www.ietf.org/rfc/rfc3748.txt, June 2004. [5] WP4 partners, âAAAC Designâ, Deliverable D0401, Moby Dick project. IST-2000-25394, January 2002. [6] Handover.
Authentication and authorization architecture design for hybrid mesh networks Radu Lupu, Mihai Stanciu Telecommunication Dept. University Politehnica of Bucharest Bucharest, Romania {rlupu, ms}@elcom.pub.ro, infrastructure (see [1], [2]), as well as, consecrated more general security mechanisms that could fulfill the SMART-Net security requirements (e.g. [3], [4]).
Abstract— Nowadays, the definition and integration of the security measures within the communication network infrastructure from its early stages of design represents a common required task. This paper focus on the overall security architecture we designed for hybrid mesh networks (802.11 and 802.16). The main objectives of our security architecture are the authentication and authorization (AA) of devices/users for granting access to the connectivity services. We point out the main design security requirements we addressed and define our IEEE 802.1x-based security architecture. Thereafter, we present the preliminary validation results achieved to date.
The required support for pervasive real-time applications has shown that proving high-level security of the related security mechanisms is not sufficient. In addition, the security mechanisms must guarantee to fulfill the overall real-time application performances requirements. Before being implemented the security mechanisms should be validated. This paper presents as method of validation a simulation-based one, whose steps and procedures proposed are presented in the next sections. The security procedures are compliant with the general SMART-Net architecture.
Keywords: authentication, authorization, mesh access network, real-time secure handover
I.
Similar research work has already been done in [5] and [7] projects, but none of them assumed to address the real-time mobile communication requirements. In addition, we claim that our solution operates either over 802.11 or 802.16 networks. Our solution is based on the emerging [6] architecture design currently in progress to become a standard.
INTRODUCTION
Several statistics achieved in the past decade on the attacks that span the Internet, show that the most frequent ones are due the flaws of the identification and authentication mechanisms. Consequently, a couple of security mechanisms have been specified for strengthening the security level of the legacy TCP/IP stack, but they are often inconvenient in terms of cost of installation and operation, as well as, security level achieved. This experience shown that the security problems of a networking technology should be considered from its early stages of design. The last decades standards (especially in wireless domain) expose this trend.
The paper is organized as follows: Section II outlines the main requirements that represented the overall guideline in the design process of the security architecture. Thereafter, the overall security architecture it is depicted including a definition of the main functional components and their interactions in order to achieve the SMART-Net authentication and authorization services required. In Section III a two phase’s validation process is specified for assessment of the grade of fulfilment of the SMART-Net scenarios’ security requirements by our security architecture and mechanisms. Then, in Section IV our preliminary work on security properties verification is presented. This paper ends with Section V that concludes on the current status of the work and points out what will be done in the next.
In this paper, we present the security architecture we defined and specified to provide authentication and authorization services for hybrid mesh networks developed within the framework of SMART-Net project1. This networkoriented project studies and develops smart antennas technologies inside mesh networks, in order to improve coverage, spatial reuse of frequency resources, routing, network resources control and management and security functionalities.
II.
To date, the SMART-Net AA architecture and mechanisms specified, especially address the real-time handover security requirements, besides several more general architecture-level requirements. Furthermore, during our design process we had taken into consideration the possibility of integration of the standard security solutions that comes with the SMART-Net 1
The SMART-net overall architecture divides [8] the network environment in three sections and a reference model:
EU funded project IST STREP 223937
c 978-1-4244-6363-3/10/$26.00 2010 IEEE
SMART-NET SECURITY ARCHITECTURE
301
•
The Radio Access Network (RAN) - providing the radio access infrastructure.
•
The Backhaul Access Network (BAN) - providing backhaul connectivity to link the RAN(s) to CSN. The
RAN
RAN Sec. Domain
BAN
BAN Sec. Domain
capable to play supplicant, as well as, authenticator roles in order to allow incrementally build up of the SMART-Net secure mesh infrastructure, while the new entities are joining the infrastructure (see Figure 2).
