Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks
2 Overview 1 Introduction 2 Authentication in WMN using exisitng protocols 3 Emerging Security Issues 4 Authentication protocol based on WMN properties 5 Security Analysis 6 Conclusion
3 Introduction What is Wireless Mesh Network (WMN)? Mesh Nodes: Devices with at least two radio interfaces Mesh nodes form together a wireless network (Ad-Hoc) Second interface (AP) is used by mobile clients to connect to the network Hot Spots (HS): Mesh Nodes equipped with a wired internet connection Transient Access Points (TAP): Mesh Nodes without wired internet connection Provide Internet Access to Mobile Clients by using the WMN as a backhaul
4 Authentication in WMN using existing protocols (1) Authentication protocols for the State of the Art of Wireless Networks IEEE : First WiFi standard released in 1997 Provides Data encryption and authentication IEEE i: Most recent security standard released in 2004 Provides a robust data encryption and includes an external authentication framework
5 Authentication in WMN using existing protocols (2) IEEE Encryption Protocol Wired Equivalent Privacy (WEP), based on shared-key (Key length 64 or 128 bit) Authentication based on the knowledge of the shared-key Security Goals: Prevent Eavesdropping PRIVACY Prevent Message Modification INTEGRITY Network Access Control AUTHENTICATION Weaknesses – None of the security goals are met: Key stream reuse PRICACY CRC attacks INTEGRITY Authentication Spoofing AUTHENTICATION
6 Authentication in WMN using existing protocols (3) IEEE i Encryption Protocol WiFi Protected Access 1 & 2 (WPA1 & WPA2) Provides robust security properties Authentication performed using the Extensible Authentication Protocol (EAP) Needs a centralize authentication server Different authentication possibilities (EAP methods)
7 Authentication in WMN using existing protocols (4) Extensible Authentication Protocol (EAP) Used in wireless and fixed networks Port Based Network Access Authentication framework Currently about 40 different EAP methods Commonly used methods : EAP-TLS, EAP-TTLS
8 Emerging Security issues (1) Problems with the standard protocols Originally developed for the State of the Art of Wireless Networks Security only for the first wireless link no End-To-End features Privacy: No data encryption after the first hop Authentication: No Layer 2 authentication after the first hop Single point of failure: Centralized Authentication Server Mesh nodes cannot be considered as trustworthy No topology authentication
9 Emerging Security issues (2) What are the problems related to the architecture of a WMN? Mesh nodes cannot be considered as trustworthy They are often deployed in a hostile environment An attacker can spoof and/or take over a mesh node No topology authentication An attacker can easily inject a malicious node into the WMN Gain access to the network Perform Denial of Service (DoS) Perform Man in the Middle Attacks (MitM)
10 Definition of a new authentication protocol (1) Why a new protocol? No standardized security protocols for WMN The existing protocols do not meet the requirements What should the protocol provide? “Real-time/Continuous” Authentication Acceptable performance Authentication of every participating node of WMN Topology authentication Authentication of the network traffic Trustworthy mesh nodes Mesh Node Access Control Attack Detection/Reaction mechanism
11 Definition of a new authentication protocol (2) How does it work? Based on digital signatures to verify integrity and authenticity Hybrid authentication protocol using symmetric and asymmetric cryptography Offers the best properties in terms of security and performance The administrator plays the role of the CA Provides the needed keys to the Nodes
12 Definition of a new authentication protocol (3) What are the required keys? Every node is in possession Personal Public Key Personal Private Key Personal Secret Key symmetric Public Key of the Administrator Nodelist Containing the allowed communication neighbors After initialization different public/secret keys of neighbor nodes The procedure can be subdivided in two operations: I) Initialization of a new node II) Information transmission } asymmetric
13 Definition of a new authentication protocol (4) Initialization of a new node (asymmetric) Node A wants register to the WMN NodelistCert(A) WMN Signature broadcast Initialization message The receiving node B Checks if it is included in the node list (NL) Checks the signature Using the Public Key of the Admin B encrypts its secret key and sends it to A After a successful decryption, A encrypts its secret key and sends it to B A :
14 Definition of a new authentication protocol (5) Initialization of a new node (asymmetric) Node A wants register to the WMN Node B (1) Broadcast: NL, Cert(A), SIG{[NL,Cert(A)], PrivK(Admin)} (2) ENC{[Cert(B),K(B),T 1 ], PubK(A)} (3) ENC{[K(A),T 2 ], PubK(A)} Node A
15 Definition of a new authentication protocol (6) Information transmission (symmetric) Every node needs to have the secret key of its neighbor nodes Initialization Symmetric Signature Message Authentication Code (MAC) = Fingerprint encrypted using a secret key Faster Node A wants to send a message to node C via node B DataTimestamp C Signature Message to be transferred A : Send via node B
16 Definition of a new authentication protocol (7) Information transmission (symmetric) Signature verification and newly generated at every hop of the transmission path A different Timestamp guarantees a different signature Node ANode BNode C (1) MSG, T 1, SIG{(MSG,T 1 ), K(A)}(2) MSG, T 2, SIG{(MSG,T 2 ), K(B)} (4) MSG, T 4, SIG{(MSG,T 4 ), K(B)}(3) MSG, T 3, SIG{(MSG,T 3 ), K(C)}
17 Definition of a new authentication protocol (8) How to create trustworthy nodes? We need to guarantee that a attacker cannot retrieve the sensitive data (Keys, Nodelist, …) form a mesh node Mesh Node Access Control Before an attacker gains access to a node, the keys are erased a replaced by dummy values Consequence Neighbor nodes will fail to verify the messages form the attacked node and drop them Passive attack detection The node is automatically excluded form the WMN
18 Definition of a new authentication protocol (9)
19 Security Analysis (1) Security & Performance Requirements Acceptable performance : YES Using symmetric signatures Topology authentication : YES Every node participating in a communication is authenticated Authentication of the traffic : YES The source of every message is known Trustworthy mesh nodes : YES Mesh Node Access Control Attack Detection and Reaction : YES Corrupt Nodes are detected and excluded form the WMN
20 Security Analysis (2) Other Security features No replay attacks using timestamps No single point of failure No centralized entity Node Spoofing/Injection not possible Topology authentication The attacker does not know the needed keys Man in the Middle Attack can be used to perform DoS If an attacker modifies a transient message, it will be discarded
21 Conclusion What’s next? Extend the authentication protocol Implementation of a prototype Client/User authentication Add an administration procedure Remotely reintroduce attacked node into the WMN Attack reporting Privacy and Performance on WMN need to be considered as well Release of a security standard for WMN IEEE s?
22 The end … Thank you for your attention Questions? Wiki.uni.lu/Secan-Lab