Cross-layer security and resilience in wireless mesh networks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cross-layer security and resilience in wireless mesh networks"

Transcription

1 Cross-layer security and resilience in wireless mesh networks By Ioannis Askoxylakis¹, Boldizsar Bencsath², Levente Buttyan², Laszlo Dora², Vasilios Siris¹ and Apostolos Traganitis¹ ¹ Foundation for Research and Technology Hellas Institute of Computer Science N. Plastira 100, GR 70013, Heraklion, Greece ² Budapest University of Technology and Economics Laboratory for Cryptography and System Security Magyar tudosk krt 2, H-1117 Budapest, Hungary 1. Introduction Security and Resilience has become an important concern in the security design and architecture of future wireless networking technologies like Wireless Mesh Networks (WMN) [1, 2]. Network operators and service providers consider mesh networking to be a serious candidate to solve the so called last mile problem based on their wider coverage than traditional wireless LANs and their lower deployment cost than 3G cellular networks. While there are several usage scenarios [3] and business opportunities [4] and there exist the so called community based mesh networks that are operated by individuals, the real business potential lies in operator based mesh networks. Such examples include Ozone's mesh network in Paris ( and The Cloud in the City of London ( If such pilot projects turn out to be successful, then mesh networking may become extremely popular and wide-spread. In order to turn the tremendous business potential represented by mesh networking into real profit, one needs to solve a number of technical problems related to the design and operation of mesh networks. In this chapter, we address one of those problems: securing mesh networks in a cross layer manner and ensuring resilient operation. It is evident that security and resilience issues need to be considered seriously and solved appropriately. Unlike the wireline networks, the unique characteristics of wireless networks pose a number of nontrivial challenges to resilience and security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology. More specifically, in this chapter, we identify the security requirements that are relevant for wireless mesh networks in general, and for multi-operator based QoSaware mesh networks in particular. While security issues are often application specific, this chapter focuses on the general security requirements of wireless mesh networks that are either independent of the applications or common to all applications and presents various design options for a security architecture that aims at satisfying those requirements. The approach to this direction follows a cross-layer concept, since this appears to be the only way to provide an aggregate framework for both proactive and reactive security approaches in a combined and balanced way. Several approaches of the security issues in wireless mesh networks can be found in [5, 6, 7]. However, none of those works address specifically QoS aware mesh networks 1

2 operated by multiple operators, neither they deal with proactive (cryptographic) and reactive (intrusion detection based) security measures in a combined manner as we do in this work. The discussion in [5] focuses on giving an overview of the various authentication mechanisms and secure routing protocols proposed for mobile ad hoc networks. Unfortunately, while the mechanisms and protocols proposed for mobile ad hoc networks are useful, they are not suitable for direct application in mesh networks. The authors of [6] discuss specific security issues in wireless mesh networks like the detection of compromised mesh routers, the security of routing, and the problem of fairness. However, although these are important issues, they represent only an small subset of the security problems in wireless mesh networks. The study in [7] is specific to wireless mesh network security and it is quite comprehensive in terms of identified security issues. In [8] there is a more detailed discussion on the available design choices for authentication and network access control, for the protection of wireless communications, and for intrusion and misbehavior detection, as well as a more QoS specific discussion of the routing security problem. The organization of this chapter is the following: a network system model is introduced in Section 2 and the network adversary model is described in Section 3. Based on these models, the general security and resilience requirements are indentified in Section 4. Next, there is a presentation of the design options for the elements of the security architecture that aim at satisfying the identified security requirements. More precisely, the mesh client authentication and network access control are addressed in Section 5, the protection of wireless communications in Section 6, key management issues in Section 7, secure routing in Section 8, and intrusion and misbehavior detection and recovery in Section 9. The chapter concludes with Section Network Model While several detailed surveys on mesh network architectures can be found in the literature [1, 2] in this chapter, we consider a system/network model as illustrated in Figure 1. This is the system model defined for the EU-MESH Project ( According to this model a mesh network consists of mesh routers that form a network with very similar networking attributes and characteristics of a static wireless ad hoc network. The mesh routers can function either as gateways to the wired Internet, or as wireless access points for mobile mesh clients. We assume that the mesh routers belong to multiple operators, and they cooperate for providing aggregate networking services to all of their mesh clients. Their cooperation model, which falls out of the scope of this study, can be based on business agreements similar to roaming agreements in the case of cellular networks. Mesh clients are mobile computing devices (smart phones, PDAs, netbooks etc) operated by customers that can be associated with one or more operators by contractual means. The mesh network provides various services to its clients like Internet access, realtime communications within the mesh network etc. In this model the mesh network is also designed to provide QoS applications with client mobility support. This requires that the mobile mesh clients have the capability to perform seamless handovers between access points. 2

3 Figure 1: System model of a wireless mesh network - the EU-MESH approach 3. Network Adversary Model A common initial approach in the identification of security requirements of a system is the understanding of the potential attacks against it. This understanding is summed up in the following adversary model that describes the classes of attackers, their objectives, and their means to attack the wireless mesh network. Classes of attackers: Taking into account the system model described before, we can categorize attackers in the following classes: External adversaries: They are external entities that have no legitimate access to the mesh network and its services. They are usually equipped with networking systems that have the ability to interfere with the operation of the mesh network in several 3

4 layers. Typical attacks of this category includes attempts to gain physical access to mesh routers that operate unsupervised in remote but accessible locations and then modify the operation and the behavior of these routers (by installing rogue software) according to their attack objectives. Dishonest network clients: They are misbehaving customers that have legitimate access to the mesh network and some of the network services, but they try to gain illegal access to services that are not subscribed to, or to obtain higher QoS in services already subscribed. Dishonest network operators: They are operators of the mesh infrastructure that do not honestly keep the business agreements. Objectives of attacks: The attacks of the adversaries described above may have the following objectives: Denial-of-Service (DoS): The objective of this type of attack is to degrade the QoS provided by the mesh network or even to completely disrupt the provided services. This is an objective of external adversaries. Unauthorized access to services: This objective is mainly related to external adversaries and dishonest clients. Common services include internet access and real-time communications. Unauthorized access to network client data and meta-data: Network client data are the messages exchanged in a service session and the corresponding objective is the violation of the confidentiality of the client, whereas meta-data is information related to the client s location and service usage profile and the objective is the violation of the privacy of the client. Primarily, this objective is related to external adversaries and dishonest network operators. Fraudulent increase of business competiveness: This could be the objective of dishonest operators that may mount attacks on the mesh network or specific network operators/competitors participating in the network in order to gain some advantage over them. This can be achieved either by reducing or destroying the reputation of the competitors, or by increasing their own reputation. Attack mechanisms: The previously described objectives can be reached through a variety of attack mechanisms. While such mechanisms can be used in a stand alone or combined manner, most of them fall into either one of the following two categories: Attacking the wireless communications by eavesdropping, jamming, replaying of messages, injection of messages and traffic analysis. Setting up fake mesh routers or compromising unattended existing mesh routers. 4. Security & Resilience Requirements 4

