1 / 21

Wireless Unification Theory

Join us for an interactive workshop on Wireless Unification Theory, led by William Arbaugh from the University of Maryland. We'll discuss the evolving landscape of wireless access, focusing on security challenges, continuity of mobility, and the need for standardization in authentication processes. This workshop aims to tackle hard research problems and bureaucratic obstacles in integrating diverse wireless networks securely. Participants are encouraged to engage in discussions, share insights, and explore research questions that address the future of wireless technologies and their vulnerabilities.

julianna-larya
Télécharger la présentation

Wireless Unification Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Unification Theory William Arbaugh University of Maryland College Park

  2. Bureaucracy • Speakers please introduce yourself to me and provide a copy of your slides to the note taker • Workshop should be interactive- ask questions, answer questions

  3. What do you want from the Workshop? ?

  4. Welcome! • Program consists of talks and discussions • Want to focus on discussions (more to follow) • Goal is to identify hard research problems and potential bureaucratic and standardization stumbling blocks

  5. Technical Trends • Wireless access is becoming ubiquitous and broadband in nature • Users are become more mobile • Mobility for data access is changing from “discrete mobility” to “continous mobility” • Base stations are cheaper with less physical security • All of the wireless technologies have differing authentication and access control frameworks! • Interworking

  6. Threat • Interworking allows attackers to find the “path of least resistance” and establish “man in the middle attacks” • The network with the weakest security will be the entry point • Providers will either not allow networks with weak security to join (limit Interworking growth) or allow it which introduces security problems.

  7. Workshop Goals • How do we tie these networks together in a secure fashion? • Deal with legacy networks? • Deal with future networks? • Vertical/Horizontal roaming?

  8. Technical • Patch work of technology CHAP EAP TLS A5 VLR HLR PEAP AES-CCM AKA CAVE

  9. Standardize it? IEEE IETF IRTF ISO 3GPP WWRF

  10. How do we do it? • I have no idea! • One of the main motivations for this workshop!

  11. Things to think about • What are the research questions? • What are the problems? • Standardization problems • Technical problems • Policy problems

  12. Technical Overview • IEEE 802.1x • EAP • Roaming

  13. IEEE 802.1x • Provides access control and key distribution method to AP/base station • Centralized authentication • Uses EAP

  14. Dual Port Model LAN Authenticator System Access Server Port unauthorized Controlled Port Uncontrolled Port Access Point Client / Supplicant

  15. Trust Relationships EAP method Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.

  16. Trust Relationships EAP method Transitively derived Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.

  17. Trust Relationships • Note that the client and the AP/Base station have no direct trust relationship • It is derived transitively if and only if the infrastructure establishes a trust relation between the AP and the RADIUS server

  18. Supplicant Authenticator EAP REQUEST/IDENTITY EAP RESPONSE/IDENTITY (MyID) EAP REQUEST/OTP, OTP Challenge EAP RESPONSE/OTP, OTP PW EAP Success Port authorized EAP Session Authentication Server

  19. EAP Authentication • Authentication may not be mutual • Loss of anonymity due to identity request • What are you authenticating? • User? • Device? • Do we need both?

  20. Roaming Challenges • What is equivalent security? • Hand-off’s between differing physical and MAC layers in under 30ms? • Soft hand-over easy at layers 2 and below but more difficult at layer 3 and above • Hard hand-over just plain hard • Some authentication methods are complex, compute intensive, and take too long

  21. What did I miss?

More Related