Security design for a new local area Network AULWLAN

Transcription

1 International Conference on Computer Systems and Technologies CompSysTech 2003 Security design for a new local area Network AULWLAN Ahmed Abdo Ali ABSTRACT : This paper presents a security scheme for a medium access control protocol in a new wireless local area network AULWAN (Aden University laboratory WLAN). The design objective has been to develop a security scheme that will be scalable for various needs and offer high security for demanding applications. The designed security scheme provides both privacy of wireless data communications and the authenticity of communicating parties, Our authentication scheme allows also the communicating entities to establish a shared secret key for secure communication session. Data security schemes have also been introduced.there are three optional data security modes that offer flexible ciphering and data security level. words :- Computer Network, Security, Design,LAN, WLAN I. INTRODUCTION wireless local area network (WLAN) technology is seen very promising for various types of wireless indoor and office communications, such as ad-hoc networking and wireless access to company networks. The main purpose of WLANs is to offer network solutions when fixed networks become impossible or inconvenient. Typical examples are networks that are set up on temporary basis and in buildings where cabling is not reasonable. The emerging standards like IEEE wireless LAN [1] or High performance Radio Local Area Network (HIPERLAN)[2] are good examples of WLAN approaches where high performance. Mobility and multi user characteristics have been taken into specification.on the contrary, above systems are often too complex and expensive for local, stationary wireless communication. Our new WLAN proposal called AULWAN (Aden University laboratory WLAN) [6] is designed for short range, multi-user environment with flexible choice of low-mobility or stationary wireless terminals. Typical environment include home, office and public areas like airport lounges and libraries. Terminals range from multimedia laptops to sensors introducing different transmission and security needs. IEEE standard was a starting point for the development of the MAC layer of ADLWLAN (called AULMAC), in which 2.4 GHz RF-band with DSSS modulation is used for physical medium as specified in leee Major differences are that AULMAC offers connection-oriented data-transfer service with negotiated QoS(Quality of Service ) parameters. ADLMAC utilises TDMA (Time Division Multiple Access ) with reserved constant bit-rate data channels, and thus, provides real-time support for multimedia applications. In addition, compared to IEEE standard, the security scheme of ADLWLAN is improved by increased security and flexibility to select the security level for different terminals. In this paper, a new security design including authentication, data ciphering and algorithms for encryption is presented. This paper is organised as follows. At first, used authentication methods are described followed by an explanation about data security schemes. After that, data encryption algorithms are introduced and conclusions given in the last section. II.OVERVIEW OF SECURITY IN AULWLAN In AULWLAN, security related network elements are portable stations (PSs), Base. Station (BSs) and central authorities (CAs). Each PS contains a permanent unique secret key that is also stored in BS and in a CA unit. A BS

2 controls the communication of PSs and it is also connected to a wired LAN. A CA is a logical unit that contains all necessary security parameters of PSs of the specific location area. Therefore, a Bs will contact a CA if it does not identificate PS in its own cell. In the prototype implementation of AULWLAN the CA unit is located in the BS and both of them are considered to be trusted units, Figure 1 illustrates the structure of AULWLAN system. Authenticated Portable station Non - Authenticated Portable station Base station Extemal Network Cell range Wired LAN Portable station Out of renge Figure 1 over view of the structure of ADLWLAN system Since there might be different type of PSs (laptop, sensor), and thus, different type of information to be transmitted, security level should be chosen flexibly. Therefore, are different modes for authentication and data encryption, which are summarized in table 1. Authentication modes: Data security modes: Table 1.Authentication and data security modes. 1-Open authentication 2- Secret key authentication 1.Open security 2.Cell security 3.Entiry security III.AUTHENTICATION SCHEMES Authentication services are divided into Open authentication and secret key authentication as depicted in Figure 2.In Open authentication on encryption function is used, whereas in Secret authentication IDEA(International Data Encryption Algorithm) [7] is used instead of LEEE ,WEP( wined equivalent privacy algorithm. Compared to IEEE802.11, WPE(Wired equivalent pribacy) algorithm, in our protocol the default authentication method is Secret key authentication with two transmitted messages. Each station contains a permenent secret that used only in the secret key authentication. Authentication is thus more secure and the umber of transmitted messages minimized. In the prototype implementation of AULWLAN, integrity of the authentication messages relies on nonces which are fresh random numbers constituting of two nonce identifiers [3],(r2.r3 etc in figure 3).Moreover the first nonce idcntifier is generated by feeding a pseudo randon number generate in (PRNG) on the Ps proper seed value. In addition,. for the secret key authentication mode integrity