5 Next, based on the adversary model described above, we identify the main security (proactive) and resilience (reactive) requirements for wireless mesh networks. We classify them into two broad categories: the security requirements that refer to the proactive network protection requirements and the resilience requirements that refer to the reactive network protection requirements, 4.1 Security Requirements Authentication of mesh clients and access control. Prevention of unauthorized access to services of the mesh network requires authentication of mesh clients, and enforcement of access control rules in the system. While there exist many authentication protocols and authorization schemes, there are additional requirements that need to be satisfied, such as the need to support end-user mobility and QoS-aware applications, and the need to work in a multi-operator environment. Particularly, the support of user mobility and the provision of QoSaware applications requires fast re-authentication of mesh clients since the requirements of authentication and access control should not exclude the possibility of seamless handover between the access points. Moreover, in a multi-operator environment, such handovers may occur between access points belonging to different administrative domains, and hence, the authentication and access control scheme must be able to handle this situation Protection of wireless communications In the system model described before, wireless communications take place between several network entities such as between mesh clients and mesh routers, as well as among mesh routers and gateways. These wireless connections must be protected against various attacks and this leads to the following requirements: Message integrity and authenticity: messages must be protected against attacks that aim to insert fake messages, to modify of replay existing ones. This ideally should take place in a link-by-link manner, in order to identify and remove such messages at early stages. Confidentiality and integrity of the application data: Application data, such as user data must be protected against unauthorized access. While this can be done in an end-to-end manner, in case of some applications that are not prepared for such protection, the problem should be solved transparently to the applications within the mesh network. Traffic analysis prevention: It prevents unauthorized access to meta-data of the customers, and hence ensures some degree of privacy. Link-by-link encryption of messages could be a suitable approach because it can hide end-to-end addressing information. Another approach is the use of dummy traffic by neighboring mesh routers on idle links, in order to make the identification of communication profiles more difficult. 4.2 Resilience Requirements 5

6 Resilience is the ability of the network to provide and maintain an acceptable level of service in the face of various faults and challenges to normal operation. Resilient wireless networks aim to provide acceptable service to applications including: ability for mobile users and applications to access information when needed, maintenance of end-to-end communication association ability of distributed operation and networking We focus on two main reactive resilience requirements: robust networking and intrusion detection and recovery Increasing the networking robustness The increase of the robustness of basic networking mechanisms, such as the routing protocol, the medium access control scheme, the topology control and channel assignment mechanisms, etc, is very important since they are the main targets of DoS attacks against a network. Among them, securing the routing protocol seems to be the most important requirement, because interfering with the routing protocol may affect the entire network, whereas attacks on lower layers (e.g., on medium access control and channel assignment) have a localized effect. QoS-aware routing protocols provide functions such as proactive dissemination of routing information and local route computation, resource reservation on selected routes and recovery from errors during the data forwarding phase. Each of these functions has its resilience and security requirements. Routing information dissemination and route discovery requires the authentication and integrity protection of routing control messages, in order to prevent their manipulation by external adversaries. It may also be desirable to ensure non-repudiation of routing control messages in order to discourage operators to mount stealth attacks against each other, and to facilitate dispute resolution. Resource reservation messages must also need to be authenticated in order to avoid resource blocking DoS attacks and to guarantee that resources do not stay reserved forever. Finally, error recovery procedures should not be exploitable by attacks aiming at the disruption of communication Intrusion and misbehaviour detection and recovery. In general it is more or less impossible to identify misbehaving nodes of a WMN by cryptographic (proactive) means while at the same time cryptographic solutions are ineffective against jamming attacks. These challenges clearly make a case for building a second line of defence of cross-layer resilience solutions aiming at the detection and recovery from attacks based on intrusion and misbehavior that would achieve both broad protection and desirable network performance, in the situation where proactive security mechanisms either fail or are not sufficient to defend the networks against attacks. As misbehaviour can be observed at any layer of the communication stack, misbehaviour detection should target all layers. Moreover, cross-layer misbehaviour detection can increase the detection effectiveness by combining detection modules 6

7 employed in different layers. An important requirement to this direction is the need for some level of node cooperation, since in misbehaviour detection and recovery processes nodes should be able to monitor to some extend the activity of each other. 5 Client authentication and access control enforcement In a multi-operator mesh network, and especially in business driven mesh networks, an important requirement is that only authorized users should be able to access its services. In order to fulfill this requirement, authentication and access control enforcement is required. In the authentication process, the mesh client proves its identity using an authentication key. In addition, during the authentication process, a short-term connection key is established between the mesh client and the access control enforcement point. This connection key serves as the basis for access control enforcement on the follow-up traffic originating from the mesh client. In this section, we first introduce a detailed list of requirements for authentication and access control enforcement in QoS aware multi-operator maintained mesh networks. Then, we give an overview of the authentication and access control enforcement mechanisms proposed for WiFi and mesh networks, and we analyze them with respect to the identified requirements. 5.1 Requirements The main requirements for authentication and access control enforcement in a QoS aware multi-operator mesh network are the following: Fast authentication process that supports user mobility: As a main requirement, the authentication method has to support mobility of mesh clients which may use QoS aware services like VoIP. When a mesh client moves from one access point to another, re-authentication due to the handover must be supported. Forward security of the connection keys: The connection keys should not reveal long term keys. It is an important requirement for the multi-operator environment, since the mesh clients may associate to access points operated by foreign operators. Independence of connection keys: As the neighboring access points may not trust fully each other due to the multi-operator environment, the authentication and the key generation mechanism have to prevent an access point from deriving connection keys that are used at another access point. Key Freshness: It must be ensured that the connection keys derived at every authentication process are fresh. DoS resistance: The authentication method should not provide space for new types of DoS attacks. Compatibility with standards: In a multi-operator environment, where clients move among different operators, it is essential that the protocols used in the authentication mechanism are standardized or consist of standardized elements. 7

