210 likes | 314 Vues
Wireless Unification Theory. William Arbaugh University of Maryland College Park. Bureaucracy. Speakers please introduce yourself to me and provide a copy of your slides to the note taker Workshop should be interactive- ask questions, answer questions. What do you want from the Workshop?.
E N D
Wireless Unification Theory William Arbaugh University of Maryland College Park
Bureaucracy • Speakers please introduce yourself to me and provide a copy of your slides to the note taker • Workshop should be interactive- ask questions, answer questions
Welcome! • Program consists of talks and discussions • Want to focus on discussions (more to follow) • Goal is to identify hard research problems and potential bureaucratic and standardization stumbling blocks
Technical Trends • Wireless access is becoming ubiquitous and broadband in nature • Users are become more mobile • Mobility for data access is changing from “discrete mobility” to “continous mobility” • Base stations are cheaper with less physical security • All of the wireless technologies have differing authentication and access control frameworks! • Interworking
Threat • Interworking allows attackers to find the “path of least resistance” and establish “man in the middle attacks” • The network with the weakest security will be the entry point • Providers will either not allow networks with weak security to join (limit Interworking growth) or allow it which introduces security problems.
Workshop Goals • How do we tie these networks together in a secure fashion? • Deal with legacy networks? • Deal with future networks? • Vertical/Horizontal roaming?
Technical • Patch work of technology CHAP EAP TLS A5 VLR HLR PEAP AES-CCM AKA CAVE
Standardize it? IEEE IETF IRTF ISO 3GPP WWRF
How do we do it? • I have no idea! • One of the main motivations for this workshop!
Things to think about • What are the research questions? • What are the problems? • Standardization problems • Technical problems • Policy problems
Technical Overview • IEEE 802.1x • EAP • Roaming
IEEE 802.1x • Provides access control and key distribution method to AP/base station • Centralized authentication • Uses EAP
Dual Port Model LAN Authenticator System Access Server Port unauthorized Controlled Port Uncontrolled Port Access Point Client / Supplicant
Trust Relationships EAP method Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.
Trust Relationships EAP method Transitively derived Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.
Trust Relationships • Note that the client and the AP/Base station have no direct trust relationship • It is derived transitively if and only if the infrastructure establishes a trust relation between the AP and the RADIUS server
Supplicant Authenticator EAP REQUEST/IDENTITY EAP RESPONSE/IDENTITY (MyID) EAP REQUEST/OTP, OTP Challenge EAP RESPONSE/OTP, OTP PW EAP Success Port authorized EAP Session Authentication Server
EAP Authentication • Authentication may not be mutual • Loss of anonymity due to identity request • What are you authenticating? • User? • Device? • Do we need both?
Roaming Challenges • What is equivalent security? • Hand-off’s between differing physical and MAC layers in under 30ms? • Soft hand-over easy at layers 2 and below but more difficult at layer 3 and above • Hard hand-over just plain hard • Some authentication methods are complex, compute intensive, and take too long