Authentication & Intrusion Prevention
for Multi-Link Wireless Networks
Raphael Frank
20 October 2007
Overview
1
 Introduction
2
 Authentication in WMN using exisitng protocols
3
 Emerging Security Issues
4
 Authentication protocol based on WMN properties
5
 Security Analysis
6
 Conclusion
2
Introduction
What is Wireless Mesh Network (WMN)?
Mesh Nodes: Devices with at least
two radio interfaces
Mesh nodes form together a wireless
network (Ad-Hoc)
Second interface (AP) is used by
mobile clients to connect to the
network
Hot Spots (HS): Mesh Nodes
equipped with a wired internet
connection
Transient Access Points (TAP):
Mesh Nodes without wired internet
connection
 Provide Internet Access to Mobile Clients
by using the WMN as a backhaul
3
Authentication in WMN using existing
protocols (1)
Authentication protocols for the State of the
Art of Wireless Networks
IEEE 802.11:
First WiFi standard released in 1997
Provides Data encryption and authentication
IEEE 802.11i:
Most recent security standard released in 2004
Provides a robust data encryption and includes an
external authentication framework
4
Authentication in WMN using existing
protocols (2)
IEEE 802.11
Encryption Protocol  Wired Equivalent Privacy (WEP),
based on shared-key (Key length 64 or 128 bit)
Authentication based on the knowledge of the shared-key
Security Goals:
Prevent Eavesdropping  PRIVACY
Prevent Message Modification  INTEGRITY
Network Access Control  AUTHENTICATION
Weaknesses – None of the security goals are met:
Key stream reuse  PRICACY
CRC attacks  INTEGRITY
Authentication Spoofing  AUTHENTICATION
5
Authentication in WMN using existing
protocols (3)
IEEE 802.11i
Encryption Protocol  WiFi Protected Access 1
& 2 (WPA1 & WPA2)
Provides robust security properties
Authentication performed using the Extensible
Authentication Protocol (EAP)
Needs a centralize authentication server
Different authentication possibilities (EAP methods)
6
Authentication in WMN using existing
protocols (4)
Extensible Authentication Protocol (EAP)
Used in wireless and fixed networks
Port Based Network Access
Authentication framework
Currently about 40 different EAP methods
Commonly used methods : EAP-TLS, EAP-TTLS
7
Emerging Security issues (1)
Problems with the standard protocols
Originally developed for the State of the Art of Wireless
Networks
Security only for the first wireless link  no End-To-End
features
Privacy: No data encryption after the first hop
Authentication: No Layer 2 authentication after the first hop
Single point of failure: Centralized Authentication Server
Mesh nodes cannot be considered as trustworthy
No topology authentication
8
Emerging Security issues (2)
What are the problems related to the architecture of
a WMN?
Mesh nodes cannot be considered as trustworthy
They are often deployed in a hostile environment
An attacker can spoof and/or take over a mesh node
No topology authentication
An attacker can easily inject a malicious node into the WMN
Gain access to the network
Perform Denial of Service (DoS)
Perform Man in the Middle Attacks (MitM)
9
Definition of a new authentication protocol (1)
Why a new protocol?
No standardized security protocols for WMN
The existing protocols do not meet the requirements
What should the protocol provide?
“Real-time/Continuous” Authentication  Acceptable
performance
Authentication of every participating node of WMN 
Topology authentication
Authentication of the network traffic
Trustworthy mesh nodes  Mesh Node Access Control
Attack Detection/Reaction mechanism
10
Definition of a new authentication protocol (2)
How does it work?
Based on digital signatures to verify integrity and
authenticity
Hybrid authentication protocol using symmetric
and asymmetric cryptography
Offers the best properties in terms of security and
performance
The administrator plays the role of the CA
Provides the needed keys to the Nodes
11
Definition of a new authentication protocol (3)
What are the required keys?
Every node is in possession
Personal Public Key
Personal Private Key  asymmetric
Personal Secret Key  symmetric
Public Key of the Administrator
Nodelist  Containing the allowed communication neighbors
After initialization  different public/secret keys of neighbor nodes
}
The procedure can be subdivided in two operations:
I)  Initialization of a new node
II)  Information transmission
12
Definition of a new authentication protocol (4)
Initialization of a new node (asymmetric)
Node A wants register to the WMN
A:
Nodelist Cert(A) Signature
broadcast
WMN
Initialization message
The receiving node B
Checks if it is included in the node list (NL)
Checks the signature  Using the Public Key of the Admin
B encrypts its secret key and sends it to A
After a successful decryption, A encrypts its secret
key and sends it to B
13
Definition of a new authentication protocol (5)
Initialization of a new node (asymmetric)
Node A wants register to the WMN
Node A
Node B
(1) Broadcast: NL, Cert(A), SIG{[NL,Cert(A)], PrivK(Admin)}
(2) ENC{[Cert(B),K(B),T1], PubK(A)}
(3) ENC{[K(A),T2], PubK(A)}
14
Definition of a new authentication protocol (6)
Information transmission (symmetric)
Every node needs to have the secret key of its neighbor
nodes  Initialization
Symmetric Signature  Message Authentication Code (MAC) =
Fingerprint encrypted using a secret key  Faster
Node A wants to send a message to node C via node B
A:
Data Timestamp Signature
Send via node B
C
Message to be transferred
15
Definition of a new authentication protocol (7)
Information transmission (symmetric)
Signature verification and newly generated at every hop of
the transmission path
A different Timestamp guarantees a different signature
Node A
Node B
Node C
(1) MSG, T1, SIG{(MSG,T1), K(A)} (2) MSG, T2, SIG{(MSG,T2), K(B)}
(4) MSG, T4, SIG{(MSG,T4), K(B)} (3) MSG, T3, SIG{(MSG,T3), K(C)}
16
Definition of a new authentication protocol (8)
How to create trustworthy nodes?
We need to guarantee that a attacker cannot retrieve the
sensitive data (Keys, Nodelist, …) form a mesh node
Mesh Node Access Control
Before an attacker gains access to a node, the keys are
erased a replaced by dummy values
Consequence  Neighbor nodes will fail to verify the
messages form the attacked node and drop them
Passive attack detection
The node is automatically excluded form the WMN
17
Definition of a new authentication protocol (9)
18
Security Analysis (1)
Security & Performance Requirements
Acceptable performance : YES
Using symmetric signatures
Topology authentication : YES
Every node participating in a communication is authenticated
Authentication of the traffic : YES
The source of every message is known
Trustworthy mesh nodes : YES
Mesh Node Access Control
Attack Detection and Reaction : YES
Corrupt Nodes are detected and excluded form the WMN
19
Security Analysis (2)
Other Security features
No replay attacks using timestamps
No single point of failure
No centralized entity
Node Spoofing/Injection not possible
 Topology authentication
The attacker does not know the needed keys
Man in the Middle Attack can be used to perform DoS
If an attacker modifies a transient message, it will be
discarded
20
Conclusion
What’s next?
Extend the authentication protocol
Implementation of a prototype
Client/User authentication
Add an administration procedure
Remotely reintroduce attacked node into the WMN
Attack reporting
Privacy and Performance on WMN need to be
considered as well
Release of a security standard for WMN
IEEE 802.11s?
21
The end …
Thank you for your attention
Questions?
[email protected]
Wiki.uni.lu/Secan-Lab
22