2007 Network Computer Security Workshop Lehigh University May 2007

2007 Network/Computer Security Workshop Lehigh University, May 2007 Securing Wireless Mesh Networks Yanchao Zhang Department of Electrical & Computer Engineering New Jersey Institute of Technology In collaboration with: Professor Yuguang “Michael” Fang Department of Electrical & Computer Engineering University of Florida

Roadmap Introduction to wireless mesh networks u Necessity, architecture, state of the art Security issues Our solutions Conclusion & future work 2

Mesh Networks: why do we need them? Ubiquitous broadband Internet access Cellular networks PSDN RNC Internet • Wide area coverage (km range) • Low speed W CDMA: 384 kb/s ~ 2 Mb/s n CDMA 2000: 144 kb/s ~ 2. 4 Mb/s n • High deployment costs 3

Mesh Networks: why do we need them? Ubiquitous broadband Internet access Wireless LAN Internet • High speed n 802. 11 b: 11 Mb/s, 802. 11 a/g: 54 Mb/s, 802. 11 n: 540 Mb/s • Low deployment costs • Small coverage (up to 300 m for 802. 11) 4

Wireless Mesh Networks (WMNs) Internet (Akyildiz et al. , 2004) T 1/E 1 Wi. Max mesh router mesh 5

Merits of Wireless Mesh Networks High speed Extended coverage (multi hop comm. ) Low deployment costs High robustness (multiple routes) Simple configuration and maintenance Good network scalability … 6

Application Scenarios Broadband home networking Community and neighborhood networking Enterprise networking Metropolitan area networks Intelligent transportation systems Security surveillance systems Building automation … 7

State of the Art Academia u u SIGCOMM, INFOCOM, Mobi. Com, Mobi. Hoc, ICNP, ICDCS, IEEE JSAC … MIT, CMU, Rice, Georgia Tech, UCSB, UF, Stony Brook … Industry u Microsoft, Intel, Nortel, Nokia, Mesh. Networks (Lucent), Tropos, Kiyon, Bel. Air, Strix, Sky. Pilot, Mesh. Dynamics … Standardization activities u IEEE 802. 11/15/16 Deployment practices u Seattle, New York, San Francisco, London, Rome, Paris… 8

Roadmap Introduction to wireless mesh networks u Necessity, architecture, state of the art Security issues Our solutions Conclusion & future work Other security projects 9

Classification Infrastructure security u Security of signaling and data traffic transmitted over the wireless mesh backbone Application security u Security of mesh clients’ concrete applications Network access security u Security of communications among a mesh router and mesh clients it serves 10

Network Access Security WMN backbone Our goal Internet Why difficult to achieve? u u Mesh routers are designed to accept open access requests from most likely unknown mesh clients Open access to wireless channels Multi hop, cooperative communications Dynamic network topology due to client mobility 11

Network Access Security Issues WMN backbone Our goal Internet Router client authentication Router client key agreement Client client authentication Client client key agreement 12

Network Access Security Issues Bogus beacon flooding attack WMN backbone beacon Internet u mesh bogus beacon Allowing the attacker to Beguile mesh clients into always processing beacons Impede the Internet access of mesh clients 13

Network Access Security Issues Incontestable billing Location privacy u Mesh clients can travel incognito Secure routing and MAC protocols When Internet marries multi hop wireless u Do. S/DDo. S mitigation, worm detection & prevention, IP traceback, intrusion detection … 14

Our Solutions Router client authentication Router client key agreement Client client authentication Client client key agreement Mitigating bogus beacon flooding attack Incontestable billing Location privacy 15

Network Model A large scale WMN comprises many domains u Each domain is operated by an independent network operator of arbitrary scale Multi hop uplink u A mesh client transmits packets in one hop or multiple hops to the mesh router Single hop downlink The router sends packets in one hop to all clients u Merits: save energy of clients; facilitate the transmission of signaling data … u 16

Old Home-Foreign Trust Model roaming agreement Foreign domain Internet/ PSTN Home domain trust (Used by cellular & mobile IP networks) Difficult to establish pairwise roaming agreements among numerous WMN operators Significant authentication signaling traffic u May invite Do. S/DDo. S attacks Long authentication latency Irresolvable billing disputes 17

Our Model: Client-Broker-Operator broker 1 broker 2 pass operator 1 operator n # of brokers << # of WMN operators 18

