10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt

8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt

1/22

DIMACS Nov 3 - 4, 2004

WIRELESS SECURITY AND

ROAMING OVERVIEW

DIMACS

November 3-4, 2004

Workshop: Mobile and Wireless Security

Nidal Aboudagga*, Jean-Jacques Quisquater

UCL Crypto GroupBelgium


2/22

DIMACS Nov 3 - 4, 2004 2

Outline

Introduction

WEP

IEEE 802.1X

WPA IEEE 802.11i

Roaming

Conclusion


3/22

DIMACS Nov 3 - 4, 2004 3

Why Wireless?

Mobility

Flexibility

Rapid deployment

Easy administration

Low cost

Simplicity of use

used in two modes:

Ad-Hoc Infrastructure mode


4/22

DIMACS Nov 3 - 4, 2004 4

Wired Equivalent Privacy (WEP) (1)

Tried to ensure

Confidentiality

Integrity

Authenticity

Replaces the so-known MAC-address filtering Uses the RC4 encryption algorithm to

generate a key stream

Uses a shared key K (40bit/104bit)


5/22

DIMACS Nov 3 - 4, 2004 5

Wired Equivalent Privacy (WEP) (2)


6/22

DIMACS Nov 3 - 4, 2004 6

Wired Equivalent Privacy WEP (3)

Uses standard challenge response

An initialization vector, IV/(24bit): per packet

number, sent in clear

WEP failed, because of many known attacks

IV Collision Message injection

Authentication spoofing

Brute Force Attack

Weaknesses in the Key Scheduling Algorithm of

RC4)


7/22DIMACS Nov 3 - 4, 2004 7

Network port authentication 802.1x (1)

Adapted to wireless use by IEEE 802.11

group

Based on Extensible Authentication Protocol

(EAP)

Three elements are in use with 802.1x Supplicant (user)

Authenticator (access point)

Authentication server (usually RADIUS) Uses key distribution messages


8/22DIMACS Nov 3 - 4, 2004 8

IEEE802.1x Access Control


9/22DIMACS Nov 3 - 4, 2004 9

IEEE 802.1x EAP authentication


10/22DIMACS Nov 3 - 4, 2004 10

802.1X / EAP: Authentication methods

EAP-MD5: Vulnerable to a lot of attacks and

did not support dynamic WEP keys EAP-TLS: Uses certificates for servers and

users. The users identity is revealed

EAP-TTLS: Uses servers certificate. Protectsusers identity

PEAP: Similar to EAP-TTLS, used by Ciscoand Microsoft in their products

LEAP: A Cisco proprietaryvulnerable todictionary attacks,

EAP-SIM, EAP-SPEKE,


11/22DIMACS Nov 3 - 4, 2004 11

Wifi-Alliance Protected Access (1)

Built around IEEE 802.11i (draft 3) and

compatible with existing material

Address WEP vulnerability

Supports mixed environment

Uses Temporal Key Integrity Protocol (TKIP),128 bit RC4 key

The use of AES is optional


12/22DIMACS Nov 3 - 4, 2004 12


A suite of 4 algorithms composes TKIP

A Message Integrity Code (MIC), calledMichael to defeat forgeries

A new Initial Vector sequencing discipline,to prevent replay attacks

A key mixing function, to have a per-packetkey

A re-keying mechanism, to provide freshkeys to the key mixing function


13/22DIMACS Nov 3 - 4, 2004 13

TKIP encapsulation


14/22DIMACS Nov 3 - 4, 2004 14


Solves the problems of integrity,

authentication, forgery and replay attack in

network with RADIUS server

In small network, WPA uses shared secret

pass-phrase. This mode is vulnerable to thedictionary attack and impersonation

Preserves the RC4 algorithm with its known

weakness to ensure compatibility


15/22DIMACS Nov 3 - 4, 2004 15

802.11i / Robust Security Network (RSN)

Uses AES by default to replace RC4

Used in CCM mode: CTR + CBC-MAC

CCMP fixes 2 values of CCM parameters

M=8, indicating that the MIC is 8 octets

L=2, indicating the lenght field is 2 octets Support Quality of Service

Support of preauthentication to enhance the

roaming in wireless network


16/22DIMACS Nov 3 - 4, 2004 16

CCMP Encapsulation


17/22DIMACS Nov 3 - 4, 2004 17

Roaming

Roaming with full authentication IEEE

802.1x/EAP or PSK (very big latency time) Roaming to AP with whish cached a shared

PMK from previous SA skip authentication steps

use 4-way handshake key management protocol tonegociate session key (PTK) and send (GTK)

useless when user roams to new AP

Preauthentication: the STA authenticate

without association to another AP beforeleaving the old one


18/22DIMACS Nov 3 - 4, 2004 18

Full authentication


19/22DIMACS Nov 3 - 4, 2004 19

Preauthentication


20/22DIMACS Nov 3 - 4, 2004 20

Problems of preauthentication

Preauthentication enhances the performance

of roaming but the handoff latency limits theperformance for multimedia applications

Preauthentification can only be used in thesame ESS (extended set of service)

Preauthentication is an expensivecomputational load which may be useless


21/22DIMACS Nov 3 - 4, 2004 21

Fast roaming

IEEE 802.11r WG to enhance fast roaming

performance It reduces the hand-off latency of the 4-way

handshake protocol (creating alternativeoptional 3-way handshake)

Adopt roaming key hierarchy to minimize computational load

time dependency of KMP and

precomputation of roaming key R-PTK

Other works attempt to reduce probing latencyIEEE802.11f


22/22

DIMACS N 3 4 2004 22

Conclusion

When IEEE 802.11k is ratified, will improveroaming decisions with a site report sent toclient STA

Until now no efficient agreed solution to theinter-LAN and inter-WAN roaming

When the work of IEEE 802.11r group isfinished, the wireless network will be moreconvenient to mobile users with multimediaapplications

The IEEE 802.11i is new and will need time toreach maturity. It solves many problems ofsecurity. Many others are not under itsresponsibility (DoS, RF jamming,)

Documents

10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt