




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A scheme for mobile computers to authenticate with base stations and establish a shared key for secure communication. The scheme involves the use of public and private keys, nonces, and a trusted home computer acting as the controlling authority. The document also discusses improvements to the scheme for multicast packets and proxy homes, as well as the sequence of messages required to arrive at the shared keys.
Typology: Papers
1 / 8
This page cannot be seen from the preview
Don't miss anything!
Mobile computing is a major area of current re- search. A variety of wirelessly networked mobile de- vices now make it possible for a physically untethered computer to function in a fully networked manner. Recent research has focussed on providing the mobile user a seamless environment of wired and wireless net-
seamless environment is that wireless media are inher- ently less secure. In this paper, we propose a security scheme for wireless media which permits secure communication over a single wireless channel. Our scheme allows both communicating parties to authenticate each other and establish a shared key for secure communication. An unauthorized snooper cannot even discover the iden- tity of the communicating parties. Mobile computers are thus provided a highly secure wireless environment. We describe an eficient practical implementation of the scheme and prove its correctness.
Recent years have witnessed the rapid develop- ment of mobile computing devices, PDAs, palmtops, and portable computers. A crucial technology t,hat has enabled this development is wireless networking. In the very near future, wireless LANs connecting a variety of static workstations and mobile portables are expected to be commonplace. Much research ef- fort has recently been directed towards providing a seamless environment of wired and wireless networks. This task is complicated by the fact that wired and wireless media have very different characteristics. One major factor is that wireless is inherently less secure than wire. Most traditional applications do not prc+ vide user level security schemes based on the fact that physical network wiring provides some level of secu- rity. For a seamless wireless a.nd wired networking environment that still provides the same measure of security but does not require rewriting old applica- tions, wireless needs to be made at least as secure as wire. This paper describes an eficient and practical scheme to secure the wireless media. The scheme de- scribed here is being implement.ed as a part of the sin-
le channel LCMACA wireless media access protocol 31 at UC Berkeley. In this paper, we propose a security scheme which authenticates both communicating end stations of a wireless channel and then provides a sha.red key using
which these two stations can communicate securely. We prove the correctness of the scheme using the Burrows-Abadi-Needham Logic of Authentication [5]. The rest of the paper is organized as follows. Sec- tion 2 describes the development environment and the goals of our security scheme. Section 3 describes the generic scheme and proves its correctness. Section 4 proposes successive performance motivated improve- ments to the scheme and arrives at a practical security scheme. Section 5 describes an implementation of the scheme. Section 6 concludes the paper.
We are developing a mobile computing envi- ronment consisting of indoor wireless nanocells, sup- ported by a wired backbone network. The computers in our environment are static workstations or mobile notebooks. Each static computer has a wired network interface, and each mobile computer has a wireless network interface. Some special static computers - base stations - have both wired and wireless network interfaces, and serve to provide network connectivity to mobile computers. A mobile computer can achieve network connectivity only by communicating with a base station; mobile computers are prohibited from communicating with each other. The geographical re- gion over which a base station provides connectivity is called its cell. The wireless medium in our environ- ment is a single channel near-field radio with a band- width of 256kbps and range of about 30 feet. Each mobile computer has a home computer on the wired backbone network. A home computer is trusted fully about any information pertaining to its mobile computer. In our environment, home computers and base stations are considered to be trusted special ma- chines. The wireless network- ing protocol stack is TCP/Mobile-IP/LCMACA. One relevant point about wireless MAC layer addressing is that the MAC layer device address used for a mobile computer is dynamically assigned randomly by a base station when the mobile computer first enters its cell [4]. The base station maps the dynamic MAC address to the internet address for every mobile computer in its cell. Thus merely seeing the MAC device address in a packet gives no information about the identity of the sender or receiver.
3.1 Definitions
believes p.
KmbI}Kmb }Kmbl
ykbX.I.b}Kmb, {N, Im, b, Kmb 1 )Kmbl
b, Kmbl, {N’, lm, b,
Figure 3: Message Exchange on Handoff
The protocol is correct by exactly the same argu- ments as in Section 3. Thus at the end of the au-
the communication cost is minimal.
6 messages, an overhead of 2 messages. The proof of this scheme follows from applying the proof in Section 3 twice. Figure 4 shows the message sequence.
The remaining issue is the authentication when a mobile computer is powered-on in a cell.
authority c.
problem is solved as in the generic scheme.
We describe an implementation of the security scheme in the context of the LCMACA protocol. We are implementing the LCMACA wireless media access protocol as a part of our mobile computing environ- ment at UC Berkeley. LCMACA achieves the 4 secu- rity goals described in Section 2. Goals 1 and 2 are proved for the scheme described in Sect#ion 3. Goal 3 is achieved by using dynamic addressing as described in Section 2. Goal 4 is achieved by the improvements described in Section 4.
