1 / 22

DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security

WIRELESS SECURITY AND ROAMING OVERVIEW. DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Nidal Aboudagga*, Jean-Jacques Quisquater UCL Crypto Group Belgium. Outline. Introduction WEP IEEE 802.1X WPA IEEE 802.11i Roaming Conclusion. Why Wireless?. Mobility

wdorman
Télécharger la présentation

DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Nidal Aboudagga*, Jean-Jacques Quisquater UCL Crypto Group Belgium

  2. Outline • Introduction • WEP • IEEE 802.1X • WPA • IEEE 802.11i • Roaming • Conclusion

  3. Why Wireless? • Mobility • Flexibility • Rapid deployment • Easy administration • Low cost • Simplicity of use • used in two modes: • Ad-Hoc • Infrastructure mode

  4. Wired Equivalent Privacy (WEP) (1) • Tried to ensure • Confidentiality • Integrity • Authenticity • Replaces the so-known MAC-address filtering • Uses the RC4 encryption algorithm to generate a key stream • Uses a shared key K (40bit/104bit)

  5. Wired Equivalent Privacy (WEP) (2)

  6. Wired Equivalent Privacy WEP (3) • Uses standard challenge response • An initialization vector, IV/(24bit): per packet number, sent in clear • WEP failed, because of many known attacks • IV Collision • Message injection • Authentication spoofing • Brute Force Attack • Weaknesses in the Key Scheduling Algorithm of RC4……)

  7. Network port authentication 802.1x (1) • Adapted to wireless use by IEEE 802.11 group • Based on Extensible Authentication Protocol (EAP) • Three elements are in use with 802.1x • Supplicant (user) • Authenticator (access point) • Authentication server (usually RADIUS) • Uses key distribution messages

  8. IEEE802.1x Access Control

  9. IEEE 802.1x EAP authentication

  10. 802.1X / EAP: Authentication methods • EAP-MD5: Vulnerable to a lot of attacks and did not support dynamic WEP keys • EAP-TLS: Uses certificates for servers and users. The user’s identity is revealed • EAP-TTLS: Uses server’s certificate. Protects user’s identity • PEAP: Similar to EAP-TTLS, used by Cisco and Microsoft in their products • LEAP: A Cisco proprietaryvulnerable to dictionary attacks, • EAP-SIM, EAP-SPEKE,…

  11. Wifi-Alliance Protected Access (1) • Built around IEEE 802.11i (draft 3) and compatible with existing material • Address WEP vulnerability • Supports mixed environment • Uses Temporal Key Integrity Protocol (TKIP), 128 bit RC4 key • The use of AES is optional

  12. Wifi-Alliance Protected Access (2) • A suite of 4 algorithms composes TKIP • A Message Integrity Code (MIC), called Michael to defeat forgeries • A new Initial Vector sequencing discipline, to prevent replay attacks • A key mixing function, to have a per-packet key • A re-keying mechanism, to provide fresh keys to the key mixing function

  13. TKIP encapsulation

  14. Wifi-Alliance Protected Access (3) • Solves the problems of integrity, authentication, forgery and replay attack in network with RADIUS server • In small network, WPA uses shared secret pass-phrase. This mode is vulnerable to the dictionary attack and impersonation • Preserves the RC4 algorithm with its known weakness to ensure compatibility

  15. 802.11i / Robust Security Network (RSN) • Uses AES by default to replace RC4 • Used in CCM mode: CTR + CBC-MAC • CCMP fixes 2 values of CCM parameters • M=8, indicating that the MIC is 8 octets • L=2, indicating the lenght field is 2 octets • Support Quality of Service • Support of preauthentication to enhance the roaming in wireless network

  16. CCMP Encapsulation

  17. Roaming • Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time) • Roaming to AP with whish cached a shared PMK from previous SA • skip authentication steps • use 4-way handshake key management protocol to negociate session key (PTK) and send (GTK) • useless when user roams to new AP • Preauthentication: the STA authenticate without association to another AP before leaving the old one

  18. Full authentication

  19. Preauthentication

  20. Problems of preauthentication • Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications • Preauthentification can only be used in the same ESS (extended set of service) • Preauthentication is an expensive computational load which may be useless

  21. Fast roaming • IEEE 802.11r WG to enhance fast roaming performance • It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake) • Adopt roaming key hierarchy • to minimize computational load • time dependency of KMP and • precomputation of roaming key R-PTK • Other works attempt to reduce probing latency IEEE802.11f

  22. Conclusion • When IEEE 802.11k is ratified, will improve roaming decisions with a site report sent to client STA • Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming • When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications • The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,…)

More Related