3 is strengthened by using an encrypted 32- bit cyclic redundancy check (CRC-32) [1].The CRC value is computed over the whole authentication data This entirety together with the proper session key and a nonce is called an integrity check value (ICV) in the Secret authentication messages. IEEE standard does not define how temporary secret keys for one communication session should be exchanged between a PS and a BS and that is one major lack of the standard. In our secret key authentication scheme, session keys are exchanged within secure authentication messages A sessace key is encrypted within the authentication data and added also into the ICV for ensuring the integrity of the key. Authentication Secret authentication Open authentication Encryption -IDEN Integrity -Encrypted -Encrypted CRC Integrity Figure (2). Authentication modes and heeded services In AULWLAN system, a BS sets the required authentication level, thus PSs must authenticate with the required mode Authentication scheme starts when a PS sends an authentication request to a BS, which responds whether the authentication request was accepted or rejected. Only tw. messages over the air are transmitted despite of the authentication mode. The two authentication modes are next described in more detail. A. Open authentication and deauthentication Open authentication mode does not use any cryptographical functions during the authentication scheme. A PS sends to an open authentication message that includes a plaintext nonce to a BS, which processes the none and checks that it is generated by the PS with that MAC address. If the message is valid, the BS sends back an Open authentication response message that contains a new nonce. A plaintext temporary address for the communication session for the PS is transmittcd as well within the message. Open deauthentication scheme occurs when the PS wants to leave the cell reliably, It sends an Open deauthentication request message that contains a new nonce calculated from the last nonce used in the authentication scheme to the proper BS are receiving this message, the BS responds similarly as in as authentication scheme by sending an Open deauthentication response message. Figure 3 illustrates the transmission of nonces and the conjunction between them.

4 Portable station Open authentication 1 2 Data transmission Open 3 authentication 4 Base station identifiers: Nonc e1:r111 r2 2:r2 11r3 R 3:r3 ll r4 4:r4 ll r5 Figure 3 Open authentication and Open deauthentication. B. Secret key authentication and deauthentication Secret key authentication messages are sent in encrypted form between the communication parties. Secret key authentication starts when a PS sends a Secret key authentication request message to a BS. The BS processes it and whether the massage is correct, it sends back a Secret key authentication response message, the Secret key deauthentication scheme occurs for the same reasons as in the Open deauthentication scheme. In Figure 4, the Secret key authentication request frame and also the lengths of frame fields in octets are presented in the authentication request message the addresses in the MAC header are in plaintext form and the whole user data is encrypted with the permanent key of the PS. The ICV part consists of the first nonce and the session key generated by the PS as well as the CRC value calculated from the whole user data The session key and the nonce in the ICV are encrypted with the permanent key of the PS, and thus, this ICV and the whole user data are very well protected for the transmission medium. No one than the home BS and the CA know the PS proper permanent key. When the BS receives the authentication request message of the PS, It checks the MAC address and then decrypts the message With the PS proper permanent key. If the BS does not recognise the MAC address, it enquires the PS s permanent key from the CA unit. Next, the BS generates a new nonce and gives a temporary address for the PS. As can be seen in Figure 5, the Secret key authentication response includes also current broadcast key that is transmitted to all PSs on the same cell of AULWLAN. This broadcast key is changed frequently. e.g. after BS reboots or when there are on PS s in the cell. The ICV is done in the same way as in the authentication request it is also encrypted with the permanent key of the PS. Now the whole user data is encrypted correspondingly with the session key. MAC Header Encrypted authentication information ICV 4 CRC- 32 CRC- 32 Figure 4. Secret key authentication request message.

5 After receiving the Secret key authentication response, if the message is able to decrypted with the session key and the ICV value is correct as well, the PS can be sure that the message is authentic and came from the proper BS. After these steps the secret key authentication is successfully completed. MAC Header Encrypted authentication information CRC - 32 CRC TA ICV Broadcast Figure 5. Secret key authentication response message All encryption functions in the secret key authentication and deauthentication mode are implemented IDEA. Secret key deauthentication is used for secure disconnection.a PS sends a Secret key deauthentication request message and it consists of the same bricks as the secret key authentication request message but now the message is encrypted with the session key used in the current session. Moreover, all encryptions in Secret key deauthentication is done by the current session key. A new nonce is calculated from the last nonce used in the authentication scheme as well after receiving the deauthentication request message, the BS checks whether the deauthentication message was correct and responses by sending a Secret key deauthentication response message. The content of this message is likewise in the request message but agair, a new nonce is calculated. When the PS receives the authentication response message, and if he message is valid it can be sure that deauthentication scheme was valid. Notice that nonces are processed likewise in the Open authentication case presented in Figure 3. IV.DATA SECURITY SCHEMES Security of the data message relies on the encryption functions. The flexibility of the security system is obtained by three separate data security schemes which are Open security that does not support any cryptographical operations, Cell security that uses our improved WEP algorithm for data ciphering, and Entity security IDEA. Figure 6 depicts the data security modes and needed services On the contrary to [1], our data security sceme is more flexible because of three separate data security schemes. In addition, of the integrity of the encrypted data messages by using an encrypted CRC-32 that constitutes alone the ICV for secure data messages. All but the Open security mode use this integrity service. Further, secure data messages contain also location privacy service that is achieved by using an 8 bit temporary addresses[4]. Temporary addresses become in use after the authentication scheme, It changes static globally unique MAC following, the security modes are described in more datail. 4

