Fragmentation Issue

The maximum transmission unit (MTU) defines the largest frame size that the link layer protocol can pass onwards. The encapsulation mechanism of ISD needs an additional WLAN Mesh header and could result in extra fragmentations.

The fragmentation issue can be avoided by configuring the MTU value of the mesh network. As showing in Figure 3-13 (a), modern operating systems, such as Window XP and Linux, treat the wireless NIC as an Ethernet NIC, and the default MTU value of the wireless NIC is 1500 bytes.

According to 802.11s, the size of a WLAN frame encapsulated into a WLAN Mesh frame is 1552 bytes. As shown in Figure 3-13 (b), since the allowable size of the largest encrypted frame is 2356 bytes (TKIP) or 2372 bytes (CCMP), there will be enough free space for the additional WLAN Mesh header. The administrator can set the MTU value of the mesh network to be 1552-2372/2376 to avoid the extra fragmentation.

MTU = 1500 AP

STA

MTU = 1500

MTU = 1500 MPP

MP

MAP MAP MAP

MP

MAP

STA

MTU = 1500

1552 ≦ MTU ≦ 2372 or 2376

(a) (b)

Figure 3-13 MTU value and fragmentation issue

Chapter 4

Security Considerations

To claim that ISD is a secure mechanism, it is necessary to state the security goal as well as the security assumptions. The security goal of ISD is to secure the wireless communication between STA and MAP, and the strength of ISD should be equivalent to 802.11i.

ISD assumes that STAs and MAPs are 802.11i-based devices and the 802.11i secu-rity assumptions should be satisfied. Besides, mesh links among MPs are required to be protected by EMSA services.

To present ISD is as secure as 802.11i, we first analyze the trust relationship of IDS, and then threat models are examined.

4.1 Trust Relationship

An STA and its serving MAP perform 802.1X authentication and 4-way handshake to establish the RSNA in the ASD. Therefore, the STA↔AS↔MAP trust chain shown in Figure 4-1 is established by 802.11i. To secure the connection between STA and MAP, ISD must provide an equivalent STA↔MAP trust relationship.

MPP

MP

MAP MAP MAP

MP

MAP PMK

AS

STA EAP

Credential

RADIUS Secret

Figure 4-1 Trust Relationships in the ASD

As shown in Figure 4-2, mesh links between two MPs are secured by the EMSA, and thus there is an MAP↔AS↔MP↔AS↔…↔MPP trust chain established in the MSD.

AS

MPP

MP

MAP MAP MAP

STA MP

MAP

PMK-MA

PMK-MA

RADIUS Secret

RADIUS Secret EAP Credential

RADIUS Secret EAP Credential

Figure 4-2 Trust Relationships in the MSD

For ISD, as shown in Figure 4-3, 802.1X authentication and 4-way handshake are performed by the STA and the MPP, and the STA↔AS↔MPP trust chain is established.

Since there is the MAP↔MPP trust relationship, the STA↔MPP↔MAP trust chain can be inferred from the former two trust relationships. Therefore, we can claim that the trust relationship provided by ISD is equivalent to 802.11i.

AS

MPP

MP

MAP MAP MAP

STA MP

MAP

PMK-MA

PMK-MA PMK

Implicit Trust EAP

Credential

RADIUS Secret

Figure 4-3 Trust Relationships in the ISD

In terms of the handoff, there are three related trust relationships: STA↔AS, STA↔MAP and STA↔MPP. The STA↔MAP trust relationship is destroyed in the in-tra-MPP handoff and needs to be reestablished. For ISD, since the STA↔MPP and the MAP↔MPP trust relationship are remained, the implicit trust exists between the STA and the new MAP. However, to secure the connection between the STA and the new MAP, a new PTK is necessary to prevent the unauthorized disclosure to the old MAP.

Therefore, in the intra-MPP handoff, STA and MPP need to perform 4-way handshake to derive a fresh PTK. Since the old MAP has neither the new PTK nor the PMK, it can not obtain the content encrypted by the new PTK.

For 802.11i, to reestablish the STA↔MAP trust relationship, the STA needs to perform 802.1X authentication with the new MAP. Consequentially, it will introduce significant latency.