8 Scalability: One of the main advantages of mesh networks is the dynamically increased coverage which is translated to dynamically increased number of network modules such as mesh routers, access points, and mesh clients. The authentication method employed in such networks should be able to follow the network extensions. Independent elements: In a multi-operator environment, the most probable scenario is that each operator would run its own authentication server(s), without relying to a central authentication entity. 5.2 Taxonomy While many authentication and access control enforcement methods have been proposed, we initially categorize them according to the place of the access control enforcement and the place and type of the authentication. Depending on the place where the access control is enforced we have the following categories: Central access control enforcement: The access control is enforced in a centralized manner by an entity outside of the mesh. Access control enforcement at the border: The access control is enforced by the gateways that are located at the border of the mesh network. Distributed access control enforcement: The access control is enforced by the access points. When the access control is enforced by a central entity or at the gateways, the mesh clients cannot be authenticated inside the network. If the access control enforcement is distributed, the mesh client can be authenticated at the following network entities: The remote authentication servers that are placed outside of the mesh network. The local authentication servers that are placed near to the access points within the mesh network. In this case they can be reached by the access points within a few wireless hops. The access points that act as distributed authentication servers. During the handover process, the authentication process can be initiated in a reactive or in a proactive manner. During reactive authentication the mesh clients are authenticated to the next access point and the establishment of the connection keys is carried out when the mesh client has already associated with the next access point, while in proactive authentication the connection keys are distributed to the potential next access point before the handover process is initiated. Next, we classify the proactive solutions depending on the participant who controls the key distribution: 8

9 Mesh client driven key distribution where the mesh clients create security associations with the next or with each potential next access point before the handover process. Authentication server driven key distribution where the authentication servers distribute mesh client specific keys among the potential next access points in a proactive manner, and thus the keys are available before the mesh clients associate with the next access point. In Table I, we categorized the proposed authentication methods found in the literature according to the above described taxonomy. Authentication at the borders Central authentication Distributed Access control enforcement [10] [11] [9] [10] [11] Authenticator Type of Key distribution Reactive Proactive Authentication server driven Mesh client driven Access Points - [27] [26] Local authentication server [17] [18] [13] [19] [15] [16] [21] Remote authentication server [21] [20] [22] [23] [24] Table I : Taxonomy of authentication methods Centralized access control enforcement When the access control enforcement is centralized, no authentication is required at the access points during the handover process. In such cases, the mesh client is able to associate to any access point, and the access control is enforced by redirecting the traffic of the mesh client to a central access control enforcement entity. The central entity makes forwarding decisions based on the origin of the traffic, such as the MAC and/or IP addresses of the mesh client. This solution is often used in WiFi hotspots, for instance, using the Chilispot implementation [9]. The main disadvantage is that no connection key is established and an attacker can easily gain access by spoofing the MAC and IP addresses of an already authenticated client. A similar centralized solution is presented in [10, 11], where the architecture based on the Protocol for carrying Authentication for Network Access (PANA) [12] is proposed. In this approach the mesh clients are authenticated only once, when they first associate with an access point. Having the clients been successfully authenticated, IPSec tunnels are established between the mesh clients and the central access control enforcement entity, which obtains the connection key from the authentication server. The main advantage of central access control enforcement is that no key material is stored in the access points and therefore potential attackers are not able to obtain any keys by compromising an access point. The main drawback is that such architectures are vulnerable to DoS attacks, because it is not possible to deny the access before a message arrives to the central access control enforcement unit. This can be exploited 9

10 by attackers by injecting fake messages into the system and therefore decreasing the QoS levels. Another drawback is that the central unit is a bottleneck resulting in a potential scalability problem Access control enforcement at the gateways When the access control is enforced at the border of the wired and the mesh network, mesh client authentication can take place either at the gateway or at a central authentication server. While an authentication scheme, where the gateway authenticates the mesh client, would be technically interesting and challenging, so far no such proposal exists. For the case, where the mesh client is authenticated to a central authentication server but the access control is enforced at the gateways the PANA protocol proposed in [10, 11] could be employed. PANA allows the existence of multiple access control enforcement entities and in such a scenario, each gateway can be an access control enforcement entity that obtains the keys for access control enforcement from the authentication server. This mechanism would improve the scalability of the centralized access control enforcement; however it would not eliminate the DoS vulnerability described earlier Distributed access control enforcement with reactive authentication using remote authentication server A typical example of this category is the IEEE 802.1X [12] authentication and access control model as described in the IEEE i standard [13]. According to this model, access control is enforced by the access points in a distributed manner. In this model, a remote authentication server is responsible for client authentication, by informing the access point about the result of the authentication, and for distribution the connection key. The connection key itself or future keys derived from it, can be used to secure the oncoming communication at the link layer. The messages of the authentication protocol are carried by the Extensible Authentication Protocol (EAP) [14]. While many authentication protocols have been standardized in this framework (e.g., EAP-TLS, EAP-FAST, EAP-SIM), none of them are optimized for fast handoff. Recently, a new EAP method has been described for fast re-authentication in [15] and [16]. The main disadvantage of this scheme is that the round trip time may increase significantly the distance (measured in wireless hops) between the access point and the authentication server increases. This way the round trip time can become higher than the time that a QoS aware service can tolerate. Moreover the scheme is vulnerable to DoS attacks as the central authentication server can easily become a single point of failure Distributed access control enforcement with reactive authentication using local authentication servers The drawbacks of the distributed access control enforcement with reactive authentication using remote authentication server can be solved if local authentication 10

