1 / 45

Security Provision For Wireless Mesh Networks

Security Provision For Wireless Mesh Networks. Celia Li Computer Science and Engineering York University. Outline. Overview of Wireless Mesh Networks (WMNs) Overview of network security Literature review and research directions Access control Authentication

kipp
Download Presentation

Security Provision For Wireless Mesh Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Provision For Wireless Mesh Networks Celia Li Computer Science and Engineering York University

  2. Outline • Overview of Wireless Mesh Networks (WMNs) • Overview of network security • Literature review and research directions • Access control • Authentication • Group key management • Conclusion

  3. Outline • Overview of Wireless Mesh Networks (WMNs) • Overview of network security • Literature review and research directions • Access control • Authentication • Group key management • Conclusion

  4. Wireless Mesh Networks (WMNs) • Wireless Mesh Router • Stationary in most cases • No power or computation constrains • Self-organized, self-configured • Providing multi-hop connectivity • Wireless Mesh Clients • Varying degrees of mobility • Having energy autonomy, computation & transmission constrains • PDA, laptops, pocket PCs, cell phones • Network Gateways / Access Points • Acting both as Internet routers and wireless mesh routers • Applications of WMNs • Disaster recovery, security surveillance, Internet access in rural areas, municipal and metropolitan networking

  5. Advantages of WMNs • Low cost installation • In hard-to-wire areas or building (e.g., water surface, mountains) • Large-scale deployment • Reliability • If some nodes are down, packets can be delivered via adjacent nodes due to the mesh structure • Self-management • Self-configuration and self-healing

  6. WMNs vs. Wireline Networks • In wireline networks • Wired routers can be physically protected • In WMNs • Wireless routers are not physically protected easily if deployed outside. • Low cost deployment • Vulnerable to security attacks • e.g. eavesdropping, jamming, denial of service • Lower bandwidth, higher error rate

  7. WMNs vs. Wireless Local Area Networks (WLANs) • In WMNs • Only a small number of selected mesh routers (gateways) require wired interafce • Multi-hop routing • In WLANs • Each access point has to have a wired interface • 1-hop wireless connection

  8. WMNs vs. Mobile Ad-hoc Networks • Similarity • Both operate in a wireless multi-hop routing fashion. • Each node forwards data packets on behalf of other nodes. • In MANETs • Nodes are mobile or portable • With power or computational constraints • Dynamic network topology • In WMNs • Mesh routers are stationary in most cases • No power or computational constraints • Mesh clients’ mobility does not affect network topology

  9. Outline • Overview of Wireless Mesh Networks (WMNs) • Overview of network security • Literature review and research directions • Access control • Authentication • Group key management • Conclusion

  10. Security Property • Confidentiality • Content of a message is accessible only to authorized users • Integrity • Data cannot be modified without being detected • Authenticity • A node can be sure of the identity of the peer node it is communicating with. • Non-repudiation • Neither the sender nor the receiver of a message is able to deny the transmission/reception. • Availability • Authorized actions can in fact take place

  11. Security Provision is Challenging in WMNs • Lower bandwidth and higher error rate of wireless channels • Limited power supply, memory or computing capability of mesh clients • Mobility of mesh clients • Vulnerable to security attacks • e.g., eavesdropping, traffic analysis or denial of service

  12. Network Security Issues • Access control • Only authorized actions (e.g., membership enrollment, data transmission) can be performed. • Authentication • Ability to identify the members of the group (senders & receivers) • Encryption • Converting data into a form that cannot be easily understood by unauthorized people • Key management • Generation, exchange, storage, safeguarding and replacement of keys • Secure routing • Ensures that a message is eventually delivered to all legitimate nodes within a reasonable amount of time, despite nodes that may corrupt, drop or misroute the message.

  13. Security Requirements • Computation cost • Mutual authentication between router and client • Fast and secure handover operation • Efficient and secure multicast communication • Secure routing • Service availability

  14. Our Research Focus Security provision in WMNs: • Access control • Authentication • Key management • Group key management – To provide secure distributions & handling of cryptographic keying materials in a multicast group

  15. Outline • Overview of Wireless Mesh Networks (WMNs) • Overview of network security • Literature review and research directions • Access control • Authentication • Group key management • Conclusion

  16. Classification of Access Control • Access control operates against two risks • Unauthorized access to system resources • Improper use of system resources • Access Control List (ACL) • A list of permissions attached to an object • Who or what is allowed to access the object • What operations are allowed to be performed on the object • E.g., entry (Alice, delete) for file XYZ • Mandatory Access Control (MAC) • Assigning security labels or classifications to system resources • Giving access using the defined levels • E.g., top secret, secret, classified, unclassified • Role-based Access Control (RBAC) • Enforcing access to computer or network resources based on the roles of individual users within an enterprise • Assigning privileges to arbitrary roles • Assigning roles to real users

  17. Access Control List (ACL) • In ACL, every piece of data, database or application has a list of users associated with it. • Advantages • Simple, easy, straightforward • Good for small-size organizations • Disadvantages • Difficult, time consuming, error prone when access control list becomes large

  18. Mandatory Control List (MAC) • Two principles for user access • Read down access • Write up access • Application • Used for government and military users • Disadvantages • Not flexible • Not suitable for commercial applications • MAC enforces access control based on the security labels attached to users and objects.

