Upload
prathima
View
213
Download
0
Embed Size (px)
Citation preview
Safeguarding Cooperation in Synergy MAC
Santosh Kulkarni and Prathima Agrawal
Auburn University, Auburn, AL, USA 36849
Emails: {[email protected], [email protected]}
Abstract—Cooperative communication is a novel, diversity-improving technique that holds great promise for the future ofwireless networks. But in order to fully exploit this diversityrealized at the physical layer, the idea of node cooperation needsto be extended to other layers of the protocol stack as well.Synergy MAC is one such extension to the MAC sublayer. Asper this protocol, whenever a source intends to transmit somedata to the destination, it solicits the support of its neighborsfor the ensuing data transfer. When one a willing neighboris identified as the relay, the source transmits its data to thedestination by forwarding it via the enlisted relay. In doingthis, not only does Synergy MAC realize spatial diversity butis also able to achieve faster transmission speeds. However, relayassisted two hop transmission in Synergy MAC gives rise tonumerous concerns about its security. To address these concerns,appropriate security schemes need to be adapted to suit SynergyMAC. In this paper, we discuss various security issues introducedby cooperation in Synergy MAC and utilize two security schemesto address those problems. The techniques that are discussed hereenable popular security schemes like WEP, WPA and WPA2 tosuccessfully operate with Synergy MAC.
I. INTRODUCTION
Since the advent of IEEE’s 802.11 standard [1], Wireless
Local Area Networks (WLAN) have gained widespread ac-
ceptance in providing broadband wireless access to portable
nodes. The performance of WLANs however, is severely
affected when the network’s radio waves experience fading.
Though spatial diversity is known to minimize the ill effects
of fading, realizing it generally requires incorporation of newer
technologies such as Multiple Input Multiple Output (MIMO)
systems. But it is impractical to equip every node in a network
with multiple antennae, primarily due to the node’s size and
energy constraints.
Recent research on cooperative communication [6], [9],
[11], [12], [13] demonstrates that spatial diversity can also be
achieved by exploiting some key characteristics of the wireless
medium. Because of the broadcast nature of the medium, any
signal transmitted on the channel is overheard by all nodes
within range. If such nodes were to retransmit the overheard
signal to destination rather than discarding it completely, the
destination would effectively receive extra observations of
the source signal, resulting in diversity. In short, cooperative
system can be seen as a virtual antenna array, where each
antenna in the array corresponds to an assisting neighbor
[5]. However, to exploit this diversity realized at the physical
layer, the idea of node cooperation needs to be extended to
other layers of the protocol stack. Synergy MAC [7] is one
such extension to the MAC sublayer. It was devised to take
advantage of cooperating neighbors while remaining backward
compatible with legacy 802.11b [2]. As this protocol, when-
ever a source node experiences poor channel conditions with
the intended destination, it solicits the help of its neighbors
in transferring its data to the destination. When a willing
neighbor is identified as the relay, the source sends its data to
the destination using a two-hop, via-relay transmission. Since
the relay experiences better channel conditions with both the
source and the destination, in addition to realizing spatial
diversity, the two-hop via-relay transmission also achieves
higher data transmission rates. As a result, Synergy MAC is
able to substantially improve the performance of WLANs.
Despite these improvements, Synergy MAC’s argument of
involving a third party node as relay in an otherwise direct two
node (source-destination) interaction raises concerns about its
security. Not only is source’s data passing through the third
party relay, but also the fact that the identity of the relay
is advertised on the fly and not previously known, makes
the problem a lot more serious. Hence all potential security
loopholes resulting from relay node’s participation in data
transfer between source and destination need to be thoroughly
investigated. In this paper we first study all security issues
that arise in Synergy MAC due to its reliance on a third
party relay. We then utilize two security schemes discussed
in [10] to adapt popular security techniques like WEP, WPA
and WPA2 [1] [3] to suit Synergy MAC. The rest of the
paper is organized as follows: In Section 2 we present a
brief overview of the Synergy MAC protocol followed by an
enumeration of its security concerns. In Section 3 we provide a
brief overview of the 802.11i security framework. In Section 4
we propose solutions to fix security issues described in Section
2. In Section 5 we further examine our proposed solution and
finally, conclude the paper in Section 6.
II. SYNERGY MAC PROTOCOL
This section presents a brief overview of the Synergy MAC
protocol followed by a discussion on its cooperation related
security concerns. Interested readers can find more details of
the studied protocol in [7] and [8].
