1 / 19

A secure authentication and billing architecture for wireless mesh networks

A secure authentication and billing architecture for wireless mesh networks. Yanchao Zhang, Yuguang Fang Wireless Networks 2006.6. MMC Lab. 임동혁. Outline. Introduction Network architecture and system models Entity authentication Incontestable billing of mobile users System Analysis

abdul-bolton
Download Presentation

A secure authentication and billing architecture for wireless mesh networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A secure authentication and billing architecture for wireless mesh networks Yanchao Zhang, Yuguang Fang Wireless Networks 2006.6 MMC Lab. 임동혁

  2. Outline • Introduction • Network architecture and system models • Entity authentication • Incontestable billing of mobile users • System Analysis • Conclusions

  3. Introduction • Large-scale WMN • Authentication • Billing • Conventional solution • Home-foreign-domain • Drawback • Time-consuming, expensive execution authentication • Bilateral service level agreement(SLA) • No consideration about how to reward intermediate users for packet forwarding

  4. introduction • UPASS • No need SLA between WMN operators • Authentication • ID-based cryptography(IBC) • User vs serving WMN • User vs user in the same WMN • Certificate-based cryptography(CBC) • Universal verifiability of passes • Billing • Digital signature & one-way hash-chain • Realtime micropayment approach

  5. Network architecture and system model • Assumptions • Mesh router sends packets in one hop to all users in its coverage • A mobile user transmits packets multiple hops to a mesh router • All communications pass through a mesh router

  6. Network architecture and system model WMN Operator Broker User • User-broker-operator relationship model Universal pass usage data payment Network service

  7. Network architecture and system model • Trust model • CBC for certification of trust-domain parameter • IBC in each trust domain • Trust domain setup • Trust-domain parameter(Hash function, domain-public-key, …) • Certification of domain parameter • Domain-params are usedas public key

  8. Network architecture and system model • Pass model • Router • R-NAI : routerID@operater_domain • R-pass : (R-NAI, expiry-date) • R-key : kH1(R-pass) • k : operator’s domain-master-secret • (R-pass, R-key): IBC public & private key pair • User • U-NAI : userID@broker_domain • U-pass : (U-NAI, expiry-date, otherTerms) • U-key : kH1(U-pass) • k : broker’s domain-master-secret • (U-pass, U-key) : IBC public & private key pair

  9. Entity authentication • Pairwise shared key • User-router authentication • Inter-domain authentication • Intra-domain authentication • User-user authentication

  10. Entity authentication • Inter-domain authentication • U and R possesses each other’s authentic domain-params • Procedure • (1) • (2) • (3) • (4) • (5) shared key :

  11. Entity authentication • Intra-domain authentication • Between same WMN domain • Procedure • (1) • (2) • (3) • Computationally efficient • Fast hash instead of signature and encryption

  12. Entity authentication • User-user authentication • Get paid for his packet forwarding • Pairwise shared keys • Symmetric-key challenge-response authentication technique • U1 send to U2 a challenge r1 encrypted KU1,U2 • U2 report a correct response, (r1+1) • U1 declares the authentication of U2 successful • Similarly, U2 can authenticate U1

  13. Incontestable billing of mobile users • Billing basics • Intermediate user compensation • Attaching to forwarded packet a message integrity code(MIC) calculated under its pairwise shared key with R1 • R1 ascertain the user in forwarding packet for U1 • Total payment • (m-units per t-unit transmitted)

  14. Incontestable billing of mobile users • Payment structure • <am> : proof token • <wi,t> : payment token • Procedure • (1) U1R1, a1, • (2) R1 checks MIC • (3) saves • To use <wi+1,t> • (1) U1R1, • (2) R1 check • (3) R1 checks MIC

  15. Incontestable billing of mobile users • Making payments • U1 maintains a debt counter • R1 maintains a profit counter • : maximum amount that user can owe • : U1 make a payment • User • Payment format • (wi,j, j), where and • Micropayment (wi,j, j)

  16. Incontestable billing of mobile users • Router • Store payment token with highest index (wi,k, k) • Receipt of (wi,j, j), R1 verifies j>k, • After verification, R1 replace (wi,k, k) with (wi,j, j) and • Intermediate users • R1 pay on behalf of U1

  17. Incontestable billing of mobile users • Redemption of payment structure • Broker VS R1 • Payment record • Procedure

  18. System Analysis • Security • A user signs a payment structure digitally • Payment structure is both user-specific and router-specific • Low Computation • Rare public-key operation • Fast hash operation • Small Storage • Communication • More efficient than home-foreign-domain model

  19. conclusion • UPASS • First known secure authentication and billing architecture for large-scale WMNs • Homeless, no need for SLAs • Hybrid IBC/CBC trust model • Lightweight realtime micropayment approach

More Related