Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
1Activity
×
0 of .
Results for:
No results containing your search query
P. 1
An Efficient Self-Organized Authentication and Key Management Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks

An Efficient Self-Organized Authentication and Key Management Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks

Ratings: (0)|Views: 426|Likes:
Published by ijcsis
Wireless internet services are rapidly expanding and improving, it is important to provide users with not only high speed and high quality wireless service but also secured. Multihop relay-based support was added, which not only help for improving coverage and throughput but also provides features such as lower backhaul deployment cost, easy setup, robustness and re-configurability, which make it one of the indispensable technologies in next generation wireless network. A WiMAX network usually operates in a highly dynamic and open environment therefore it is known to be more vulnerable to security holes. Security holes most of the time is trade off with authentication and key management overheads. In order to operate securely, communication must be scheduled either by a distributed, centralized or hybrid security control algorithms with less authentication and key management overheads. In this paper, we propose a new fully self-organized efficient authentication and key management scheme (SEAKS) for hop-by-hop distributed and localized security control for Multihop non-transparent relay based IEEE 802.16 networks which not only helps in security counter measures but also reduce the authentication and key maintenance overheads. The proposed scheme provides hybrid security controls between distributed authentication and localized re-authentication and key maintenance. The proposed scheme uses distributed nontransparent decode and forward relays for distributed authentication when any non-transparent Relays (NRS) want to join the networks and uses localized authentication when NRSs want to re-authenticate and do key maintenance. We analyze the procedures of the proposed scheme in details and examine how it works significantly to reduce overall authentication overheads and counter measures for security vulnerabilities such as Denial of Service, Replay and interleaving attacks.
Wireless internet services are rapidly expanding and improving, it is important to provide users with not only high speed and high quality wireless service but also secured. Multihop relay-based support was added, which not only help for improving coverage and throughput but also provides features such as lower backhaul deployment cost, easy setup, robustness and re-configurability, which make it one of the indispensable technologies in next generation wireless network. A WiMAX network usually operates in a highly dynamic and open environment therefore it is known to be more vulnerable to security holes. Security holes most of the time is trade off with authentication and key management overheads. In order to operate securely, communication must be scheduled either by a distributed, centralized or hybrid security control algorithms with less authentication and key management overheads. In this paper, we propose a new fully self-organized efficient authentication and key management scheme (SEAKS) for hop-by-hop distributed and localized security control for Multihop non-transparent relay based IEEE 802.16 networks which not only helps in security counter measures but also reduce the authentication and key maintenance overheads. The proposed scheme provides hybrid security controls between distributed authentication and localized re-authentication and key maintenance. The proposed scheme uses distributed nontransparent decode and forward relays for distributed authentication when any non-transparent Relays (NRS) want to join the networks and uses localized authentication when NRSs want to re-authenticate and do key maintenance. We analyze the procedures of the proposed scheme in details and examine how it works significantly to reduce overall authentication overheads and counter measures for security vulnerabilities such as Denial of Service, Replay and interleaving attacks.

More info:

Published by: ijcsis on Apr 09, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

04/09/2011

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 3, March 2011
 
An Efficient Self-Organized Authentication and KeyManagement Scheme for Distributed Multihop Relay-Based IEEE 802.16 Networks
Adnan Shahid Khan, Norsheila Fisal, SharifahKamilah, Sharifah Hafizah, Mazlina Esa,
 
Zurkarmawan Abu BakarUTM-MIMOS Center of Excellence inTelecommunication Technology, Faculty of ElectricalEngineering, Universiti Teknologi Malaysia 81310Skudai, Johor, Malaysia,adnan.ucit@gmail.com,{sheila,kamilah,sharifah, mazlina,zurkarmawan}@fke.utm.my,M. AbbasWireless Communication ClusterMIMOS Berhad, Technology Park Malaysia57000 Kuala Lumpur, Malaysiamazlan.abbas@mimos.my 
Abstract 
Wireless internet services are rapidly expanding andimproving, it is important to provide users with not only highspeed and high quality wireless service but also secured.
 
