Lightweight Authentication in Wireless Networks

Abstract: In this thesis, we develop and analyse two novel authentication protocols well suited for wireless devices. iven that wireless devices have limited resources such as processing power, bandwidth, storage, and energy, the proposed authentication protocols need to be lightweight. Due to these limitations there is a tradeoff between security and performance. To guarantee complete network access control the authentication is performed on a per-packet basis. Therefore, a Lightweight Authentication Code (LAC) is embedded in each packet as an authenticator. Authentication is necessary to guarantee the identity of a source since, with a wireless network, an adversary could easily inject traffic to get access to a network or launch a Denial-of-Service attack. The protocols are designed to be generic and applicable to standards such as IEEE 802.11 and Bluetooth. In order to handle packet loss or an attack, synchronization algorithms are advanced and analysed to synchronize the sender's and the receiver's LACs. We further propose to use the lightweight authentication protocol as part of a detection and response scheme to handle Denial-of-Service attacks such as resource exhaustion. Five Adaptive Packet Discard Mechanisms (APDMs) are presented, in which the lightweight authentication protocols function as a first line of defense to protect the second and much stronger security service from exhaustion. With these mechanisms, we believe it is possible to reduce, if not remove, the effects of a Denial-of-Service attack on complex security systems. Finally, we extend the applicability to secure usage-based accounting, in which lightweight authentication per-packet is necessary to utilize accounting resources efficiently and guarantee accounting correctness.