Security in Wireless Residential Networks - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

Security in Wireless Residential Networks

Description:

An approach ofr implementing security in WRNs. Conclusions. Introduction ... Secret key algo. Public key algo. A brief overview of network security (cont. ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 36
Provided by: dslabCsi
Category:

less

Transcript and Presenter's Notes

Title: Security in Wireless Residential Networks


1
Security in Wireless Residential Networks
  • Prashant Krishnamurthy
  • Joseph Kabara
  • Tanapat Anusas-amornkul
  • IEEE Transactions on Cosumer Electronics
  • February 2002

2
Outline
  • Introduction
  • A brief overview of network security
  • Security in wireless technologies for residential
    networking
  • Characteristics of residential networks
  • An approach ofr implementing security in WRNs
  • Conclusions

3
Introduction
  • Residential networking is expected to experience
    accelerating growth over the next few years.
  • The residential networks will interconnect a wide
    variety of Internet appliances.
  • WRNs must support a variety of devices, different
    types of traffic, different applications and be
    simple ton install, inexpensive, and easy to
    manage and modify.

4
Introduction (cont.)
  • Breaching security in wireless networks by
    eavesdropping and masquerading is particularly
    easy.
  • We provide a mechanism that can unify a security
    architecture for the home despite the diverse
    nature of the requirements, network , devices and
    protocols.
  • We also provide a classification of the security
    issues and requirements in WRNs and provide a
    frame work that may be employed in WRNs for
    designing security services and mechanisms.

5
A brief overview of network security
Security Services
6
A brief overview of network security (cont.)
  • Other security services ----
  • Authorization
  • Authentication
  • Identification

7
A brief overview of network security (cont.)
  • Encryption algorithms
  • The strength of the encryption is dependent
    mostly on the size of the secret key.
  • Encryption algorithms employed today are almost
    impossible to break except by brute force that
    involves searching through all possible keys.

8
A brief overview of network security (cont.)
  • Encryption algorithms
  • Hybrid encryption schemes tat use a public key
    algorithm for key exchange and secret key
    algorithms for bulk data transfer are currently
    in vogue

9
A brief overview of network security (cont.)
10
Security in wireless technologies for residential
networking
  • Wireless technology is becoming the popular
    choice for networking in residences because of
    convenience.
  • The greatest obstacle to networking in residences
    is the lack of structured wiring.
  • Also, wireless networking provides mobility for
    consumer electronic devices.
  • Lastly, wireless networking provides the ability
    to control or access networked devices.

11
Security in wireless technologies for residential
networking (cont.)
  • Wired solutions inherently provide more security
    than wireless because they cannot be tapped
    easily.
  • The most popular technologies in the market today
    and the ones likely to be deployed in the
    residential environment are the IEEE 802.11b and
    the Bluetooth standards.

12
Security in IEEE 802.11
  • The 802.11 standard specifies a Wired Equivalent
    Protocol (WEP) mechanism for wireless security.
    The WEP can provide confidentiality, access
    control and message integrity services.
  • An access point can be configured in 2 modes
  • Open-system modeWEP data encryption
  • Shared-key modeprovides WEP encryption and
    authentication
  • Denial of service

13
Security in Bluetooth
  • Bluetooth devices operate in an ad-hoc manner
    (peer-to-peer communication).
  • Bluetooth specifications provide usage protection
    and information confidentiality.
  • It has three modes of operation
  • Non-secure mode
  • Service-level mode
  • Link-level security mode

14
Security in Bluetooth (cont.)
  • Devices also can be classified into trusted and
    distrusted.
  • Bluetooth uses
  • two secret keys (128 bits for authentication and
    8-128 bits for encryption)
  • A 128d-bit random number and the 48-bit MAC
    address of devices.

15
General technique for sharing keys in wireless
networks
  • Most wireless networks employ identification
    schemes followed by hash algorithms to generate
    fresh keys that can be used with a secret key
    algorithm to provide various security services.
  • Hashing a random number concatenated with a
    secret identifying parameter known only to the
    communicating parties can securely generate keys.
  • Generally, the shared secret should be at least
    80 to 128 bits in length.

16
Characteristics of residential networks
  • The lack of standardization, the different
    perspectives from which consumer devices are
    manufactured, and especially their varying
    capabilities and needs.
  • This heterogeneity affects the requirements of
    any protocol or security mechanism used to
    support the network.

17
Heterogeneity of devices, their capabilities and
their requirements
  • Electronic devices networked in residences are
    usually classified into two categories home
    automation and computer communications.
  • Home automation mostly operate at low data rates.
  • Computer with multimedia Internet appliances have
    the ability to download music or obtain video on
    demand over the Internet via broadband Internet
    service to the home.

18
Heterogeneity of devices, their capabilities and
their requirements (cont.)
  • The device capabilities are vastly different with
    respect to implementation of security mechanisms.
  • No single security mechanism can provide all
    possible security services and not all devices
    require the same level of sevurity.

