http://impact.asu.edu

Trust Propagation based Authentication Protocol in Multi-hop Wireless Home

Networks

Sandeep K. S. Gupta

Department of Computer Sc. & Engg

Ira A. Fulton School of Engg

Arizona State University, Tempe, AZ, 85287

http://impact.asu.edu

Talk Overview

• Multi-hop Wireless Home Networks (MWHN)

• Problem statement

• Key idea – Trust propagation

• Preliminary trust-propagation protocol

• Security Analysis– Find a vulnerability

• Refined protocol

• Conclusions

http://impact.asu.edu

Overview of Multi-hop Wireless Home Networks

• Density of wireless devices at home is expected to keep increasing

• This environment introduces new wireless network requirements

– high and dependable bandwidth– low latency– coverage throughout the home

• Multi-hop wireless technology offers unique benefits for this environment

– Increasing utilization of spatial capacity• Short range spactrum channel re-use (re-

use BANDWIDTH) improving spatial capacity

– Eliminating dead zones– Extending coverage– Offering alternative communication path (f

ailure recovery)

http://impact.asu.edu

Problems in authentication & channel establishment

• Multi-hop wireless home networks require a simple to manage authentication and channel establishment mechanism due to the accessibility to the heterogeneous devices and multi-hop wireless environment

• Problems in applying the well known authentication and channel establishment protocols to MWHN– Communication cost is high in ter

ms of authentication response time

– Vulnerable to some critical attacks: server impersonation attack, man-in-the-middle, DoS

WEP protocol (Wi-Fi) and IEEE 802.11

EAP protocol and IEEE 802.1x

http://impact.asu.edu

Key idea of our authentication protocol

• How about authentication by a neighbor device rather than by the server?

• Badge: home server delegates only its authentication capability (badge) to the previously authenticated device, and the device authenticates its neighbor devices on behalf of the server.

1. Issue of Badge 2. Enforce the law

Police agency Police officer

http://impact.asu.edu

System model & Assumption

Home server

- Server-based system

- WMHN infrastructure

- Each device has pubic-private key pair

http://impact.asu.edu

Device Usage Model

• Assumption: each device has input interface• User buys a new device• Takes it out of box at home• Goal: Require minimum setup tasks

– Input a network password

• “Activated” device gets authenticated

http://impact.asu.edu

Trust Propagation

Master Key1Master Key2

Device 1 Device 2

Device 3

Master Key3

Badge 1Badge 2

Authentication Domain: A set of objects that are allowed to be a part of specific house hold’s home network

Expanded Authentication Domain

Authentication DomainBadge 3

Home server

http://impact.asu.edu

Authenticated Domain (2)

Device state according to the response

http://impact.asu.edu

Characteristic of our protocol

• Authentication by the trusted neighbor device• Network password-based device checking

– It is only network authentication key

• Mutual authentication• Reducing the number of public/private key operation• Key length-agile and algorithm-agile for the session k

ey– Different applications of heterogeneous devices need

different security requirement for communication sessions

http://impact.asu.edu

Protocol Overview

Notation Description

IDX Identity of device X

Npwd Initial shared network password for device checking

KX X’s master key which is only shared with a server

KXY Session key for X and Y, shared key between X and Y

X-pub X’s public key

X-priv X’s private key

{ABC}K ABC encrypted in a key(K)

Rx A random nonce generated by X

TS Time stamp

L Life time of a key or Badge

h( ) Hash function

ATH Uses of a Badge. The Badge could be used for various uses according to this limited authority.

REP(X) Report about authentication of device X

RQA(X) Request of access to device X

ALG Algorithm specified by server

Phase 1: Authentication in one hop from the server

Device A Server

Msg 1: IDA, A-pub, {IDA, RA, A-pub, TS}npwd

Msg 3: IDA, {IDA, RS, RA}A-priv

Msg 2: IDS, S-pub, RS, {IDS, RA, RS}S-priv

Msg 4: {Badge(A), KA, L}A-pub

Badge(A) = {IDA, ATH, L}S-priv

http://impact.asu.edu

Protocol Overview (2)

Phase 2: Authentication in more than one hop from the server - Suppose that device A is in Authentication Domain

Badge(A) = {IDA, ATH, L}S-priv

Device A Server

Msg 1: IDB, B-pub, {IDB, RB, B-pub, TS}npwd

Msg 3: IDB, {IDB, RA, RB }B-priv

Msg 2. IDA, S-pub, RA, {IDA, RB, RA, Badge(A)}B-pub

Msg 4: IDA,{IDA, REP(B), B-pub}KA

Device B

Msg 5: {Badge(B), KB, L}B-pub

http://impact.asu.edu

Protocol Overview (3)

