security for wireless mesh networkb1... · project overview development of security technology in...
TRANSCRIPT
Security for Wireless Mesh NetworkLi h i h li h i i h 소개- Light weight client authentication scheme 소개 -
2009. 6.25
부산대학교부산대학교 정보컴퓨터공학부정보컴퓨터공학부
김김 호호 원원
(h ki @ k )(h ki @ k )([email protected])([email protected])
Agendag da
I. Overview of Wireless Mesh Network (WMN)
II. Security Issues for WMN
III. Security Technology for WMN
MeshMesh
2
MeshMeshnetworknetwork
KRnet 2009
Project OverviewjDevelopment of security technology in wireless network infrastructures for logistics and inventory process
Institute of Logistics Information Technology Pusan National University 2008 4~ Institute of Logistics Information Technology, Pusan National University. 2008.4~
auth, key/Major security features - End-to-end security
- Public key & Pairing crypto (key mgmt) IEEE 802 11s
Internet
auth, key/risk mgmtTrusted Platform
Side channel/PUF
(key mgmt)
- Physical security
- Node authentication
- Secure association
- Routing security
- Risk management
Distributed trust center
IEEE 802.11s
router
mesh access point
secure assoc.
PhysicalSecurity/
f t
CoreSecurity
- Distributed trust center
Sensor Network
IDS
G/W
routing sec Mesh Network Security
safetyy
Wirelesssecurity
Network Security
IEEE 802.15.4
IDS
3 KRnet 2009
Wi-Fi RFID security
RFID
Project Overviewj•• Wireless Mesh Network Security Wireless Mesh Network Security
- Security technology for against current IEEE 802.11s’ vulnerabilities- Development of dynamic AAA (Authentication, Authorization, Accounting) technology (Dynamic Diameter) p y ( , , g) gy ( y )- Development of End-to-end security, node-to-node security, key management, MP/MPP/MAP
authentication technology - Development of a Data-link, network layer (routing) security technology
Distributed Authentication Server
Internet
Overview of the Wireless Mesh Network Security
Detection of bogusUpgrading existing security standards (IEEE 802.1x,
routerData-link layer security (eavesdropping, replay attack, alteration attack)
Detection of bogus MP/MAP
IEEE 802.11s) for WMN
IEEE 802.11s
AttackerAttacker
Network layer security
4 KRnet 2009
(rouing security)
Project Overviewj•• WLAN mesh network based network infrastructure for the container yard
5 KRnet 2009
Project Overviewj•• Target Platform: WLAN Mesh Router
Peer Link Management Module
Radio Channel
Multi-PathRouting Module
Self Healing
Security engine
Radio Channel Assignment Module
Self HealingModule
Load Balancing-based Handover Module
Data-Link Security Module Security engineHandover Module Module
Routing SecurityModule
Key Management/Authentication
Module
WLAN Mesh Engine S/W
6 KRnet 2009
Wireless Mesh Networks Wireless Mesh Networks (WMN) are the networks in which each node can communicate directly with one or more peer nodes.
Different from traditional wireless networks (e.g. 802.11 WLANs) requiring centralized access points to mediate the wireless connection.
Each node operates not only as a host but also as a router, forwarding packets on behalf of other nodes that may not be within direct wireless transmission range of their destinationstransmission range of their destinations.