Merits of Client-Broker-Operator Model For mesh clients u Enjoy single sign on on demand broadband Internet access from any WMN operator For WMN operators Just need to trust one or a few brokers u Have all mesh clients as potential customers u Reduce administration & customer service costs u For brokers u Make profits by imposing transaction/subscription fees to mesh operators/clients 19

Notation 20

Public-Key Cryptography (PKC) Everyone has a unique public/private key pair Certificate based PKC (e. g. , RSA or DSA) Alice’s public key, pub. A, is a random string u Need a certificate binding pub. A to Alice u cert. A : = u ID based PKC (by Shamir, 1984) Alice’s pub. A can be her publicly known identity information such as her email address u No need for certificates u 21

The Pairing Technique Pairing parameters can be predefined by standards bodies such as IETF, as is done for Diffie Hellman parameters for use in IPsec 22

Router Pass (R-PASS) Operator Oi : 23

Client Pass (C-PASS) Broker Bi : 24

Authentication & Key Agreement (AKA) Inter domain router client AKA u A client roams from a WMN domain to another Intra domain router client AKA u A client roams in the same WMN domain Client client AKA u Two clients in the same WMN domain perform AKA 25

Inter-Domain Client-Router AKA 26

Inter-Domain Client-Router AKA Key agreement 27

Intra-Domain Router-Client AKA 28

Client-Client AKA Client client AKA Two clients ascertain that they are served by the same WMN domain u Two clients establish a shared key to encrypt and authenticate traffic between them u Can be done on demand u 29

Client-Client AKA 30

Our Solutions Router client authentication Router client key agreement Client client authentication Client client key agreement Mitigating bogus beacon flooding attack Incontestable billing Location privacy 31

Bogus-Beacon Flooding Attack WMN backbone beacon Internet mesh bogus beacon Allowing the attacker to u u Deceive mesh clients into endless signature verifications to check authenticity of beacons Impede the network access of mesh clients Defense: one way hash chain 32

Defense against Bogus-Beacon Flooding Router R 1, 1 Select an integer n and a random secret bn u Compute by= h(by+1), for 1 ≤ y ≤ n-1 u u Deriving by from by+1 is very efficient, but the opposite is computationally infeasible 33

Defense against Bogus-Beacon Flooding message authentication code 34

Defense against Bogus-Beacon Flooding message authentication code 35

Defense against Bogus-Beacon Flooding Analysis A router performs one signature generation every n broadcast beacons u A client carries out one signature verification every n broadcast beacons u 36

Incontestable Billing Challenges u u u WMN operators may overcharge Mesh clients may deny the received network services Intermediate clients desire reward forwarding traffic Our solution: a real time hash chain approach 37

Incontestable Billing C 1, 1 u u u Create a one way hash chain with each hash value associated with a monetary value x 0 Send the signed (b 1, x 0) to R 1, 1 as a payment commitment Periodically release hash values in sequence R 1, 1 u u Record the signed (b 1, x 0) and the last bm s. t. b 1=hm-1(bm) Redeem bm at broker B 1 and get paid mx 0 38

Incontestable Billing How to pay intermediate clients? u u u C 1, 1 pays R 1, 1 what R 1, 1 and others should get R 1, 1 pays each client using the hash chain approach Merit: each client just has a payment relationship with R 1, 1 instead of each of other clients Analysis u u u Each client must pay in real time to avoid service cutoff He cannot deny the payment due to the signed commitment Operators cannot fake hash values to overcharge clients 39

Location Privacy Mesh clients prefer to travel incognito u Remain anonymous to both visited WMN operators and potentially malicious eavesdroppers Solution A client uses dynamic (pass, pass key) pairs u A secure, lightweight way to refresh client pass/pass key pairs u 40

Conclusion Identified security requirements & challenges in multi hop wireless mesh networks Proposed a client broker operator trust model Presented efficient solutions to Router client and client AKA u Mitigating bogus beacon flooding attack u Incontestable billing u Location privacy u 41

Future Work Secure wireless mesh backbone Secure routing and MAC protocols When Internet marries multi hop wireless Do. S/DDo. S mitigation u Worm detection & prevention u IP traceback u Intrusion detection u… u 42

References Y. Zhang and Y. Fang, “ARSA: An Attack Resilient Security Architecture for Multihop Wireless Mesh Networks, ” IEEE JSAC, 24(10), Oct. 2006 u Y. Zhang and Y. Fang, “A Secure Authentication and Billing Architecture for Wireless Mesh Networks, ” ACM Wireless Networks, to appear u 43