CSN
A. SMSG-R/B Security Gateway The main security component is the security gateway SMSG-R/B in charge with the RAN/BAN security policy enforcement and control. There is a single instance of SMSGR/B per RAN and BAN, respectively. It can be run collocated with a SMS-R/B or SMR-R/B entity. More specifically, the security gateway can play the role of a backend user/device authentication and authorization server (module L-AA) for local users/devices, upon the subscriber-based model. Alternatively, SMSG-R/B has the proxy role for authentication and authorization of the visiting users/devices. The local users/devices must be a priori registered and theirs credentials stored in a databases that is accessible to the L-AA module. Also, the SMSG-R/B entity is responsible for obtaining authorized connectivity service to the upstream network, on behalf of all devices/users entities within the RAN/BAN. For the case of real-time handover (including roaming), the SMSGR/B should have the required functionality to allow efficient reauthentication procedures to be run locally, as much as possible.
CSN Sec. Domain
Figure 1: SMART-Net security Domains RAN and BAN can be considered together as the Access Services Network (ASN). •
The Core (Connectivity) Services Network (CSN) – providing general wide area IP connectivity services. The CSN is out of scope of the SMART-Net project.
According to the overall SMART-Net architecture, reference model and business model, the security architecture design must fit the separate security administration domains corresponding to the RAN and BAN access networks, as defined in [9]. The CSN security architecture is out of the scope of SMART-Net project. Due the similarity of the RAN and BAN network functionalities, the security architecture design for RAN is analogous to the one for BAN (see Figure 2). The overall requirements of the SMART-Net security architecture are: •
flexibility, through the use of security protocols (e.g. EAP) that are independent of the link layer technology (IEEE 802.11 or IEEE 802.16), as well as, the cryptographic algorithms negotiation;
•
extensibility, based on underlying 802.1x security architecture model;
•
scalability, assured by lightweight cryptographic mechanisms;
•
centralized security system design facilitate credentials management and matches the general SMART-Net infrastructure design;
•
support for intra/inter-domain devices mobility, through efficient handover re-authentication mechanisms.;
•
support a separate single entity security administration for each network: RAN, BAN and CSN;
•
provides withstand security services for mitigation of MITM (Man-In-The-Middle) and DDoS (Distributed Denial Of Service) attacks, theft of network connectivity service [10]
B. Security Associations Dynamic (SAd) and static (SAs) security associations will be used within the RAN/BAN networks to implement cryptographic-based security services. Mainly, the SAd are used to deploy security services upon a hop-by-hop security model (packet authentication, integrity and confidentiality). SAd are established by means of authentication protocols according to the 802.1x security model. For instance, in Figure 2 a new SMS-R (also with the role of SMSG-R) entity wants to join the BAN network. First, SMS-R will be authenticated and authorized by the SMSG-B entity based on pre-shared SA and the network status. In the case of a successful authentication, the supplicant module located on SMS-R and the authenticator module located on the physical adjacent SMS-B entity will run the authentication protocol which will yield a new SAd that can be used to secure the radio link that connects them. SAs are pre-established in between RAN/BAN devices/users (i.e. SMSR/B or SMR-R/B) and SMSG-R/B at their registration time. Figure 3 depicts the interaction between the security architectures components according to the 802.1x security model: the SMART-Net AA method we designed (according to [12]) is running directly between Supplicant module located on SMS-R/B and L-AA (Authentication Server) located on the SMSG-R/B. Due the limited space constraints we can not specify our AA method here. The EAP is used to guarantee AA protocol will operate independently of OSI L2’s technologies. For SMART-Net it is assumed that SMS-R/B and SMSG-R/B shares a statically pre-established SA that includes a master symmetric key. This SA it is defined at the time of user/device (i.e. SMS-R/B or SMR-R/B) registration to some home domain. Once the device/user has been successfully authenticated the Authenticator module on the SMS-R/B in proximity that already pertains to the access network, it is instructed by SMSG-R/B to grant connectivity services to the
The main functional components of the SMART-Net security architecture are: user/device authentication, control network connectivity authorization and access to the RAN/BAN access network; the authentication, integrity and confidentiality of all packets passing the RAN or BAN networks; key management subsystem. The SMART-Net security architecture design relies on underlying 802.1x model for network authorization and access control (see [3]), due its capabilities for extensibility and flexibility. Each SMS-R/B or SMR-R/B entities must be
302
RAN SMS-R SMSG-R
SMART-Net AA protocol SMS-B