It is dynamically self-organized and self-configured, nodes can automatically t bli hi d i t i i h ti it d establishing and maintaining mesh connectivity among nodes
7 KRnet 2009
Reference [5]
Applications of Wireless Mesh NetworksApplications of Wireless Mesh Networks Applications
Broadband Home Networking
Community and Neighborhood Networking
Enterprising Networking
Metropolitan Area Networkingp g
Transportation Systems
Building Automation
Health and Medical SystemsHealth and Medical Systems
Security and Surveillance Systems
Reference [5]
8 KRnet 2009
Wireless Mesh Networks WLAN(IEEE 802.11) vs. WLAN based Mesh Network (IEEE 802.11s)
Wireless Mesh NetworkWireless Mesh NetworkIEEE 802.11s : WLAN Mesh
IEEE 802.15.5 : WPAN Mesh
IEEE 802 16a/d/j : WMAN Mesh IEEE 802.16a/d/j : WMAN Mesh
9 KRnet 2009
Wireless Mesh Networks Mesh Point (MP):
establishes peer links with MP neighbors, full participant WLAN M h in WLAN Mesh services
Mesh Access Point (MAP): functionality of a MP collocated with AP which provides functionality of a MP, collocated with AP which provides BSS services to support communication with STAsmesh relaying functions + AP service for clients(STAs)
Mesh Portal (MPP):point that enters a WLAN Meshacts as a gateway/bridge to external networks
Station (STA): Clientsoutside of the WLAN Mesh connected via Mesh APoutside of the WLAN Mesh, connected via Mesh AP
Images from [3]
10 KRnet 2009
WMN vs. Ad-hoc Networks
Ad-hoc Networks Wireless Mesh Networks
Multi-hop Multi-hop
Wireless & mobile nodes Wireless & mobile nodesWireless & mobile nodes Wireless & mobile nodes(Some nodes are fixed)
May rely on infrastructure May rely on infrastructureMay rely on infrastructure May rely on infrastructure
Most traffics are user-to-user Most traffics are user-to-gatewaygateway
11 KRnet 2009
Reference [2]
WMN vs. Sensor Networks
Wireless Sensor Networks Wireless Mesh NetworksMulti-hop Multi-hop
Wireless & (mostly) fixed nodes Wireless & mobile nodes(S d f d)(Some nodes are fixed)
May rely on infrastructure May rely on infrastructure
Most traffics are user to gateway Most traffics are user to gatewayMost traffics are user-to-gateway Most traffics are user-to-gateway
Energy is big issue(Resource is constrained)
Energy is not so big issue(Resource is not constrained)( ) ( )
Bandwidth is limited(tens of Kbps)
Bandwidth is generous(> 1Mbps)
12 KRnet 2009
Reference [2]
Agendag da
II Security Issues for WMNII. Security Issues for WMN
13 KRnet 2009
(General) Security RequirementsConfidentiality or Privacy
Secure communication
( ) y q
Secure communicationDo not disclose information
IIntegrityMessages are not altered and replayed during communication
Availabilityrefers to the net ork ser ices’ s r i abilit in the face of refers to the network services’ survivability in the face of denial-of-service attacks
AuthenticationIdentify sender and messages are sent by the claimed sender
14 KRnet 2009
(General) Security RequirementsAccounting
Measures the consumption of resources by users for billing
( ) y q
Measures the consumption of resources by users for billing
Access ControlE h l h d b f dEnsures that only authorized actions can be performed
Non-repudiationpEnsures that a transferred message has been sent and received by the parties claiming to have sent and received the messagethe message.It is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient
t d h i i d th cannot deny having received the message
15 KRnet 2009
(General) Security technology for the RequirementsRequirements
Security Requirements Security Technology for Requirements
Confidentiality Symmetric key crypto algorithms
P iNo simple solutions
Privacy (Anonymity, confidentiality, Using pseudonyms are possible solutions. But no way to provide the traffic privacy !)
Integrity Hashg y
AvailabilityNo simple solutions
(Resistant to DoS attack is not easy. In 802.11, there is no way to defend the jamming attack)y j g )
Authentication/Authorization
AAA (RADIUS, DIAMETER), Pre-shared key based technique, Public key(certificate) based technique,
AS(Authentication Server), etc.