6 Data securely Open security Cell security Entity security Location privacy: Encryption: Encryption: - Temporary - Improved - IDEA address Integrity WEP : Integrity : - Encrypted CRC - Encrypted CRC location Privacy: location Privacy: : - Temporary :: - Temporary address address Figure 6.Data security modes and needed services. Open security mode is necessary because in some situations it is fruitless or forbidden to use any data encryption schemes. The Open security scheme follows the Open authentication scheme because session keys are not exchanged during that authentication mode. Cell security scheme is the default mode for the data ciphering in AULWLAN system. The cell security scheme allows light protection for transmitted data because of our improved WEP algorithm. This data security mode makes it infeasible for unauthenticated third parties to eavesdrop the transmitted data. On the contrary. all authenticated PSs in the same cell could eavesdrop each other. Entity security is the strongest scheme of data ciphering in AULWLAN system and prevents eavesdropping also between portable stations in one cell. Every message between a PS and a BS is encrypted and decrypted by a session proper key. In Entity security mode, IDEA algorithm is used, in the next section, cryption algorithms are presented. V.CRYPTION ALGORITHMS ON AULWLAN There are two ways to encrypt data in our system; by using secret key block cipher cipher algorithm IDEA[7] and by using improved WEP algorithm. IDEA is based on extensive cryptanalysis, and it is very secure. Moreover, a 128 bit key length is used to effective remove the risk of brute force attacks[7]. For ADLWLA IDEA is used in Electronic Code Book mode (ECB) because burst errors in wireless transmission path, and therefore, a 64 bit user data block is encrypted independently, Cipher Bloce Chaining (CBC) or Cipher Feedback (CFB) modes strengthen the integrity service but due to RF transmissions medium errors they are not used. Since AULWLAN accepts various terminals, not transmissions have to be protected extremely securely and on the other hand, there are information that does not agree with any delays (real-time video).we have therefore modified WEP algorithm[1] by making if more suitable for light data encryption. It encrypts user data in independent 64 bit block and uses a 64 bit key length. Figure 7 illustrates a high level ciphering scheme for an improved WEP algorithm, A PRNG generates as initialzation vector (IV) that is transmitted to the receiver station within the user data in plaintext form. The IV and the broadcast key are XORed and after that a data block is encrypted with the resulting vector. The encryption procedure itself consists of three rounds and two data permutation round Decryption is similar to the encryption procedure.

7 Seed Broadcast PRN IV XOR Plaintext data block Plaintext data block IV XOR Broadcast Permutation Permutatio Ciphered Data block Permutation Permutatio Figure 7. Ciphering scheme in our improved WEP algorithm VI. CONCLUSIONS Our security scheme for AULMAC protocol is very flexible Since we have three data security levels. PSs can be configured for optimal security level, and thus, the use of computing resources can be optimized. For demanding real-time applications, our improved WEP algorithm gurantees efficient security and ensures minimal delays during the trans smission. Using IDEA and the secret key authentication the network can be set up very securely. Our AULMAC protocol and the security scheme is currently under implementation. For the prototype system, we consider cell of AULWLAN, and therefore, the handover situations are not handled. Authentication during handover situations is of the major future tasks. REFERENCES [1] IEEE p D5.0 IEEE Standard for local and metropolitan area networks: wireless LAN Medium Access Control (MAC) and physical Layer (PHY) specifications, IEEE standards Department, [2] ETS , Radio Equipment and System (RES), High Performance Radio Local Area Network (HIPERLAN), Type 1; Functional specification, October [3] V. Bharghavan, Secure Wireless LANs, proceedings of ACM conference on computers and Communications Security 94, Fairfax, Virginia, November 1994.pp [4] V.Bharghavan, A Dynamic Addressing Scheme for Wireless Media Access, Proceedings of the IEEE ICC95, Seattle, June 1995.PP [5] M. Burrows, M. Abadi, R.Needham, Alogic of Authentication, ACM Transactions on computer systems, vol.8,on I, February pp [6] M. Hannikainen, J.Knuutial, A. Letonsari, T. Hamalainen, J. Jolela, J. Ala- Laurila, J. Saarinen, TUTMAC: A Medium Access control Protocol for A New Multimedia wireless local Area Network, accepted to IEEE PIMRC 98 conference. [7] B.Schneter Applied Cryptogrophy Second Edition Protocols, algorithms, and source code in C, John Wiley & Sons,1996. ABOUT THE AUTHOR Ass. Prof. Ahmed Abdo Ali, Ph D, Department of Physics, Aden university, Yemen, phone : E- Mail: Ahmed_acc@yahoo.com