Design of Efficient and Secure Multiple Wireless Mesh Network
Speaker: Hsien-Pang TsaiTeacher: Kai-Wei Ke
Date: 2005/06/28
4
Outline
Introduction Background
Wireless Mesh Network Wireless Security
Secure Wireless Mesh Network Security Analysis Conclusion
5
Wireless Mesh Network (WMN)
Last-mile broadband Internet access.
Similar to ad hoc network. Provides:
Reliability, Market Coverage, Scalability.
8
WMN’s ArchitectureWired Network
Wireless Birdge
AP
AP
Mobile
Mobile
Mobile
Mobile
Wireless Birdge
Access Point
Mobile
9
WMN’s Actor Wireless Gateway:
Bridge wired and wireless traffic. Access Point (AP):
Provide service to mobile user. Connect with other AP.
Mobile: End Users.
10
Wireless Security
A wireless network is broadcast by nature, and the media is reachably-broadcast.
Authentication and data encryption.
12
Man-in-Middle
An intruder introduces himself as a new node between a valid host and its AP or between AP and AP.
a b a b
(a) (b)
14
Session Hijack
Supplicant Authenticator Attacker
1.Authentication
2.Association
3.EAP req
4.EAP res
5.Req_auth(auth_info)
6.Resp_auth
7.Resp_success
8.Disassociation
9.Transmission
15
Route Swindle
Modify the hop count filed in the routing packet.
a
c
b
f
e
d
h
g
a
c
b
f
e
d
h
g
(a) (b)
16
Denial of Service (DoS) DoS attacks are a big problem for all t
ypes of networks. Limited CPU and memory. Continually send streams of associati
on and disassociation packets.
19
Problems with WEP
Key size is too small (40 bits) be crackable in less than 50 hrs by brute f
orce. Key Sequence Reuse (Initial Vector) Message can’t be Authenticated
20
IEEE 802.1x IEEE 802.1x is a security framework must pr
ovide network access authentication.
AuthenticatorSupplicant
Authentication Server
21
IEEE 802.1x (1)Supplicant Authenticator Authentication Server
Authentication
Association
EAP req
EAP res
forward(unicast,Auth_message)
req_auth(unicast,auth_info)
req_auth(auth_info)
res_auth(auth_info)
res_success
session key exchange
EAPOL start
22
Public Key Infrastructure
Two problems with shared-key : Key distribution Digital signatures
Key feature of public key cryptosystem Two keys: Public Key & Private Key Computational infeasible to determine d
ecryption key.
23
Outline
Introduction Background Secure Wireless Mesh Network
Tree Topology Two functions of Wireless Mesh
Network Security Analysis Conclusion
24
The Properties of WMN Similar to ad hoc network
AP will select a routing path to transfer data.
The routing path is always fix. Most data flow is transfer to
wireless gateway. Combine all routing path, we can
create a hierarchy architecture - Tree Topology.
27
The Actors of Secure WMN Supplicant:
A new AP wants to join WMN Authentication Agent (AA):
Helps supplicant to authenticate with management system.
Create secure tunnels with supplicants.
28
The Actors of Secure WMN (1)
Management System (MS) Authentication Server Maintain the topology of WMN Create signature for APs
30
Self-Organization
d
a
g
b
e
h
c
f
1.Broadcast Req_Start
2.Return Resp_Start
3.Choise authentication agent4.Send Req_Join
5.Send Req_Join_f
6.Forward Req_Join_f
7.Authorization
8.Send Resp_Join_f
9.Send Req_Auth.
31
Self-Organization (1)Supplicant Authentication Agent Management System
1.Req_Start(broadcast)
2.Resp_Start(unicast,infos)
3.Req_Join(unicast,join_message)
5.Req_Join_f(unicast,join_message)
6.Resp_join_f(unicast,auth_infos)
7.Req_Auth(unicast)
8.Resp_Auth(unicast,auth_info)
9.Resp_Success(nodie_id,Sign)
10.Session Key Exchange
4. Session Key Exchange
32
Trust Model
First, a new AP should do… Register its “MAC Address”, “Confirm
Key” to MS. Get “Group Key” and “WMN public ke
y” from MS. When it gets Resp_Join…
Use “WMN public key” to determine the legal nodes.
33
Trust Model (1) Use “Group Key” to start session key ex
change process with its AA. When it gets Req_Auth…
AA has get “Confirm Key” from MS. Return its “Confirm Key” to response R
eq_Auth, then AA will compare these “Confirm Key”.
34
Choose Authentication Agent Two factors
Hop count Node loading
1. Choose the node has smallest hop count value.2. If there are two nodes has equal hop count value.
1. Compare their node loading value.2. Select the smaller one.
35
Session Key Exchange
The session key should be modified periodically.
Default Key: Supplicant use “KeyUpdate” messa
ge to notify AA exchange key.
groupK
36
Send Key_Update to Authentication
Agent
Receive Key_Update &
Generate a new key
Finish
Supplicant Authentication Agent
Send new key encrypted by old key to Supplicant
Receive new key
Send Key_Updated
encrypted by new key
Receive Key_Updated
Is decrypted right?
Send Key_Update_ok
to Supplicant
yes
Is receive Key_Update_o
k?
yes
Restore old key
no
38
Self-Healing
a
d
h i j
e f
b c a
d
h i j
e f
b ca
d
h i j
e f
b c a
d
h i j
e f
c
(a) (b) (c) (d)
1. Determine the authentication agent fail.
2. Start Self-Organization process.
39
Self-Reconfigurationa
e
i j k
f g
b c
m n o
l
h
d
p
a
e
i j k
f g
b c
n o
l
h
d
p
a
e
i j k
f g
b c
n o
l
h
d
p
a
e
i j k
f g
b c
m n o
l
h
d
p
(a) (b)
(c) (d)
41
MIM
Supplicant use secret key to establish a secret tunnel with AA. Attacker can’t read the transmission
data directly. Supplicant will update new key
with its AA periodically. Attacker can’t collect enough packets
to determine the secret key.
42
Forge AP
Supplicant will update new key with its AA periodically. Attacker doesn’t know what the key is
used now.
43
Session Hijack
Session key exchange first Supplicant should start session key
exchange before authentication. Attacker can’t hijack any session.
44
Route Swindle
When AP receive Req_Start, it returns Resp_Start (signature). Signature can prove its legality. Supplicant will only trust the legal Resp_
Start.
45
Denial of Service
There are not any solution to solve this problem.
When a node be crashed, the self-healing process will be started by other nodes.
47
Conclusion
Propose tree topology for secure WMN.
Define WMN’s basic functions of WMN.
Analysis security problems.
48
Future Work
Consider more available attacks. Consider performance in “choose
AA” . Other application:
Sensor network Ad hoc network