http://impact.asu.edu trust propagation based authentication protocol in multi-hop wireless home...
TRANSCRIPT
http://impact.asu.edu
Trust Propagation based Authentication Protocol in Multi-hop Wireless Home
Networks
Sandeep K. S. Gupta
Department of Computer Sc. & Engg
Ira A. Fulton School of Engg
Arizona State University, Tempe, AZ, 85287
http://impact.asu.edu
Talk Overview
• Multi-hop Wireless Home Networks (MWHN)
• Problem statement
• Key idea – Trust propagation
• Preliminary trust-propagation protocol
• Security Analysis– Find a vulnerability
• Refined protocol
• Conclusions
http://impact.asu.edu
Overview of Multi-hop Wireless Home Networks
• Density of wireless devices at home is expected to keep increasing
• This environment introduces new wireless network requirements
– high and dependable bandwidth– low latency– coverage throughout the home
• Multi-hop wireless technology offers unique benefits for this environment
– Increasing utilization of spatial capacity• Short range spactrum channel re-use (re-
use BANDWIDTH) improving spatial capacity
– Eliminating dead zones– Extending coverage– Offering alternative communication path (f
ailure recovery)
http://impact.asu.edu
Problems in authentication & channel establishment
• Multi-hop wireless home networks require a simple to manage authentication and channel establishment mechanism due to the accessibility to the heterogeneous devices and multi-hop wireless environment
• Problems in applying the well known authentication and channel establishment protocols to MWHN– Communication cost is high in ter
ms of authentication response time
– Vulnerable to some critical attacks: server impersonation attack, man-in-the-middle, DoS
WEP protocol (Wi-Fi) and IEEE 802.11
EAP protocol and IEEE 802.1x
http://impact.asu.edu
Key idea of our authentication protocol
• How about authentication by a neighbor device rather than by the server?
• Badge: home server delegates only its authentication capability (badge) to the previously authenticated device, and the device authenticates its neighbor devices on behalf of the server.
1. Issue of Badge 2. Enforce the law
Police agency Police officer
http://impact.asu.edu
System model & Assumption
Home server
- Server-based system
- WMHN infrastructure
- Each device has pubic-private key pair
http://impact.asu.edu
Device Usage Model
• Assumption: each device has input interface• User buys a new device• Takes it out of box at home• Goal: Require minimum setup tasks
– Input a network password
• “Activated” device gets authenticated
http://impact.asu.edu
Trust Propagation
Master Key1Master Key2
Device 1 Device 2
Device 3
Master Key3
Badge 1Badge 2
Authentication Domain: A set of objects that are allowed to be a part of specific house hold’s home network
Expanded Authentication Domain
Authentication DomainBadge 3
Home server
http://impact.asu.edu
Authenticated Domain (2)
Device state according to the response
http://impact.asu.edu
Characteristic of our protocol
• Authentication by the trusted neighbor device• Network password-based device checking
– It is only network authentication key
• Mutual authentication• Reducing the number of public/private key operation• Key length-agile and algorithm-agile for the session k
ey– Different applications of heterogeneous devices need
different security requirement for communication sessions
http://impact.asu.edu
Protocol Overview
Notation Description
IDX Identity of device X
Npwd Initial shared network password for device checking
KX X’s master key which is only shared with a server
KXY Session key for X and Y, shared key between X and Y
X-pub X’s public key
X-priv X’s private key
{ABC}K ABC encrypted in a key(K)
Rx A random nonce generated by X
TS Time stamp
L Life time of a key or Badge
h( ) Hash function
ATH Uses of a Badge. The Badge could be used for various uses according to this limited authority.