This section discusses 2 environment specific issues
Only base stations are allowed to multicast data. Mobile computers are not allowed to communicate with each other directly. Enabling multicast is thus
multicasts packets by encrypting them with its private
The sequence of messages as described above achieves the effect of the sequence of statements de- scribed in Section 3. At the end of the sequence of messages, b and m arrive at the shared key Kmb. We mention that the sequence of messages required to arrive at the shared keys is 4. This is because a mo- bile computer (at the media access layer) cannot com- municate directly with the home and needs to gateway through the base station.
In the very near future, wireless LANs are expected to be commonplace. However, providing a seamless environment of wireless and wired networks is not a trivial networking problem. Wireless is inherently less secure than wire since it is possible to snoop wireless media virtually undetectably. In this paper, we pro- pose an efficient and practical security scheme that se- cures the wireless medium. This scheme authenticates both the base station and the mobile computer to each other, and establishes a shared key between them. We prove the correctness of the scheme using the Logic of Authentication. We describe an implementation of this scheme in the context of the LCMACA wireless media access protocol. In proposing this scheme, we have made few and realistic assumptions. Thus we hope that our security scheme will be applicable across a wide variety of wireless media and environments.
PI
PI
141
A. Aziz and W. Dillie. Privacy and Authenti- cation in Wireless Local Area Networks. IEEE Personal Communications, First Quarter, 1994.
V. Bharghavan, A. Deniers, S. Shenker, and L. Zhang. MACAW: A Media Access Protocol for Wireless LANs. Proceedings of ACM SIGCOMM,
V. Bharghavan. LCMACA - A Limited Con- tention Protocol for Wireless LANs: Design Doc- ument. In Preparation.
V. Bharghavan. Dynamic Addressing in Wireless LANs. Submitted to IEEE Personal Communica- tions.
M. Burrows, M. Abadi, and R. Needham. A Logic of Authentication. ACM 7kansactions on Com- puter Systems, Vol. 8, No. 1, February 1990.
J. Ioannidis, D. Duchamp, and G.Q. Maguire. IP- based Protocols for Mobile Internetworking. Pro- ceedings of ACM SIGCOMM, 1991.
S.P Miller, C. Neumann, J.I. Schiller, and J.H. Saltzer. Kerbcros authentication and authoriza- tion system. Project Ath.ena Tech.nical Plan MIT, July 1987.
The proof of correctness of the security scheme is derived on the basis of the logic of authentication [5]. We use the following basic rules:
If a computer sees a message consisting of multiple components, then it also sees each of the components.
If a computer sees a message consisting of multiple components and it believes that at least one compo- nent is fresh, then it believes that the whole message is fresh.
Since x believes that K is a shared key known only to x and y, and x sees a message encrypted in K, x believes y sent the message.
fresh, x believes y believes p.
From [2], [3] and [4],
At the start of the exchange, we assume the follow- ing:
m believes m, b, Kmb m believes m, h, Kmh (^) I
h believes m controls Im, b, KI b believes h controls Im, b, KI m, b, and h believe fresh(N), fresh(N’), fresh(N”)
A. After message 2
Kmbl}Kmb Kmh and h believes Jm, h, Kmhl and h believes fresh(N) implies
h believes m believes N, Im, b, Kbml, {N, lm, b, Kmbl}Kmb (from 5)
m, b, Kmb and h believes m controls m, b, Kmb (^) I implies
h believes (m, b, Kmbl (from 4)
B. After message 9
Kmb, {N
KmbI}Kmh}Kbh and
Im,^ b:
b believes lb, h, Kbhl and b believes fresh(N’) implies
b believes h believes N’, Im, b, Kmbl, {NY I
m, b, Kmbl}Kmb, {N’, Im, b, Kmb }Kmh b believes h believes Im, b, Kmbl
(from
b
::
b 5
believes h believes Im, b, Kmb and believes h controls Im, b, Kmb (^) I implies
believes Im, b, KmbI (from 4)
sees {N, Im, b, KmbI}Kmb and believes Im, b, Kmbl and believes fresh(N) implies
believes m believes (m, b, Kmbl (from
Kmbl}Kmh}Kmb and m believes Im, b, Kmbl and m believes fresh( N”) implies
m believes b believes N”, Jm, b, Kmb), {N’, !m, b, KxybI}Kmh ; belleves b beheves Im, b, Kmbl (from
m believes h believes Im, b, KmbI
(from
Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear,. and notice is given that copying is by permission of the Assocration of Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific permission. CCS ‘94 1 l/94 Fairfax Va., USA 0 1994 ACM O-89791 -732-4/94/0011..$3.