Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Wireless Security and Roaming Overview

advertisement 
WIRELESS SECURITY AND
ROAMING OVERVIEW
DIMACS
November 3-4, 2004
Workshop: Mobile and Wireless Security
Nidal Aboudagga*, Jean-Jacques Quisquater
UCL Crypto Group
Belgium
DIMACS Nov 3 - 4, 2004
Outline
•
•
•
•
•
•
•
Introduction
WEP
IEEE 802.1X
WPA
IEEE 802.11i
Roaming
Conclusion
DIMACS Nov 3 - 4, 2004
2
Why Wireless?
• Mobility
• Flexibility
– Rapid deployment
– Easy administration
• Low cost
• Simplicity of use
• used in two modes:
– Ad-Hoc
– Infrastructure mode
DIMACS Nov 3 - 4, 2004
3
Wired Equivalent Privacy (WEP) (1)
•
Tried to ensure
–
–
–
–
•
•
Confidentiality
Integrity
Authenticity
Replaces the so-known MAC-address filtering
Uses the RC4 encryption algorithm to
generate a key stream
Uses a shared key K (40bit/104bit)
DIMACS Nov 3 - 4, 2004
4
Wired Equivalent Privacy (WEP) (2)
DIMACS Nov 3 - 4, 2004
5
Wired Equivalent Privacy WEP (3)
• Uses standard challenge response
• An initialization vector, IV/(24bit): per packet
number, sent in clear
• WEP failed, because of many known attacks
–
–
–
–
–
IV Collision
Message injection
Authentication spoofing
Brute Force Attack
Weaknesses in the Key Scheduling Algorithm of
RC4……)
DIMACS Nov 3 - 4, 2004
6
Network port authentication 802.1x (1)
• Adapted to wireless use by IEEE 802.11
group
• Based on Extensible Authentication Protocol
(EAP)
• Three elements are in use with 802.1x
– Supplicant (user)
– Authenticator (access point)
– Authentication server (usually RADIUS)
• Uses key distribution messages
DIMACS Nov 3 - 4, 2004
7
IEEE802.1x Access Control
DIMACS Nov 3 - 4, 2004
8
IEEE 802.1x EAP authentication
DIMACS Nov 3 - 4, 2004
9
802.1X / EAP: Authentication methods
• EAP-MD5: Vulnerable to a lot of attacks and
did not support dynamic WEP keys
• EAP-TLS: Uses certificates for servers and
users. The user’s identity is revealed
• EAP-TTLS: Uses server’s certificate. Protects
user’s identity
• PEAP: Similar to EAP-TTLS, used by Cisco
and Microsoft in their products
• LEAP: A Cisco proprietary vulnerable to
dictionary attacks,
• EAP-SIM, EAP-SPEKE,…
DIMACS Nov 3 - 4, 2004
10
Wifi-Alliance Protected Access (1)
• Built around IEEE 802.11i (draft 3) and
compatible with existing material
• Address WEP vulnerability
• Supports mixed environment
• Uses Temporal Key Integrity Protocol (TKIP),
128 bit RC4 key
• The use of AES is optional
DIMACS Nov 3 - 4, 2004
11
Wifi-Alliance Protected Access (2)
• A suite of 4 algorithms composes TKIP
– A Message Integrity Code (MIC), called
Michael to defeat forgeries
– A new Initial Vector sequencing discipline,
to prevent replay attacks
– A key mixing function, to have a per-packet
key
– A re-keying mechanism, to provide fresh
keys to the key mixing function
DIMACS Nov 3 - 4, 2004
12
TKIP encapsulation
DIMACS Nov 3 - 4, 2004
13
Wifi-Alliance Protected Access (3)
• Solves the problems of integrity,
authentication, forgery and replay attack in
network with RADIUS server
• In small network, WPA uses shared secret
pass-phrase. This mode is vulnerable to the
dictionary attack and impersonation
• Preserves the RC4 algorithm with its known
weakness to ensure compatibility
DIMACS Nov 3 - 4, 2004
14
802.11i / Robust Security Network (RSN)
• Uses AES by default to replace RC4
– Used in CCM mode: CTR + CBC-MAC
• CCMP fixes 2 values of CCM parameters
• M=8, indicating that the MIC is 8 octets
• L=2, indicating the lenght field is 2 octets
• Support Quality of Service
• Support of preauthentication to enhance the
roaming in wireless network
DIMACS Nov 3 - 4, 2004
15
CCMP Encapsulation
DIMACS Nov 3 - 4, 2004
16
Roaming
• Roaming with full authentication IEEE
802.1x/EAP or PSK (very big latency time)
• Roaming to AP with whish cached a shared
PMK from previous SA
– skip authentication steps
– use 4-way handshake key management protocol to
negociate session key (PTK) and send (GTK)
– useless when user roams to new AP
• Preauthentication: the STA authenticate
without association to another AP before
leaving the old one
DIMACS Nov 3 - 4, 2004
17
Full authentication
DIMACS Nov 3 - 4, 2004
18
Preauthentication
DIMACS Nov 3 - 4, 2004
19
Problems of preauthentication
• Preauthentication enhances the performance
of roaming but the handoff latency limits the
performance for multimedia applications
• Preauthentification can only be used in the
same ESS (extended set of service)
• Preauthentication is an expensive
computational load which may be useless
DIMACS Nov 3 - 4, 2004
20
Fast roaming
• IEEE 802.11r WG to enhance fast roaming
performance
• It reduces the hand-off latency of the 4-way
handshake protocol (creating alternative
optional 3-way handshake)
• Adopt roaming key hierarchy
– to minimize computational load
– time dependency of KMP and
– precomputation of roaming key R-PTK
• Other works attempt to reduce probing latency
IEEE802.11f
DIMACS Nov 3 - 4, 2004
21
Conclusion
• When IEEE 802.11k is ratified, will improve
roaming decisions with a site report sent to
client STA
• Until now no efficient agreed solution to the
inter-LAN and inter-WAN roaming
• When the work of IEEE 802.11r group is
finished, the wireless network will be more
convenient to mobile users with multimedia
applications
• The IEEE 802.11i is new and will need time to
reach maturity. It solves many problems of
security. Many others are not under its
responsibility (DoS, RF jamming,…)
DIMACS Nov 3 - 4, 2004
22
Related documents
Professional Development Opportunities
Professional Development Opportunities
y = 3x + 2 Y depends on X Functions A11­4PatternsAndFunctions.notebook
y = 3x + 2 Y depends on X Functions A11­4PatternsAndFunctions.notebook
Download
advertisement