REP(X) Report about authentication of device X
RQA(X) Request of access to device X
ALG Algorithm specified by server
Phase 1: Authentication in one hop from the server
Device A Server
Msg 1: IDA, A-pub, {IDA, RA, A-pub, TS}npwd
Msg 3: IDA, {IDA, RS, RA}A-priv
Msg 2: IDS, S-pub, RS, {IDS, RA, RS}S-priv
Msg 4: {Badge(A), KA, L}A-pub
Badge(A) = {IDA, ATH, L}S-priv
http://impact.asu.edu
Protocol Overview (2)
Phase 2: Authentication in more than one hop from the server - Suppose that device A is in Authentication Domain
Badge(A) = {IDA, ATH, L}S-priv
Device A Server
Msg 1: IDB, B-pub, {IDB, RB, B-pub, TS}npwd
Msg 3: IDB, {IDB, RA, RB }B-priv
Msg 2. IDA, S-pub, RA, {IDA, RB, RA, Badge(A)}B-pub
Msg 4: IDA,{IDA, REP(B), B-pub}KA
Device B
Msg 5: {Badge(B), KB, L}B-pub
http://impact.asu.edu
Protocol Overview (3)
Phase 3: Establishment of a secure connection with another device - Suppose that device B and C are in Authentication Domain - Device B requests the access to device C
Device CServer
Msg 7: IDB, {IDB, RQA(C)}KB
Msg 9:{Message} KBC, h(Message)
Msg 8: {ALG, KBC, L}KB
Device B
Msg 8: {ALG, KBC, L}KC
http://impact.asu.edu
Security Analysis
• Active Attack– Application:
• Resource consumption attack (DoS)• Man-in-the-Middle attack• Replay attack• Server impersonation attack• Badge reuse attack• Network password guessing attack• Brute force attack• Cryptanalysis
– Transport:• Session hijacking
– Network:• Wormhole• Dos (Routing table overflow)
– MAC:• Jamming
– Physical• Steal device and tamper memory
• Passive Attack– Snooping– selfishness
Remote access of target device in AD
Obtaining session keyP
Remote access of server
P
Obtaining master keyP
Obtaining Badge
P
Cryptanalysis
I
Brute force
P
Obtaining the private key of the other device on the
network P
Obtaining network password
P
Brute force
p
Cryptanalysis
I
Stealing device
P
Tamper memory
P
Finding written password
P
Password guessing attack
P
Brute force
p
Cryptanalysis
I
Brute force
P
Cryptanalysis
I
Replay attack
I
AND
Types of Attacks Attack TreeP : PossibleI : Impossible
: Possible path: Impossible path
http://impact.asu.edu
Vulnerability in presented scheme?
• A malicious node can act as authenticated device – generate its own badge i.e. fool the device into believing that it is the server.
http://impact.asu.edu
Refined Device Usage Model
• Assumption: each device has input interface• User buys a new device• Takes it out of box at home• Require minimum setup tasks
– Input a network password– Device acquires server’s public key – maybe by
proximity scheme.• “Activated” device gets authenticated
http://impact.asu.edu
Refined Protocol
• The server’s public key is not acquired from the authenticating (proxy) node.
http://impact.asu.edu
Conclusions
• Developed the trust-propagation based authentication and secure channel establishment protocol for multi-hop wireless home network environment
• Reliable: resistant to various attacks
• Efficient and adaptable: minimizing overheads such as communication and computation costs
• Distributing a server’s load (eliminated the possibility of bottle neck in the server)
http://impact.asu.edu
Performance Analysis
Fig 1. Total number of transmissions according to network density
Fig 2. Average number of transmissions according to device location
http://impact.asu.edu
Performance Analysis (2)
Packet Size (bits)
Msg1 1264
Msg2 1472
Msg3 320
Msg4a 248
Msg4b 160
Msg5 2584
Msg6 96
Fig 3. Total amount of data transmitted according to network density
Fig 4. Average amount of data transmitted according to device location
Key Size Description
npwd 48 -
KX 112 when 3-DES is used
KXY 112 when 3-DES is used
X-pub 1024 when RSA is used
RX 128 -
Data entry size
http://impact.asu.edu
WEP (802.11)
KerborosEAP (802.1x) Our
protocol
Vulnerable to attack
Server impersonation attack
Yes No
Partially Yes (client-server: No but client-access point: Yes)
No
Replay attack No No No No
Man-in-the-middle-attack
Yes No Potentially Yes No
Resource consumption attack (DoS)
Yes Yes Yes No
Support heterogeneous device No No No Yes
Authentication response time Low High High Low
Computation cost Low High High Low
Comparison with other authentication protocols
http://impact.asu.edu
Proxy server mechanismOur trust propagation mechanism
Concept Resource propagation Authentication privilege propagation
Trust objectProxy server which has same resources with the main server
Device which is given Badge by Home server
Manner of propagationPhysically replica (deployment of multiple proxy)
Logically and automatically deployed by server (assignment of Badge by server)
Benefit Load distribution and balancing-Reduce authentication response time- Filtering
Capability Same as the main server Only authentication
Hardware Additional hardware is required No
Comparison with proxy scheme (proxy server)
http://impact.asu.edu
Multi-hop Wireless Home Networks
• Why Multi-hop Wireless in Home Networks ?– Eliminating dead zones– Extending coverage– Increasing utilization of spatial capacity– Offering alternative communication path
• Challenging problems in Multi-hop Wireless Home networks– Interoperability– Coexistence– Channelization– Routing – QOS– Security
http://impact.asu.edu
Problem in applying WLAN authentication protocols to Multi-hop Wireless Home Networks
• IEEE 802.11 and WEP protocol (Wi-Fi)
• IEEE 802.1x and EAP protocol
a general protocol for authentication that also supports multiple authentication methods, such as symmetric key and public key authentication.
Communication cost at authentication is high!