11 servers are placed close to the access points. To this direction there are two extensions of the EAP standard in [17, 18]. Both proposals aim to reduce the round trip time of the authentication messages by using local authentication servers placed between the access points and the central authentication server. In both schemes the central authentication server shares the authentication key or a key derived from the authentication key with the local authentication servers. This way, when an access point turns to any of the local authentication servers, that authentication server generates the connection key and sends it to the access point. The main disadvantage of this scheme is that the local authentication servers which are placed within the mesh network are, in most of the cases, physically unprotected. It is obvious that it would not be wise to keep long-term authentication information on them Server driven proactive authentication with distributed access control enforcement In server driven proactive authentication methods, the authentication server is responsible for distributing connection keys prior to the handover. In this case, during the handover process, the access points make access control decisions locally without interacting with the authentication server. In [19], the connection keys generation is based on the authentication key, the MAC addresses of the mesh client and the access point, and the connection key used at the current access point. The new connection keys will be used at the neighbouring access points, which are the potential next access points that the mesh client may associate with, and for this purpose they are distributed to them by the authentication server. In this solution, it is essential that the authentication server is aware of the location of the mesh clients in order to determine which access points need the next connection keys. The IEEE s [20] and r [21] standards approach the same issue by dividing the network into domains, where every single domain maintains a keydistributor. Each distributor obtains its keys from the authentication server while the connection keys are created based on the authentication keys. At the same time, every access point belonging to a domain, receives dedicated keys, generated by the key distributor. In [22], there is a description for the adoption/adjustment of the GSM authentication model to wireless networks. According to this scheme, the authentication server generates triplets of keys which contain authentication information and a connection key. Each triplet is proactively sent to the potential next access point. This way, an access point can use the authentication information of the triplet to authenticate the mesh client that is under a handover process, and at the same time use the connection key of the triplet for access control enforcement Mesh client driven proactive authentication with distributed access control enforcement In this type of authentication the mesh clients themselves are responsible for getting the connection keys to the access points. According to the pre-authentication scheme, 11

12 included in the IEEE i [21], mesh clients perform full authentication with their current access point and then create connection keys with the potential next access points before the handover process. While it is important that this mechanism is standardized and supports QoS services, this pre-authentication mechanism demands the existence of link connections between access points and therefore only one-hop neighbouring access points can participate. Another solution of this category, in the case where multiple radios are available for mesh clients, is described in [16]. When a client device supports multiple radio interfaces it can use one radio to associate with the current access point while the rest of its radio interfaces can independently establish connection keys with other access points within radio range. During a handover process the active radios change roles with the radio which was used for the security association with the next access point becoming now responsible for the data traffic while the other radio(s) continue to establish security associations with new access points. While such a solution deals with problems previously described, its main drawback is the need for multi-radio dedicated hardware on the clients side. In [15, 23] the key distribution mechanism of the IEEE 802.1X model is modified. According to this proposal, the authentication server and the mesh client establish a new connection key, which is then distributed by the authentication server to the potential next access points. The main drawback of this approach is that it is incompatible with the IEEE i standard. The idea presented in [24] is that after a full authentication, the authentication server generates tickets for each access point where the mesh client could move according to its mobility pattern. The tickets are sent in one proposed solution to the potential next access points and in another proposed solution directly to the mesh client. In the former case, the communication between the access points is based on the IEEE f protocol, also known as Inter Access Point Protocol (IAPP) [25]. In the latter case, the mesh client sends the tickets to the access point at the time of the handoff. The tickets are encrypted using unique shared secrets between each access point and the authentication server and this way the access points can obtain only those keys that are related to their own connections. The main disadvantage is the fact that the solution relies very much on the mobility prediction mechanism. If this mechanism is not very precise, no connection keys may be established at the access points that the client wants to associate with. The IAPP protocol was withdrawn in Distributed access control enforcement with proactive authentication to the access point. In this category the mesh clients instead of authenticating to a remote or local authentication server, they authenticate to the access points in a proactive pattern. In [26], the currently used connection key is distributed to the potential next access points by the current access point, and it is re-used there when the handover process initiates. While this solution does not satisfy the requirement of independence of connection keys, its main disadvantage is that the access points must trust each other and this is not always possible, especially when access points belong to different operators. 12

13 In [27] the authors propose a solution where the mesh clients carry the new connection key in a credential. The access points send the credential encrypted to the mesh clients before the handover. The encryption key of the credential is shared between the current access point and the other access points. After associating with the next access point, the mesh client shows its credential, and the new access point decodes the connection key. To overcome time constraints, the use of symmetric cryptography, for encryption/decryption of the credential, is proposed. The main disadvantage of this approach is that the proposed mechanism does not comply with any standard. 5.3 Summary Table II, summarizes the various approaches for authentication and access control enforcement described above and how they satisfy the corresponding requirements. Independence of elements Scalability Compatibility with standards DoS resistance Fast reauthentication Distributed access control enforcement Central access control enforcement Χ Χ Boundary access control enforcement Χ Reactive Local authentication Χ Χ server Reactive Remote authentication Χ Χ Χ server Central Proactive Authentication server Χ Client Proactive Authentication server Reactive Access Point - Χ Central Proactive Access Point Χ Χ Client Proactive Access Point Χ Χ Table II : Types of authentication and access control enforcement vs requirements Some general conclusions for the categories described in detail above are the following: When access control is enforced at a central entity or at the border of the mesh network, the system is not able to deny the forwarding of packets coming from unauthorized mesh clients and consequently it is DoS vulnerable. In the case of central access control enforcement, the network is not scalable, because the central access control enforcement unit becomes a bottleneck. 13

