1. Security in Wireless Residential Networks Han Sang Kim

2. Introduction A wide variety of traditional computing devices and embedded Internet appliances will be networked in homes. One interactive platform. The broadcast nature of these networks and the heterogeneity of devices on these networks  New security problem

3. Characteristics of Residential Networks Lack of standardization for devices Heterogeneity of devices’ capability - Home automation: usually operate at low data - Computer interconnection  The device capability are vastly different with respect to implementation of security mechanisms Heterogeneous Application - Data traffic, real time service, simple on-off-dim, low data sensor information.

4. Summary A variety of devices connected by the WRN. The device require and support very different security services, protocols and mechanisms. New security algorithms and protocols in development will be deployed in consumer electronic devices over time A unified security standard appears remote and unsuitable for the WRN

5. Requirements Numerous and inconsistent based on the variety of end-nodes  Support variety of devices, different types of traffic, different applications  Systematically identify the elements in the WRN, their security capabilities and needs  Provide a mechanism which can unify a security architecture for the home

6. Proposed Security Architecture for WRN Access control for a heterogeneous WRN - device and application dependent Approach - Device classification - security level classification Universal access point - algorithm agility - containment security policy

7. Categories of WRN devices 1. Low data rate low power fixed devices 2. Low data rate high power fixed devices 3. Low data rate low power mobile devices 4. High data rate high power fixed devices 5. High data rate low power mobile devices 6. High data rate high power mobile devices

8. Categories of Security Services 1. No security 2. Moderate security 3. Wireline equivalent security 4. High security 5. Ultra-high security 6. Critically high security

9. Architecture Infrastructure-based network - access point - preferable in a security point of view Tuple (device category, security level) - a device identification (employed at access point) : physical address class (based upon a tuple associated with it)

10. Algorithm-agile & Containment Algorithm-agile: support multiple encryption algorithms and apply such algorithms  AP determine what encryption algorithm is applied to an incoming request for access and relay, and act accordingly based on security polices. Containment: the ability of the network to keep certain security levels of information from leaking out of a particular region.  No traffic from low security device is relayed to a high security device.

11. An example of security mechanism Access Point 1. [Dev || Dc || SL || Alg || MAC k (Dev || Dc || SL)] MP3 Player PDA 2. [E k ( Dc || SL || Rn || TS)] 3. [Dev || Dest || Msg || h(Dest || Msg || Rn +1)] 4. [Msg || h(Msg || Rn || TS)] Dev: Device ID Dc: Device category SL: Security level Alg: Algorithm Rn: Nonce Dest: Destination address

12. Advantages and Limitations Advantages - security architecture for universal access point - dynamically working - simple to implement and maintain - security mechanism is upgradeable Limitations - does not solve the simple denial of service - bottleneck at the access point - not appropriate for some devices

13. Our hybrid mechanism Combine the security categorization mechanism with key distribution mechanism. Key distribution mechanism: - Master key - Shared network key Access Point Key distribution Or Key update Encrypted by M 1 M n : Master Key K n : Shared Network Key M1M1 M2M2 Communication Encrypted by shared key k n Appliance1 Appliance2 KnKn

14. Our hybrid mechanism Access Point 1. [ID1 || Dc || SL || Alg || MAC mk1 (ID1 || Dc || SL)] Appliance1 2. [E mk ( Dc || SL || Rn || TS)] 3. [ID1 || Dest || h(Dest || Rn +1)] 5. [E skey12 (ID12 || Msg)] [E mk1 ( ID2|| SKey 12 || TS)] Appliance2 [E mk2 ( ID1|| SKey 12 || TS)] 4.

15. What we have done so far and will do? Implementation our hybrid mechanism by step 4  Yes Reduction of bottleneck  Yes Containment police  Yes Communication between nodes with shared network key  No Algorithm-agile encryption/decryption  No Employing other devices  No Implementing our hybrid mechanism with a sensor  No

16. References [1] H. Nakakita, K. Yamaguchi, M. Hashimoto, T. Saito, and M. Sakurai, “A Study on Secure Wireless Networks Consisting of Home Appliance”, IEEE Transactions on Consumer Electronics, Vol. 49 Issue 2 pp. 375-387, May 2003. [2] P. Krishnamurthy, J. Kabara, and T. Anusas-amornkul, “Security In Wireless Residential Networks”, IEEE Transactions on Consumer Electronics, Vol. 48 No. 1 pp. 157-166, February 2002. [3] Bruce Schneier, “Applied Cryptography”, John Wiley & Sons, 1996 [4] Andrew S. Tanenbaum, “Computer Networks”, Prentice Hall, 1996 [5] J.A. DiGirolamo, “Home networks – from toasters to HDTV”, Digest of Technical Paper in Intl. Conf. On Cons. Electronics, June, 1996. [6] R. Barry, “The future home network – one interactive and entertainment platform”, IEEE Seminar on HomeNet, June 1999. [7] http://www.bluetooth.com [8] C. Kaufman “Network Security: Prentice Hall, 1995 [9] http://security.ece.orst.edu [10] Suman Banerjee, Arunesh Mishra, “Location-based Secure Wireless Group Communication”, Mobile Computing and Communications Review, Volume 1, Number 2