Multihop relay-based support was added, which not only help forimproving coverage and throughput but also provides featuressuch as lower backhaul deployment cost, easy setup, robustnessand re-configurability, which make it one of the indispensabletechnologies in next generation wireless network. A WiMAXnetwork usually operates in a highly dynamic and openenvironment therefore it is known to be more vulnerable tosecurity holes. Security holes most of the time is trade off withauthentication and key management overheads. In order tooperate securely, communication must be scheduled either by adistributed, centralized or hybrid security control algorithmswith less authentication and key management overheads. In thispaper, we propose a new fully self-organized efficientauthentication and key management scheme (SEAKS) for hop-by-hop distributed and localized security control for Multihopnon-transparent relay based IEEE 802.16 networks which notonly helps in security counter measures but also reduce theauthentication and key maintenance overheads. The proposedscheme provides hybrid security controls between distributedauthentication and localized re-authentication and keymaintenance. The proposed scheme uses distributed non-transparent decode and forward relays for distributedauthentication when any non-transparent Relays (NRS) want tojoin the networks and uses localized authentication when NRSswant to re-authenticate and do key maintenance. We analyze theprocedures of the proposed scheme in details and examine how itworks significantly to reduce overall authentication overheadsand counter measures for security vulnerabilities such as Denialof Service, Replay and interleaving attacks.
Keywords-
 
Wimax Security, Multihop Relay based IEEE802.16, Key Management, Self-Organized Authentication)
I.
 
I
NTRODUCTION
In Multihop Relay (MR) network, two different securitymodes are referred, the first one is referred to as thecentralized security mode which is based on key managementbetween an Multihop Relay Base Station (MR-BS) and anMobile Station (MS), here Relay Station (RS) is just anamplify and forward, but in the second security mode, referredto as distributed modes, which incorporate authentication andkey management between an MR-BS and a non-transparentRS we called as NRS and between the NRS and a MS. Duringthe registration process, an RS can be configured to operate indistributed security mode based on its capability [1]. SinceAUTH-INFO message is optional and informative we beginwith the security analysis from the AUTH-REQ message. Asthis message is plain text and for such message, eavesdroppingis not a problem since the information is almost public and ispreferred to be sent in plain text to facilitate authentication. Tocapture and save the authentication message sent by alegitimate, is not a big deals, thus NRS may face a replayattack from an adversary. Although an adversaryeavesdropping the message, cannot derive the AK from themessage, because it does not have the corresponding privatekey. However, the adversary still can replay message IImultiple times and then either exhaust NRS capabilities orforce NRS to deny the SS who owns that certificates [1] [2].The reason is that if NRS sets a timeout value which makesNRS reject Auth REQ from the same MS in a certain period ,the legitimate request from the victim MS will be ignored.Then denial of service attack occurs to victim MS, howeverthe ultimate solution for these types of attacks are theintroduction of digital signatures at the end of the messageswhich can be automatically time-stamped, that basicallyprovides the authentication and non-repudation of thismessage. The design of digital signature system may beflawed or vulnerable to some specific attacks such as collisionattacks against X.509 public-key certificates andcryptographically weak pseudo random bit generator.Adversaries may attempt for total break, universal forgery,selective forgery or existential forgery.The strongest security definition requires protection againstexistential forgery even if an adversary is able to mount anadaptive chosen message attack. Later, nonce was added to the
30 http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 3, March 2011
 digital signature, the idea of nonce values is that they are usedonly once with a given key, however, the exchange of nonceonly assures SS that message III is a replay corresponding toits request. The NRS still faces the replay attack because NRScannot tell whether message II is sent recently or it is just anold message [3]. If reply attack cannot be successful, for sure‘denial of service’ will occur. The author of [4] also suggestedpassing the pre-AK to SS instead of AK and let SS and NRSderive AK from pre-AK at both ends. If the generation of AKexhibits significant bias, adding freshness in the AK mayprevent the exposure of the AK, however according to [4] thiscannot provide freshness as they claimed. If we consider thesecurity issues of relay-based IEEE 802.16 networks incentralized as well as distributed authenticated, every nodeneed to authenticate itself with MR-BS and ultimately withAAA server. Secondly, every node needs to maintain twosimultaneously keys AK and TEK to remain authenticated.Failure to maintained these keys will result in the re-authenticated from scratch which is no doubt extraauthenticated overhead. Let’s suppose, there are five NRS,where every NRS has to keep track of its AK and TEKs andconsequently authentication. Thus generation of authenticationoverhead by five NRS no doubt lessen the overall deployednetwork efficiency. To solve this authentication overheadproblem, Self organized and efficient authentication and keymanagement scheme (SEAKS) proves to be the best candidatein the relay-based IEEE 802.16 network, which utilized non-transparent and decode and forward relays. SEAKS provideshybrid scheme with distributed authentication and localizedre-authentication and key maintenance. However, thistechnique not only helps in minimizing the overallauthentication overhead on MR-BS and AAA server but alsoprovide efficient way to countermeasure the vulnerabilities.The rest of the paper is organized as follows, after relatedwork, section 3 gives the overview of generals attacks onnetwork, section 4 discusses centralized and distributedauthentication controls, section 5 deals with the security goalsof relay-based WiMAX network, section 6 describe the self-organize scheme (SEAKS), section 7 gives the analysis of proposed scheme which is followed by conclusion and futurework.II.
 