14 When a central authentication server is used with reactive authentication, the round trip time of the message exchanges of the authentication protocol may exceed the time that the QoS aware services could tolerate. Moreover, if the authentication server is DoS attacked, no authentication can be performed during handoffs in the entire network. The DoS problems previously described are solved when local authentication servers are used. However, in this case the problem is that those servers reside in the mesh network and they can be physically attacked and compromised. Distributed access control enforcement with proactive authentication methods satisfies all the requirements. However, not all phases of the connection key distribution process are handled in a standardized way when the key distribution process is server driven. Moreover, in the case of mesh client driven proactive authentication, the proposed mechanisms often require conditions that are difficult to satisfy, such as the use of multiple radios in mesh clients. The requirement of independence of elements is not satisfied when the previous access point authenticates the mesh client during or before the handover, because an access point must trust the previous access point as an authenticator even if it belongs to another operator. 6. Protecting the wireless communications Wireless communications among all network entities as described in the network model, including wireless links between mesh clients and mesh routers, as well as among mesh routers and gateways, must be protected against various attacks. There are three ways for protecting wireless communications in out network model: End-to-end protection: The information exchange is protected from the mesh client to the other endpoint of the communication, which can be another mesh client within the mesh network of a fixed internet user. Link-by-link protection: The information exchange is protected only on the wireless links between entities of the mesh network such as between the mesh routers and between the mesh clients and the access points. It is possible to employ different protection mechanisms for each link. Protection of route segments: This is an intermediate solution between end-to-end and link-by-link protection. The information exchange is protected on a segment of the route between the mesh client and the other communication party. This can be useful in the multi-operator environment where parts of the mesh network belonging to other operators may be considered as untrusted. 6.1 End-to-end protection When end-to-end protection is employed, the mesh clients use cryptographic methods to protect their information exchange with other parties located either inside the mesh network or on the Internet and their communicating parties perform the inverse 14

15 operation for two-way communications. End-to end protection has the following properties: It is transparent to the mesh routers, since they only forward encrypted information and therefore there is no need for modification/adjustment of their operation. At the same time this transparency creates new threats since the mesh routers cannot check the integrity of the packets while they are in-transit and therefore any modified, spoofed or fabricated packet is only detectable at the endpoint. When a mesh client communicates with a party within the Internet, end-toend protection can cover also this path. This is a very important property since the mesh network operators cannot protect the traffic on the Internet. The endpoints must support the same protection method employed by the mesh clients and this may not be convenient, as most of the end devices are typically owned by end users. When end-to-end protection is fully employed, the network traffic between the mesh clients and the end systems, both within the mesh network and the Internet, can be protected by mechanisms on the application layer, such as TLS [28] or SSH [29]. There is also the option to introduce a network sub-layer that can provide general security services for all network traffic. Such solutions include off-the-shelf VPN (Virtual Private Networking) tools such as IPSec [30]. 6.2 Link-by-link protection In link-by-link protection the information within the mesh network is protected hopby-hop. These hops include the link between the mesh client and the access point, and the links between the mesh routers. The operator or pairs of operators that share a link can decide separately for each link the protection mechanisms, algorithms and keys that will be used. They can even choose what part of the traffic will be protected. The wide choice of the protection mechanisms that can be used as well as the level of the protection that will be provided is the main advantage of link-by-link protection. At the same time the protection at the link level is transparent to the end clients and endpoints, and it can be proven helpful against traffic analysis. Since the mesh routers are not physically protected they cannot be considered as trusted entities. As the link-by-link protection relies on dedicated protection mechanism on the routers, using stand alone link-by-link protection is not convenient. At the same time, link-by-link protection is the only solution against traffic analysis. In particular, link-by-link encryption can protect network meta-data, such as high level addresses and names, from disclosure to external attackers, and link - by- link integrity protection can help to detect modified or spoofed packets immediately, and therefore, it helps to avoid that modified or spoofed packets eat up bandwidth in the mesh network. By combining the use of link-by-link protection with end-to-end 15

16 protection we can overcome the lack of trust of the mesh routers, while gaining protection against traffic analysis. Link level protection can and should be based on standardized cryptographic algorithms, such as HMAC [31] for integrity protection and AES [32] for encryption. For the protection of the link between the mesh client and the access point, standard solutions based on WPA or WPA2 [33] should be used. Finally, since integrity protection includes the protection against replay attacks, the use of sequence numbers and flow identifiers, and their implicitly or explicitly inclusion in the MAC computation would be a solution. 6.3 Protection of route segments An approach in between the end-to-end and the link-by-link protection is the protection of route segments, where a segment of the communication path is protected. This intermediate solution my proven very useful in a multi-operator environment. There exist the following options for route segment protection: Protection of the client-access point links: Considering that the network operators or the entire mesh network may have used other protection mechanisms such as linkby-link protection, and/or the use of dedicated hardware like directional antennas that can significantly reduce security threats, the most vulnerable parts of the networks may be the wireless links between the mesh clients and the access points. Protection of segments that belong to other network operators: In a multi-operator mesh network, it is possible that some parts of the client's traffic is handled by mesh routers that belong to other network operators. If the client's trust is lower in those operators, then he may wish to protect the traffic in those foreign parts of the network. Protection of the client-gateway segments: Beyond the gateway, the Internet may be considered as a less vulnerable environment, as the links are generally physically protected. Therefore, the traffic may only be protected within the mesh network from the mesh client up to the gateway. Protection between the client and a traffic aggregation point outside of the mesh network: One typical goal of a mesh network is to provide larger bandwidth to the customers than it would be possible with a single link. For this reason, packets belonging to a single flow may be sent through multiple gateways, and then aggregated into a single flow again at some aggregation point within the Internet. In this case, the communication between the aggregator and the mesh client can be protected using standard protocols such as IPSec [30]. Route segment protection inherits some of the drawbacks of end-to-end protection. In particular, if the integrity of the packets can only be verified at the endpoints of the route segment, then modified or spoofed packets may waste valuable network resources, and thus, degrade the QoS provided to the users. In order to address this problem, one could use a broadcast authentication scheme, for instance digital signature, to ensure that the authenticity and integrity of the packets can be verified by the intermediate nodes on the route segment, while the encryption can still be used between the endpoints of the route segment. Furthermore, in order to avoid the 16

