Providing Multi-layer Security Support for Wireless Communications across Multiple Trusted Domains

Recently many link layer security protocols have been developed and deployed to protect the wireless communications in local area networks. However, cryptanalysis has revealed lots of insecurities and vulnerabilities of the link layer protocols. In this paper we study a multi-layer alternative. Compared to a link layer approach, the multi-layer architecture provides better services, in particular efficient cross-domain mobility and effective security protection, to wireless communications across heterogeneously managed network domains. We implement a layer-independent point-to-point security model and a differentiated policy management model to realize the multi-layer architecture. Our implementation and experiments confirm the efficiency and effectiveness of our design.

[1]  Marianne Winslett,et al.  Limiting the Disclosure of Access Control Policies during Automated Trust Negotiation , 2001, NDSS.

[2]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[3]  Hari Balakrishnan,et al.  An end-to-end approach to host mobility , 2000, MobiCom '00.

[4]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[5]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[6]  Gerard Roca Mallofre Resource Reservation Protocol ( RSVP ) , 2022 .

[7]  Andrea Westerinen,et al.  Policy Core Information Model - Version 1 Specification , 2001, RFC.

[8]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[9]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[10]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping , 2012 .

[11]  Jesse Walker,et al.  Unsafe at any key size; An analysis of the WEP encapsulation , 2000 .

[12]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[13]  Niels Ferguson,et al.  A Simple Algebraic Representation of Rijndael , 2001, Selected Areas in Cryptography.

[14]  Angelos D. Keromytis,et al.  Trust Management and Network Layer Security Protocols , 1999, Security Protocols Workshop.

[15]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[16]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[17]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[18]  Glen Zorn,et al.  Criteria for Evaluating Roaming Protocols , 1999, RFC.

[19]  Angelos D. Keromytis,et al.  Trust management for IPsec , 2002, TSEC.

[20]  John Lee,et al.  Integration of IP mobility and security for secure wireless communications , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[21]  Stephen T. Kent IP Authentication Header (AH) , 2013 .

[22]  Fred Baker,et al.  Assured Forwarding PHB Group , 1999, RFC.

[23]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[24]  Victor Fajardo,et al.  Diameter Base Protocol , 2003, RFC.

[25]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[26]  Michael J. Oehler,et al.  HMAC-MD5 IP Authentication with Replay Prevention , 1997, RFC.

[27]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[28]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[29]  Van Jacobson,et al.  An Expedited Forwarding PHB , 1999, RFC.

[30]  Cheryl Madson,et al.  The Use of HMAC-SHA-1-96 within ESP and AH , 1998, RFC.

[31]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[32]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[33]  Marianne Winslett,et al.  Internet Credential Acceptance Policies , 1997, APPIA-GULP-PRODE.

[34]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[35]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[36]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[37]  William A. Arbaugh,et al.  An Initial Security Analysis of the IEEE 802.1X Standard , 2002 .

[38]  Cheryl Madson,et al.  The ESP DES-CBC Cipher Algorithm With Explicit IV , 1998, RFC.

[39]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[40]  Charles Lynn,et al.  Security policy specification language , 1998 .

[41]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .

[42]  Bruce Schneier,et al.  A Cryptographic Evaluation of IPsec , 1999 .

[43]  Jeffrey D. Case,et al.  Introduction to Version 3 of the Internet-standard Network Management Framework , 1999, RFC.

[44]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[45]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[46]  Charles E. Perkins,et al.  IP Mobility Support for IPv4 , 2002, RFC.

[47]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[48]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[49]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[50]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[51]  James R. Binkley An Integrated IPSEC and Mobile-IP for FreeBSD , 2001 .

[52]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[53]  Scott Shenker,et al.  General Characterization Parameters for Integrated Service Network Elements , 1997, RFC.

[54]  Virtual Bridged,et al.  IEEE Standards for Local and Metropolitan Area Networks: Specification for 802.3 Full Duplex Operation , 1997, IEEE Std 802.3x-1997 and IEEE Std 802.3y-1997 (Supplement to ISO/IEC 8802-3: 1996/ANSI/IEEE Std 802.3, 1996 Edition).

[55]  David A. Maltz,et al.  MSOCKS: an architecture for transport layer mobility , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[56]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[57]  Amir Herzberg,et al.  Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.