4.2 Threat Model

The proposed mechanism should avoid introducing any security degradation to the 802.11i RSN. In addition to the threats against 802.11i and 802.11s, there are other threats need to be recognized for ISD.

y PMKID Leakage

Even though an attacker may obtain the corresponding PMKID from previous eavesdropping and is able to skip 802.1X authentication, it does not result in any security flaw. Due to MSK and PSK are never transmitted via the wireless media, a valid PTK can not be derived by the attacker. Therefore, the attacker can not compute the valid MIC code of message #2 in the 4-way handshake, and the attacker is blocked by the MAP.

y Authenticator Compromise

In the situation that an authenticator is compromised or stolen, an attacker may obtain all PMKs cached in this authenticator. With ISD, the attacker can access the WLAN Mesh via any MAP connected to this authenticator. However, 802.11r also incurs this vulnerability. The compromised authenticator in 802.11r will expose PMK-R0s to the attacker. Since IEEE 802.11 working group allows this situation to occur, we believe this vulnerability is acceptable.

y Unauthorized Disclosure

Compromised mesh links will result in the unauthorized disclosure of keys. For 802.11i, an MSK is transmitted from the AS to the serving MAP via mesh links.

If the security of mesh links is compromised, it is possible that the MSK will be exposed to an attacker. For ISD, only the PTK is transmitted via mesh links.

Since the hierarchy of PTK is lower than MSK, the compromised PTK will not introduce further security degradation compared with the compromised MSK.

4.3 Advantages

With separated security domains, maintaining the consistent security configuration throughout the entire set of MAPs in the WLAN Mesh is problematic. Moreover, MAPs outside of the network center are difficult to apply the physical security control.

The proposed mechanism takes advantages of the centralized authenticator. It is much efficient to enforce security policy and distribute security configuration among the whole network in the centralized architecture. Furthermore, it is easier to enhance the physical security of one MPP instead of all MAPs within the WLAN Mesh.

Chapter 5

Handoff Overhead Estimation

In this chapter, we analysis the link layer security mechanisms and present the related handoff overhead. For STA, the major concern is whether the handoff latency will damage the quality of real-time applications or not. For WLAN Mesh, the handoff traf-fic is the main issue.

An analytical model is proposed to compute the handoff overhead for an STA roaming within the WLAN Mesh. The estimated handoff overhead of ISD and 802.11i will be compared in the end.

5.1 Handoff Model

In order to increase the channel capacity and reduce the transmission power, cell struc-ture shown in Figure 5-1 is adopted in most AP deployments, where each AP has 6 ad-jacent APs.

CH1 CH6

CH1

CH11

CH6

CH6

CH1

CH11

CH11

CH6

Figure 5-1 AP deployment based on the cell structure

In additional to the AP interface, an MAP has one or more MP interfaces to

inter-connect with other MPs. The topology of MP services may be different to AP services.

An example of the MP topology is shown in the Figure 5-2, where the MAP deployment is based on the cell structure.

MPP MP MAP

Figure 5-2 Topology of MP services

During the 802.1X authentication, RADIUS messages are forwarded between the serving MAP and MPP. Despite there are different WLAN Mesh topologies, only the hop count between MAP and MPP is related to the authentication latency and traffic.

Therefore, we can conclude that the AP deployment determines the handoff behavior of STAs, and the MP topology determines the hop count between MAP and MPP. To esti-mate the handoff overhead, the analytical model has to take both of them into consid-erations.

For the AP deployment, the two-dimensional random walk model [4] is applied to capture the movement of STAs in the WLAN Mesh and calculate the number of hand-offs. Figure 5-3 illustrates a 6-subarea cluster, where cells are marked as (x, y). The x represents the layer of the cluster in which the cell resides, and y denotes the type y.

Cells with the same set of neighbors’ type are classified into one type. STAs in cells with the same type will have the same candidate handoff targets and will leave the cells with the same pattern. Therefore, the gray area shown in Figure 5-3 can capture the

movement of STAs within the cluster.

Figure 5-3 MAP deployment and cell classification

Assumptions of the handoff model are as follows:

i. An STA resides in a cell and then moves to one of its neighbors with the equal probability, i.e., 1/6.

ii. The cell (0, 0) is an MPP, and other cells are MAPs connected to this MPP.

The MPP is also capable of providing the AP services.

iii. The transmission distance of the MP interface is twice as long as the AP in-terface, which means the frame transmitted from MAP to MPP at least need x hops, and vice versa.

iv. There are no such MPs which only participate in the backhaul routing. Based on assumptions iii and iv, Figure 5-4 illustrates the MP topology of the 3-subarea cluster. Despite there might be MP topologies violating assumptions iii and iv, only the average hop between MAP and MPP correlates the handoff latency and traffic.