17 increased overhead caused by the verification of the digital signatures, this approach can be used in a probabilistic manner, or it can be turned on only if a large number of modified or spoofed packets are detected at the endpoints of the route segment. 7 Cryptographic key management In order to secure the operation of any network the usage of cryptographic mechanisms is required. Such cryptographic mechanisms include the use of cryptographic algorithms and protocols and rely on cryptographic keys. The protection of wireless communications within the mesh network includes the protection of the communications between the mesh clients and the access points, the protection of the routing protocols, the protection of the messages of the mesh client authentication protocols, and in some cases the protection of for mesh client authentication itself. For all the above cases, the employment of cryptographic key material is required. The protection of the wireless communications within the mesh network requires the establishment of shared keys between the entities of the network including neighbouring mesh routers in case of link-by-link protection, between remote mesh routers, and between mesh routers and remote gateways in the case of route segment protection. For the protection of the communication of mesh clients with the mesh network shared keys need to be established between mesh clients and access points. When a mesh client requests to connect to an access point of the mesh network, it has to authenticate itself to an authentication server, which will inform the access point about the result of the authentication. At the same time, the server may generate key material that will be used for the protection of the communication between the mesh client and the access point in case of successful authentication, and sends these keys to the access point. There are several options for the generation of these keys: they can be generated by the client, by the server or even by both in a contributory manner. All previous processes should take place only if it is ensured that the communication between the authentication server and the access point is protected. This means that the server and the access point should already maintain a shared key between them. Alternatively, the authentication of the mesh client can be based on a public key cryptographic protocol like the EAP-TLS where the public keys of the mesh client and the authentication server need to be distributed to the server and the client, respectively. Regarding the protection of the routing mechanisms, relying on shared keys established between mesh routers may not be enough. To this direction, a basic building block for securing routing could be a broadcast authentication scheme. As the mesh routers are not, at some extend, resource constrained, it would be convenient to employ broadcast authentication in mesh networks with digital signatures. This would require the distribution of the public signature verification keys corresponding to the mesh routers within the mesh network. To summarize, cryptographic protection mechanisms in mesh networks require both the establishment of shared symmetric keys between various network entities and the distribution of the public keys among some of them. Both key mechanisms can be supported by a public key infrastructure (PKI) established and maintained by the 17

18 mesh network operators. For the multi-operator environment considered here a PKI approach seems to be more simple and convenient. Next we describe a general framework for the employment of such PKI architecture in multi-operator based wireless mesh networks. PKI for multi-operator based mesh networks: A PKI for multi-operator based mesh networks could be established in the following way: Each operator maintains its own Certification Authority (CA) that issues certificates for the public keys of the mesh routers, the access points, the gateways, and the various servers operated by the given mesh network operator. In the case that operators use public key cryptographic protocols for the authentication of their customers, the CAs of the corresponding operators issue certificates for the mesh clients' public keys too. All network entities including mesh routers, access points, gateways, servers, and mesh clients store their own certificates, and the public key of their CA. At the same time, the CAs of the different operators cross-certify the public key of each other on a bilateral basis. The resulting certificates are stored in a publicly available storage, or alternatively, each mesh router, access point, gateway, and server can periodically download and locally store the certificates issued by its CA for the public keys of the other CAs. Given such a PKI, any two entities, say A and B, can easily establish a shared key. For this, each of them can send its public key certificate to the other. A can verify B's certificate using the certificate issued by A's CA for the public key of B's CA, and the public key of A's CA. B can verify A's certificate in a similar manner. Once they have obtained each other's public key, A and B can run any public key based session key establishment protocol to establish a shared secret. In [61] there is an extensive discussion of such available protocols. Moreover, any entity can generate digital signatures, which can be verified by all other entities using its public key, which can be obtained and verified as described above. Each CA can renew certificates on a regular basis depending on its own security policy. In addition, each CA can maintain a certificate revocation list (CRL) where it publishes revoked certificates. Each operator can obtain the CRL of all the other operators, and distribute all CRLs to its mesh routers, access points, gateways, and servers. Mesh clients can obtain CRLs from access points when they connect to them. 8 Secure Routing As we mentioned before, securing the routing layer in mesh networks is an important requirement, because an attacker can easily jeopardize the operation of the network and its services by manipulating the routing protocol. Hence, in this section, we address the problem of routing security in wireless mesh networks. We put special emphasis on the QoS-aware and multi-operator aspects of routing. 8.1 Attacker model for routing Attacks on routing may target the control plane or the data plane, where the control plane is responsible for disseminating, acquiring, and maintaining routing information in the network, and the data plane is responsible for forwarding data packets using the 18

19 routing information obtained from the control plane. In addition, an attacker can be an outsider or an insider. An outsider attacker has no control over any of the legitimate nodes of the network, but he tries to interfere with the operation of the protocol by exploiting the properties of the wireless communication medium. Outsider attacks on the control plane include the injection of fake routing control packets in the network or the replay of previously eavesdropped ones, as well as the deletion of control packets by jamming. Such attacks may prevent the proper dissemination of correct routing information in the network or they may result in the dissemination of incorrect routing information. Ultimately, all these attacks may lead to the disruption of communication in large parts of the network. Outsider attacks on the data plane include deletion of data packets by jamming, reordering data packets by eavesdropping, jamming, and replay, as well as injection of fake or modified data packets. Such attacks have narrower scope than attacks on the control plane, because they usually affect only those communications that use the attacked links. An insider attacker has all the capabilities of an outsider attacker, and in addition, he can fully control some of the nodes in the network. This means that the attacker can learn the cryptographic secrets of those nodes (if such secrets are used) and he can arbitrarily re-program those nodes. For this reason, the nodes controlled by the attacker are often called corrupted nodes. Consequently, corrupted nodes can send messages that look genuine (e.g., they can be authenticated by cryptographic means), and they can exhibit arbitrary behavior, meaning any deviation from the rules of the routing protocol. Insider attacks on the control plane include all deviations from the rules of disseminating, acquiring, and maintaining routing information in the network, while insider attacks on the data plane include dropping, delaying, re-ordering data packets, modifying their content before forwarding them, misrouting them, or any combinations of these misdeeds. Note that the model of insider attackers is realistic, because mesh networks often operate in an environment where physical protection of the nodes is not possible or very costly, and therefore, the nodes can be approached and attacked physically. 8.2 Security requirements for routing To defend against outsider attackers at the control plane, routing control messages used for the dissemination, acquiring, and maintenance of routing information must be authenticated, their integrity must be protected, and one must also be able to detect replays. Standard message authentication and replay protection techniques can be used for this purpose. However, those techniques will not protect against malicious deletion of control messages by jamming. As jamming cannot be prevented, the routing protocol must be robust against loss or deletion of some control messages. In particular, a jamming attacker in a given geographic area should not be able to prevent the dissemination and acquiring of routing information by routers outside the jammed area. Insider attacks at the control plane are impossible or extremely difficult to detect. For instance, two corrupted routers may announce each other as a neighbor although they are not within each other's transmission range, thereby creating a fake link in the 19