A. Protocol Overview
Synergy MAC is an IEEE 802.11b based medium access
control protocol designed to realize cooperative diversity at the
physical (PHY) layer. Although based on IEEE 802.11b, the
protocol can be easily adapted to suit any MAC sub-layer that
offers multi-rate capability for packet transmission. At present,
Synergy MAC’s PHY layer uses Direct Sequence Spread
Spectrum (DSSS) which operates in the 2.4GHz industrial,
156978-1-4244-5692-5/10/$26.00 © IEEE 2010
42nd South Eastern Symposium on System TheoryUniversity of Texas at TylerTyler, TX, USA, March 7-9, 2010
M2C.6
scientific, medical (ISM) band and uses DBPSK, DQPSK and
CCK modulation schemes to support transmission rates of
1Mbps, 2Mbps, 5.5Mbps and 11Mbps. A node running Syn-
ergy MAC protocol, selects its modulation scheme based on
its perceived Signal-to-Noise Ratio (SNR) to the destination.
Synergy MAC provides access to the shared wireless
medium through 802.11b’s contention based access mecha-
nism, called Distributed Coordination Function (DCF). The
DCF mechanism is based on Carrier Sense Multiple Access
with Collision Avoidance (CSMA/CA) under which a node
with data to transmit, has to first sense the wireless medium to
determine if it is free. It also employs 802.11b’s virtual carrier
sensing by using frames like Request to Send (RTS) and Clear
to Send (CTS). Such control frames set the Network Allocation
Vector (NAV) using which nodes in the network are able to
avoid collisions resulting from hidden terminals. If the data
packet following the control frames is received without any
errors, the destination node sends an acknowledgment (ACK)
packet back to the source. When a source node Ns wants to
Fig. 1. Three-way handshake followed by data exchange in Synergy MAC
send L octets of data to destination Nd, it first sends an RTS
frame to the destination indicating the time needed to transmit
all the octets using direct transmission. When an intermediate
node Nr, overhears this RTS transmission, it computes the
time required to transmit the same data frame over two hops
with itself acting as the relay. If Nr determines that it can
offer a faster two hop alternative, it volunteers to become a
relay by broadcasting a self addressed CTS frame (CTSr). To
resolve potential collisions between many such volunteering
Nrs, the CTSr frame from all eligible intermediate nodes
are governed by a contention window. The node that picks the
lowest slot in this contention window gets to transmit its CTSr
while the remaining candidates update their NAV based on the
Duration contained in this winning CTSr frame. When the
Fig. 2. NAV update in Synergy MAC
destination Nd overhears a CTSr (from relay Nr) soon after
receiving an RTS from source Ns, it transmits a CTS frame
(CTSd) to the source. This CTSd requests Ns to send its L
octets using the faster two hop alternative via node Nr. On
receiving a CTSd from the destination, source Ns updates the
Duration field of its L octet data frame and transmits it to
relay Nr. Relay Nr then forwards the data frame to destination
Nd which responds with an ACK addressed to source Ns. Data
transfer cycle in Synergy MAC is complete when the source
Ns receives the ACK from the destination. Figure 1 depicts
the protocol’s three-way handshake mechanism followed by
its two-hop data transfer. The corresponding NAV update
mechanism is illustrated in Figure 2.
B. Security Concerns
Since all potential relays in Synergy MAC are governed by
a contention window, it is unlikely that the same node will be
judged the winner every single time. Nevertheless, malicious
relays are always a threat. Security issues resulting from
malicious relays are nothing but variations of the classic Man
in the Middle form of attacks and can be broadly classified
into the following categories: (a) relay deliberately dropping
frames (b) relay spoofing an ACK from destination (c) relay
modifying source’s data. The following paragraphs discuss
these issues in greater detail.
The first security issue is that of Denial of Service (DoS)
caused by a malicious relay which deliberately stops for-
warding source’s dataframes to destination. This scenario is
depicted in Figure 3(a). The source node can detect such
deliberate acts of frame dropping by either listening for the
second hop transmission from relay to destination or by
imposing a timeout on the duration required to receive an
ACK from destination. If a relay is identified as malicious,
the source node blacklists its ID and solicits help from its
remaining neighbors. If none are available and/or willing, the
source can transmit its data directly to the destination albeit
at slower speeds.
The second security issue is that of ACK spoofing by the
relay. A malicious relay may try to deny service to the source
by dropping the dataframes and spoofing an ACK, causing
the source to wrongly conclude a successful transmission.