Supplicant/ Supplicant/ Authenticator Auth. Server/ Legacy AA Proxy
New joining mesh node
BAN
SMS-B
protocols
Supplicant/ Authenticator
SAd1 SMSG-B
SAd3
CSN
SAd2
L-AA Server/Proxy
SMR-B Supplicant/ Authenticator
Legend: SMS-* := mesh node with relay+ terminal funct;
SMR-* := mesh Authentication/ node with relay Authorization funct protocols
User/device credentials
Figure 2: overall BAN’s security architecture device/user (see “EAP Success message”). In addition, a legacy AA protocol will then be run in between SupplicantSMS-R/B Supplicant
802.1X EAP Start
SMS/R-R/B Authenticator
•
mutual entity authentication: both, the network and the device/user (i.e. SMS-R/B or SMR-R/B) shall be authenticated to each other, in order to avoid MITMbased attacks. The related protocols shall support flexible mechanisms that allow secure transfer of the authorization information and the negotiation of security parameters (e.g. cryptographic algorithms) and authenticated key establishment with confirmation;
•
session key (re)establishment: the security mechanisms for key (re)establishment must guarantee: the key authenticity, integrity, and the confidentiality, the key establishment confirmation and the PFS property;
•
fast (re)authentication: in order to support real-time devices/users handover more efficient (re)authentication mechanisms are required. To provide high degree of performance the (re)authentication procedures shall perform locally as much as possible. The proactive (re)authentication strategies are expected to better perform. The SMSGR/B entity is in charge to support efficient local (re)authentication procedures when intra/inter-domain handover is performed. In order to quantify this property the (re)authentication delay shall be evaluated, which was defined such as the time interval defined from the initiation of (re)authentication protocol (usually by the mobile device/user) till to the successfully end of the (re)authentication procedure;
•
authorization: it means device/user authorization for using network connectivity services. It is based on the subscriber model that implies a priori device/user registration with master symmetric key preestablishment. The authorization mechanisms must be capable to achieve decisions based on current status of the network resources, device/user attributes(e.g. location within access network domain) and the visited and home domain authorization policies;
•
roaming: it is assumed that trusted relationships are pre-established in between the security domains. The authentication and authorization protocols shall
SMSG-R/B L-AA Server
802.1X EAP Request/Identity 802.1X EAP Response/Identity Access Request (EAP Response/Identity) EAP Authentication Protocol Exchange (SMART-Net AA protocol) 802.1X EAP Success
Access Response(EAP Success, PMK)
IEEE 802.1X Controlled Port unblocked for STA
Figure 3: local IEEE 802.1x based interaction of the architecture components Authenticator modules a priory any data plane packets exchange to occur. III.
THE VALIDATION OF THE SMART-NET SECURITY ARCHITECTURE AND THE RELATED PROTOCOLS
The validation process must show that the authentication and authorization architecture and related mechanisms we designed, provides a high-level security while supporting the intra/inter-domain devices mobility running real-time applications. Therefore, our validation process must be deployed in two phases: •
verification of the security properties of the SMARTNet authentication and authorization protocol;
•
the performance evaluation of the AA architecture
It is expected that some results yielded during the validation process could determine the partial redesign or further refinement of the security mechanisms. In the following, we summarise the main security and performance properties of the authentication and authorization protocols and architecture to be verified:
303
support (even partially) security policy negotiation (e.g. crypto/hash algorithms); •
resilience: the security mechanisms must withstand the attacks, such as: message forging, message replay, DoS or MITM;
•
robustness: it means the authentication and authorization system capacity to withstand accidental threats (e.i. packets loss or delay);
•
scalability: the (re)authentication architecture/protocol will be evaluated in terms of bandwidth efficiency, the traffic load distribution and processing power demand distribution.
IV.
SMART-NET AA PROTOCOL SECURITY PROPERTIES
V.
CONCLUSION
This paper presents the preliminary results achieved by our research team within the task assigned to the SMART-Net AA architecture design. We outlined the main security architecture design requirements, and then the AA architecture has been specified. Due the required support for real-time end-user handover, designing security services becomes a challenging work. Proving the high-level of security for the AA mechanisms it is not sufficient; also their performances must be proved in order to enable seamless secured real-time handover. Therefore, in the second part of the paper we specified a two phase’s simulation-based validation procedure and outlined the main properties required for the AA mechanisms. At the moment of writing this paper, an AVISPA simulation model has already been built and the preliminary security properties verification has been successfully passed.
