ARSA: An Attack-Resilient Security Architecture
for Multi-hop Wireless Mesh Networks
IEEE Journal on Selected Areas in Communications, 2006
Ki-Woong Park
Computer Engineering Research Laboratory
Korea Advanced Institute Science & Technology
Oct 18, 2007
Prologue
 Wireless Mesh Network at KAIST
WiMesh Router
 Low deployment costs
 Self-Configuration, Self-maintenance
 Scalability, Robustness
In this paper,
 Security Architecture
• Authentication, Key Agreement
• Attack-Resilient Security Protocol
2/20
COMPANY LOGO
Contents
1
Introduction to Wireless Mesh Network
2
Problem to solve
3
Authentication and Key Agreement
4
Security Enhancement
5
Discussion

Performance Evaluation
3/20
COMPANY LOGO
Introduction to Wireless Mesh Network
Access
Points
Mesh
Routers
Mesh
Clients
- Mobile & Short-lived ubiquitous services
- DoS attacks
- Security for multi-hop communication
4/20
COMPANY LOGO
Problem to solve
 Authentication and Key Agreement (AKA)
 Router-Client AKA
 Client-Client AKA
 Attack-Resilient Security Architecture




Location Privacy Attack
Bogus-Beacon Flooding Attack
Denial-of-Access (DoA) Attack
Bandwidth-Exhaustion Attack
Access
Points
Mesh
Routers
Mesh
Clients
Attacker
5/20
COMPANY LOGO
Preliminaries
Cryptographic foundation of ARSA
 Identity-Based Cryptography
• Eliminates the need for public-key distribution
Publicly known identity information
Public Key
: Cyclic additive group of large prime order q
: Cyclic multiplicative group of large prime order q
6/20
COMPANY LOGO
System Model and Notation (1/3)
 Credit-card-based business model
 Kerberos, PKINIT
Broker(i)
WMN Router(j)
WMN Operator (i)
Customer (j)
WMN Router (j)
7/20
COMPANY LOGO
System Model and Notation (2/3)
 Domain Parameter & Certificate
P : Generator of
Access
Points
H1 : hash function mapping to
: Domain Secret (Private Key)
Mesh
Routers
: Domain public Key
domain-cert
 Domain Parameter : publicly known
 Domain Secret
: keep confidential

,
: unique to each domain
From TTP
8/20
COMPANY LOGO
System Model and Notation (3/3)
 Pass Model of ARSA
 R-PASS (Router Pass)
• Issued by WMN Operator I
• Freshness is controlled by expiry -time
WMN
Operator (i)
Access
Points
Public Key
Private Key
 C-PASS (Client Pass)
• Provided by a Broker
Mesh
Routers (j)
 T-PASS (Temporary Pass)
Broker (i)
• Given by WMN Operator
Mesh
Clients
9/20
Mesh
Clients (j)
COMPANY LOGO
AKA (Authentication and Key Agreement) (1/4)
WMN
Operator “a”
WMN
Operator “b”
Access
Points
Access
Points
Mesh
Routers
Mesh
Routers
Inter-domain
AKA
Intra-domain
AKA
Client-Client
AKA
10/20
COMPANY LOGO
AKA (Authentication and Key Agreement) (2/4)
Inter-domain AKA
WMN
Operator (i)
Mesh
Routers
A.1
Time check for t1
Expiry –time check
Validate domain-cert
Verify
A.2
hot list check of broker
To validate domain-cert
From TTP
A.3
T-PASS
11/20
COMPANY LOGO
AKA (Authentication and Key Agreement) (3/4)
Intra-domain AKA
Mesh
Routers
B.1
Time check for t1
Expiry –time check
Verify
Derivation of Key
B.2
To derive shared key
PASS check
Derivation of Key
12/20
COMPANY LOGO
AKA (Authentication and Key Agreement) (4/4)
Client-Client AKA
:
C.1
:
PASS Check
Derivation of Key
Challenge
C.2
To derive shared key
PASS check
Derivation of Key
Response
13/20
COMPANY LOGO
Security Enhancement (1/3)
 Location Privacy Attack
 Alias for client
=
 Broker’s additional Key :
=
• Before :
• After :

armed with multiple alias (C-PASS, pass-key)
 Bogus-Beacon Flooding Attack
 Attack by flooding a mesh with a log of bogus beacons
 Authenticity of beacons
Hierarchical One-way hash-chain Technique
 Beacon Interval : ms
 Super beacon interval :
ms
14/20
COMPANY LOGO
Security Enhancement (2/3)
 Bogus-Beacon Flooding Attack
 Before Beacon (A.1)
 After




