Upload
marian-lester
View
218
Download
5
Embed Size (px)
Citation preview
ARSA: An Attack-Resilient Security Architecture for Multi-hop Wireless Mesh Networks
Ki-Woong ParkComputer Engineering Research Laboratory
Korea Advanced Institute Science & TechnologyOct 18, 2007
IEEE Journal on Selected Areas in Communications, 2006
COMPANY LOGO
Prologue
Wireless Mesh Network at KAIST
Low deployment costs Self-Configuration, Self-maintenance Scalability, Robustness
WiMesh Router
In this paper, Security Architecture
• Authentication, Key Agreement• Attack-Resilient Security Protocol
2/20
COMPANY LOGO
1
2
3
4
Introduction to Wireless Mesh Network
Problem to solve
Authentication and Key Agreement
Security Enhancement
Contents
3/20
5 Discussion
Performance Evaluation
COMPANY LOGO
Introduction to Wireless Mesh Network
Access Points
Mesh Routers
Mesh Clients
- Mobile & Short-lived ubiquitous services
- DoS attacks
- Security for multi-hop communication
4/20
COMPANY LOGO
Problem to solve
Authentication and Key Agreement (AKA) Router-Client AKA Client-Client AKA
Attack-Resilient Security Architecture Location Privacy Attack Bogus-Beacon Flooding Attack Denial-of-Access (DoA) Attack Bandwidth-Exhaustion Attack
Attacker
Access Points
Mesh Routers
Mesh Clients
5/20
COMPANY LOGO
Preliminaries
Cryptographic foundation of ARSA Identity-Based Cryptography
• Eliminates the need for public-key distributionPublicly known identity information
Public Key
: Cyclic additive group of large prime order q
: Cyclic multiplicative group of large prime order q
6/20
COMPANY LOGO
System Model and Notation (1/3)
Credit-card-based business model Kerberos, PKINIT
Broker(i)
Customer (j)
WMN Router(j)
Reque
st fo
r pas
s
Univer
sal P
ass
WMN Router (j)
WMN Operator (i)
7/20
COMPANY LOGO
System Model and Notation (2/3)
Domain Parameter & Certificate
Domain Parameter : publicly known Domain Secret : keep confidential , : unique to each domain
Access Points
Mesh Routers
P : Generator of
: Domain Secret (Private Key)
H1 : hash function mapping to
: Domain public Key
domain-cert
From TTP
8/20
COMPANY LOGO
System Model and Notation (3/3)
Access Points
Mesh Routers (j)
Mesh Clients
Broker (i)
WMN Operator (i)
Pass Model of ARSA R-PASS (Router Pass)
• Issued by WMN Operator I• Freshness is controlled by expiry -time
C-PASS (Client Pass)• Provided by a Broker
T-PASS (Temporary Pass)• Given by WMN Operator
Mesh Clients
(j)
Public Key
Private Key
9/20
COMPANY LOGO
AKA (Authentication and Key Agreement) (1/4)
Access Points
Mesh Routers
Access Points
Mesh Routers
WMN Operator “a”
WMN Operator “b”
Inter-domain AKA
Intra-domain AKA
Client-Client AKA
10/20
COMPANY LOGO
Inter-domain AKAMesh Routers
WMN Operator (i)
A.1
A.2
Time check for t1 Expiry –time checkValidate domain-certVerify
To validate domain-cert
From TTP
hot list check of broker
A.3
T-PASS
AKA (Authentication and Key Agreement) (2/4)
11/20
COMPANY LOGO
Intra-domain AKAMesh Routers
B.1
B.2
Time check for t1 Expiry –time checkVerify Derivation of Key
PASS checkDerivation of Key
To derive shared key
AKA (Authentication and Key Agreement) (3/4)
12/20
COMPANY LOGO
Client-Client AKA
C.1
C.2
PASS CheckDerivation of KeyChallenge
PASS checkDerivation of KeyResponse
To derive shared key
:
:
AKA (Authentication and Key Agreement) (4/4)