MPP MAP

Figure 5-4 MP topology of the 3-subarea cluster

v. The cached PMKs are never expired.⁵

vi. For 802.11i, if the target MAP does not cache the PMK, STA needs to perform full 802.1X authentication to regain the connectivity.

vii. For ISD, STA only needs to perform 4-way handshake in the handoff while roaming within the cluster.

viii. For ISD, if the target MAP does not cache the PMK, STA needs to perform full 802.1X authentication while moving out of the cluster.

Based on the random walk theory, the random walk for an n-subarea cluster (e.g. n

= 6) can be converted into a state diagram shown in Figure 5-5.

5 Windows XP specifies that the PMK cache can exist for 12 hours before being removed.

Figure 5-5 State diagram for a 6-subarea cluster

In this diagram, state (x, y) represents that an STA resides in one of the cells with type (x, y), and state (n, j) means the STA moves out of the cluster from one of the cells (n-1, j). S(n) represents the total numbers of states of the n-subarea cluster.

( ) ( )

⎪⎩

⎪⎨

⎧ + >

=

= , 1

2 1

1 2,

n n n

n n

S (4)

Let P(x, y), (x’, y’) be the one-step transition probability from the state (x, y) to the state (x’, y’), i.e., the STA performs one handoff from the current MAP (x, y) to the target MAP (x’, y’). For a n-subarea cluster random walk, the transition matrix P = (p(x, y), (x’, y’)) is a S(n)×S(n) matrix, where

( ) ( )n S n

Let P^(k) be the probability for an STA moves from an MAP to another MAP with k handoffs, where initially resides at the MAP (x, y) and moves out of the cluster at the kth handoff, where

k, (x, y), (n, j)

Figure 5-6 Handoff pattern for ISD and 802.11i

As shown in Figure 5-6, an STA moves out of the cluster at the kth handoff means that it performed k-1 intra-MPP handoffs and one inter-MPP handoff. For ISD, an STA only performs 802.1X authentication in the inter-MPP handoff. However, for 802.11i, if the PMK is not cached by the target MAP, 802.1X authentication will be performed in the handoff.

5.2 Estimation Equations

To evaluate the link layer security mechanisms, we propose the equations to model the handoff overhead. With the handoff pattern, the proposed equations can estimate the average handoff latency and traffic for an STA roaming within the WLAN Mesh.

5.2.1 Handoff Latency

Whereas 802.1X authentication and 4-way handshake contribute the major part of the handoff latency, the quality of real-time applications is affected by the security mecha-nism. The latency introduced by the security mechanism can be classified into two types:

intra-MPP handoff latency (LINTRA) and latency inter-MPP handoff latency (LINTER).

5.2.1.1 Intra-MPP Handoff Latency

LINTRA represents the latency for an STA performing the intra-MPP handoff, which con-sists of authentication latency (LINTRA_AUTH) and 4-way handshake latency (LINTRA_4W).

Current MAP MP … MPP (Authenticator) AS STA (Supplicant)

802.11

EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)

Association Resp.

PMK

N_PTK PMK

*Key Distribution (PTK) 4-way Handshake #1

*PMK Veri. (PMKID)

*PMK Veri. Success

Figure 5-7 Intra-MPP handoff latency with ISD

For ISD, as shown in Figure 5-7, two messages are exchanged to verify the PMK cached by the STA. LINTRA_AUTH represents the average latency, where

ISD

y T is the single-hop transmission time.

and MPP.

y

y H is the average hop count between MAP

( )

= is calculated based on the proposed handoff model.

y x is the hop count between MAP and MPP, i.e. the type of MAP.

a.

STA and the MPP INTRA_4W

y S is the number of MAPs in the gray area with x hops to MPP.

y n is the cluster size. 1+n(n-1)/2 is the total number of MAPs in the gray are In the handshake phase, 4-way handshake messages are transmitted between the

. In addition, the PTK is distributed to the target MAP. L

represents the average latency, where

y L4W is the latency for an STA performing 4-way handshake in the single-hop network, i.e., WLAN.

RADIUS-A.-Req.

Current MAP Target MAP MPP AS

4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4

MP … STA

Association Req. (PMKID) Association Resp.

Figure 5-8 Intra-MPP handoff latency with 802.11i

For 802.11i, the intra-MPP handoff latency is shown as Figure 5-8. If the PMK is not cached by the target MAP, 802.1X authentication will be performed in the handoff.