20 network topology graph perceived by other nodes. Such a link cannot be immediately identified as being fake by the other nodes. As this and similar kinds of attacks are very difficult to detect at the control plane, one must tolerate them there. However, if the resulting incorrect routing state has an effect at the data plane, one may detect the attack at that level. Continuing our example above, the fake link may be identified as a non-functioning link in the packet forwarding phase. Outsider and insider attacks at the data plane have similar effects, and they are concerned with the injection, manipulation, deletion, re-ordering, replay, and misrouting of data packets. In order to prevent some of these misdeeds, data packets must be sequence numbered, authenticated, and integrity protected. To cope with malicious dropping of data packets by corrupted routers, misbehaving routers must be identified and avoided in the route selection process. 8.3 State-of-the-art on secure routing Securing the control plane A number of secure routing protocols for wireless ad hoc networks have been proposed in the literature; a survey can be found in [34]. In addition, Chapter 7 of [35] discusses in detail the design principles of secure routing protocols for multi-hop wireless networks. Here, we summarize some design options for securing the control plane and refer to some prominent proposals for secure routing protocols as examples. Very few ad hoc routing protocols address security and QoS support at the same time; we complete this part by reporting on two such proposals [36, 37]. Control message authentication: Many of the attacks against the control plane are based on spoofing or modifying routing control messages. The usual way to thwart these types of misdeeds is to authenticate control messages. Since typically, a routing control message is processed by several (or all) nodes in the network, the authentication mechanism should enable broadcast authentication. Such broadcast authentication mechanisms include the digital signature and the TESLA protocol [38], which provides similar services to digital signatures, but uses only symmetric key primitives. Mutable information in control messages: In many routing protocols, notably in ondemand protocols, the intermediate nodes add information to the routing control messages before forwarding or re-broadcasting them. For instance, in on-demand source routing protocols, the intermediate nodes extend the list of identifiers in route request packets with their own identifiers. Likewise, in on-demand distance vector protocols, the hop count field in the routing messages is updated by each intermediate node. Since other nodes will act upon this added information, it must also be protected somehow from being forged and modified. However, control message origin authentication will not solve this problem, because the information that we are talking about is added after the originator has sent the control message. Additions can be traceable or untraceable. For instance, extending the list of identifiers accumulated in the route request in an on-demand source routing protocol is a traceable addition, because each modification preserves the previous state of the message, therefore, anyone can see who added information to it. In contrast to this, 20

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:

More information

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen Mobile Security Wireless Mesh Network Security Sascha Alexander Jopen Overview Introduction Wireless Ad-hoc Networks Wireless Mesh Networks Security in Wireless Networks Attacks on Wireless Mesh Networks

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Security in Ad Hoc Network

Security in Ad Hoc Network Security in Ad Hoc Network Bingwen He Joakim Hägglund Qing Gu Abstract Security in wireless network is becoming more and more important while the using of mobile equipments such as cellular phones or laptops

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Security for Ad Hoc Networks. Hang Zhao

Security for Ad Hoc Networks. Hang Zhao Security for Ad Hoc Networks Hang Zhao 1 Ad Hoc Networks Ad hoc -- a Latin phrase which means "for this [purpose]". An autonomous system of mobile hosts connected by wireless links, often called Mobile

More information

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257 Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION, TYPES OF ATTACKS AND

More information

Wireless Sensor Networks Chapter 14: Security in WSNs

Wireless Sensor Networks Chapter 14: Security in WSNs Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Packet Level Authentication Overview

Packet Level Authentication Overview Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description

More information

Security in Wireless Local Area Network

Security in Wireless Local Area Network Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June

More information

Securing SIP Trunks APPLICATION NOTE. www.sipera.com

Securing SIP Trunks APPLICATION NOTE. www.sipera.com APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Best Practices for Outdoor Wireless Security

Best Practices for Outdoor Wireless Security Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions EXECUTIVE SUMMARY Outdoor wireless networks are playing a vital role in helping municipalities deliver critical services to citizens.

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Recommended 802.11 Wireless Local Area Network Architecture

Recommended 802.11 Wireless Local Area Network Architecture NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless

More information

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks

Security and Privacy Issues in Wireless Ad Hoc, Mesh, and Sensor Networks Advance in Electronic and Electric Engineering. ISSN 2231-1297, Volume 4, Number 4 (2014), pp. 381-388 Research India Publications http://www.ripublication.com/aeee.htm Security and Privacy Issues in Wireless

More information

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks

Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Chapter 9: Transport Layer and Security Protocols for Ad Hoc Wireless Networks Introduction Issues Design Goals Classifications TCP Over Ad Hoc Wireless Networks Other Transport Layer Protocols Security

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

Enterprise A Closer Look at Wireless Intrusion Detection:

Enterprise A Closer Look at Wireless Intrusion Detection: White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become

More information

Industrial Communication. Securing Industrial Wireless

Industrial Communication. Securing Industrial Wireless Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...

More information

An Experimental Study on Wireless Security Protocols over Mobile IP Networks

An Experimental Study on Wireless Security Protocols over Mobile IP Networks An Experimental Study on Wireless Security Protocols over Mobile IP Networks Avesh K. Agarwal Department of Computer Science Email: akagarwa@unity.ncsu.edu Jorinjit S. Gill Department of Electrical and

More information

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.

More information

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

CHAPTER 1 INTRODUCTION

CHAPTER 1 INTRODUCTION 21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter

More information

Security Sensor Network. Biswajit panja

Security Sensor Network. Biswajit panja Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks

More information

Portable Wireless Mesh Networks: Competitive Differentiation

Portable Wireless Mesh Networks: Competitive Differentiation Portable Wireless Mesh Networks: Competitive Differentiation Rajant Corporation s kinetic mesh networking solutions combine specialized command and control software with ruggedized, high-performance hardware.

