220 likes | 317 Views
Authentication & Intrusion Prevention for Multi-Link Wireless Networks. Raphael Frank 20 October 2007. Overview. 1. 2. 3. 4. 5. 6. Introduction. Authentication in WMN using exisitng protocols. Emerging Security Issues. Authentication protocol based on WMN properties.
E N D
Authentication & Intrusion Prevention for Multi-Link Wireless Networks Raphael Frank 20 October 2007
Overview 1 2 3 4 5 6 Introduction Authentication in WMN using exisitng protocols Emerging Security Issues Authentication protocol based on WMN properties Security Analysis Conclusion
Introduction • What is Wireless Mesh Network (WMN)? • Mesh Nodes: Devices with at least two radio interfaces • Mesh nodes form together a wireless network (Ad-Hoc) • Second interface (AP) is used by mobile clients to connect to the network • Hot Spots (HS): Mesh Nodes equipped with a wired internet connection • Transient Access Points (TAP): Mesh Nodes without wired internet connection Provide Internet Access to Mobile Clients by using the WMN as a backhaul
Authentication in WMN using existing protocols (1) • Authentication protocols for the State of the Art of Wireless Networks • IEEE 802.11: • First WiFi standard released in 1997 • Provides Data encryption and authentication • IEEE 802.11i: • Most recent security standard released in 2004 • Provides a robust data encryption and includes an external authentication framework
Authentication in WMN using existing protocols (2) • IEEE 802.11 • Encryption Protocol Wired Equivalent Privacy (WEP), based on shared-key (Key length 64 or 128 bit) • Authentication based on the knowledge of the shared-key • Security Goals: • Prevent Eavesdropping PRIVACY • Prevent Message Modification INTEGRITY • Network Access Control AUTHENTICATION • Weaknesses – None of the security goals are met: • Key stream reuse PRICACY • CRC attacks INTEGRITY • Authentication Spoofing AUTHENTICATION
Authentication in WMN using existing protocols (3) • IEEE 802.11i • Encryption Protocol WiFi Protected Access 1 & 2 (WPA1 & WPA2) • Provides robust security properties • Authentication performed using the Extensible Authentication Protocol (EAP) • Needs a centralize authentication server • Different authentication possibilities (EAP methods)
Authentication in WMN using existing protocols (4) • Extensible Authentication Protocol (EAP) • Used in wireless and fixed networks • Port Based Network Access • Authentication framework • Currently about 40 different EAP methods • Commonly used methods : EAP-TLS, EAP-TTLS
Emerging Security issues(1) Problems with the standard protocols • Originally developed for the State of the Art of Wireless Networks • Security only for the first wireless link no End-To-End features • Privacy: No data encryption after the first hop • Authentication: No Layer 2 authentication after the first hop • Single point of failure: Centralized Authentication Server • Mesh nodes cannot be considered as trustworthy • No topology authentication
Emerging Security issues(2) • What are the problems related to the architecture of a WMN? • Mesh nodes cannot be considered as trustworthy • They are often deployed in a hostile environment • An attacker can spoof and/or take over a mesh node • No topology authentication • An attacker can easily inject a malicious node into the WMN • Gain access to the network • Perform Denial of Service (DoS) • Perform Man in the Middle Attacks (MitM)
Definition of a new authentication protocol (1) • Why a new protocol? • No standardized security protocols for WMN • The existing protocols do not meet the requirements • What should the protocol provide? • “Real-time/Continuous” Authentication Acceptable performance • Authentication of every participating node of WMN Topology authentication • Authentication of the network traffic • Trustworthy mesh nodes Mesh Node Access Control • Attack Detection/Reaction mechanism
Definition of a new authentication protocol (2) • How does it work? • Based on digital signatures to verify integrity and authenticity • Hybrid authentication protocol using symmetric and asymmetric cryptography • Offers the best properties in terms of security and performance • The administrator plays the role of the CA • Provides the needed keys to the Nodes
Definition of a new authentication protocol (3) • What are the required keys? • Every node is in possession • Personal Public Key • Personal Private Key • Personal Secret Key symmetric • Public Key of the Administrator • Nodelist Containing the allowed communication neighbors • After initialization different public/secret keys of neighbor nodes • The procedure can be subdivided in two operations: • I) Initialization of a new node • II) Information transmission } asymmetric
Definition of a new authentication protocol (4) • Initialization of a new node (asymmetric) • Node A wants register to the WMN broadcast A : Nodelist Cert(A) Signature WMN Initialization message • The receiving node B • Checks if it is included in the node list (NL) • Checks the signature Using the Public Key of the Admin • B encrypts its secret key and sends it to A • After a successful decryption, A encrypts its secret key and sends it to B
Definition of a new authentication protocol (5) Node B Node A • Initialization of a new node (asymmetric) • Node A wants register to the WMN (1) Broadcast: NL, Cert(A), SIG{[NL,Cert(A)], PrivK(Admin)} (2) ENC{[Cert(B),K(B),T1], PubK(A)} (3) ENC{[K(A),T2], PubK(A)}
Definition of a new authentication protocol (6) • Information transmission (symmetric) • Every node needs to have the secret key of its neighbor nodes Initialization • Symmetric Signature Message Authentication Code (MAC) = Fingerprint encrypted using a secret key Faster • Node A wants to send a message to node C via node B Send via node B A : Data Timestamp Signature C Message to be transferred
Definition of a new authentication protocol (7) Node A Node B Node C • Information transmission (symmetric) • Signature verification and newly generated at every hop of the transmission path • A different Timestamp guarantees a different signature (1) MSG, T1, SIG{(MSG,T1), K(A)} (2) MSG, T2, SIG{(MSG,T2), K(B)} (4) MSG, T4, SIG{(MSG,T4), K(B)} (3) MSG, T3, SIG{(MSG,T3), K(C)}
Definition of a new authentication protocol (8) How to create trustworthy nodes? • We need to guarantee that a attacker cannot retrieve the sensitive data (Keys, Nodelist, …) form a mesh node Mesh Node Access Control • Before an attacker gains access to a node, the keys are erased a replaced by dummy values • Consequence Neighbor nodes will fail to verify the messages form the attacked node and drop them • Passive attack detection • The node is automatically excluded form the WMN
Security Analysis (1) Security & Performance Requirements • Acceptable performance : YES Using symmetric signatures • Topology authentication : YES Every node participating in a communication is authenticated • Authentication of the traffic : YES The source of every message is known • Trustworthy mesh nodes : YES Mesh Node Access Control • Attack Detection and Reaction : YES Corrupt Nodes are detected and excluded form the WMN
Security Analysis (2) Other Security features • No replay attacks using timestamps • No single point of failure No centralized entity • Node Spoofing/Injection not possible Topology authentication The attacker does not know the needed keys Man in the Middle Attack can be used to perform DoS • If an attacker modifies a transient message, it will be discarded
Conclusion What’s next? • Extend the authentication protocol • Implementation of a prototype • Client/User authentication • Add an administration procedure • Remotely reintroduce attacked node into the WMN • Attack reporting • Privacy and Performance on WMN need to be considered as well • Release of a security standard for WMN • IEEE 802.11s?
The end … Thank you for your attention Questions? Raphael.Frank@uni.lu Wiki.uni.lu/Secan-Lab