  19. Role-based Access Control (RBAC) • RBAC is based on organization structure • User-role-privilege • Assign roles to users • Each role associates with a set of privileges or objects • Role hierarchies • Constraints • Mutual exclusive roles • Cardinality • Prerequisite roles • Advantages • Offering flexibility • Simplifying access control administration • Reducing management cost

  20. Security Principles for Access Control • Least privilege • Given no more privileges than necessary to perform a job • Separation of duty • No single individual be allowed to execute all transactions within the set. • E.g., initiating a payment vs. authorizing a payment. • Data abstraction • Defining permissions at a higher level rather than on read/write/ execute • E.g., defining permissions as credit/debit for an account object.

  21. Access Control in Wireline Networks • Access control lists (ACLs) • Does not support three security principles • Least privilege • Separation of duties • Data abstraction • Costly and prone to error • Role-based access control (RBAC) • Support three security principles • Used to establish trust relationships for strangers on the Internet • Flexible, simplifying access control administration, reducing management cost

  22. Access Control in Wireless Networks • ACLs in Wireless Metropolitan Networks • Based on packet marking & packet filtering • Checking an access control list (ACL) to decide how to process packets • Supporting network roaming • RBAC in WLANs • Implemented with time and location constraints • Strength of authentication and encryption is chosen according to the role of the user

  23. Access Control for WMNs • Previous work is not readily applicable to WMNs • Access control that relies on access control list (ACL) is no longer effective • Role-base access control (RBAC) is not suitable for multiple mesh domains • Desired properties of access control in WMNs • Fast access control for handover • Flexibility • Manageability • Low communication overhead

  24. Research Directions • Developing an extended role-based access control (ERBAC) model for WMNs • Designing ERBAC for intra-domain access control • A role assignment algorithm • A role certificate generation and verification method • Designing ERBAC for Inter-Domain access control • A role mapping algorithm • A role negotiation protocol

  25. Outline • Overview of Wireless Mesh Networks (WMN) • Overview of network Security • Literature Review and Research Directions • Access Control • Authentication • Group Key Management • Conclusion

  26. Classification of Authentication (1/3) • Authentication is the process of proving one’s identity to someone else • Type of cryptography • Symmetric key authentication • Public key authentication • Involvement of trusted third party • Without trusted third party • With trusted third party • Reciprocity of authentication • One-way authentication • Mutual authentication (two-way)

  27. Classification of Authentication (2/3) AB: M BA: EKab(M) A: DKab(EKab(M))=M Type of cryptography • Symmetric key authentication • Verifying identity based on a secret key shared between the participants • Public key authentication • Based on a public-private key pair • Private key for signing • Public key for verification AB: M BA: EB_private(M) A: DB_public(EB_private(M))=M • Comparison • Symmetric key authentication • Efficient • Less demanding computationally • Hard to distribute shared keys in advance • Public key authentication • Strong security • Mathematically complex

  28. Classification of Authentication (3/3) • Involvement of trusted third party • Without trusted third party • Two parties trust each other • With trusted third party • Two parties do not fully trust each other • Involves a trusted third party • Reciprocity of authentication • One-way authentication • Only one party needs to authenticate the other • Mutual authentication (two-way) • Both parties authenticate each other

  29. Authentication Properties • Mutual authentication • Two-way authentication process between a client and an authentication server • Identity privacy • Hiding identity of a client • Identity: username of a client, instead of the physical address. • Reply attack resistance • Sending the previously submitted data of a legitimate user back to the authenticator. • Counter measures: timestamp, sequence number, unique nonce (challenge/response) • Fast reconnect • For wireless local area networks (WLANs) • Providing seamless connections when roaming occurs • Reusing the credentials from previous access point

  30. Authentication Protocols in Wireline Networks

  31. SSL (secure socket layer) vs. Kerberos

  32. Authentication Protocols in WLANs • Symmetric Key Authentication • Lightweight Extensible Authentication Protocol (LEAP) • Kerberos • Public Key Authentication • EAP-Transport Layer Security (EAP-TLS)

  33. Authentication for WMNs • Previous work is not readily applicable to WMNs • Public key authentication • Time consuming and computationally intense • Symmetric key authentication • Does not provide efficient methods to handle handover latency

