The metropolitan-area Wireless Mesh Networks (WMNs) which accommodate thousands
of self-managed network domains operated by numerous different Wireless Service
Providers (WSPs), are expected to achieve interoperable, cost-effective and especially
large-scale (such as city-wide) wireless access. It supports wireless roaming
services which allows people to roam around with their mobile devices without being
limited by the geographical area of their own home networks and access into different
network domains to enjoy the services provided by different foreign WSPs rather than
his home WSP. While the much effort has been made to address issues at physical, data
link, and network layers, little attention has been paid to the security aspect central to
the realistic deployment of WMNs and roaming service. For solving the security problems
related to WMNs, i.e., confidentiality, authenticity, integrity, authorization and
non-repudiation, we should have some way to establish a secure channel between the
communicating parties.
Consequently, as a critical issue to make ubiquitous and secure network access, a
Key Establishment Protocol for Anonymous Wireless Roaming (KE-AWR Protocol)
is expected to provide three basic kinds of services for the two communication parties.
First, it ensures to build a secure channel between a mobile user and a foreign
WSP. Namely, the two participants can establish a fresh session key which is a pure
symmetric key shared by each other only. This key can be used for protecting data
confidentiality and integrity of further communication. Second, it should ensure that
a mobile user with a single sign-on (SSO) can carry out the KE-AWR protocol with
a foreign WSP and also roams from one foreign network domain to another. Each of the two participants is convinced that it shares a secure session key with the intended
party in an authentically way. Third, as a increasingly demanding requirement
especially in wireless communication, privacy protection for a roaming user should
be provided. Since eavesdropping is much easier to launch but more difficult to be
detected when given the open nature of radio media, a KE-AWR protocol is required
to keep mobile users’ identities and whereabouts anonymous. Besides these security
attributes, efficiency is also a important requirement for a KE-AWR protocol because
of the limited computing capability and restrained energy of the mobile devices held
by roaming users. That is, a well designed scheme would not only satisfy the above security
properties, but also be as lightweight as possible at mobile user’s side with both
light computation load and small number of message flows in order to reduce latency
and save energy.
In this thesis, we present several novel solutions for the security, privacy and efficiency
issues related to secure wireless roaming scenario. Particularly, we identify
three aspects as our research outcomes:
1. For our first outcome, we propose a novel One-Pass Key Establishment Protocol
for Wireless Roaming (Protocol I) that achieves high efficiency at user side. To
the best of our knowledge, it seems to be the first One-Pass ID-based KE-AWR
protocol ever presented in literatures. The protocol ensures that a fresh session
key secreted from all other entities except user and foreign WSP is established in
each run of protocol, by just sending one message (so called One-Pass) and eliminate
any intervention of a third party. This protocol achieves secure key establishment
as well as user anonymity. In addition, our protocol also achieves partial
forward secrecy and partial key compromise impersonation security. Considering
the imbalanced network architecture in WMNs, we focus on minimizing
the number of both computational operations and communication flows at mobile
user’s side. Actually, most computation of user can be pre-computed before
the execution of protocol, and it leaves almost no cryptographic operations to be
performed on-line for user. When compared with previous roaming protocols, our protocol requires the smallest bandwidth, the least number of message flows
and achieves extremely on-line efficient for user.
2. As our second result, we focus on improving the security performance for onepass
KE-AWR schemes. A one-pass protocol usually does not support the desirable
properties that multi-round key establishment protocols may do, such
as Perfect Forward Secrecy (PFS) and Perfect Key Compromise Impersonation
(Perfect KCI). Consequently, we propose a novel solution to wireless roaming
(Protocol II) which supports all the following three security properties which a
one-pass protocol cannot satisfy, i.e., (1) No Key Escrow; (2) Perfect Forward
Secrecy and; (3) Perfect Key Compromise Impersonation. By making use of the
broadcast channel in wireless communication environment, via which a server
may broadcast the public parameters shared by all roaming users who are in
its signal radiation coverage, our proposed protocol succeeds in providing these
three attributes while still keeping the number of message flows to only one. So
far as we know, it is the first one-pass KE-AWR protocol achieving PFS as well
as perfect KCI security. As an improvement, we further extend the one-pass
protocol to support key confirmation. Furthermore, the protocol is universal in
the sense that it can be used by a user directly as key establishment protocol
regardless of communicating with a foreign server or the home server. The total
computational complexity of Protocol II is comparable to that of Protocol
I. However, as trade-off between efficiency and security, it needs an additional
on-line Bilinear Pairing operation for mobile user during the runtime of the protocol.
3. Finally, we point out that a formal treatment for wireless roaming in WMN systems
is necessary and demonstrate the unreasonable aspects of classic CK and
eCK model when adapting to analysis the security properties of a KE protocol for
wireless roaming scenario. To address this gap, we firstly propose a variation of
classic CK and eCK model which introduces the simulation of broadcast query
and multiple Key Generation Centre scenario and also gives the re-defined session definitions and additional adversary capability related to roaming scenario.
We call the variation as rCK model. To fulfil our construction of this model, for
both previously proposed one-pass KE-AWR protocols, Protocol I and Protocol
II, we present the formal security proofs of them under our rCK security model.
| Date of Award | 3 Oct 2012 |
|---|
| Original language | English |
|---|
| Awarding Institution | - City University of Hong Kong
|
|---|
| Supervisor | Shek Duncan WONG (Supervisor) |
|---|