Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and handoff protocols for wireless mesh networks

Published byUlrich Raske Modified over 5 years ago

Similar presentations

Presentation on theme: "Authentication and handoff protocols for wireless mesh networks"— Presentation transcript:

1 Authentication and handoff protocols for wireless mesh networks
PhD Security Oral Exam Naif Alamri

2 Outline Background WMN architecture WMN components WMN challenges
Current solutions Related work Future work Auth HandOff WMN / N. Alamri 1/15/2019

3 Background Mesh topology IEEE 802.11s (2003 – 2011) Multi-hop links
Features: self-organization, self-configuration, self-healing Advantages: cost effective, scalable, fault tolerant, increased range Applications: - Last mile broadband access from homes - Backbone for enterprise networks - Extended the range of other networks such as WiMAX - On the fly command centers for emergency response teams, military, etc. Auth HandOff WMN / N. Alamri 1/15/2019

4 WMN Architectures Three WMN architectures: Infrastructure WMN
Dedicated mesh routers connected via mesh links Connect to the Internet using gateways Integrate with wired and wireless networks (bridging or gateway) Client WMN No dedicated mesh routers Clients perform routing, configuration, and maintenance Hybrid WMN Combines the features of infrastructure and client WMNs Client WMN  High throughput, multiple paths Infrastructure WMN  Integration with other radio technologies, reduce power consumption. Auth HandOff WMN / N. Alamri 1/15/2019

5 WMN Architectures Infrastructure WMN Hybrid WMN
Auth HandOff WMN / N. Alamri 1/15/2019

6 WMN Components Mesh router:
Dedicated mesh routers connected via mesh links Connect to the Internet using gateways Integrate with wired and wireless networks (bridging or gateway) Can improve the capacity of the network by using multi-channel single-radio (MCSR) or multi-channel multi-radio (MCMR) Mesh client: Mobile or stationary, power constrained Mostly single radio. Mesh gateway: Connect to the Internet Interoperability between WMNs and other wired and wireless networks Auth HandOff WMN / N. Alamri 1/15/2019

7 WMN Challenges Routing: Multi-hop, Multi-path, Multi-radio
Reactive or Proactive self-organization, self-configuration, self-healing Scalability (overhead), Mobility (handoff) Hybrid Wireless Mesh Protocol (HWMP)  Ad hoc On Demand Distance Vector (AODV) + Radio-Aware metric Security: Confidentiality, Availability, Integrity, authenticity Privacy  Anonymity and Unlinkability Power Efficiency: Power constrained clients. QoS: Path selection, Guarantees, Network capacity, Fairness, Interference Auth HandOff WMN / N. Alamri 1/15/2019

8 802.11i Introduced in 2004 Enhanced security at MAC layer
Also known as Robust Network Security (RNS) Advantages: data protection, mutual authentication, key management Authentication and Confidentiality using WPA2: AES + Counter-mode Cipher Block Chaining Message Authentication Code (CBC-MAC) Protocol (CCMP) Auth HandOff WMN / N. Alamri 1/15/2019

9 802.1x Part of 802.11i Port-based access control
Three elements: Supplicant, Authenticator, Authentication Server Port types: Controlled, Uncontrolled Extensible Authentication protocol (EAP) Transport protocol used by 802.1X Flexible framework Different authentication methods: passwords, certificates, Kerberos, smart cards Auth HandOff WMN / N. Alamri 1/15/2019

10 EAP authentication methods
EAP-TLS EAP-PEAP EAP-TTLS Developed By IETF Cisco, Microsoft, and RSA Funk Software and Meetinghouse Mutual Authentication Yes Secure Links TLS Tunnel Authentication method X.509 Certificates MS-CHAPv2, generic token card, and EAP-TLS CHAP, PAP, MS-CHAPv2, and EAP methods Certificate Required Both sides Server side Protect User Identity No Auth HandOff WMN / N. Alamri 1/15/2019

11 Security in WMN EAP-TLS for authentication, No fast handoff
Extends Robust Security Network Association (RSNA) with Mesh Security Association (MSA) Two key holders: Mesh Authenticator (MA), Mesh Key Distributor (MKD) 802.11s provides secure association between MA and MKD Key hierarchy: Secure link for initial authentication Key generation and distribution Auth HandOff WMN / N. Alamri 1/15/2019