13/20
COMPANY LOGO
Security Enhancement (1/3)
Location Privacy Attack Alias for client = = Broker’s additional Key :
• Before :
• After :
armed with multiple alias (C-PASS, pass-key)
Bogus-Beacon Flooding Attack Attack by flooding a mesh with a log of bogus beacons Authenticity of beacons
Beacon Interval : ms Super beacon interval : ms
Hierarchical One-way hash-chain Technique
14/20
COMPANY LOGO
Bogus-Beacon Flooding Attack Before Beacon (A.1)
After
Computationally infeasible to find ax+1 using ax
Pass check using , Calculate If( = ) then Use to proper beacon fields
Security Enhancement (2/3)
15/20
COMPANY LOGO
Denial-of-Access (DoA) Attack Bandwidth-Exhaustion Attack
CPU-bound puzzles
: random nonce created by Router : puzzle indicator (Initial value = 0) Client
• Generate nonce N• Performing a brute-force search for a X
– = # of Zero bits is zero
• Finding solution :
Security Enhancement (3/3)
16/20
COMPANY LOGO
Discussion
Identify a number of unique security requirements of the emerging multi-hop WMNs
ARSA : Attack-Resilient Security Architecture More practical and lightweight Mutual Authentication & Key Agreement Attack-Resilient Technique
• Location Privacy Attack / Bogus-Beacon Flooding Attack
• Denial-of-Access (DoA) Attack / Bandwidth-Exhaustion Attack
Critique No experiment / Simulation Result Computationally Efficiency Difference with Kerberos / PKINIT Comparison with PKI
17/20
COMPANY LOGO18/23
Symmetric Key Asymmetric Key / IBC
Key
One Key - One Key to encrypt the
data - One Key to decrypt the
data
Two keys - Public key to encrypt the data - Private key to decrypt the data
Confidentiality
Yes Yes
Digital Signature
No Yes
Non-repudiation
No Yes
Key Distribution
No Yes
Speed (ATmega)
3ms 472ms
Usage T-money (300ms), SpeedPass (100ms) [1] Internet Banking, E-Commerce
Symmetric Key vs. Asymmetric Key
[1] F.Vieira, J.Bonnet, C.Lobo, R.Schmitz, and T.Wall “Security Requirements for Ubiquitous Computing,” EURESCOM. 2005[2] A.Pirzada and C.McDonald, “Kerberos Assisted Authentication in Mobile Ad-hoc Networks," in Proceedings of ACM International Conference Proceeding Series; Vol. 56, 2004.
Discussion
18/20
COMPANY LOGO
Security Aspect
Computation Efficiency
Additional Experiment
AuthenticationDigital
signatureNon-
repudiationSecure key distribution
Kerberos YES No No No
PKIX YES YES YES YES
M-PKINIT YES No No YES
ARSA YES No No YES
SystemMobile Service Device
Total Operation TimePu Pr S Pu Pr S
PKIX(RSA-1024bit) 2 2 1 2 0 0 3449 1035 ms
Kerberos 0 0 8 0 0 6 8.12 2.4 ms
M-PKINIT TGT 1 1 7 1 1 5 3305.1 991.53 ms
M-PKINIT SGT 0 0 8 0 0 4 8.08 2.42 ms
ARSA Inter-domain AKA 1 2 0 1 1 1 3373.02 1011.9 ms
ARSA Intra-domain AKA 0 2 0 1 1 0 1799 539.7 ms
ARSA Client-Client AKA 0 2 1 0 2 1 301.02 90.31 ms
19/20
COMPANY LOGO
Additional Experiment
Processing Times of cryptography operationsPlatform Cryptography Operation Time Complexity
• Service Device- CPU : PXA270- RAM : SRAM 128MB
RSA 1024bitPrivate Key Avg. 472ms 1574.33
Public Key Avg. 23ms 75.33
AES 128bitEncryption Avg. 0.3ms 1.0
Decryption Avg. 0.3ms 1.0
Hash Function SHA-1 Avg. 0.6ms 2.0
• Server - CPU : Xeon 3.2GHz - RAM: 4GB
RSA 1024bitPrivate Key Avg. 2.917ms 9.72
Public Key Avg. 0.170ms 0.56
AES 128bitEncryption Avg. 0.006ms 0.02
Decryption Avg. 0.006ms 0.02
20/20
COMPANY LOGO