Such a scenario is depicted in Figure 3(b). Like before, the
source node can detect such acts of DoS by listening in
on the second hop transmission. Alternatively the destination
can also help the source by sending in a NACK (a negative
acknowledgment) frame when it fails to receive a scheduled
data frame from relay.
The third security issue is that of a relay modifying the
source’s payload before forwarding it to the destination. An
example setting of this scenario is illustrated in Figure 3(c).
When the communication integrity is compromised in this
manner, the destination is typically unaware of any such
modifications. Thus, it might erroneously respond back with
critical/sensitive information. Although the use of strong en-
cryption techniques should thwart all modifications that result
in corruption free frames, few of the established techniques
157
(a) Relay dropping frames. (b) Relay spoofing ACK. (c) Relay modifying data.
Fig. 3. Security concerns in Synergy MAC
like WEP have been shown to be unsafe [4]. Security schemes
in 802.11i however, are not vulnerable to such attacks unless
the exact decryption key is known to the relay. Hence it is a lot
safer to use IEEE 802.11i based security schemes in Synergy
MAC.
III. AN OVERVIEW OF 802.11I
Wi-Fi Protected Access 2 or WPA2 also known as IEEE
802.11i [3], is a certification program created by the Wi-Fi Al-
liance to indicate compliance with protocols that were specif-
ically created to secure wireless networks. This certification
program was created in response to several serious weaknesses
found in previous Wired Equivalent Privacy (WEP) system [4].
But as 802.11i was still being drafted, an intermediate solution
was needed to secure all wireless communications in absence
of the WEP. This led to the introduction of WPA protocol
prior to the full fledged release of 802.11i.
While WEP and WPA used the RC4 stream cipher, WPA2
uses the stronger Advanced Encryption Standard (AES) block
cipher making it much more secure. Also its architecture
consists of a 802.1X authentication server used for authentica-
tion, a Robust Secure Network (RSN) used for keeping track
of associations and AES based Counter Mode with Cipher
Block Chaining Message Authentication Code (CCMP) used
to provide confidentiality, integrity and origin authentication.
Like WPA, 802.11i too supports Pre-Shared Key (PSK) mode,
which was designed for home and office networks that could
not afford the cost of an 802.1X authentication server.
A. TKIP
Temporal Key Integrity Protocol (TKIP) is a security pro-
tocol designed by the IEEE 802.11i task group and the Wi-Fi
Alliance as a solution to replace WEP without requiring the
replacement of legacy hardware. This was necessary because
the breaking of WEP had left WiFi networks without viable
link-layer security, and a solution was required for already
deployed hardware. To be able to run on legacy WEP hardware
with minor upgrades, TKIP uses RC4 as its cipher. It also
provides a rekeying mechanism ensuring that every data packet
is sent with a unique encryption key. Additionally, TKIP’s
message integrity check prevents forged packets from being
accepted. Figure 4(a) depicts the format of a TKIP MAC
protocol data unit (MPDU).
B. CCMP
Counter Mode with Cipher Block Chaining Message Au-
thentication Code Protocol (CCMP) is an IEEE 802.11i en-
cryption protocol created to replace TKIP the earlier, inse-
cure protocol. CCMP uses the Advanced Encryption Standard
(AES) algorithm is a mandatory part of the WPA2 standard, an
optional part of the WPA standard, and a required option for
Robust Security Network (RSN) Compliant networks. Unlike
in TKIP, key management and message integrity is handled
by a single component built around AES. Data is encrypted
using Counter (CTR) mode in AES. Authentication is achieved
by using a Cipher Block Chaining Message Authentication
Code (CBCMAC). This combination of CTR and CBCMAC
is what constitutes CCMP. Integrity is assured by calculating
a MIC (Message Integrity Code) sum to check if the message
is altered, protecting data from replay attacks. [10]. Figure
4(b) depicts the format of a CCMP MAC protocol data unit
(MPDU).
IV. SECURITY IN SYNERGY MAC
In order to secure Synergy MAC protocol, we need to be
able to modify without corruption, the IEEE 802.11 header of
the packet at the relay (source, destination MAC addresses)
for the relay-to-destination transmission. Thus, the current
approach to implement Synergy MAC will not be compatible
with 802.11i [3]. In both TKIP and AES mode, the integrity
check covers the MAC header of the packet in addition to
its payload. This check calculates a message integrity check
(MIC) over the source and destination address as well as the
MSDU plaintext data. Thus, if the relay changes anything
in the header, the integrity check at the destination will fail
and the packet will be discarded. No ACK will be issued,
so the source will try to retransmit. After a few unsuccessful
retransmissions, the source will then blacklist its relay to avoid
using it in the future; an action which is not desirable. Hence
in order to make 802.11i work in a cooperative network we
need to make some modifications to the protocol in terms
of header management so as to support its encryption and
authentication mechanisms. After a careful study of 802.11i
and Synergy MAC implementation, we propose two possible
solutions in order to make Synergy MAC compatible with the
IEEE 802.11i architecture:
A. Nested Header Scheme
Source
• In this method before any authentication or encryption is
performed, the source if using cooperation, obtains the
shared keys for both the relay and the destination.
