile environment
An attacker can spoof and/or take over a mesh node
No topology authenticationAn attacker can easily inject a malicious node into the WMN
Gain access to the network
Perform Denial of Service (DoS)
Perform Man in the Middle Attacks (MitM)
10
Definition of a new authentication protocol (1)
Why a new protocol?No standardized security protocols for WMN
The existing protocols do not meet the requirements
What should the protocol provide?“Real-time/Continuous” Authentication Acceptable performance
Authentication of every participating node of WMN Topology authentication
Authentication of the network traffic
Trustworthy mesh nodes Mesh Node Access Control
Attack Detection/Reaction mechanism
11
Definition of a new authentication protocol (2)
How does it work?Based on digital signatures to verify integrity and authenticity
Hybrid authentication protocol using symmetric and asymmetric cryptography
Offers the best properties in terms of security and performance
The administrator plays the role of the CAProvides the needed keys to the Nodes
12
Definition of a new authentication protocol (3)
What are the required keys?Every node is in possession
Personal Public KeyPersonal Private KeyPersonal Secret Key symmetricPublic Key of the AdministratorNodelist Containing the allowed communication neighborsAfter initialization different public/secret keys of neighbor nodes
The procedure can be subdivided in two operations:
I) Initialization of a new node
II) Information transmission
} asymmetric
13
Definition of a new authentication protocol (4)
Initialization of a new node (asymmetric)
Node A wants register to the WMNNodelist Cert(A) WMNSignature
broadcast
Initialization message
The receiving node BChecks if it is included in the node list (NL)
Checks the signature Using the Public Key of the Admin
B encrypts its secret key and sends it to A
After a successful decryption, A encrypts its secret key and sends it to B
A :
14
Definition of a new authentication protocol (5)
Initialization of a new node (asymmetric)Node A wants register to the WMN
Node B
(1) Broadcast: NL, Cert(A), SIG{[NL,Cert(A)], PrivK(Admin)}
(2) ENC{[Cert(B),K(B),T1], PubK(A)}
(3) ENC{[K(A),T2], PubK(A)}
Node A
15
Definition of a new authentication protocol (6)
Information transmission (symmetric)Every node needs to have the secret key of its neighbor nodes Initialization
Symmetric Signature Message Authentication Code (MAC) = Fingerprint encrypted using a secret key Faster
Node A wants to send a message to node C via node B
Data Timestamp CSignature
Message to be transferred
A :Send via node B
16
Definition of a new authentication protocol (7)
Information transmission (symmetric)Signature verification and newly generated at every hop of the transmission path
A different Timestamp guarantees a different signature
Node A Node B Node C
(1) MSG, T1, SIG{(MSG,T1), K(A)} (2) MSG, T2, SIG{(MSG,T2), K(B)}
(4) MSG, T4, SIG{(MSG,T4), K(B)} (3) MSG, T3, SIG{(MSG,T3), K(C)}
17
Definition of a new authentication protocol (8)
How to create trustworthy nodes?We need to guarantee that a attacker cannot retrieve the sensitive data (Keys, Nodelist, …) form a mesh node
Mesh Node Access ControlBefore an attacker gains access to a node, the keys are erased a replaced by dummy values
Consequence Neighbor nodes will fail to verify the messages form the attacked node and drop them
Passive attack detection
The node is automatically excluded form the WMN
18
Definition of a new authentication protocol (9)
19
Security Analysis (1)
Security & Performance RequirementsAcceptable performance : YES Using symmetric signatures
Topology authentication : YES Every node participating in a communication is authenticated
Authentication of the traffic : YESThe source of every message is known
Trustworthy mesh nodes : YESMesh Node Access Control
Attack Detection and Reaction : YESCorrupt Nodes are detected and excluded form the WMN
20
Security Analysis (2)
Other Security featuresNo replay attacks using timestamps
No single point of failure No centralized entity
Node Spoofing/Injection not possible Topology authentication
The attacker does not know the needed keys
Man in the Middle Attack can be used to perform DoSIf an attacker modifies a transient message, it will be discarded
21
ConclusionWhat’s next?
Extend the authentication protocolImplementation of a prototype
Client/User authentication
Add an administration procedure
Remotely reintroduce attacked node into the WMN
Attack reporting
Privacy and Performance on WMN need to be considered as well
Release of a security standard for WMNIEEE 802.11s?