19
Heterogeneous applications
  • The applications supported on the network are
    also diverse. Each application will have security
    algorithms that are best suited for it.
  • Multimedia Internet appliances that directly
    connect to the network cant tolerate delay or
    jitter.
  • High data rate services will require algorithms
    that can encrypt very fast while low data rate
    services will be constrained by economic and
    power consumption factors.

20
Wireless security issues
  • Modular exponentiation of 1024 bit numbers
    consumes the mobile terminals battery very
    quickly. (minimum required for public key
    protocols)
  • Secret key algorithms require elaborate key
    management schemes, violating the ease of
    implementation requirement.
  • Several handshakes -gt consumes battery power,
    bandwidth and time.

21
Summary
  • Any solution must satisfy the following
    requirements
  • The cost of implementing the security mechanism
    must not be prohibitive.
  • The security mechanism must be simple to
    implement and maintain.
  • There should be minimum changes to existing
    standards and products.
  • The solution should be scaleable.
  • The solution should be upgradeable.

22
An approach for implementing security in WRNs
  • The primary concern in residential networks will
    be access control.
  • We classify devices that connect to the WRN into
    categories. We also classify different levels of
    security assigned to these devices.
  • We then layout an infrastructure with a universal
    access point that enforces security in the WRN by
    implementing algorithm agility and a containment
    security policy based on the category of device
    and its security level.

23
An approach for implementing security in WRNs
(cont.)
  • Categories of WRN devices
  • Low data rate low power fixed devices
  • Low data rate high power fixed devices
  • Low data rate low power mobile devices
  • High data rate high power fixed devices
  • High data rate low power mobile devices
  • High data rate high power mobile devices

24
An approach for implementing security in WRNs
(cont.)
  • Categories of security services
  • No security
  • Moderate security
  • Wireline equivalent security
  • High security
  • Ultra-high security
  • Critically high security

25
The architecture
  • The architecture of a WRN can have two
    possibilities
  • Ad hoc a topology
  • An infrastructure-based network with an access
    point
  • The second on is preferable because each device
    has to identify/authenticate itself with the
    access point.
  • A device is identified by its physical address
    and a class that is determined based upon a tuple
    associated with it. The tuple consists of the
    device category and the security level.

26
The architecture (cont.)
27
The architecture (cont.)
  • Authentication and access-control can be tied in
    together with a message authentication code.
  • A message authentication code is represented as
    MAC ck(x) where x is the message and k is a
    shared secret key.
  • There are two ways of implementing a MAC either
    encrypting a hash function or hashing together
    the message and the secret key.

28
The architecture (cont.)
  • These two approaches ca be written as
  • c1,k(x) ek (h (x))
  • c2,k(x) h (k x)
  • h () is the hash function,
  • ek is a secret key encryption algorithm
  • Both approaches are secure, but the second one is
    faster and hence preferred.
  • A want to transmit a message to B, A will send
  • y x ck(x)

29
Enforcement of security using algorithm agility
and containment at the access point
  • The access point will implement algorithm-agile
    encryption and also have security mechanisms for
    containment based on the algorithm chosen.
  • The algorithm-agile encryptor will allow the
    access point to determine what encryption
    algorithm is applied to an incoming request for
    access and relay, and act accordingly based on
    security policies associated with the connection.

30
Enforcement of security using algorithm agility
and containment at the access point (cont.)
  • Containment refers to the ability of the network
    to keep certain security levels of information
    from leaking out of a particular region.
  • Communication from a tuple consisting of a
    security level and device category shall be
    relayed only to another device with a tuple
    falling into the same class.
  • The access point must ensure that no traffic from
    a low-security communication session is relayed
    to a high security device

31
An example of the security mechanism
  • The music deviceDeva
  • Its device categoryDc, security level SL
  • An algorithm Alg, a nonce RN

32
An example of the security mechanism (cont.)
33
Advantages and limitations
  • The advantage of this approach is that the
    security mechanism is simple to implement and
    maintain.
  • The security mechanism is upgradeable. New
    algorithms and policies can be put in place,
    expanded, improved and customized as needed.
  • The primary limitation is that this does not
    solve the simple denial of service attack
    although the access point can discard packets
    that are not part of the network.

34
Advantages and limitations (cont.)
  • The access point is unlikely that several streams
    of devices will request service simultaneously.
  • Also, the medium access control protocols of IEEE
    802.11 and Bluetooth prevent simultaneous access
    to the medium from several devices.
  • It is possible that someone can hack into the
    access point.

35
Conclusions
  • The cost of wiring a home for networking devices
    being prohibitive, the trend is towards an all
    wireless or hybrid wireless-wired networking
    solution.
  • The complexity of the WRNs require a solution
    that can service a variety of security levels and
    different categories of devices.
  • We have presented a systematic classification of
    WRN devices, security categories and discussed a
    solution based on algorithm agility and a
    containment based security policy.
Write a Comment
User Comments (0)
About PowerShow.com