  34. Research Directions • Goals • Reducing the authentication latency • Handling multiple domain authentication • Designing an authentication ticketing scheme • Supporting ticket generation, verification, revocation • Defending against ticket duplication, forgery, modification • Supporting both intra and inter domain authentication • Designing extended Kerberos protocol for Intra-Domain • Supporting mutual authentication (client-router, router-router) • Supporting fast handoff • Designing extended Kerberos protocol for Inter-Domain

  35. Outline • Overview of Wireless Mesh Networks (WMN) • Overview of network Security • Literature Review and Research Directions • Access Control • Authentication • Group Key Management • Conclusion

  36. Group Key Management (GKM) • Multicast: An efficient way for group communications • Important applications of multicast • Pay-per-view movies, audio/video conference, distant learning, multiplayer online game, online chat group • Secure multicast communication requires Group Key Management • To provide secure distributions & handling of cryptographic keying materials • Group Key • A piece of secret information that is known only to the current group members • Used to encrypt messages • Membership changes trigger rekeying process • Join: a new group key must prevent a new member from decoding previous messages • Leave: a new group key must prevent former group members from decoding future messages • Group Key Management Problem • How to ensure that only authorized users have access to the group key

  37. Requirements for Group Key Management (1) • Group key secrecy • Computationally infeasible for a passive adversary to discover a group key • Forward secrecy • Evicted users cannot learn any future keys • Backward secrecy • New users should not have access to any old keys • Key independency • Disclosure of a key does not compromise other keys.

  38. Requirements for Group Key Management (2) • Scalability (1-affects-n) • A membership change should affect only a small subset of members • Reliability • Providing a recovery mechanism for missing rekeying messages • Resistance to attacks • From both inside and outside the group • Low bandwidth overhead • Rekeying process should not induce a high number of rekeying messages

  39. Group Key Management Classification The entity who exercises the group control • Centralized • A single entity is the group controller who is … • Responsible for key generation, key distribution and key refreshment • Ex: logical key tree-based approach (LKH) • Decentralized • The group is divided into subgroups • Each subgroup is managed by its own controller • Ex: Iolus framework • Contributory • No group controller • Each member contributes its share toward group key generation • Ex: contributory key agreement supported by the Diffie-Hellman algorithm: Cliques

  40. Group Key Management Protocols Tree-based • Centralized • LKH: logical key tree hierarchical • LKH++: improved logical key tree hierarchical • OFT: one-way function tree • ELK: efficient large group key distribution • CFKM: centralized flat table key management • Decentralized • MARKS: multicast key management using arbitrarily revealed key sequences • Iolus framework • DEP: dual encryption protocol • IGKMP: intra-domain group key management protocol • Kronos • Contributory • TGDH: tree-base Diffie-Hellman protocol • STR • CLIQUES • BD Non-hierarchical Tree-based Non-hierarchical Tree-based Non-hierarchical

  41. Comparison of Group Key Management • Centralized • Easy to implement • Key tree structure reduces the rekeying overhead • Single point of failure, not scalable • Decentralized • Flexible, scalable and fault-tolerant • Introducing message delivery delay • Contributory • No single point of failure • Do not require pre-established secure channel • Higher workload on the member who does key distribution

  42. Group Key Management in Mobile Ad-hoc Networks • Certificate based approach [Smith’04, Green’05] • Based on offline obtained certificates. • Scales well to handle join operations • Works well with very low mobility • Heavy computation cost • Group Diffie-Hellman-based approach [Black’98] • Based on group Diffie-Hellman algorithm to establish group key • Base on GPS (group positioning system) information to construct multicast tree • Flooding the network with GPS information and key contribution • Low scalability

  43. Group Key Management for WMNs • Existing group key management protocols cannot be directly applied to WMNs • Wireless channels: • Lower bandwidth • More error-prone than wireline channels • More vulnerable to security attacks • Mesh clients: • Limited power supply, memory or computing capability • High mobility • The distributed functionalities and decentralized authority make secure group communications in WMNs more complex.

  44. Research Directions • Proposed solutions for WMNs • A framework for group key management in WMNs • A group key management scheme within a WMN cluster • Future work • Comprehensive performance evaluation of the proposed scheme in comparison with existing protocols • Using actual network performance metrics • throughput, loss rate, end-to-end delay and delay jitter • Determine the optimal parameters of proposed scheme • key tree degree, batch rekeying interval • Improving proposed scheme to support seamless roaming

  45. Conclusions • Wireless mesh networks (WMNs) • A fast, inexpensive way to provide Internet access • More vulnerable to security attacks • Comprehensive review of existing approaches & protocols • Access control • Authentication • Group key management • Identify the new challenges & opportunities • Suggest future research direction on security in WMNs

More Related