RESEARCH BACKGROUND
 In 2006, the IEEE 802.16 working group (WG) approveda project Authorization Request (PAR) focused on the RelayTasks Group (TG). The main task of this Relay TG was todevelop an amendment to the IEEE Std 802.16 enabling theoperation of Relay Station (RSs) in OFDMA wirelessnetworks defined by 802.16 [2]. Enhancement of Relays tosupport Multihop not only increases the wireless converge butalso provide features such as lower backhaul deployment cost,easy setup and high throughput.
 
Relay stations concept asdiscussed in [1][2] and [5] introduced four types of RSs fromthe perceptive of physical and Mac layer. After successfulcomparison, the main focus of this research is on the non-transparent RS operating in distributed scheduling and securitymode [2], WiMAX relay-based network in still under draft andliterature is very sparse. In this network, all the relays areconnected to MR-BS wirelessly and transparently or non-transparently and only MR-BS is connected to IP cloud as abackhaul, thus this infrastructure can be used in many realtime applications [2].As the matter of fact, security is essential in wirelesstechnologies to allow rapid adoption and enhance theirmaturity. Due to lack of physical boundaries, the whole relay-based infrastructure in exposed to security holes. However,IEEE 802.16 standard stipulates some powerful securitycontrols, including PKMv2, EAP-based authentication andover-the-air AES based encryption. But secure technologydoes not in itself comprise a secure end-to-end network andconsequently, WiMAX presents a range of securityvulnerabilities. Since the first Amendment was released onMR specifications [1], a few papers have been published tointroduce and address the security issues. There are somepapers that review this standard in details such as [6] and [7],and there are some papers they purely works on keymanagements specially Sen Xu and Manton Mathews whopublished a series of work such as [3] and [4] on securityissues on the standard as well as on Privacy key Management(PKM) protocols. Karen Scarfore with her team came up witha special publication on Guide to security for Wimaxtechnologies (Draft) which was the recommendations of theNational Institute of Standards and Technology (NIST).Taeshik Shon and Wook Choi [8] discussed about theAnalysis of Mobile WiMAX Security, Vulnerabilities andSolutions. Y. Lee and H. K. Lee in their paper [9] gives morefocus on hybrid authentication scheme and key distribution forMMR in IEEE 802.16j.The authors [10] and [11] review the standard andanalyzed its security in many aspects, such as vulnerabilities inauthentication and key management protocols and failure indata encryption. In IEEE 802.16j [12] standard, MultihopRelay (MR) is an optional deployment in which a BS in(802.16e) may be replaced by a Multihop Relay BS (MR-BS)and one or more relay stations (RS). The MR mechanismprovides several advantages, such as providing additionalcoverage for the serving BS, increasing transmission speed inan access network, providing mobility without SS handover,decreasing power consumption when transmitting andreceiving packets, and enhancing the quality of services [3].There has been a significant amount of work done on securityissues and their protocols as shown above but none of thesecover security protocols which works for minimizedauthentication and key management overheads in non-transparent Relay-based WiMAX networks in distributedenvironment.III.
 
