240 likes | 392 Views
Trust Propagation based Authentication Protocol in Multi-hop Wireless Home Networks. Sandeep K. S. Gupta Department of Computer Sc. & Engg Ira A. Fulton School of Engg Arizona State University, Tempe, AZ, 85287. Talk Overview. Multi-hop Wireless Home Networks (MWHN) Problem statement
E N D
Trust Propagation based Authentication Protocol in Multi-hop Wireless Home Networks Sandeep K. S. Gupta Department of Computer Sc. & Engg Ira A. Fulton School of Engg Arizona State University, Tempe, AZ, 85287
Talk Overview • Multi-hop Wireless Home Networks (MWHN) • Problem statement • Key idea – Trust propagation • Preliminary trust-propagation protocol • Security Analysis • Find a vulnerability • Refined protocol • Conclusions
Overview of Multi-hop Wireless Home Networks • Density of wireless devices at home is expected to keep increasing • This environment introduces new wireless network requirements • high and dependable bandwidth • low latency • coverage throughout the home • Multi-hop wireless technology offers unique benefits for this environment • Increasing utilization of spatial capacity • Short range spactrum channel re-use (re-use BANDWIDTH) improving spatial capacity • Eliminating dead zones • Extending coverage • Offering alternative communication path (failure recovery)
Problems in authentication & channel establishment • Multi-hop wireless home networks require a simple to manage authentication and channel establishment mechanism due to the accessibility to the heterogeneous devices and multi-hop wireless environment • Problems in applying the well known authentication and channel establishment protocols to MWHN • Communication cost is high in terms of authentication response time • Vulnerable to some critical attacks: server impersonation attack, man-in-the-middle, DoS WEP protocol (Wi-Fi) and IEEE 802.11 EAP protocol and IEEE 802.1x
Key idea of our authentication protocol • How about authentication by a neighbor device rather than by the server? • Badge: home server delegates only its authentication capability (badge) to the previously authenticated device, and the device authenticates its neighbor devices on behalf of the server. • Issue of Badge 2. Enforce the law Police agency Police officer
System model & Assumption • Server-based system • WMHN infrastructure • Each device has pubic-private key pair
Device Usage Model • Assumption: each device has input interface • User buys a new device • Takes it out of box at home • Goal: Require minimum setup tasks • Input a network password • “Activated” device gets authenticated
Authentication Domain Expanded Authentication Domain Trust Propagation Authentication Domain: A set of objects that are allowed to be a part of specific house hold’s home network Home server
Authenticated Domain (2) Device state according to the response
Characteristic of our protocol • Authentication by the trusted neighbor device • Network password-based device checking • It is only network authentication key • Mutual authentication • Reducing the number of public/private key operation • Key length-agile and algorithm-agile for the session key • Different applications of heterogeneous devices need different security requirement for communication sessions
Protocol Overview Phase 1: Authentication in one hop from the server
Protocol Overview (2) Phase 2: Authentication in more than one hop from the server - Suppose that device A is in Authentication Domain Badge(A) = {IDA, ATH, L}S-priv
Protocol Overview (3) Phase 3: Establishment of a secure connection with another device - Suppose that device B and C are in Authentication Domain - Device B requests the access to device C
Security Analysis Types of Attacks Attack Tree • Active Attack • Application: • Resource consumption attack (DoS) • Man-in-the-Middle attack • Replay attack • Server impersonation attack • Badge reuse attack • Network password guessing attack • Brute force attack • Cryptanalysis • Transport: • Session hijacking • Network: • Wormhole • Dos (Routing table overflow) • MAC: • Jamming • Physical • Steal device and tamper memory • Passive Attack • Snooping • selfishness
Vulnerability in presented scheme? • A malicious node can act as authenticated device – generate its own badge i.e. fool the device into believing that it is the server.
Refined Device Usage Model • Assumption: each device has input interface • User buys a new device • Takes it out of box at home • Require minimum setup tasks • Input a network password • Device acquires server’s public key – maybe by proximity scheme. • “Activated” device gets authenticated
Refined Protocol • The server’s public key is not acquired from the authenticating (proxy) node.
Conclusions • Developed the trust-propagation based authentication and secure channel establishment protocol for multi-hop wireless home network environment • Reliable: resistant to various attacks • Efficient and adaptable: minimizing overheads such as communication and computation costs • Distributing a server’s load (eliminated the possibility of bottle neck in the server)
Performance Analysis Fig 1. Total number of transmissions according to network density Fig 2. Average number of transmissions according to device location
Performance Analysis (2) Data entry size Fig 3. Total amount of data transmitted according to network density Fig 4. Average amount of data transmitted according to device location
Multi-hop Wireless Home Networks • Why Multi-hop Wireless in Home Networks ? • Eliminating dead zones • Extending coverage • Increasing utilization of spatial capacity • Offering alternative communication path • Challenging problems in Multi-hop Wireless Home networks • Interoperability • Coexistence • Channelization • Routing • QOS • Security
Problem in applying WLAN authentication protocols to Multi-hop Wireless Home Networks • IEEE 802.11 and WEP protocol (Wi-Fi) • IEEE 802.1x and EAP protocol a general protocol for authentication that also supports multiple authentication methods, such as symmetric key and public key authentication. Communication cost at authenticationis high!