|
This document presents the problem of authentication and authorization in wireless mesh networks constituted by several users communicating with application servers and communicating with each other in a single or multi-hop fashion. Each user in this environment can also play the role of an application provider.
Imagine a large music event where the provided network infrastructure is enhanced with network storage equipment to allow visitors to access content relating to the bands playing at the events, such as recorded video of previous performances, supplementary audio and video material relevant to the bands playing, etc. Certain content is, however, not necessarily available to everyone under the same conditions. Instead access control is applied before the full range of audio, and video material can be accessed. Other content, such as previews, might be offered for free. How can such authentication, and authorization infrastructure be made available with minimal configuration complexity for a temporary event like a music festival?
This document lists the requirements for a potentially needed Kerberos extension and presents a solution proposal based on the attempt to use a Kerberos extension for mutual authentication in wireless mesh networks.
This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”
This Internet-Draft will expire on April 21, 2011.
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] (Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997.).
Authentication and authorization to services access is still an open problem in wireless mesh network distributed environments in which several users would need to communicate to several application servers and with each other in a single or multi-hop fashion, and each user could play the role of an application provider.
The Kerberos authentication model [RFC4120] (Neumann, C., Yu, T., Hartman, S., and K. Raeburn, “The Kerberos Network Authentication Service (V5),” July 2005.) uses a symmetric cryptography approach, offering a high security level and allowing mutual authentication. The principle of using service tickets in Kerberos allows for credentials distribution which is suitable for wireless mesh networks distributed environments. However, the centralized approach in Kerberos (where each user should communicate with the authentication server each time he needs services credentials) restricts its usage for authentication in such distributed environments. Furthermore, Kerberos rather authenticates each node with respect to the authentication server and to the application server. The distributed credentials principle in Kerberos (through Service tickets) is promising for allowing authentication between each user and the application. However, the authentication between each two users who communicate with each other is still not covered by Service tickets, especially with the dynamic nature of distributed environments in which users connectivity (that could be single or multi-hop) change frequently with time.
Although the multi-hop communication is transparent to the application, there is a need to handle the authentication and access control among the different multi-hop communicating nodes to prevent against malicious actions taken by the human users themselves. Based on this fact, this draft proposes to use a common key obtained by Kerberos for authentication among each two nodes who communicate together in a multi-hop fashion. This common key is dynamic (renewable with time) for security reasons in such dynamic and distributed wireless environment that is less secure.
This section presents a number of requirements motivated by the problem defined in the previous section. These requirements are as follows:
This section presents a solution proposal extending the Kerberos authentication model for authenticating each user node in wireless mesh networks with respect to the network operator and with respect to other users nodes participating in the network.
The Kerberos server resides in the local mesh network or in an external network and each user node needs to communicate firstly with this server in order to authenticate with respect to the operator and to obtain the necessary credentials (Kerberos tickets) for authentication with other users nodes and for accessing the offered services in the mesh network. The communication can take place in a single hop or through multi-hops (passing by intermediate users nodes) according to the proximity of each user node from the application providers nodes.
To prevent unreliable communication from taking place (intermediate nodes could do DoS, messages truncating,...), this solution proposal extends the classical Kerberos authentication model to adapt to the multi-hop communication through introducing a new shared secret for authentication and access control between intermediate nodes along the multi-hop communication. But, if this secret is the same for all the time, it could be compromised and the entire network would be compromised. Then several shared secrets (taking the form of a service ticket obtained through a TGS request) should be obtained.
The solution proposal takes the following sequence:
This section presents the potential use-cases for distributed environments of wireless mesh networks having multi-hop communication and requiring distributed authentication authorization.
This document focuses on the distributed authentication through the Kerberos protocol and presents the requirements to be considered.
This document does not require actions by IANA.
We would like to thank Hannes Tschofenig for his comments on this draft and for encouraging us to publish it.
We would also like to thank our colleague Estelle Transy for all the discussions during the use-cases definition.
[RFC2119] | Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels,” March 1997. |
[RFC3365] | Schiller, J., “Strong Security Requirements for Internet Engineering Task Force Standard Protocols,” August 2002. |
[RFC4120] | Neumann, C., Yu, T., Hartman, S., and K. Raeburn, “The Kerberos Network Authentication Service (V5),” July 2005. |
Hassnaa Moustafa | |
France Telecom - Orange | |
38-40 rue du General Leclerc | |
Issy Les Moulineaux, 92794 Cedex 9 | |
France | |
Email: | hassnaa.moustafa@orange-ftgroup.com |
Gilles Bourdon | |
France Telecom | |
90 boulevard Kellermann | |
75013 Paris, | |
France | |
Email: | gilles.bourdon@orange-ftgroup.com |
Tom Yu | |
MIT Kerberos Consortium | |
Email: | tlyu@mit.edu |