KAIS T Security architecture in a multi-hop mesh network Conference in France, 2006 2006. 9. 26....

KAIST

Security architecture in a multi-hop Security architecture in a multi-hop

mesh networkmesh network

Conference in France, 2006

2006. 9. 26.

Presented by JooBeom Yun

22 / 18 / 18Security architecture in a multi-hop mesh network

ContentsContents

Introduction

Problematic

State of the art and related worksAd-hoc network security

Users’ access to wireless networks

Proposed security architecturePANA framework

Technical description

Security analysis of the solution

Future works

Conclusions


Introduction Introduction

Multi-hop mesh network

Extension of a wireless mesh network by an ad hoc network

Authentication mechanism

is essential

In wireless network and

in an ad hoc network

The biggest problem

Authentication of the mobile node


ProblematicProblematic

Multi-hop mesh network inherits from the security problems

Ad-hoc networks

Passive eavesdropping, message replaying, message distorsion, active impersonation

DoS

Mesh network (Fake APs)

Eavesdropping, tampering, DoS

Access control enforced by operators

Authentication, authorization

Protect data exchanges


State of the art and related worksState of the art and related works

Ad-hoc network security

Covers secure routing, key establishment, authentication, certification/revocation services

Secure routing

designed security protocols - ARAN[1], Ariadne[2], SAODV[3]

Certification and revocation services

Threshold cryptography[5,6], ID-based cryptography[7], both cryptography[8]

Users’ access to wireless networks

IEEE 802.1X standard

EAP(Extensible Authentication Protocol) messages between the user and the AP

PANA(Protocol for Carrying Authentication and Network Access) protocol

Medium independent solution

EAP messages to be carried over IP


Proposed security architectureProposed security architecture

IEEE 802.1XMobiles may be authenticated by the mesh AR

Authentication is done at layer 2 (MAC address)

The mobile is assumed to be directly attached to the mesh routers

PANAAuthenticate using the IP protocol

EAP lower-layer

Any EAP method is suitable for authentication

PANA framework

Technical description

Security analysis of the solution


PANA frameworkPANA framework

PANA Client (PaC)Request authentication, provide the credentials

PANA Authentication Agent (PAA)Interacts with the AS to determine the access control state and communicates EP

Enforcement Point (EP)Controls access of a new node to the network

Authentication Server (AS)Verify the credentials of a node requiring access to the network

Asked by the PAA


Technical description (1/3)Technical description (1/3)

Configuration (e.g. DHCPv4)

PANA Discovery phase and begin of Authentication and authorization phase

Authorization [IKE-PSK, PaC-DI,

Session-id]

PANA-Bind-Request / PANA-Bind-Answer

IKE

SA



Encapsulation of EAP packets during PANA authentication



EAP-MD5Login/password

Known vulnerabilities (dictionary and brute-force attacks)

Does not support mutual authentication

EAP-TLSSecure and robust against attacks

Mutual authentication

Protect network access by providing an IKE-PSK


PANA/EAP-TLS authentication procedure (1/2)PANA/EAP-TLS authentication procedure (1/2)

PANA-Auth-Request (EAP-Request/Identity)

PANA-Auth-Answer (EAP-Response/ Identity (MyID)) Access-Request (EAP-Response/ Identity (MyID))

Access-Challenge(EAP-Request/EAP-Type=EAP-TLS(TLS Start))PANA-Auth-Request(EAP-Request/EAP-Type=EAP-TLS(TLS Start))

PANA-Auth-Answer(EAP-Response/EAP-Type=EAP-TLS(TLS

Client-hello))

Access-Request(EAP-Response/EAP-Type=EAP-TLS(TLS

Client-hello))

Access-Challenge(EAP-Request/EAP-Type=EAP-TLS(TLS

Server_hello, TLS certificate, [TLS server_key_exchange,][TLS

Certificate_request,] TLS server_hello_done))

PANA-Auth-Request(EAP-Request/EAP-Type=EAP-TLS(TLS

Server_hello, TLS certificate, [TLS server_key_exchange,][TLS

Certificate_request,] TLS server_hello_done))

① ②

③

④

⑤


PANA/EAP-TLS authentication procedure (2/2)PANA/EAP-TLS authentication procedure (2/2)

PANA-Auth-Answer (EAP-Response/ EAP-Type=EAP-TLS (TLS

Certificate, TLS client_key_exchange, [TLS certificate_verify,] TLS

Change_cipher_spec, TLS finished))

Access-Request (EAP-Response/ EAP-Type=EAP-TLS (TLS

Certificate, TLS client_key_exchange, [TLS certificate_verify,] TLS


PANA-Auth-Answer (EAP-Response/ EAP-Type=EAP-TLS) EAP-Response/ EAP-Type=EAP-TLS

Access-Challenge(EAP-Request/EAP-Type=EAP-TLS(TLS


Access-Accept(EAP-Success)PANA-Bind-Request (EAP-Success,Device-Id,[protection-Cap],MAC)

PANA-Auth-Request(EAP-Request/EAP-Type=EAP-TLS(TLS


PANA-Bind-Answer (Device-Id,[protection-Cap],MAC)

⑥

⑦


IPsec/IKE protectionIPsec/IKE protection

Multi-hop environmentAccess control need to operate at the network layer or upper layers

IPsec protocol suite

Support strong access control to authenticate packets’ origin

Provide data encryption (using ESP)

In order to setup an IPsec securityinitiate IKE exchanges

authenticate to each other.


Security analysis of the solution (1/2)Security analysis of the solution (1/2)

Protection against replay attacks

Spoofing messages

Sequence numbers are randomly initialized at the beginning of the session

Protection against PaC DoS attacks

Spoofed message

MAC protection

Providing message integrity

Service theft attack

provides message integrity and protects the PaC’s identifier.

Spoofing PAA message

An attacker can spoof PAA messages

Less secure authentication method

negotiate parameters after the establishment of PANA security association


Security analysis of the solution (2/2)Security analysis of the solution (2/2)

PAA DoS attackOverload the PAA with PANA-PAA-Discover messages

Add a cookie (Device ID) to the PANA-Start-Request message

DHCP DoS attackDoS attacks are possible by depleting the IP address space

Other possible attacksAd-hoc and mesh networks

vulnerable to passive eavesdropping, message replaying, message distorsion, easy man-in-the-middle, active impersonation, DoS, IP spoofing

Cryptographic technics(IPsec) – prevent eavesdropping, message distorsion, active impersonation

Mesh networksWorst DoS is not possible (using access control)

Access control, cryptographic technics


Future worksFuture works

The proposed architecturecombines PANA with EAP-TLS in a multi-hop mesh network.

EAP-TLSMutual authentication and strong robustness against attacks

Heavy treatment (the use of asymmetric cryptography)

Need PKI

EAP-MD5Simpler

Vulnerable to eavesdropping attacks

Workingcombine the simplicity of EAP-MD5 and the robustness of EAP-TLS

PANA exposes to IP address starvation in IPv4.Adapting IEEE 802.1X to multi-hop mesh networks (new research direction)


ConclusionsConclusions

Access network security in a multi-hop mesh networkaccess control

data protection

IEEE 802.1X standardcan be extended to support authentication in multi-hop mesh networks

It’s not easy (modify the standard)

A combination of EAP-TLS over PANA and IPsec has been proposed.

PANA is relying on the availability of IP addresses.IPv6

Temporary private addresses


Q & AQ & A

KAIS T Security architecture in a multi-hop mesh network Conference in France, 2006 2006. 9. 26....

Documents

Transcript of KAIS T Security architecture in a multi-hop mesh network Conference in France, 2006 2006. 9. 26....