LINTRA_AUTH represents the average latency, where

802.11i

y L1X is the latency for an STA performing 802.1X authentication in the

sin-y DIUS messages exchanged between the target

gle-hop network, i.e., WLAN.

MRADIUS is the number of RA

MAP and the AS in an 802.1X authentication.

In n WLAN Mesh and WLAN. L IN-TRA_4

(13)

y L4W is the latency for an STA performing 4-way handshake in WLAN.

INTRA

the handshake phase, the latency is the same i

W represents the latency, where 802.11i

4W,

INTRA_4W L

L =

Based on equations (8), (11), (12) and (13), L is defined as

(

PMK_MISS

)

INTRA_4W PMK_MISS

(

INTRA_AUTH INTRA_4W

)

INTRA P L P L L

L = 1− ⋅ + ⋅ + (14)

(

1 _REVISIT

)

_PF

PMK_MISS P P

P = − ⋅ (15)

y PPMK_MISS is the probability that the PMK is not cached by the target MAP.

MPP handoff with ISD

Inter-MPP Handoff Latency

INTER rming the inter-MPP handoff, which

con-ut of th

y PREVISIT is the probability that an STA moves to a visited cell or cluster.

y PPF is the probability that 802.11i preauthentication is failed.

Since the PMK is always cached by the authenticator, the

intra-will only introduce LINTRA_4W. However, if an STA handoffs to a new MAP and fails to preauthenticate with it, LINTRA_AUTH will be introduced to the intra-MPP handoff with 802.11i.

5.2.1.2

L represents the latency for an STA perfo

sists of authentication latency (LINTER_AUTH) and 4-way handshake latency (LINTER_4W).

The inter-MPP handoff with ISD is shown as Figure 5-9. While the STA moves o e cluster, if the PMK is not cached by the new MPP, 802.1X authentication will be performed. LINTER_AUTH represents the latency, where

(

n 1 T

)

, ISD M

L

L_{INTER_AUTH} = _1X + _1X ⋅ − ⋅ (16)

y M1X is the number of EAPOL messages the MPP in an 802.1X authentication.

An ST f will reassociate with another boundary

MAP is def

exchanged between the target MAP and

y n-1 is the hop count between the target MAP and the new MPP.

A performing the inter-MPP handof

in another cluster. Thus, the hop count between the target MAP and the new MPP initely n-1.

RADIUS-A.-Req.

RADIUS-A.-Challenge RADIUS-A.-Req.

RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS

802.11

*Key Distribution (PTK)

*PMK Veri. Req. (PMKID)

4-way Handshake #1

Association Req. (PMKID) Association Resp.

Figure 5-9 Inter-MPP handoff latency with ISD

LINTER_4W represe and PTK distribution

in the inter-MPP handoff, where

T

nts the average latency for 4-way handshake

(

1

)

5 n L

L_{INTER_4W} = _4W + ⋅ − ⋅ , ISD (17)

The inter-MPP handoff latency with 8

same as the intra-MPP handoff, except messages are forwarded via the boundary MAP.

LINTER_AUTH

02.11i is shown as Figure 5-10, which is the

represents the authentication latency, where

(

n 1 T

)

, 802.11i

Target MAP MPP AS

4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4

MP … STA

Association Req. (PMKID) Association Resp.

Figure 5-10 Inter-MPP handoff latency with 802.11i

LINTER_4W repre

(19)

Based on equations (15), (16

sents the 4-way handshake latency, where

802.11i

(

¹ PMK_MISS

)

INTER_4W PMK_MISS

(

INTER_AUTH IN

)

INTER P L P L L

L = − ⋅ + ⋅ + _{TER_4W} (20)

For ISD, only an STA moves to an unvisited ISD and fails to perform pr cation, the authentication latency is introdu

eauthenti-ced to the inter-MPP handoff. However, for 802.11i, the STA will perform 802.1X authentication in each handoff in the same condi-tion. Therefore, ISD can greatly reduce the demand for performing 802.1X authentica-tion and provide the equivalent security strength as 802.11i.

5.2.2 Handoff Traffic

Even though the handoff traffic is much lower than the data traffic, to guarantee the QoS the authentication message should avoid contending with the real-time application mes-sage for the medium access.

