具安全性及自我組織能力的
Download
1 / 38

研 究 生: 蔡憲邦 指導教授:柯開維 博士 - PowerPoint PPT Presentation


  • 124 Views
  • Uploaded on

具安全性及自我組織能力的 無線網狀網路. Design of Efficient and Secure Multiple Wireless Mesh Network. 研 究 生: 蔡憲邦 指導教授:柯開維 博士. Outline. Introduction Background Design a Secure WMN Security Analysis Conclusion. Introduction (1/2). Wireless Mesh Network Properties. Security Problem.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' 研 究 生: 蔡憲邦 指導教授:柯開維 博士' - iman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

具安全性及自我組織能力的無線網狀網路

Design of Efficient and Secure Multiple Wireless Mesh Network

研 究 生:蔡憲邦

指導教授:柯開維 博士


Outline
Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


Introduction 1 2
Introduction (1/2)

  • Wireless Mesh Network

    • Properties.

    • Security Problem.

  • Wireless Security Problem

    • Attacks.

    • Secure solution.


Introduction 2 2
Introduction (2/2)

  • This thesis

    • Tree topology

    • Define the WMN’s basic functions

    • Security issue

    • Compare with other security issue


Wireless mesh network wmn
Wireless Mesh Network (WMN)

  • Full & Partial mesh network.

  • Omni directional & directional.

  • Benefit:

    • Reduction of install cost

    • Large-scale depolyment (last mile)

    • Reliability

    • Self-management


Wmn s architecture
WMN’s Architecture


Wireless security
Wireless Security

  • Wireless Environment

    • Open media

    • Unlicensed ISM band

  • Wireless Attacks

    • Infrastructure

    • Ad hoc


Wireless attacks
Wireless Attacks

  • Infrastructure

    • Insertion

    • Interception and Monitoring

    • Jamming

  • Ad hoc

    • Black hole

    • Impersonation


Wireless security solutions

Main Purposes

Authentication

Data encryption

Infrastructure

WEP

IEEE 802.1x

Wireless Security Solutions

  • Ad hoc

    • Share Key

    • Public Key Infrastructure (PKI)


WEP

  • Wired Equivalent Privacy

  • Integrity & Encryption

  • Drawbacks:

    • Key size is too small (only 40 bits)

    • Key Sequence Reuse (Initial Vector)

    • Message can’t be Authenticated


Ieee 802 1x 1 2
IEEE 802.1x (1/2)

  • Provide network access authentication.

  • Supplicant, Authenticator and Authentication Server.

  • Drawback:

    • One-way authentication.

    • Not protect authentication.



Share key
Share Key

  • Use one key to authenticate and encryption in ad hoc network.

  • Drawbacks:

    • Only one key

    • Non-repudiation

    • Key management


Public key infrastructure
Public Key Infrastructure

  • Key feature of public key cryptosystem

    • Two keys: Public Key & Private Key

    • Computational infeasible to determine decryption key.

  • Drawbacks

    • Certificate Authority (CA)

    • Spend a lot of time to en/decrypt.


Outline1
Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


The properties of wmn
The Properties of WMN

  • Similar to ad hoc network

    • AP should select a routing path.

    • The routing path is always fix.

  • Most data are sent to WG.

  • My propose: Tree Topology.



Wmn s relationship
WMN’s Relationship

  • Supplicant

  • Authentication Agent

    • Manage supplicants

    • Help supplicant to authenticate.

  • Management System

    • Authentication server

    • Maintain WMN


Locally secure management
Locally Secure Management

  • Different path, different secure channel.

  • AA only maintain his supplicants.

    • Session key

    • Authentication


Two functions of wmn
Two functions of WMN

  • Self-Organization

    • When a new AP joins...

  • Self-Configuration

    • Self-healing

      • When a AP occurs failure…

    • Self-reconfiguration

      • When a AP not neighbor joins or fails…



Trust model
Trust Model

  • Supplicant → WMN

    • Group Key: Session key exchange first

    • Confirm key: Authentication

  • WMN → Supplicant

    • WMN’s Public Key

    • Signature


Choose authentication agent

Two factors

Hop count

Node loading

Choose the node has smallest hop count value.

If there are two nodes has equal hop count value.

Compare their node loading value.

Select the smaller one.

Choose Authentication Agent


Session key exchange
Session Key Exchange

  • Session key exchange first.

  • Session key should be modified periodically.

  • Default Key:


Self configuration 1 2
Self-Configuration (1/2)

  • Self-Healing

    • Determine the authentication agent fail.

    • Start Self-Organization process.


Self configuration 2 2
Self-configuration (2/2)

  • Self-reconfiguration


Outline2
Outline

  • Introduction

  • Background

  • Design a Secure WMN

  • Security Analysis

  • Conclusion


Security issue
Security Issue

  • Message encryption: data & control

  • Locality security

  • Trust model

  • Session key exchange first

  • Period session key exchange


Attacks defense
Attacks Defense

  • Man-in-middle (MIM)

  • Forge AP

  • Session Hijack

  • Route Swindle

  • Denial of Service (DoS)


Mim forge ap
MIM & Forge AP

  • Man-in-Middle (MIM)

    • Use session key create secure channel.

    • Period session key exchange.

  • Forge AP

    • Period session key exchange.


Session hijack
Session Hijack

  • Session key exchange first.


Route swindle
Route Swindle

  • Use signature prove node’s legality.


Denial of service
Denial of Service

  • Attack:

    • Limited CPU and memory.

    • Continually send streams of association and disassociation packets.

  • Solutions:

    • There are not any solution to solve this problem.

    • Self-healing procedure



Conclusion
Conclusion

  • Tree based secure architecture was proposed.

  • Define WMN’s basic functions of WMN.

  • Analysis WMN’s security problems.

  • Compare with other security issue.


Future work
Future Work

  • Consider more available attacks.

  • Mobile mesh network.

  • Other application:

    • Sensor network

    • Ad hoc network



ad