Accounting AAA
Access Control AAA
16 KRnet 2009
Non-repudiation Digital signature
Security Threats on WMN yThreats on layers
Layer Threats
Application Logic errors, buffer overflows, privilege escalation
T t DNS fi i hij ki ffi i j iTransport DNS spoofing, session hijacking, traffic injection
Network Black/gray/worm holes, misrouting, route error injection rushing attacksinjection, rushing attacks
Data Link Traffic flooding, virtual jamming, man-in-the-middle
Physical Collision jamming, device tampering
17 KRnet 2009
Reference [5]
Security Threats on WMNyThreats on network layer
Black-hole: Impersonate as a valid mesh node, drop packetsAdvertise low cost to attract packets
Gray-hole: Creates forged packets to attack and selectively dropsRoutes or inspects network trafficRoutes or inspects network traffic
Worm-hole:Routing control messages are replayed from one network location to Routing control messages are replayed from one network location to another
Route error injection:Route error injection:Injects forged route error message to break mesh linksNot require detailed knowledge of the routing protocol state modelmodel
etc. 18 KRnet 2009
Agendag da
III S it T h l f WMNIII. Security Technology for WMN
19 KRnet 2009
Current WMN SecurityyCurrent security technology for WMN
Most of the current WMN security technology is based on the IEEE Most of the current WMN security technology is based on the IEEE 802.11i and IEEE 802.1x security
That is, they are based on the WEP, WPA, WPA2 for confidentiality and AAA (RADIUS DIAMETER) for authentication (RADIUS, DIAMETER) for authentication Also, VPN security technology is provided for end-to-end security AKM(Authenticated Key Management) for key management
IEEE 802.11i and IEEE 802.1x based security solutions for WMN are applicable to many WMN scenarios but is not suitable for some cases applicable to many WMN scenarios but is not suitable for some cases, especially in the existence of routing level attacks
Confidentiality, integrity, authentication/authorization/accounting, access control non re diation sec rit re irements are ro ided at the data link control, non-repudiation security requirements are provided at the data-link layer But not the network layer, where the routing level attacks are possibleVPN is also not be a solution
20 KRnet 2009
Current WMN SecurityyAlso, current IEEE 802.1x based security solutions only consider the confidentiality, authentication, and integrity of the WMN infrastructures (i.e., MP/MAP/MPP security)
It does not consider the characteristics (i.e., resource constraints) of the clients (stations)That is, for clients’ end-to-end security, current WMN security simply assumes the use of the PKC(Public Key Cryptosystem) and the use of the certificate based TLS(Transport Layer Security) technology ( p y y) gy
21 KRnet 2009
Current WMN Security- firetideu u yProduct:
HotPoint 4500/4600 Wireless Access Points EncryptionEncryption
802.11i, WPA2; Key size
40 /104 bit WEP keys, 128 / 256 bit AES keys40 /104 bit WEP keys, 128 / 256 bit AES keysAuthentication
802.1x, RADIUS authenticationOther
VPN tunneling and filtering, SSID suppression, Firewall, MAC access control, NAT, Rogue AP detection
22 KRnet 2009
< HotPort 6000 Indoor Access Point>< HotPort 4600 Outdoor Access Point>
Current WMN Security - MOTOMESHyProduct:
IAP4300EncryptionEncryption
WEP, WPA(TKIP), WPA2(AES, 802.11i)Authentication
802 1x, MAC address hardware authentication802.1x, MAC address hardware authenticationOther
Broadcast storm and port filteringSupport FIPS-140-2 encryptionpp yp
< IAP4300 – Intelligent Access Point < MWR 7300 – Mesh Router
23 KRnet 2009
for MOTOMESH Duo > MWR 7300 Mesh Router for MOTOMESH Quattro >
Current WMN Security - CISCOProduct:
Cisco Aironet 1500 Lightweight Outdoor Mesh Access PointsEncryption
y
EncryptionAES, WPA, TKIP-MIC
AuthenticationX 509 digital certificates, MAC address authentication, 802 1x (EAP-X.509 digital certificates, MAC address authentication, 802.1x (EAPSIM/PEAP/TLS/TTLS, Cisco LEAP)
OtherVPN pass-through, IPsec, L2TP
< CISCO Aironet 1500 Series
24 KRnet 2009
Lightweight outdoor Mesh Access Points >
Current WMN Security - STRIXProduct:
OWS 3600 SeriesEncryption
y
Encryption802.11i with AES and WEP
Authentication802 1x support, including RADIUS client, EAP-MD5, EAP-TLS, PEAP-TTLS, WPA802.1x support, including RADIUS client, EAP MD5, EAP TLS, PEAP TTLS, WPA
< Strix Access/One Outdoor Wireless System (OWS) >
25 KRnet 2009
Current WMN Security - TROPOSProduct:
Tropos 5320 Outdoor MetroMeshTM RouterEncryption
y
EncryptionOpen, WEP, TKIP, AES
Authentication802 11i, 802 1x (EAP-TLS/TTLS/SIM/PEAP)802.11i, 802.1x (EAP TLS/TTLS/SIM/PEAP)
OtherFull VPN compatibility FIPS 140-2 certifiable
26 KRnet 2009
< TROPOS 5320 Outdoor MetroMesh Router >
Directions for WMN SecurityyThough it is impossible to defeat all kinds of routing level attack, we should provide the network layer security , p y ytechnology against some types of routing level attack
Additionally required security mechanisms to current WMN security are as follows:
Network layer authentication (from the AS to clients via MPs) should be providedLight weight end-to-end security should be providedLight weight PKC (or non-PKC) based key distribution and management should be provided should be provided Light weight authentication mechanism for clients should be provided
In this presentation, an example of the last security requirement (an light weight authentication mechanism) will be presented based on the reference [6] [ ]
Merkle Tree based Mesh Authentication Protocol (MT-MAP) is presented
27 KRnet 2009
Network layer WMN AuthenticationNetwork layer WMN AuthenticationThe existing proposals are primarily based on public key certificates.
