1 / 38

研 究 生: 蔡憲邦 指導教授:柯開維 博士

具安全性及自我組織能力的 無線網狀網路. Design of Efficient and Secure Multiple Wireless Mesh Network. 研 究 生: 蔡憲邦 指導教授:柯開維 博士. Outline. Introduction Background Design a Secure WMN Security Analysis Conclusion. Introduction (1/2). Wireless Mesh Network Properties. Security Problem.

iman
Télécharger la présentation

研 究 生: 蔡憲邦 指導教授:柯開維 博士

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 具安全性及自我組織能力的無線網狀網路 Design of Efficient and Secure Multiple Wireless Mesh Network 研 究 生:蔡憲邦 指導教授:柯開維 博士

  2. Outline • Introduction • Background • Design a Secure WMN • Security Analysis • Conclusion

  3. Introduction (1/2) • Wireless Mesh Network • Properties. • Security Problem. • Wireless Security Problem • Attacks. • Secure solution.

  4. Introduction (2/2) • This thesis • Tree topology • Define the WMN’s basic functions • Security issue • Compare with other security issue

  5. Wireless Mesh Network (WMN) • Full & Partial mesh network. • Omni directional & directional. • Benefit: • Reduction of install cost • Large-scale depolyment (last mile) • Reliability • Self-management

  6. WMN’s Architecture

  7. Wireless Security • Wireless Environment • Open media • Unlicensed ISM band • Wireless Attacks • Infrastructure • Ad hoc

  8. Wireless Attacks • Infrastructure • Insertion • Interception and Monitoring • Jamming • Ad hoc • Black hole • Impersonation

  9. Main Purposes Authentication Data encryption Infrastructure WEP IEEE 802.1x Wireless Security Solutions • Ad hoc • Share Key • Public Key Infrastructure (PKI)

  10. WEP • Wired Equivalent Privacy • Integrity & Encryption • Drawbacks: • Key size is too small (only 40 bits) • Key Sequence Reuse (Initial Vector) • Message can’t be Authenticated

  11. IEEE 802.1x (1/2) • Provide network access authentication. • Supplicant, Authenticator and Authentication Server. • Drawback: • One-way authentication. • Not protect authentication.

  12. IEEE 802.1x (2/2)

  13. Share Key • Use one key to authenticate and encryption in ad hoc network. • Drawbacks: • Only one key • Non-repudiation • Key management

  14. Public Key Infrastructure • Key feature of public key cryptosystem • Two keys: Public Key & Private Key • Computational infeasible to determine decryption key. • Drawbacks • Certificate Authority (CA) • Spend a lot of time to en/decrypt.

  15. Outline • Introduction • Background • Design a Secure WMN • Security Analysis • Conclusion

  16. The Properties of WMN • Similar to ad hoc network • AP should select a routing path. • The routing path is always fix. • Most data are sent to WG. • My propose: Tree Topology.

  17. Tree Topology

  18. WMN’s Relationship • Supplicant • Authentication Agent • Manage supplicants • Help supplicant to authenticate. • Management System • Authentication server • Maintain WMN

  19. Locally Secure Management • Different path, different secure channel. • AA only maintain his supplicants. • Session key • Authentication

  20. Two functions of WMN • Self-Organization • When a new AP joins... • Self-Configuration • Self-healing • When a AP occurs failure… • Self-reconfiguration • When a AP not neighbor joins or fails…

  21. Self-Organization

  22. Trust Model • Supplicant → WMN • Group Key: Session key exchange first • Confirm key: Authentication • WMN → Supplicant • WMN’s Public Key • Signature

  23. Two factors Hop count Node loading Choose the node has smallest hop count value. If there are two nodes has equal hop count value. Compare their node loading value. Select the smaller one. Choose Authentication Agent

  24. Session Key Exchange • Session key exchange first. • Session key should be modified periodically. • Default Key:

  25. Self-Configuration (1/2) • Self-Healing • Determine the authentication agent fail. • Start Self-Organization process.

  26. Self-configuration (2/2) • Self-reconfiguration

  27. Outline • Introduction • Background • Design a Secure WMN • Security Analysis • Conclusion

  28. Security Issue • Message encryption: data & control • Locality security • Trust model • Session key exchange first • Period session key exchange

  29. Attacks Defense • Man-in-middle (MIM) • Forge AP • Session Hijack • Route Swindle • Denial of Service (DoS)

  30. MIM & Forge AP • Man-in-Middle (MIM) • Use session key create secure channel. • Period session key exchange. • Forge AP • Period session key exchange.

  31. Session Hijack • Session key exchange first.

  32. Route Swindle • Use signature prove node’s legality.

  33. Denial of Service • Attack: • Limited CPU and memory. • Continually send streams of association and disassociation packets. • Solutions: • There are not any solution to solve this problem. • Self-healing procedure

  34. WMN Security Comparisons

  35. Conclusion • Tree based secure architecture was proposed. • Define WMN’s basic functions of WMN. • Analysis WMN’s security problems. • Compare with other security issue.

  36. Future Work • Consider more available attacks. • Mobile mesh network. • Other application: • Sensor network • Ad hoc network

  37. The End, Thank You

More Related