Upload
chitichitichiti
View
226
Download
0
Embed Size (px)
Citation preview
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
1/22
DIMACS Nov 3 - 4, 2004
WIRELESS SECURITY AND
ROAMING OVERVIEW
DIMACS
November 3-4, 2004
Workshop: Mobile and Wireless Security
Nidal Aboudagga*, Jean-Jacques Quisquater
UCL Crypto GroupBelgium
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
2/22
DIMACS Nov 3 - 4, 2004 2
Outline
Introduction
WEP
IEEE 802.1X
WPA IEEE 802.11i
Roaming
Conclusion
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
3/22
DIMACS Nov 3 - 4, 2004 3
Why Wireless?
Mobility
Flexibility
Rapid deployment
Easy administration
Low cost
Simplicity of use
used in two modes:
Ad-Hoc Infrastructure mode
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
4/22
DIMACS Nov 3 - 4, 2004 4
Wired Equivalent Privacy (WEP) (1)
Tried to ensure
Confidentiality
Integrity
Authenticity
Replaces the so-known MAC-address filtering Uses the RC4 encryption algorithm to
generate a key stream
Uses a shared key K (40bit/104bit)
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
5/22
DIMACS Nov 3 - 4, 2004 5
Wired Equivalent Privacy (WEP) (2)
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
6/22
DIMACS Nov 3 - 4, 2004 6
Wired Equivalent Privacy WEP (3)
Uses standard challenge response
An initialization vector, IV/(24bit): per packet
number, sent in clear
WEP failed, because of many known attacks
IV Collision Message injection
Authentication spoofing
Brute Force Attack
Weaknesses in the Key Scheduling Algorithm of
RC4)
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
7/22DIMACS Nov 3 - 4, 2004 7
Network port authentication 802.1x (1)
Adapted to wireless use by IEEE 802.11
group
Based on Extensible Authentication Protocol
(EAP)
Three elements are in use with 802.1x Supplicant (user)
Authenticator (access point)
Authentication server (usually RADIUS) Uses key distribution messages
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
8/22DIMACS Nov 3 - 4, 2004 8
IEEE802.1x Access Control
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
9/22DIMACS Nov 3 - 4, 2004 9
IEEE 802.1x EAP authentication
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
10/22DIMACS Nov 3 - 4, 2004 10
802.1X / EAP: Authentication methods
EAP-MD5: Vulnerable to a lot of attacks and
did not support dynamic WEP keys EAP-TLS: Uses certificates for servers and
users. The users identity is revealed
EAP-TTLS: Uses servers certificate. Protectsusers identity
PEAP: Similar to EAP-TTLS, used by Ciscoand Microsoft in their products
LEAP: A Cisco proprietaryvulnerable todictionary attacks,
EAP-SIM, EAP-SPEKE,
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
11/22DIMACS Nov 3 - 4, 2004 11
Wifi-Alliance Protected Access (1)
Built around IEEE 802.11i (draft 3) and
compatible with existing material
Address WEP vulnerability
Supports mixed environment
Uses Temporal Key Integrity Protocol (TKIP),128 bit RC4 key
The use of AES is optional
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
12/22DIMACS Nov 3 - 4, 2004 12
Wifi-Alliance Protected Access (2)
A suite of 4 algorithms composes TKIP
A Message Integrity Code (MIC), calledMichael to defeat forgeries
A new Initial Vector sequencing discipline,to prevent replay attacks
A key mixing function, to have a per-packetkey
A re-keying mechanism, to provide freshkeys to the key mixing function
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
13/22DIMACS Nov 3 - 4, 2004 13
TKIP encapsulation
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
14/22DIMACS Nov 3 - 4, 2004 14
Wifi-Alliance Protected Access (3)
Solves the problems of integrity,
authentication, forgery and replay attack in
network with RADIUS server
In small network, WPA uses shared secret
pass-phrase. This mode is vulnerable to thedictionary attack and impersonation
Preserves the RC4 algorithm with its known
weakness to ensure compatibility
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
15/22DIMACS Nov 3 - 4, 2004 15
802.11i / Robust Security Network (RSN)
Uses AES by default to replace RC4
Used in CCM mode: CTR + CBC-MAC
CCMP fixes 2 values of CCM parameters
M=8, indicating that the MIC is 8 octets
L=2, indicating the lenght field is 2 octets Support Quality of Service
Support of preauthentication to enhance the
roaming in wireless network
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
16/22DIMACS Nov 3 - 4, 2004 16
CCMP Encapsulation
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
17/22DIMACS Nov 3 - 4, 2004 17
Roaming
Roaming with full authentication IEEE
802.1x/EAP or PSK (very big latency time) Roaming to AP with whish cached a shared
PMK from previous SA skip authentication steps
use 4-way handshake key management protocol tonegociate session key (PTK) and send (GTK)
useless when user roams to new AP
Preauthentication: the STA authenticate
without association to another AP beforeleaving the old one
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
18/22DIMACS Nov 3 - 4, 2004 18
Full authentication
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
19/22DIMACS Nov 3 - 4, 2004 19
Preauthentication
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
20/22DIMACS Nov 3 - 4, 2004 20
Problems of preauthentication
Preauthentication enhances the performance
of roaming but the handoff latency limits theperformance for multimedia applications
Preauthentification can only be used in thesame ESS (extended set of service)
Preauthentication is an expensivecomputational load which may be useless
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
21/22DIMACS Nov 3 - 4, 2004 21
Fast roaming
IEEE 802.11r WG to enhance fast roaming
performance It reduces the hand-off latency of the 4-way
handshake protocol (creating alternativeoptional 3-way handshake)
Adopt roaming key hierarchy to minimize computational load
time dependency of KMP and
precomputation of roaming key R-PTK
Other works attempt to reduce probing latencyIEEE802.11f
8/12/2019 10_WIRELESS SECURITY AND ROAMING OVERVIEW_2004.ppt
22/22
DIMACS N 3 4 2004 22
Conclusion
When IEEE 802.11k is ratified, will improveroaming decisions with a site report sent toclient STA
Until now no efficient agreed solution to theinter-LAN and inter-WAN roaming
When the work of IEEE 802.11r group isfinished, the wireless network will be moreconvenient to mobile users with multimediaapplications
The IEEE 802.11i is new and will need time toreach maturity. It solves many problems ofsecurity. Many others are not under itsresponsibility (DoS, RF jamming,)