incur overhead in signature verificationSo, a network layer authentication mechanism, called MerkleTree based Mesh Authentication Protocol (MT-MAP) is presented
thi h i b d th ti ti l ti f WMNthis mechanism may be a good authentication solution for WMNs.it needs inexpensive hash operations based on the Merkle treeit provides authentication for single/multi hop mesh clientsit provides authentication for single/multi hop mesh clientsif this mechanism is combined with PKC solutions, this will be a viable solution for “light weight authentication” for any kinds of clients (even th h f hi hl t i d li t!) though for a highly resource constrained client!)
PKC solution is applied to only the WMN infrastructure (not to the clients)
28 KRnet 2009
Reference [6]
Network layer WMN AuthenticationNetwork layer WMN Authentication
- forms the backbone infrastructure- provides Internet service to the second level entities
- forwards the network traffic in a multi-hop fashion towards the IGW
< Hierarchical Architecture of WMN>
- mesh clients are mobile- connect to the nearest MR- in a single hop or multi-hop
29 KRnet 2009
< Hierarchical Architecture of WMN>
Network layer WMN AuthenticationNetwork layer WMN AuthenticationAuthentication mechanism
First stage:First stage:establishing a security association between a newly joining MR and the IGWIEEE 802.11s standard achieves this
Second stage:establishing a security association between the MRestablishing a security association between the MRand the mesh client (single/multi-hop)
Final stage:ifi i f h i i f h l
By using low cost hash tree based scheme, the last two stages are accomplished < Hash algorithms: MD5, SHverification of the integrity of the control messages
exchanged between a MR and mesh client
Hash algorithms: MD5, SHA-2 >
The hash chain based authentication technique can be an alternative to PKC technique can be an alternative to PKC based an authentication scheme
30 KRnet 2009
Network layer WMN AuthenticationNetwork layer WMN AuthenticationBasic terminologies:
SupplicantSupplicantA mobile client that wishes to join the network
AuthenticatorAuthenticatorAn AP or a MR that is directly connected to the mobile client seeking network services
Authentication server (AS)The backend central server which acts as AAA (Authentication, A th i ti d A ti ) Authorization and Accounting) server Maintains all user credentials• like secret keys, public key certificates, and passwords.y p y p
31 KRnet 2009
Network layer WMN Authentication- overview of IEEE 802 1x & 802 11s
Supplicant AuthenticatorMesh AuthenticatorSupplicant
overview of IEEE 802.1x & 802.11s
A new MR that joins the network becomes a supplicant and the MKD acts as an authenticator
Once the MR is authenticated, it is known as Mesh Authenticator(MA)
Weak Points: Weak Points: 1) IEEE 802.1x is operated at link layer, and cannot be used to authenticate multi-hop mesh clients.2) The authentication of mesh clients is left as an open issue in 802.11s.
