Trust Propagation based Authentication Protocol in Multi-hop Wireless Home Networks

1. Trust Propagation based Authentication Protocol in Multi-hop Wireless Home Networks Sandeep K. S. Gupta Department of Computer Sc. & Engg Ira A. Fulton School of Engg Arizona State University, Tempe, AZ, 85287

2. Talk Overview • Multi-hop Wireless Home Networks (MWHN) • Problem statement • Key idea – Trust propagation • Preliminary trust-propagation protocol • Security Analysis • Find a vulnerability • Refined protocol • Conclusions

3. Overview of Multi-hop Wireless Home Networks • Density of wireless devices at home is expected to keep increasing • This environment introduces new wireless network requirements • high and dependable bandwidth • low latency • coverage throughout the home • Multi-hop wireless technology offers unique benefits for this environment • Increasing utilization of spatial capacity • Short range spactrum  channel re-use (re-use BANDWIDTH)  improving spatial capacity • Eliminating dead zones • Extending coverage • Offering alternative communication path (failure recovery)

4. Problems in authentication & channel establishment • Multi-hop wireless home networks require a simple to manage authentication and channel establishment mechanism due to the accessibility to the heterogeneous devices and multi-hop wireless environment • Problems in applying the well known authentication and channel establishment protocols to MWHN • Communication cost is high in terms of authentication response time • Vulnerable to some critical attacks: server impersonation attack, man-in-the-middle, DoS WEP protocol (Wi-Fi) and IEEE 802.11 EAP protocol and IEEE 802.1x

5. Key idea of our authentication protocol • How about authentication by a neighbor device rather than by the server? • Badge: home server delegates only its authentication capability (badge) to the previously authenticated device, and the device authenticates its neighbor devices on behalf of the server. • Issue of Badge 2. Enforce the law Police agency Police officer

6. System model & Assumption • Server-based system • WMHN infrastructure • Each device has pubic-private key pair

7. Device Usage Model • Assumption: each device has input interface • User buys a new device • Takes it out of box at home • Goal: Require minimum setup tasks • Input a network password • “Activated” device gets authenticated

8. Authentication Domain Expanded Authentication Domain Trust Propagation Authentication Domain: A set of objects that are allowed to be a part of specific house hold’s home network Home server

9. Authenticated Domain (2) Device state according to the response

10. Characteristic of our protocol • Authentication by the trusted neighbor device • Network password-based device checking • It is only network authentication key • Mutual authentication • Reducing the number of public/private key operation • Key length-agile and algorithm-agile for the session key • Different applications of heterogeneous devices need different security requirement for communication sessions

11. Protocol Overview Phase 1: Authentication in one hop from the server

12. Protocol Overview (2) Phase 2: Authentication in more than one hop from the server - Suppose that device A is in Authentication Domain Badge(A) = {IDA, ATH, L}S-priv

13. Protocol Overview (3) Phase 3: Establishment of a secure connection with another device - Suppose that device B and C are in Authentication Domain - Device B requests the access to device C

14. Security Analysis Types of Attacks Attack Tree • Active Attack • Application: • Resource consumption attack (DoS) • Man-in-the-Middle attack • Replay attack • Server impersonation attack • Badge reuse attack • Network password guessing attack • Brute force attack • Cryptanalysis • Transport: • Session hijacking • Network: • Wormhole • Dos (Routing table overflow) • MAC: • Jamming • Physical • Steal device and tamper memory • Passive Attack • Snooping • selfishness

15. Vulnerability in presented scheme? • A malicious node can act as authenticated device – generate its own badge i.e. fool the device into believing that it is the server.

16. Refined Device Usage Model • Assumption: each device has input interface • User buys a new device • Takes it out of box at home • Require minimum setup tasks • Input a network password • Device acquires server’s public key – maybe by proximity scheme. • “Activated” device gets authenticated

17. Refined Protocol • The server’s public key is not acquired from the authenticating (proxy) node.

18. Conclusions • Developed the trust-propagation based authentication and secure channel establishment protocol for multi-hop wireless home network environment • Reliable: resistant to various attacks • Efficient and adaptable: minimizing overheads such as communication and computation costs • Distributing a server’s load (eliminated the possibility of bottle neck in the server)

19. Performance Analysis Fig 1. Total number of transmissions according to network density Fig 2. Average number of transmissions according to device location

20. Performance Analysis (2) Data entry size Fig 3. Total amount of data transmitted according to network density Fig 4. Average amount of data transmitted according to device location

21. Comparison with other authentication protocols

22. Comparison with proxy scheme (proxy server)

23. Multi-hop Wireless Home Networks • Why Multi-hop Wireless in Home Networks ? • Eliminating dead zones • Extending coverage • Increasing utilization of spatial capacity • Offering alternative communication path • Challenging problems in Multi-hop Wireless Home networks • Interoperability • Coexistence • Channelization • Routing • QOS • Security

24. Problem in applying WLAN authentication protocols to Multi-hop Wireless Home Networks • IEEE 802.11 and WEP protocol (Wi-Fi) • IEEE 802.1x and EAP protocol a general protocol for authentication that also supports multiple authentication methods, such as symmetric key and public key authentication. Communication cost at authenticationis high!