Computationally infeasible to find ax+1 using ax
Pass check using
,
Calculate
If(
=
) then Use to proper beacon fields
15/20
COMPANY LOGO
Security Enhancement (3/3)
 Denial-of-Access (DoA) Attack
 Bandwidth-Exhaustion Attack
 CPU-bound puzzles

: random nonce created by Router

: puzzle indicator (Initial value = 0)
 Client
• Generate nonce N
• Performing a brute-force search for a X
–
= # of Zero bits is zero
• Finding solution :
16/20
COMPANY LOGO
Discussion
 Identify a number of unique security requirements of the
emerging multi-hop WMNs
 ARSA : Attack-Resilient Security Architecture
 More practical and lightweight
 Mutual Authentication & Key Agreement
 Attack-Resilient Technique
• Location Privacy Attack / Bogus-Beacon Flooding Attack
• Denial-of-Access (DoA) Attack / Bandwidth-Exhaustion Attack
 Critique




No experiment / Simulation Result
Computationally Efficiency
Difference with Kerberos / PKINIT
Comparison with PKI
17/20
COMPANY LOGO
Discussion
 Symmetric Key vs. Asymmetric Key
Symmetric Key
Key
Asymmetric Key / IBC
One Key
- One Key to encrypt the data
- One Key to decrypt the data
Two keys
- Public key to encrypt the data
- Private key to decrypt the data
Confidentiality
Yes
Yes
Digital Signature
No
Yes
Non-repudiation
No
Yes
Key Distribution
No
Yes
Speed (ATmega)
3ms
472ms
T-money (300ms),
SpeedPass (100ms) [1]
Internet Banking, E-Commerce
Usage
[1] F.Vieira, J.Bonnet, C.Lobo, R.Schmitz, and T.Wall “Security Requirements for Ubiquitous Computing,” EURESCOM. 2005
[2] A.Pirzada and C.McDonald, “Kerberos Assisted Authentication in Mobile Ad-hoc Networks," in Proceedings of ACM
International Conference Proceeding Series; Vol. 56, 2004.
18/23
18/20
COMPANY LOGO
Additional Experiment
 Security Aspect
Authentication
Digital
signature
Nonrepudiation
Secure key
distribution
Kerberos
YES
No
No
No
PKIX
YES
YES
YES
YES
M-PKINIT
YES
No
No
YES
ARSA
YES
No
No
YES
 Computation Efficiency
Mobile
System
Pu Pr
Service Device
S
Pu
Pr
S
Total
Operation Time
PKIX(RSA-1024bit)
2
2
1
2
0
0
3449
1035 ms
Kerberos
0
0
8
0
0
6
8.12
2.4 ms
M-PKINIT TGT
1
1
7
1
1
5
3305.1
991.53 ms
M-PKINIT SGT
0
0
8
0
0
4
8.08
2.42 ms
ARSA Inter-domain AKA
1
2
0
1
1
1
3373.02
1011.9 ms
ARSA Intra-domain AKA
0
2
0
1
1
0
1799
539.7 ms
ARSA Client-Client AKA
0
2
1
0
2
1
301.02
90.31 ms
19/20
COMPANY LOGO
Additional Experiment
 Processing Times of cryptography operations
Platform
• Service Device
- CPU : PXA270
- RAM : SRAM 128MB
Cryptography
RSA 1024bit
AES 128bit
Hash Function
• Server
- CPU : Xeon 3.2GHz
- RAM: 4GB
RSA 1024bit
AES 128bit
Operation Time
Complexity
Private Key
Avg. 472ms
1574.33
Public Key
Avg. 23ms
75.33
Encryption
Avg. 0.3ms
1.0
Decryption
Avg. 0.3ms
1.0
SHA-1
Avg. 0.6ms
2.0
Private Key
Avg. 2.917ms
9.72
Public Key
Avg. 0.170ms
0.56
Encryption
Avg. 0.006ms
0.02
Decryption
Avg. 0.006ms
0.02
20/20
COMPANY LOGO
COMPANY LOGO