32 KRnet 2009
Network layer WMN Authentication- Merkle Tree Construction
Merkle trees offer an efficient way of bi di l i l k
mesh client registers φ (root) with an authentication server.
binding multiple secret tokens to a single public root valueby recursively applying one-way hashfunctions
Each internal node np,φ (np) = ћ (φ (nl) || φ (nr))nl: left child n : right child functions
Merkle Tree is a complete binary treeconstructed from a set of leaf tokens Each internal node of Merkle Tree is h h f i l f d i h hild
nr: right child|| : concatenation of two strings
a hash of its left and right childThe leaves of a Merkle tree consist of a set of m(=2H) randomly generated secret tokens
“H” is the height of the Merkle tree
* ASSUMPTION: * ASSUMPTION: • leaf token are safely stored in a trusted
component of mesh clientcomponent of mesh client
l M kl d h li ћ : hash functiona sample Merkle tree generated at a mesh client ћ hash functionφ : mapping function
33 KRnet 2009
Network layer WMN AuthenticationNetwork layer WMN AuthenticationAuthentication request with “authentication path information”
34 KRnet 2009
Network layer WMN Authentication
1) leaf token: leaf1’
Network layer WMN AuthenticationAuthentication validation
nroot
1) leaf token: leaf1
path: <φ(leaf2) φ(n34) φ(n58)>
2) φ(leaf1) = ћ(leaf1’)
φ(root’) = ћ (φ(n14) || φ(n58) )
n14 n58
) φ( 1) ( 1 )
3) φ(n12) = ћ (φ(leaf1) || φ(leaf2) )
= ћ ( ћ(leaf1’) || φ(leaf2) )
φ(n14) = ћ (φ(n34) || φ(n12))
n12 n34 n56 n78
( ( 1 ) || φ( 2) )
4) φ(n14) = ћ (φ(n34) || φ(n12))
= ћ (φ(n34) || ћ ( ћ(leaf1’) || φ(leaf2)))
φ(n12) = ћ (φ(leaf1) || φ(leaf2) )
Leaf1 Leaf2 Leaf3 Leaf4 Leaf5 Leaf6 Leaf7 Leaf85) φ(root’) = ћ (φ(n14) || φ(n58) )
= ћ ( ћ (φ(n34) || ћ ( ћ(leaf1’) || φ(leaf2))) || φ(n58))
φ(leaf1) = ћ(leaf1’)
Leaf1’ Leaf2’ Leaf3’ Leaf4’ Leaf5’ Leaf6’ Leaf7’ Leaf8’6) MR retrieve φ(root) from AS
7) Match φ(root) & computed φ(root’)
φ(np) = ћ ( φ(nl) || φ(nr) )
35 KRnet 2009
Network layer WMN Authentication
Advantages of Merkle trees:Offers multiple one time authentication tokens to single public root
Network layer WMN Authentication
Offers multiple one time authentication tokens to single public rootThe leaves of the Merkle tree are revealed in a pre-determined order, from left to right for every authenticationToken expires once released, so offer strong security against replay attackp , g y g p y
Usages of leaf token: 1) authentication of joining NW; 2) authenticate control messages
Reuse the same Merkle tree for re-authentication when it moves from one MR to another
One-way nature of hash function infeasible to determine the secret tokens from the published root of the Merkle tree
can be implemented at the network layer and integrated to the IEEE 802 11 802.11s
36 KRnet 2009
Concluding Remarks gThe security for WMSs is very much in its infancy There are many critical vulnerabilities in WMNs and critical y
security issues in WMNs Current IEEE 802.1x, IEEE 802.11s security standards have vulnerabilities in routing level attacks
Network layer authentication (from the AS to clients via MPs) should be providedLight weight end-to-end security as well as node-to-node security should be providedLight weight PKC (or non-PKC) based key distribution and management Light weight PKC (or non PKC) based key distribution and management should be provided • current pre-deployed shared key based key management scheme is impractical
Light weight authentication mechanism for clients should be provided Light weight authentication mechanism for clients should be provided
37 KRnet 2009
References[1] Y.B.Ko, “A Brief Overview on IEEE 802.11s,” Ajou University
[2] Mihail L. Sichitiu, “Wireless Mesh Networks – Challenges and Opportunities,” NC [ ] g ppState Univ. 2006.
[3] http://www.ieee802.org/802_tutorials/06-November/802.11s_Tutorial_r5.pdf
[4] Steve Glass et al “Securing Wireless Mesh Networks” IEEE Internet Computing [4] Steve Glass, et. al. Securing Wireless Mesh Networks, IEEE Internet Computing, 2008.
[5] C. Hua, “Wireless Mesh Networks,” www2.cs.uh.edu/~rzheng/course/COSC7397
[6] L. Santhanam, “Secure and Efficient Authentication in WMNs using Merkle Trees,” 2008
38 KRnet 2009