12 WMN key hierarchy Phase 1: Secure links
Supplicant and MKD establish key hierarchy Mutually generate Pairwise Master Key (PMK-MKD) using Pre-Shared Key (PSK) or Master Session Key (MSK) Mutually generate PMK-MA; deliver to MA using MSA Phase 2: Key generation and distribution Pairwise Transient Key (PTK) derived using PMK-MA Group Transient Key (GTK) derived using PMK-MA Auth HandOff WMN / N. Alamri 1/15/2019

13 WMN Authentication and key generation
Auth HandOff WMN / N. Alamri 1/15/2019

14 Related Work "PAPAR: Pairing Based Authentication Protocol with Anonymous Roaming for Wireless Mesh Networks“ by Sultan et al. (IEEE ICIT, 2014) AS generates a roaming key for each Mesh Access Point Roaming clients can be authenticated using the roaming key of the old MAP AS generates a secondary key and pseudo ID for each mesh client Provides anonymity and unlinkability "An efficient authenticated key establishment scheme for wireless mesh networks“ by He et al. (IEEE GLOBECOM, 2010) A distributed authentication key establishment scheme (AKES) for federated WMNs AS distributes some information to MAPs and clients Information + IDs are used to establish secure connections Auth HandOff WMN / N. Alamri 1/15/2019

15 Related Work “Ticket-based handoff authentication for wireless mesh networks” by Xu et al. (Computer Networks, 2014) For handoff only, Not initial authentication AS generates tickets using a master key shared with MAPs Ticket used to generate session key No privacy, No unlinkability "Efficient authentication for fast handover in wireless mesh networks“ by Li et al. (Computer & Security, 2013) AS generates multiple tickets for each client One-hop mutual authentication between MAP and client MAP broadcast tickets to neighbors  minimize delay and traffic overhead AS doesn’t participate in handoff Privacy  pseudo IDs Auth HandOff WMN / N. Alamri 1/15/2019

16 Future Work Task #1: Develop an authentication protocol
Design a fast and secure mutual authentication protocol Design a secure key distribution system Add other features such as two-factor, privacy, flexibility Task #2: Develop a handoff protocol Design a ticket-based handoff protocol Design a re-authentication method for seamless roaming Task #3: Test and security evaluation Test the new protocols using a network simulator such as NS3 Build a small testbed to conduct tests and security analysis Design or use existing security evaluation framework for further assessments. Auth HandOff WMN / N. Alamri 1/15/2019

17 Questions & Feedback Auth HandOff WMN / N. Alamri 1/15/2019

Download ppt "Authentication and handoff protocols for wireless mesh networks"

Similar presentations

Authentication.

Authentication.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
Fault Tolerant Routing in Tri-Sector Wireless Cellular Mesh Networks Yasir Drabu and Hassan Peyravi Kent State University Kent, OH - 44240.

Fault Tolerant Routing in Tri-Sector Wireless Cellular Mesh Networks Yasir Drabu and Hassan Peyravi Kent State University Kent, OH
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Arsitektur Jaringan Terkini

Arsitektur Jaringan Terkini
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Mesh Networks

Wireless Mesh Networks
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless MESH network Tami Alghamdi. Mesh Architecture – Mesh access points (MAPs). – Mesh clients. – Mesh points (MPs) – MP uses its Wi-Fi interface.

Wireless MESH network Tami Alghamdi. Mesh Architecture – Mesh access points (MAPs). – Mesh clients. – Mesh points (MPs) – MP uses its Wi-Fi interface.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
WIRELESS LAN SECURITY Using

WIRELESS LAN SECURITY Using
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Doc.: IEEE 802.11-03/216 SubmissionPeter Stanforth, Vann Hasty, MeshNetworks Self Forming Self Healing Networks Peter Stanforth & Vann Hasty MeshNetworks.

Doc.: IEEE /216 SubmissionPeter Stanforth, Vann Hasty, MeshNetworks Self Forming Self Healing Networks Peter Stanforth & Vann Hasty MeshNetworks.
Performance Analysis of AODV and SAODV Routing Protocols in Ad-Hoc Mesh Networks- A Simulation Study Sangeeta Ghangam Division of Computing Studies, Arizona.

Performance Analysis of AODV and SAODV Routing Protocols in Ad-Hoc Mesh Networks- A Simulation Study Sangeeta Ghangam Division of Computing Studies, Arizona.

Similar presentations

Ads by Google