• The source first prepares the second hop packet which
will be transmitted from the relay to the destination. This
158
(a) Format of a TKIP MPDU. (b) Format of a CCMP MPDU.
Fig. 4. IEEE 802.11i MPDU formats.
packet is the same as what a direct source to destination
transmission packet would have been, and is encrypted
and authenticated with the key shared between the source
and destination.
• Now this entire MAC level packet with its second hop
header is treated as payload and again encapsulated and
encrypted with respect to the first hop transmission i.e.
with the relay being the destination (hence the key is the
one which is shared between the source and relay).
• This doubly encapsulated and encrypted packet is now
transmitted. Thus this mechanism secures both the
source-relay and relay-destination links.
Fig. 5. Nested header format scheme.Relay
• Identifies if the received packet is using cooperation and
is the first hop.
• If it is first hop then remove out the first hop header
and transmit the remainder of the packet to the intended
destination with no modifications at all. Here relay cannot
modify the packet payload without risking its corruption,
as it is still encrypted with the 802.11i key shared between
the source and destination.
Destination
• Receives the packet and performs decryption.
• Calculates MIC for the packet and compares with the
original calculated MIC in the packet. If there has been no
modification to the parts of packet used in the calculation
of original MIC, the packet will successfully clear this
integrity check.
• Thus the authenticity and privacy of the packet is ensured.
The nested header format increases the transmission over-
head by one 802.11 header per transmission. This overhead
can be removed by using the false header format.
B. False Header Scheme
Source
• In this method before any authentication or encryption is
performed, the source if using cooperation, obtains the
shared keys for both the relay and the destination.
• The source first prepares the second hop packet which
will be transmitted from the relay to the destination. This
packet is the same as what a direct source to destination
transmission packet would have been, and is encrypted
and authenticated with the key shared between the source
and destination.
• Now the source replaces this second hop header with the
first hop header and without any further encryption or
authentication transmits the packet to the relay. It must be
noted that the header is still in plaintext. Hence, at present
the packet is a corrupt packet because of its incorrect
header but the correct header is known to the relay.
Fig. 6. False header format scheme.
Relay
• Identifies if the received packet is using cooperation and
is the first hop.
• If it is the first hop then the relay simply modifies the
plaintext header with second hop source and destination
fields and transmits the packet to the destination. Now the
header is the same as that for which the source calculated
the MIC.
Destination
• Receives the packet and performs decryption.
• Calculates MIC for the packet and compares with the
original calculated MIC in the packet. If there has been no
modification to the parts of packet used in the calculation
of original MIC, the packet will successfully clear this
integrity check.
• Thus the authenticity and privacy of the packet is ensured.
V. ANALYZING SECURE COOPERATION
Of all the security issues, the most important concern with
the Synergy MAC approach is not that the relay being in
possession of the packet may try to decode it (this can be
159
even done by passive sniffing), but that it has to be given
the ability to modify the header but not the payload of the
packet. The following points can be observed with respect to
our proposed schemes:
• The relay cannot decrypt the packet as it does not have
the appropriate keys. 802.11i uses separate keys for each
node and no private keys are shared with the relay.
• The relay itself will be an authenticated node using
802.1X and hence will be a trusted entity. In order for a
malicious relay to be a part of the network implies that
first 802.1X server has to be hacked into.
• The relay may try to spoof some packets and send them
to the destination, but as it does not have the proper keys
it will not be able to do so. Similarly any kind of session
hijacking will also not be possible.
• An attack by an authenticated relay node will be limited
to denial of service. On detection of the loss of packets,
the source can quickly shift to another relay or transmit
directly to the destination and blacklist the relay so as
not to use it later.
• Other than this there are no possible attacks from the relay
due to the inherent security features of 802.11i, which
takes care of the following security concerns: (i) Access
to data (using strong encryption like AES) (ii) Spoofing
(per packet encryption/authentication) (iii) Replay attacks
(as CCMP uses a 48-bit Packet Number (PN) to prevent
replay attacks and construct a fresh nonce for each packet.
