具安全性及自我組織能力的
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

研 究 生: 蔡憲邦 指導教授:柯開維 博士 PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

具安全性及自我組織能力的 無線網狀網路. Design of Efficient and Secure Multiple Wireless Mesh Network. 研 究 生: 蔡憲邦 指導教授:柯開維 博士. Outline. Introduction Background Design a Secure WMN Security Analysis Conclusion. Introduction (1/2). Wireless Mesh Network Properties. Security Problem.

Download Presentation

研 究 生: 蔡憲邦 指導教授:柯開維 博士

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


具安全性及自我組織能力的無線網狀網路

Design of Efficient and Secure Multiple Wireless Mesh Network

研 究 生:蔡憲邦

指導教授:柯開維 博士


Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


Introduction (1/2)

  • Wireless Mesh Network

    • Properties.

    • Security Problem.

  • Wireless Security Problem

    • Attacks.

    • Secure solution.


Introduction (2/2)

  • This thesis

    • Tree topology

    • Define the WMN’s basic functions

    • Security issue

    • Compare with other security issue


Wireless Mesh Network (WMN)

  • Full & Partial mesh network.

  • Omni directional & directional.

  • Benefit:

    • Reduction of install cost

    • Large-scale depolyment (last mile)

    • Reliability

    • Self-management


WMN’s Architecture


Wireless Security

  • Wireless Environment

    • Open media

    • Unlicensed ISM band

  • Wireless Attacks

    • Infrastructure

    • Ad hoc


Wireless Attacks

  • Infrastructure

    • Insertion

    • Interception and Monitoring

    • Jamming

  • Ad hoc

    • Black hole

    • Impersonation


Main Purposes

Authentication

Data encryption

Infrastructure

WEP

IEEE 802.1x

Wireless Security Solutions

  • Ad hoc

    • Share Key

    • Public Key Infrastructure (PKI)


WEP

  • Wired Equivalent Privacy

  • Integrity & Encryption

  • Drawbacks:

    • Key size is too small (only 40 bits)

    • Key Sequence Reuse (Initial Vector)

    • Message can’t be Authenticated


IEEE 802.1x (1/2)

  • Provide network access authentication.

  • Supplicant, Authenticator and Authentication Server.

  • Drawback:

    • One-way authentication.

    • Not protect authentication.


IEEE 802.1x (2/2)


Share Key

  • Use one key to authenticate and encryption in ad hoc network.

  • Drawbacks:

    • Only one key

    • Non-repudiation

    • Key management


Public Key Infrastructure

  • Key feature of public key cryptosystem

    • Two keys: Public Key & Private Key

    • Computational infeasible to determine decryption key.

  • Drawbacks

    • Certificate Authority (CA)

    • Spend a lot of time to en/decrypt.


Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


The Properties of WMN

  • Similar to ad hoc network

    • AP should select a routing path.

    • The routing path is always fix.

  • Most data are sent to WG.

  • My propose: Tree Topology.


Tree Topology


WMN’s Relationship

  • Supplicant

  • Authentication Agent

    • Manage supplicants

    • Help supplicant to authenticate.

  • Management System

    • Authentication server

    • Maintain WMN


Locally Secure Management

  • Different path, different secure channel.

  • AA only maintain his supplicants.

    • Session key

    • Authentication


Two functions of WMN

  • Self-Organization

    • When a new AP joins...

  • Self-Configuration

    • Self-healing

      • When a AP occurs failure…

    • Self-reconfiguration

      • When a AP not neighbor joins or fails…


Self-Organization


Trust Model

  • Supplicant → WMN

    • Group Key: Session key exchange first

    • Confirm key: Authentication

  • WMN → Supplicant

    • WMN’s Public Key

    • Signature


Two factors

Hop count

Node loading

Choose the node has smallest hop count value.

If there are two nodes has equal hop count value.

Compare their node loading value.

Select the smaller one.

Choose Authentication Agent


Session Key Exchange

  • Session key exchange first.

  • Session key should be modified periodically.

  • Default Key:


Self-Configuration (1/2)

  • Self-Healing

    • Determine the authentication agent fail.

    • Start Self-Organization process.


Self-configuration (2/2)

  • Self-reconfiguration


Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


Security Issue

  • Message encryption: data & control

  • Locality security

  • Trust model

  • Session key exchange first

  • Period session key exchange


Attacks Defense

  • Man-in-middle (MIM)

  • Forge AP

  • Session Hijack

  • Route Swindle

  • Denial of Service (DoS)


MIM & Forge AP

  • Man-in-Middle (MIM)

    • Use session key create secure channel.

    • Period session key exchange.

  • Forge AP

    • Period session key exchange.


Session Hijack

  • Session key exchange first.


Route Swindle

  • Use signature prove node’s legality.


Denial of Service

  • Attack:

    • Limited CPU and memory.

    • Continually send streams of association and disassociation packets.

  • Solutions:

    • There are not any solution to solve this problem.

    • Self-healing procedure


WMN Security Comparisons


Conclusion

  • Tree based secure architecture was proposed.

  • Define WMN’s basic functions of WMN.

  • Analysis WMN’s security problems.

  • Compare with other security issue.


Future Work

  • Consider more available attacks.

  • Mobile mesh network.

  • Other application:

    • Sensor network

    • Ad hoc network


The End, Thank You


  • Login