Phase 3: Establishment of a secure connection with another device - Suppose that device B and C are in Authentication Domain - Device B requests the access to device C

Device CServer

Msg 7: IDB, {IDB, RQA(C)}KB

Msg 9:{Message} KBC, h(Message)

Msg 8: {ALG, KBC, L}KB

Device B

Msg 8: {ALG, KBC, L}KC

http://impact.asu.edu

Security Analysis

• Active Attack– Application:

• Resource consumption attack (DoS)• Man-in-the-Middle attack• Replay attack• Server impersonation attack• Badge reuse attack• Network password guessing attack• Brute force attack• Cryptanalysis

– Transport:• Session hijacking

– Network:• Wormhole• Dos (Routing table overflow)

– MAC:• Jamming

– Physical• Steal device and tamper memory

• Passive Attack– Snooping– selfishness

Remote access of target device in AD

Obtaining session keyP

Remote access of server

P

Obtaining master keyP

Obtaining Badge

P

Cryptanalysis

I

Brute force

P

Obtaining the private key of the other device on the

network P

Obtaining network password

P

Brute force

p

Cryptanalysis

I

Stealing device

P

Tamper memory

P

Finding written password

P

Password guessing attack

P

Brute force

p

Cryptanalysis

I

Brute force

P

Cryptanalysis

I

Replay attack

I

AND

Types of Attacks Attack TreeP : PossibleI : Impossible

: Possible path: Impossible path

http://impact.asu.edu

Vulnerability in presented scheme?

• A malicious node can act as authenticated device – generate its own badge i.e. fool the device into believing that it is the server.

http://impact.asu.edu

Refined Device Usage Model

• Assumption: each device has input interface• User buys a new device• Takes it out of box at home• Require minimum setup tasks

– Input a network password– Device acquires server’s public key – maybe by

proximity scheme.• “Activated” device gets authenticated

http://impact.asu.edu

Refined Protocol

• The server’s public key is not acquired from the authenticating (proxy) node.

http://impact.asu.edu

Conclusions

• Developed the trust-propagation based authentication and secure channel establishment protocol for multi-hop wireless home network environment

• Reliable: resistant to various attacks

• Efficient and adaptable: minimizing overheads such as communication and computation costs

• Distributing a server’s load (eliminated the possibility of bottle neck in the server)

http://impact.asu.edu

Performance Analysis

Fig 1. Total number of transmissions according to network density

Fig 2. Average number of transmissions according to device location

http://impact.asu.edu

Performance Analysis (2)

Packet Size (bits)

Msg1 1264

Msg2 1472

Msg3 320

Msg4a 248

Msg4b 160

Msg5 2584

Msg6 96

Fig 3. Total amount of data transmitted according to network density

Fig 4. Average amount of data transmitted according to device location

Key Size Description

npwd 48 -

KX 112 when 3-DES is used

KXY 112 when 3-DES is used

X-pub 1024 when RSA is used

RX 128 -

Data entry size

http://impact.asu.edu

WEP (802.11)

KerborosEAP (802.1x) Our

protocol

Vulnerable to attack

Server impersonation attack

Yes No

Partially Yes (client-server: No but client-access point: Yes)

No

Replay attack No No No No

Man-in-the-middle-attack

Yes No Potentially Yes No

Resource consumption attack (DoS)

Yes Yes Yes No

Support heterogeneous device No No No Yes

Authentication response time Low High High Low

Computation cost Low High High Low

Comparison with other authentication protocols

http://impact.asu.edu

Proxy server mechanismOur trust propagation mechanism

Concept Resource propagation Authentication privilege propagation

Trust objectProxy server which has same resources with the main server

Device which is given Badge by Home server

Manner of propagationPhysically replica (deployment of multiple proxy)

Logically and automatically deployed by server (assignment of Badge by server)

Benefit Load distribution and balancing-Reduce authentication response time- Filtering

Capability Same as the main server Only authentication

Hardware Additional hardware is required No

Comparison with proxy scheme (proxy server)

http://impact.asu.edu

Multi-hop Wireless Home Networks

• Why Multi-hop Wireless in Home Networks ?– Eliminating dead zones– Extending coverage– Increasing utilization of spatial capacity– Offering alternative communication path

• Challenging problems in Multi-hop Wireless Home networks– Interoperability– Coexistence– Channelization– Routing – QOS– Security

http://impact.asu.edu

Problem in applying WLAN authentication protocols to Multi-hop Wireless Home Networks

• IEEE 802.11 and WEP protocol (Wi-Fi)

• IEEE 802.1x and EAP protocol

a general protocol for authentication that also supports multiple authentication methods, such as symmetric key and public key authentication.

Communication cost at authentication is high!