More information

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider INTRODUCTION Multiprotocol Label Switching (MPLS), once the sole domain of major corporations and telecom carriers, has gone mainstream

More information

Public Key Applications & Usage A Brief Insight

Public Key Applications & Usage A Brief Insight Public Key Applications & Usage A Brief Insight Scenario :: Identification, Authentication & Non- Repudiation :: Confidentiality :: Authenticity, requirements and e-business Integrity for electronic transaction

More information

SpiderCloud E-RAN Security Overview

SpiderCloud E-RAN Security Overview SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS

CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 137 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 CONCLUSION In this thesis, efficient schemes have been designed and analyzed to control congestion and distribute the load in the routing process of

More information

MUNICIPAL WIRELESS NETWORK

MUNICIPAL WIRELESS NETWORK MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Firewall Security. Presented by: Daminda Perera

Firewall Security. Presented by: Daminda Perera Firewall Security Presented by: Daminda Perera 1 Firewalls Improve network security Cannot completely eliminate threats and a=acks Responsible for screening traffic entering and/or leaving a computer network

More information

About the Authors Preface Acknowledgements List of Acronyms

About the Authors Preface Acknowledgements List of Acronyms Contents About the Authors Preface Acknowledgements List of Acronyms xiii xv xvii xix Part One Wireless Ad Hoc, Sensor and Mesh Networking 1 1 Introduction 3 1.1 Information Security 4 1.1.1 Computer Security

More information

Seamless Roaming in a Remote Access VPN Environment

Seamless Roaming in a Remote Access VPN Environment Always on If we look just a few years into the future, the office warrior who works exclusively onsite will be a scarce phenomenon. Instead, these busy professionals will use PCs, smartphones, and tablets

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET MR. ARVIND P. PANDE 1, PROF. UTTAM A. PATIL 2, PROF. B.S PATIL 3 Dept. Of Electronics Textile and Engineering

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd. Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised

More information

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security

CTS2134 Introduction to Networking. Module 8.4 8.7 Network Security CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

An Oracle White Paper December 2013. The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks

An Oracle White Paper December 2013. The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks An Oracle White Paper December 2013 The Value of Diameter Signaling in Security and Interworking Between 3G and LTE Networks Introduction Today s mobile networks are no longer limited to voice calls. With

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

chap18.wireless Network Security

chap18.wireless Network Security SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless

More information

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs

CHAPTER 6. VOICE COMMUNICATION OVER HYBRID MANETs CHAPTER 6 VOICE COMMUNICATION OVER HYBRID MANETs Multimedia real-time session services such as voice and videoconferencing with Quality of Service support is challenging task on Mobile Ad hoc Network (MANETs).

More information

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection

More information

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

SANE: A Protection Architecture For Enterprise Networks

SANE: A Protection Architecture For Enterprise Networks Fakultät IV Elektrotechnik und Informatik Intelligent Networks and Management of Distributed Systems Research Group Prof. Anja Feldmann, Ph.D. SANE: A Protection Architecture For Enterprise Networks WS

More information

The Keys for Campus Networking: Integration, Integration, and Integration

The Keys for Campus Networking: Integration, Integration, and Integration The Keys for Campus Networking: Introduction Internet Protocol (IP) is considered the working-horse that the vast majority of current and future applications use as the key technology for information exchange,

More information

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Security (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012 Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret

More information

SIP Security Controllers. Product Overview

SIP Security Controllers. Product Overview SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running

More information

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper 2006-20011 EarthLink Business Page 1 EXECUTIVE SUMMARY Multiprotocol Label Switching (MPLS), once the sole domain of major corporations

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

Mobile Office Security Requirements for the Mobile Office

Mobile Office Security Requirements for the Mobile Office Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

ITL BULLETIN FOR JANUARY 2011

ITL BULLETIN FOR JANUARY 2011 ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division

More information

CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING

CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING CHAPTER 6 CROSS LAYER BASED MULTIPATH ROUTING FOR LOAD BALANCING 6.1 INTRODUCTION The technical challenges in WMNs are load balancing, optimal routing, fairness, network auto-configuration and mobility

More information

Recommended IP Telephony Architecture

Recommended IP Telephony Architecture Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security

More information

7 Key Management and PKIs

7 Key Management and PKIs CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT)

Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Cisco CCNP 642 845 Optimizing Converged Cisco Networks (ONT) Course Number: 642 845 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: Cisco CCNP Exam 642 845:

More information

Heterogeneous network establishment assisted by cellular operators

Heterogeneous network establishment assisted by cellular operators Heterogeneous network establishment assisted by cellular operators Marc Danzeisen (1)(2), Torsten Braun (1), Daniel Rodellar (2), Simon Winiker (1)(2) (1) University of Bern, Computer Networks and Distributed

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Current and Future Research into Network Security Prof. Madjid Merabti

Current and Future Research into Network Security Prof. Madjid Merabti Current and Future Research into Network Security Prof. Madjid Merabti School of Computing & Mathematical Sciences Liverpool John Moores University UK Overview Introduction Secure component composition

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

Deploying a Secure Wireless VoIP Solution in Healthcare

Deploying a Secure Wireless VoIP Solution in Healthcare Deploying a Secure Wireless VoIP Solution in Healthcare Situation Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants

More information

Multidomain Network Based on Programmable Networks: Security Architecture

Multidomain Network Based on Programmable Networks: Security Architecture Multidomain Network Based on Programmable Networks: Security Architecture Bernardo Alarco, Marifeli Sedano, and Maria Calderon This paper proposes a generic security architecture designed for a multidomain

More information

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks Avesh K. Agarwal Wenye Wang Department of Electrical and Computer Engineering North Carolina State University,

More information

GSM and UMTS security

GSM and UMTS security 2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages

More information

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security 1 Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security for Hospitals: Various Solutions to Meet HIPAA Requirements. Jody Barnes East

More information

Application Note Secure Enterprise Guest Access August 2004

Application Note Secure Enterprise Guest Access August 2004 Application Note Secure Enterprise Guest Access August 2004 Introduction More and more enterprises recognize the need to provide easy, hassle-free high speed internet access to people visiting their offices,

More information

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Table of Contents Introduction 3 Deployment approaches 3 Overlay monitoring 3 Integrated monitoring 4 Hybrid

More information