G
ENERAL
A
TTACKS ON
R
ELAY
-B
ASED
IEEE
 
802.16
 
N
ETWORK
 Before we start to elaborate our self organized algorithm,we would like to high-light some of the typical MAC layerattacks on authentication and key management protocols. Thefirst and very common attack is message replay attack [7].This attack is not only common in key management andauthentication protocols but also in multicast and broadcast (M& B) services [11]. In a replay attack, an adversary intercepts
31 http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 3, March 2011
 captures and saves the authentication messages sent by thelegitimate RS/SS. Thus adversary impersonates the legitimateRS/SS and resends this message after specific period of time.Denial of service (DoS) is also one of the major attacks inwireless networks especially in WiMAX networks. Here,consider an adversary that eaves-dropping the message cannotderive the AK as it does not have the corresponding privatekey. This adversary still can replay AUTH-REQ messagemultiple times and thus exhaust MR-BS capabilities and forceMR-BS to deny this adversary. This may happen, if the MR-BS sets a time out value which makes MR-BS reject AUTH-REQ message from the same RS/SS with an interval of time.Thus, MR-BS denies the legitimate RS/SS AUTH-REQ,which actually owns the certificate. DoS are common inauthentication, key management protocols and M & Bservices. Man-in-the-Middle (MiTM) attack is another criticalattack and is generally applicable in communication protocolscheme where mutual authentication is absent especially inPKMv1. This attacks leads to message modification andmasquerading problems, specially node spoofing, rogue baseas well as relay stations, theft of service (ToS). To avoidMiTM attack on PKM protocol, mutual authentication wasproposed i.e. PKMv2. No doubt PKMv2 is soundly safe forMiTM but it cannot help allowing adversary to playinterleaving attack.Interleaving attack in complex to be explained but easy toattempt. An adversary attempts this attack with the help of twodifferent instances. In the first instance, adversaryimpersonates as SS/RS and sends the interrupted message tothe MR-BS. MR-BS authenticates and replied withcorresponding keys. Adversary needs to reply these keys toRS/SS to be successfully authenticated, as it cannot decryptthe message encrypted by the SS/RS’s public key in order toget the AK to encrypt the nonce challenge. Thus, it cannot doauthentication currently. Now to solve this technicality,adversary force RS/SS to run another protocol instance toanswer the challenge. Once RS/SS send the request, adversaryreplies SS with the same nonce challenge which the MR-BSsends him. Thus RS/SS send nonce and AK to adversarywhich later sends to MR-BS to finish this authenticationsuccessfully. This attack normally can occur only on PKMv2or where mutual authentication is present. In IEEE 802.16Multihop networks, the number of wireless devices engross isincreased, thus produce wide space for interleaving attack [3][4].IV.
 
C
ENTRALIZED VS
.
 
D
ISTRIBUTED
A
UTHENTICATION
 
A.
 
Centralized Security Control
In this mode, the intermediate RS is not involved with theestablishment of the security association (SA) between MSand MR-BS in the multihop relay system. The RS only simplyrelays the user data or MAC management message that itreceives from the MS, but the RS does not process it. RS doesnot have any key information relevant to the MS, and all thekeys related to MS are maintained at the MS and MR-BS [13].When the SA is established between RS and MR-BS in theMR system, key data is shared and maintained at the particularRS and MR-BS, such as AK, and the intermediate RS does nothave this key information. The intermediate RS use particularshared keys to authenticate management messages whichreceived from other RSs [12][14].
B. Distributed Security Control
In this mode, an access RS, which provides a point of access into the network for an MS or RS, can derive theauthentication key established between MS and MR-BS. AnRS can be configured to operate in distributed security modebased on its capability during the registration process, andrelays initial key management messages between the MR-BSand MS/subordinate RS. Upon master session keyestablishment, access RS securely acquires relevantAuthorization Key of the subordinate RS/MS from the MR-BS. Using PKM protocol, the access RS can derives allnecessary keys. Different traffic encryption keys (TEKs) areused for relay link and access link in distributed securitycontrol mode. They are distributed by MR-BS and RSrespectively [4][15]. The SA will be created between an MS,an access RS and the MR-BS in distributed security mode.Each MS shall establish an exclusive primary SA with the RS,interacting with the RS as if it were a BS from the MS’s view.Similarly, each RS shall establish an exclusive primary SAwith MR-BS [12][16].V.
 
S
ECURITY
G
OALS
O
F
R
ELAY
-B
ASED
W
I
MAX
 
N
ETWORKS
 Non-transparent Relay-based WiMAX network mayrequire the following security function, which have not widelybeen studied by others until now.
 
Localized and hop-by-hop authentication is required.In Relay-based WiMAX network. NRS in introducedfor coverage extension and throughput enhancement,for this purpose, hop-by-hop authentication betweenNRS, NRS/MS and NRS/MR-BS should besupported for self organized network operations.
 
All the participating devices must be validated andauthenticated by AAA server through MR-BS,because digital certificates of participating devicesare only registered in AAA server database, however,NRS should authenticate other NRS/MS on behalf of MR-BS, and basically this concept leads ourproposed scheme towards self organized way.
 
Conventional MS should be used in non-transparentRelay-based WiMAX network without any functionalmodification in MS.
 
Overall authentication overhead should beminimized.In this paper we proposed self organized distributed andlocalized authentication and key management, where initiallyparticipating devices validated and authenticated by MR-BSand afterward NRSs are responsible for authenticating andmanaging freshness of AK/TEK. The proposed schemealleviates above security problems and examined how itsatisfies the security requirements of non-transparent Relay-based WiMAX networks.
32 http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->