VERIFICATION
Our future work main objective is to build an OPNET/NS2 simulation model to evaluate the performances of the our security architecture and related mechanisms, especially in terms of delay and traffic overhead.
We chose to use AVISPA (Automated Validation of Internet Security Protocols and Applications) simulation-based tool for verification of the security properties of the SMARTNet AA protocol we designed. The AVISPA tool was developed within the European funded research project AVISPA, and comprises a suite of applications for building and analyzing EFSM-based (Extended Finite State Machine) formal models of security protocols that are specified in HLPSL (High-Level Protocols Specification Language) language. The AVISPA tool allows us to easily achieve fully automatic security properties verification using four complementary formal assessment techniques, implemented by the back-ends analyzers it comes with: OFMC (On-the-Fly Model Checking), CL-AtSe (Constraint-Logic-based ATack SEarcher), SATMC (SAT-based Model Checker) and TA4SP (Tree Automata-based analyzer for Security Protocols).
REFERENCES [1]
“Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications”, IEEE Std. 802.11, June 2007 [2] [802.16e] IEEE-SA Standards Board, “Part 16: Air Interface for Fixed and Mobile Broadband Wireless Access Systems. Amendment 2: Physical and Medium Access Control Layers for Combined Fixed and Mobile Operation in Licensed Bands and Corrigendum 1”, IEEE Std. 802.16e, February 2006 [3] IEEE-SA Standards Board, “Port-based Network Access Control”, IEEE Std. 802.1x-2001, ISBN 0-7381-2626-7, October 2001 [4] [RFC3748] B.Aboba, L.Blunk, J.Vollbrecht, J.Carlson, H.Levkowetz, “Extensible Authentication Protocol (EAP)”, IETF, RFC 3748, www.ietf.org/rfc/rfc3748.txt, June 2004 [5] WP4 partners, “AAAC Design”, Deliverable D0401, Moby Dick project IST-2000-25394, January 2002 [6] Handover Keying charter, IETF web site www.ietf.org/dyn/wg/charter/hokey-charter.html [7] R.Lupu, S.Obreja, E.Borcoci, “Authorization subsystem for WiMAX access in a multidomain end to end QoS enabled architecture”, Proceedings of Int’l Conference ECUMN’09, October 2009 [8] S.Wendt, F.Kharrat-Kammoun, E.Borcoci, R.Cacoveanu, R.Lupu, D.Hayes, “Network architecture and system specification”, SMARTNet project IST-FP7 223937, October 2009 [9] S.Wendt, F.Kharrat-Kammoun, E.Borcoci, B.Selva, A.Tonnerre, E.Hamadani, “Requirements and specifications of SMART-Net targeted scenarios”, SMART-Net project IST-FP7 223937, April 2009 [10] R.Lupu, S.Mirzadeh, E.Borcoci, T.Rasheed, “SMART-Net security and privacy requirements”, SMART-Net project IST-FP7 223937, April 2009 [11] D. Dolev, A. Yao, “On the Security of Public-Key Protocols”, IEEE Transactions on Information Theory, 2(29), 1983 [12] D.Stanley, J.Walker, B.Aboba, “Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs”, IETF, RFC 4017, www.ietf.org/rfc/rfc4017.txt, March 2005
In this regard we have built the formal model of the SMART-Net AA protocol behavior. Therefore, we specified the security requirements in terms of authentication and confidentiality goals. Since the HLPSL is a role-based language, we had to specify the actions of each authentication principal as a module, but the attacker that is predefined, according to the Dolev-Yao model [11] (e.i. it is capable to drop, replay, delay, decrypt/encrypt and forge packets by mean of the inferred keys). The simulation assumptions were: all the communications are carried out through attacker participation, the attacker can act as an intermediate entity (e.g. MITM attack model) or as a peer entity, the cryptographic/hash algorithms are known by the attacker (see Kerckhoff’s principles), the identities and location of the principals are known to the attacker. Starting from the SMART-Net application scenarios requirements we derived two scenarios relevant for security properties assessment: single device/user carrying out fast handover, intra- and inter-domain, respectively. At the time this paper was written, the formal model we built has already been assessed according to the intra-domain handover scenario proving that our AA protocol can successfully fulfill the security goals.
304
