Presentation is loading. Please wait.

Presentation is loading. Please wait.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

Published byNorma McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia."— Presentation transcript:

1 Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia

2  Problem statement  Limitations of WEP and 802.11i  Features of Link Layer Security Protocol (LLSP)  Overview of LLSP  Security analysis of LLSP  Overhead of LLSP  Future work  Questions

3 What is Security  Authentications, verifies the authenticity of the sender  Encryption, hides information  Integrity, prevents unauthorized modification Security in ad-hoc networks above link layer  Secure route discovery and route maintenance (e.g. SAR, ARIADNE, ARAN etc)  Secure communication on end-to-end basis (e.g. IPSec)  Monitor traffic pattern and take necessary steps to minimize malicious/selfish behaviors (e.g. Watchdog, Pathrater, CONFIDANT etc) Common assumption of these solutions  A secured layer has already been deployed that securely distributes various keys, certificates and update information Link Layer Security Protocol (LLSP) is a solution for the underlying secured layer

4 WEP  Lacks dynamic key management  One way handshaking, reusing keys and the weaknesses of RC4 make WEP vulnerable to MITM attacks  Vulnerable to DoS attacks since association and dissociation messages are not authenticated  Not designed for multi-hop ad-hoc networks 802.11i  Requires a trusted third party authentication server (RADIUS) for authenticating new nodes  Uses symmetric keys for authenticating new nodes and exchanging session keys  Not designed for multi-hop ad-hoc networks

5  Uses capability to flexibly represent the access right and the identification of each link  Authenticate and encrypt every packet for each link  Guarantee the integrity of information.  Dynamic key management  Reduces replay, MITM and DoS attacks  Not dependent on any trusted third party authentication server  Does not require any MAC-IP binding  Does not need synchronized clocks  Independent of any routing protocol  No network wide flooding of any information  Scales properly with changes in network topology  Does not suffer from initial setup delay for each session  Specially designed for SAHN-like networks

6  Multi-hop ad-hoc network  Ideal for cooperative nodes, e.g. connecting houses and business  Topology is quasi-static  Uses wireless technology  Multi-hop QoS routing  Decentralized  Multi Mbps broadband service  No charges for SAHN traffic  Can run alongside TCP/IP  Conceived by Ronald Pose & Carlo Kopp in 1997 at Monash University, Australia

7 Security Services Provided by LLSP  Type 1: Authenticates a new node  Type 2: Updates the capability (CAP) of a link  Type 3: Updates the shared key (SHK) of a link  Type 4: Authenticates received packets and  Type 5: Encrypts payload of MAC layer

8 Authenticate a New Node

9 Update SHK

10 Update CAP

11 Secure and Authenticate Data packets

12 Various Packet Formats of LLSP

13  CAP of a link as a certificate  Encrypting CAP & SIG ensure the authenticity of each packet  SIG ensures integrity  Encrypting SIG and SEQ reduces replay attacks  Updating keys and CAP regularly makes guessing or recomputing difficult by unauthorized nodes  DoS attacks by flooding is not propagated, i.e. kept confined within the neighborhood of the malicious node

14 Authentication Type Transmission Rate (Mbps) Total Duration (ms) Type 1 169.86 267.24 5.565.58 1165.10 Type 2, Type 3 145.92 244.50 5.543.60 1143.34 Type 4, Type 5 Any In real-time using AES HW Duration of authentication processes with 802.11b and HW supported AES

15 Communication Overhead for single pair of node (1/2)

16 Communication Overhead for single pair of node (2/2)

17 Communication Overhead for 35 pairs of node (1/2)

18 Communication Overhead for 35 pairs of node (2/2)

19 Enhance the effectiveness and robustness of LLSP by integrating a monitoring system that can detect malicious/selfish activities of other nodes Integrate LLSP with channel access mechanisms of other wireless technologies (e.g. IEEE 802.11e, 802.16) and measure performance

20

Download ppt "Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia."

Similar presentations

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Multiple Directional Antennas in Suburban Ad-Hoc Networks Ronald Pose Muhammad Mahmudul Islam Carlo Kopp School of Computer Science & Software Engineering.

Multiple Directional Antennas in Suburban Ad-Hoc Networks Ronald Pose Muhammad Mahmudul Islam Carlo Kopp School of Computer Science & Software Engineering.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University, Australia.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University, Australia.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.

Similar presentations

Ads by Google