A Lightweight Statistical Authentication Protocol for Access Control - - PowerPoint PPT Presentation

a lightweight statistical authentication protocol for
SMART_READER_LITE
LIVE PREVIEW

A Lightweight Statistical Authentication Protocol for Access Control - - PowerPoint PPT Presentation

Jan 26, 2024 533 likes •673 views

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang, Joel Cardo, Yong Guan ECE, Iowa State University ASWN 2004 Introduction Emergence of visitor networks Visitor Networks: LANs that are

slide-1
SLIDE 1

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs

Haoli Wang, Joel Cardo, Yong Guan ECE, Iowa State University ASWN 2004

slide-2
SLIDE 2

Introduction

Emergence of visitor networks

Visitor Networks:

LANs that are most often deployed in public places and enable the public network access on an ad-hoc basis. ISPs desires user authentication before granting the right to access Internet and then charges users accordingly.

Traditional authentication protocols for wired networks do not work well in wireless

error-prone wireless transmission medium, node mobility, power conservation constraints

Current wireless authentication protocol, such as WEP, has

some security flaws.

Dilemma in wireless security

  • Vulnerable wireless networks need strong security protocols,

resulting in enormous power consumption.

slide-3
SLIDE 3

Shepherd Overview

Design goals

Secure: An attacker should be able to gain the access to

the network only with a very low probability.

Robust: The protocol must effectively resist the attacks

and the unexpected situations.

Efficient: The protocol must be efficient in term of

  • verhead, bandwidth and CPU cycles.

Detectable: If the attacker tries to gain the access to the

network, the protocol will be able to detect it.

Characteristics

Lightweight: good for power conservation Probabilistic method: good for node mobility and

error-prone channel

slide-4
SLIDE 4

Shepherd

How Shepherd works

  • AP and MN generate authentication bit streams by the same random

number generator under the same shared seed as a key.

  • Authentication bit is piggybacked in exchanged frame from MN to AP.
  • AP determines the legitimacy of MN by continuously checking a series
  • f randomly generated authentication bits.

Unsynchronization Problem

  • Frame loss may cause UnSync problem between AP and MN.
  • UnSync problem leads to check error at AP.
slide-5
SLIDE 5

Sync Scheme 1

Receiver’s pointer always moves forward one step after replying DATA frame. Sender’s pointer moves after receiving ACK(+ /-)

ACK+ : move forward one step ACK- : move forward to “opposite bit” + 1

NSI: Non-Synchronization Index

+ : Loss of ACK frame causes non-sync problem.

  • : Sender is aware of the checking results.
slide-6
SLIDE 6

Sync Scheme 2

Sender’s pointer always moves forward one step after sending DATA Receiver’s pointer moves after replying DATA frame.

If checking bit correct, move forward one step If checking bit uncorrected, move forward to “opposite bit” + 1

+ : Sender is unaware of the checking results.

  • : Loss of DATA frame causes non-sync problem.
slide-7
SLIDE 7

Sync Scheme 3

Sender’s pointer always moves forward one step after sending DATA Receiver’s pointer moves after replying DATA frame.

If checking bit correct, move forward one step If checking bit uncorrected, move back to “opposite bit” + 1

+ : Loss of ACK frame causes non-sync problem.

Sender is unaware of the checking results.

  • : Some bits may be reused.
slide-8
SLIDE 8

Statistical Method

In scheme 1, The probability of this mobile station H being a legitimate one can be derived by

s: number of syncs w: number of checks G: Max number of consecutive frame losses LACK: ACK frame length

slide-9
SLIDE 9

Numerical Analysis Results

2 4 6 8 10 20 30 40 5 0.25 . 5 0.75 1 2 4 6 8 10 2 4 6 8 1 2 3 4 5 0.25 0.5 0.75 1 2 4 6 8 1

Scheme 1, BER=10-5 Scheme 1, BER=10-4

2 4 6 8 1 2 3 4 5 0.25 0.5 0.75 1 2 4 6 8 1 2 4 6 8 10 20 30 4 5 0.4 0.6 . 8 1 2 4 6 8 10

Scheme 3 , BER=10-4 Scheme 2 , BER=10-4

Prob. s w

Shepherd works better with lower BER. Scheme 3 excels among 3 schemes.

slide-10
SLIDE 10

Simulation Results

0.1 0.2 0.3 0.4 0.5 0.6 0.00E+00 2.00E-05 4.00E-05 6.00E-05 8.00E-05 1.00E-04 1.20E-04 BER ABER s1-300KB s2-300KB s4-300KB s1-1000KB s2-1000KB s4-1000KB 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 ACKFLR Sync Rate

s1-1000KB s1-300KB s2-1000KB s2-300KB s4-1000KB s4-300KB

1. For a legal node, authentication bit error rate increases with increasing BER. 2. A good scheme is able to increase slowly with increasing BER. 3. Scheme 2 increases quickly. Scheme 3 increase slower than scheme 1. 1. For a legal node, Sync rate drops with increasing FLR. 2. A good scheme is able to drop slowly with with increasing FLR. 3. Scheme 2 drops quickly. Scheme 3 drops slower than scheme 1.

slide-11
SLIDE 11

Comparison

v

Algorithm Workable

v v

UnSync Problem

v v v

Random bit

RBWA SOLA Shepherd

RBWA uses the sequence number in each IP packet to

avoid sync problem, but we argue that SN is not reliable.

A problem exists in the sync algorithm in SOLA.

slide-12
SLIDE 12

Summary

A lightweight probabilistic authentication protocol is proposed for wireless networks.

Three synchronization schemes for UnSync Problem.

Implementation Consideration

Type and subtype fields are adapted from IEEE 802.11.

Reference

  • H. Wang, A. Velayutham and Y. Guan, A Lightwight Authentication Protocol for Acess

Control in IEEE 802.11, IEEE GLOBECOM, 2003

  • H. Wang, J. Cardo and Y. Guan, Shepherd: A Lightweight Probablistical Authentication

Protocol for Wireless Networks, in submssion.

slide-13
SLIDE 13

Thank You