The large space of PN eliminates any worry about PN re-
usage during an association) and (iv) Man in the middle
attacks (strong mutual authentication)
It can also be noted that our implementations do not open up
any other security holes, as the environment will be controlled
(by appropriate modification in the driver/firmware) at the
source and the relay. These do not require disclosing of any
private keys by the source, relay or destination and hence
the data can at no point be decrypted by undesired nodes,
hence maintaining the confidentiality and integrity of the
environment.
VI. CONCLUSIONS
In this paper we studied the security implications that a
cooperative MAC protocol introduces in the current WiFi
security framework. We conclude that an intermediate relay
node that forwards packets to the destination can destroy the
network security when WEP is used, by changing the header
or the payload of the packet. However, when WPA or WPA2
(802.11i) is used, the intermediate node cannot change the
packet since both the payload and the header are used for
the encryption of the packet. Furthermore we proposed two
schemes for adjusting security (WPA or WPA2) to the new
cooperative environment. These schemes make Synergy MAC
support complete end to end security in the source-relay-
destination model of communication.
REFERENCES
[1] Ieee std. 802.11-1999, part 11: Wireless lan medium accesscontrol (mac) and physical layer (phy) specifications. IEEE Std.802.11, 1999 edition, 1999.
[2] Ieee std. 802.11b, supplement to part 11: Wireless lan mediumaccess control (mac) and physical layer (phy) specifications:Higher-speed physical layer extension in the 2.4 ghz band. IEEEStd 802.11b-1999, 2000.
[3] Ieee p802.11i/d10.0. medium access control (mac) securityenhancements, amendment 6 to ieee standard for informationtechnology – telecommunications and information exchangebetween systems – local and metropolitan area networks –specific requirements – part 11: Wireless medium access control(mac) and physical layer (phy) specifications. IEEE Std. 802.11i-2004, 2004.
[4] N. Borisov, I. Goldberg, and D. Wagner. Intercepting mobilecommunications: the insecurity of 802.11. In MobiCom ’01:Proceedings of the 7th annual international conference onMobile computing and networking, pages 180–189, New York,NY, USA, 2001. ACM.
[5] E. Erkip, A. Sendonaris, A. Stefanov, and B. Aazhang. Advancesin Network Information Theory, chapter Cooperative Communi-cation in Wireless Systems, pages 303–320. AMS DIMACSSeries, 2004.
[6] I. Hammerstroem, M. Kuhn, B. Rankov, and A. Wittneben.Space-time processing for cooperative relay networks. VehicularTechnology Conference, 2003. VTC 2003-Fall. 2003 IEEE 58th,1:404–408 Vol.1, Oct. 2003.
[7] S. Kulkarni, P. S. Prasad, and P. Agrawal. Performance en-hancement of mobile ad hoc networks using nodal cooperation.In WICON ’08: Proceedings of the 4th Annual InternationalConference on Wireless Internet, pages 1–8, ICST, Brussels,Belgium, Belgium, 2008. ICST (Institute for Computer Sciences,Social-Informatics and Telecommunications Engineering).
[8] S. Kulkarni, P. S. Prasad, and P. Agrawal. Enabling cooperationin mobile ad hoc networks. In SARNOFF’09: IEEE SarnoffSymposium, 2009, pages 1–5, 2009.
[9] J. Laneman, D. Tse, and G. Wornell. Cooperative diversity inwireless networks: Efficient protocols and outage behavior. IEEETransactions on Information Theory, 50(12):3062–3080, Dec.2004.
[10] S. Makda, A. Choudhary, N. Raman, T. Korakis, Z. Tao, andS. Panwar. Security implications of cooperative communicationsin wireless networks. In SARNOFF’08: IEEE Sarnoff Sympo-sium, 2008, pages 1–6, 2008.
[11] A. Sendonaris, E. Erkip, and B. Aazhang. User cooperationdiversity-part i: System description. IEEE Transactions onCommunications, 51(11):1927–1938, Nov. 2003.
[12] A. Sendonaris, E. Erkip, and B. Aazhang. User cooperationdiversity. part ii. implementation aspects and performance analy-sis. IEEE Transactions on Communications, 51(11):1939–1948,Nov. 2003.
[13] M. Valenti and N. Correal. Exploiting macrodiversity in densemultihop networks and relay channels. Wireless Communica-tions and Networking, 2003. WCNC 2003. 2003 IEEE, 3:1877–1882 vol.3, March 2003.
160