1. Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28

2. 2 Outline Introduction Background Secure Wireless Mesh Network Security Analysis Conclusion

3. 3 Introduction Wireless Mesh Network Secure Architecture Tree Topology Security Analysis

4. 4 Outline Introduction Background Wireless Mesh Network Wireless Security Secure Wireless Mesh Network Security Analysis Conclusion

5. 5 Wireless Mesh Network (WMN) Last-mile broadband Internet access. Similar to ad hoc network. Provides: Reliability, Market Coverage, Scalability.

6. 6 Infrastructure Network

7. 7 Ad hoc Network

8. 8 WMN ’ s Architecture

9. 9 WMN ’ s Actor Wireless Gateway: Bridge wired and wireless traffic. Access Point (AP): Provide service to mobile user. Connect with other AP. Mobile: End Users.

10. 10 Wireless Security A wireless network is broadcast by nature, and the media is reachably- broadcast. Authentication and data encryption.

11. 11 Attacks Man-in-Middle (MIM) Forge AP Session Hijack Route Swindle Denial of Service (DoS)

12. 12 Man-in-Middle An intruder introduces himself as a new node between a valid host and its AP or between AP and AP.

13. 13 Forge AP

14. 14 Session Hijack

15. 15 Route Swindle Modify the hop count filed in the routing packet.

16. 16 Denial of Service (DoS) DoS attacks are a big problem for all types of networks. Limited CPU and memory. Continually send streams of association and disassociation packets.

17. 17 Security Solution Wired Equivalent Privacy (WEP) IEEE 802.1x Public Key Infrastructure

18. 18 WEP RC4(iv, k) P = {M, c(M)} Ciphertext

19. 19 Problems with WEP Key size is too small (40 bits) be crackable in less than 50 hrs by brute force. Key Sequence Reuse (Initial Vector) Message can ’ t be Authenticated

20. 20 IEEE 802.1x IEEE 802.1x is a security framework must provide network access authentication.

21. 21 IEEE 802.1x (1)

22. 22 Public Key Infrastructure Two problems with shared-key ： Key distribution Digital signatures Key feature of public key cryptosystem Two keys: Public Key & Private Key Computational infeasible to determine decryption key.

23. 23 Outline Introduction Background Secure Wireless Mesh Network Tree Topology Two functions of Wireless Mesh Network Security Analysis Conclusion

24. 24 The Properties of WMN Similar to ad hoc network AP will select a routing path to transfer data. The routing path is always fix. Most data flow is transfer to wireless gateway. Combine all routing path, we can create a hierarchy architecture - Tree Topology.

25. 25 Tree Topology b a c def g h

26. 26 WMN ’ s Relationship

27. 27 The Actors of Secure WMN Supplicant: A new AP wants to join WMN Authentication Agent (AA): Helps supplicant to authenticate with management system. Create secure tunnels with supplicants.

28. 28 The Actors of Secure WMN (1) Management System (MS) Authentication Server Maintain the topology of WMN Create signature for APs

29. 29 Two functions of WMN Self-Organization Self-Configuration Self-Reconfiguration Self-Healing

30. 30 Self-Organization 1.Broadcast Req_Start 2.Return Resp_Start 3.Choise authentication agent 4.Send Req_Join 5.Send Req_Join_f 6.Forward Req_Join_f 7.Authorization 8.Send Resp_Join_f 9.Send Req_Auth.

31. 31 Self-Organization (1)

32. 32 Trust Model First, a new AP should do … Register its “ MAC Address ”, “ Confirm Key ” to MS. Get “ Group Key ” and “ WMN public key ” from MS. When it gets Resp_Join … Use “ WMN public key ” to determine the legal nodes.

33. 33 Trust Model (1) Use “ Group Key ” to start session key exchange process with its AA. When it gets Req_Auth … AA has get “ Confirm Key ” from MS. Return its “ Confirm Key ” to response Req_Auth, then AA will compare these “ Confirm Key ”.

34. 34 Choose Authentication Agent Two factors Hop count Node loading 1. Choose the node has smallest hop count value. 2. If there are two nodes has equal hop count value. 1. Compare their node loading value. 2. Select the smaller one.

35. 35 Session Key Exchange The session key should be modified periodically. Default Key: Supplicant use “ KeyUpdate ” message to notify AA exchange key.

36. 36

37. 37 Self-Configuration Self-Healing Self-Reconfiguration

38. 38 Self-Healing 1. Determine the authentication agent fail. 2. Start Self-Organization process.

39. 39 Self-Reconfiguration

40. 40 Outline Introduction Background Secure Wireless Mesh Network Security Analysis Conclusion

41. 41 MIM Supplicant use secret key to establish a secret tunnel with AA. Attacker can ’ t read the transmission data directly. Supplicant will update new key with its AA periodically. Attacker can ’ t collect enough packets to determine the secret key.

42. 42 Forge AP Supplicant will update new key with its AA periodically. Attacker doesn ’ t know what the key is used now.

43. 43 Session Hijack Session key exchange first Supplicant should start session key exchange before authentication. Attacker can ’ t hijack any session.

44. 44 Route Swindle When AP receive Req_Start, it returns Resp_Start (signature). Signature can prove its legality. Supplicant will only trust the legal Resp_Start.

45. 45 Denial of Service There are not any solution to solve this problem. When a node be crashed, the self- healing process will be started by other nodes.

46. 46 Outline Introduction Background Secure Wireless Mesh Network Security Analysis Conclusion

47. 47 Conclusion Propose tree topology for secure WMN. Define WMN ’ s basic functions of WMN. Analysis security problems.

48. 48 Future Work Consider more available attacks. Consider performance in “ choose AA ”. Other application: Sensor network Ad hoc network

49. 49 The End