20-08-2014, 03:33 PM
SAT: A Security Architecture Achieving Routing Anonymity in Wireless Mesh Networks Project Report
SAT A Security.pdf (Size: 204.47 KB / Downloads: 22)
Abstract
Wireless Mesh Network(WMN) is a promising technology and is expected to be widespread due to its low investment
feature and the wireless broadband services it supports, attractive to both service providers and users. Some security conflicts will
occur in WMN's. In this paper, we propose a security architecture achieving routing anonymity, anonymity and traceability. The
proposed architecture resolve security conflicts that will occur in WMN's. In addition, architecture guarantee fundamental security
requirements including authentication, confidentiality, data integrity and non repudiation. Thorough analysis on security and
efficiency is incorporated demonstrating the feasibility and effectiveness of the proposed architecture.
INTRODUCTION
Wireless Mesh Networks is a promising technology
and it is attractive to both service providers and users.
Security issues inherent in WMN need to be considered
before the deployment and proliferation of these
networks. In WMN's, fundamental operations need to be
secured. Anonymity, Routing anonymity and
traceability is achieved to secure the fundamental
operations in WMN's. The requirement for anonymity is
to unlink a user's identity to his or her specific activities.
Anonymity is also required to hide the location
information of a user to prevent movement tracing.
Routing anonymity is required to resolve traffic analysis
attacks. Routing anonymity hides the confidential
communication relationship of two parties by building
an anonymous path between them. Traceability is
required to detect misbehaving users in WMN's. In this
paper, security conflicts namely routing anonymity,
traceability and anonymity can be resolved in the
emerging wireless communication systems. Blind
signature can be implemented in the architecture to
achieve anonymity. Pseudonym technique is used to
hide the user location information. RSA algorithm is
used to achieve routing anonymity
PRELIMINARIES
Blind signature-Blind signature is introduced by
Chaum. Blind signature scheme allows a receiver to
obtain a signature on a message such that both
the message and the signature remain unknowto the signer. Brands developed restrictive blind
signature scheme. Restrictive blind signature
scheme means restrictiveness property is
incorporated into blind signature. This property
restricts the user in the blind signature scheme to
embed some account related information.
Restrictiveness property is used to guarantee
traceability in the proposed system. Restrictive
partially blind signature schemes serve as a
building to the proposed architecture.
NETWORK ARCHITECTURE
The above figure represents network topology of a
WMN. The WMN consists of mesh routers(MR's) and
gateways(GW's) which are interconnected by wireless
links(shown as dotted curves). Mesh routers and
gateways serve as access points in WMN. An
architecture is divided in to wireless mesh
domains(WMN's). Each domain contains one
administrator called trusted authority(TA). Each domain
is managed by trusted authority. The client(CL) access
the network services from the internet through gateways
and mesh routers
ROUTING ANONYMITY
Routing anonymity can be implemented by using
RSA algorithm in the proposed security architecture.
Public key algorithm invented in 1977 by Ron Rivest,
Adi Shamir and Leonard Adleman (RSA). It supports
Encryption and Digital Signatures. It is the most widely
used public key algorithm. It gets its security from
integer factorization problem. It is relatively easy to
understand and implement. It is patent free(Since 2000).
In order to implement RSA you will need arbitrary
precision arithmetic (multiple precision arithmetic),
Pseudo Random Number Generator (PRNG) and prime
number generator. The difficulty of implementatio
SECURITY ANALYSIS
In this section, we are going to analyze the security
requirements our system can achieve. Our security
architecture satisfies the security requirements for
authentication, data integrity and confidentiality by
implementing digital signature, message authentication
code and encryption in our system.
Anonymity - Anonymity can be easily shown that a
gateway cannot link a client's network access activities
to his real identity. It can be implemented by using
pseudonyms in authentication which reveals no
information on the real id. Client's home TA cannot link
client's network access activities to the real id by
implementing restrictive partially blind signature
scheme in our system.
Traceability- Traceability means conditional anonymity.
It can be needed for misbehaving users. Unconditional
anonymity is needed for honest clients. Traceability can
be implemented by using restrictive partially blind
signature scheme.
EFFICIENCY ANALYSIS
Most of the pairing-based cryptosystems are needed
to work in 1) a subgroup of the elliptic curve E(Fq) of
sufficiently large prime order p, and 2) a sufficiently
large finite field Fqk, where is the size of the field and k is the embedding degree. For minimum levels of
security, p>2160 and qk>21024 is required to ensure the
hardness of the DLP in G1 and G2.To improve the
computation and communication efficiency when
working with E(Fq), we need to put q value as small
while maintaining the security with large values of k.
SHA-1 is used to compute the keyed-hash message
authentication code which yields a 160-bit output to
improve efficiency.
Communication- Our ticket-based security architecture
consists of four intradomain protocols. These protocols
are distributed in nature. So, the communication cost
incurred is more affordable.
Storage- TA may contain several servers to store client's
necessary information. The storage capacity of these
high end servers is not a concern. So, we need to focus
on the storage overhead encountered at the low-end
client side. There is a tradeoff between storage and
computation overhead. In our protocols, the client need
to perform pairing computations frequently, which is
impractical due to the high cost of pairings and limited
power of clients. Many pairing operations in the
protocol can be computed once and stored for future
use. Some stored information remains unchanged for all
instances of protocol execution. As a result, we need
merely take into account the effective storage overhead
(i.e., information that is changed and has to be stored at
each protocol instance).
CONCLUSION
In this paper, we propose security architecture
consists of ticket-based protocols which resolves the
security conflicts namely routing anonymity, traceability
and anonymity. Security conflicts can be resolved by
utilizing the tickets, selfgenerated pseudonyms and
hierarchical identity-based cryptography in the
architecture to achieve desired security objectives and
efficiency