The proposed equations can estimate the traffic in the mesh network generated by the security mechanism for an STA roaming within the WLAN Mesh. The preauthenti-cation traffic is ignored, and the traffic is measured by the number of the normalized messages multiplied by the hop count. The handoff traffic can be classified into two types: intra-MPP handoff traffic (TINTRA) and latency inter-MPP handoff traffic (TINTER).

5.2.2.1 Intra-MPP Handoff Traffic

TINTRA represents the traffic generated by the security mechanism for an STA performing the intra-MPP handoff, which consists of authentication traffic (TINTRA_AUTH) and 4-way handshake traffic (TINTRA_4W).

Current MAP MP … MPP (Authenticator) AS

STA (Supplicant)

802.11

EAPOL-Start (optional) EAP-Success (optional) Association Req. (PMKID)

Association Resp.

PMK

N_PTK PMK

*Key Distribution (PTK) 4-way Handshake #1

*PMK Veri. (PMKID)

*PMK Veri. Success

Figure 5-11 Intra-MPP handoff traffic with ISD

For ISD, as shown in Figure 5-11, there are 7 messages transmitted via the WLAN Mesh: 2 messages for the PMK verification, 4 messages for the 4-way handshake and 1 message for the PTK distribution. TINTRA_AUTH and TINTRA_4W represent the traffic, where

ISD

y R is ratio of 802.1X authentication to 4-way handshake in average message size.

RADIUS-A.-Req.

Current MAP Target MAP MPP AS

4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4

MP … STA

Association Req. (PMKID) Association Resp.

Figure 5-12 Intra-MPP handoff traffic with 802.11i

For 802.11i, as shown in Figure 5-12, only RADIUS messages are transmitted via the WLAN Mesh. TINTRA_AUTH and TINTRA_4W represent the traffic, where

802.11i

(

PMK_MISS

)

INTRA_4W PMK_MISS

(

INTRA_AUTH INTRA_4W

)

INTRA P T P T T

T = 1− ⋅ + ⋅ + (25)

5.2.2.2 Inter-MPP Handoff Traffic

TINTER represents the traffic generated by the security mechanism for an STA performing the inter-MPP handoff, which consists of authentication traffic (TINTER_AUTH) and 4-way handshake traffic (TINTER_4W).

RADIUS-A.-Req.

RADIUS-A.-Challenge RADIUS-A.-Req.

RADIUS-A.-Accept (MSK) Target MAP MP … MPP (Authenticator) AS STA (Supplicant)

*Key Distribution (PTK)

*PMK Veri. Req. (PMKID)

4-way Handshake #1

Association Req. (PMKID) Association Resp.

Figure 5-13 Inter-MPP handoff traffic with ISD

For ISD, as shown in Figure 5-13, all EAPOL messages and 4-way handshake messages are transmitted via the WLAN Mesh. TINTER_AUTH and TINTER_4W represent the traffic, where

For 802.11i, as shown in Figure 5-14, the traffic is the same as the intra-MPP handoff traffic. TINTER_AUTH and TINTER_4W represent the traffic, where

(

−¹

)

^{, 802.11i}

Target MAP MPP AS

4 Way Handshake #1 4 Way Handshake #2 4 Way Handshake #3 4 Way Handshake #4

MP … STA

Association Req. (PMKID) Association Resp.

Figure 5-14 Inter-MPP handoff traffic with 802.11i

Based on equations (26), (27), (28) and (29), TINTER is defined as

(

PMK_MISS

)

INTER_4W PMK_MISS

(

INTER_AUTH INTER_4W

)

INTER P T P T T

T = 1− ⋅ + ⋅ + (30)

5.2.3 Expected Handoff Overhead

Based on equations (8) (14), and (20), for an STA roaming within the WLAN Mesh, the expected handoff latency contributed by the security mechanism is defined as

[

1 ( 1) 2

]

Based on equations (8) (25), and (30), the expected handoff traffic is defined as

[

1 ( 1) 2

]

5.3 Experiment and Simulation

In order to obtain parameters of the equations, an experimental platform is built to measure the handoff latency, transmission time, the number of messages, etc. The ex-perimental environment is shown in Figure 5-15, where the AS, two authenticators and the supplicant reside in a LAN.

In order to obtain parameters of the equations, an experimental platform is built to measure the handoff latency, transmission time, the number of messages, etc. The ex-perimental environment is shown in Figure 5-15, where the AS, two authenticators and the supplicant reside in a LAN.

在文檔中 支援IEEE 802.11s無線區域網狀網路整合式安全網域之機制 (頁 57-0)