MAC Address Hijacking Problem

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Doc.: IEEE /252 Submission May 2001 Bernard Aboba, MicrosoftSlide 1 Issues with the 802.1X State Machine IEEE 802.1X Revision PAR Bernard Aboba.
Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
IEEE Wireless LAN Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
WIRELESS LAN SECURITY Using
Wireless and Security CSCI 5857: Encoding and Encryption.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
Cellular Access Control and Charging for Mobile Operator Wireless Local Area Networks H. Haverinen, J. Mikkonen and T. Takamaki, Nokia Wei-Jen, Lin Advanced.
EAP Key Framework Draft-ietf-eap-keying-01.txt IETF 58 Minneapolis, MN Bernard Aboba Microsoft.
Doc.: IEEE /562r1 Submission November 2001 Tim Moore, Bernard Aboba/Microsoft Authenticated Fast Handoff IEEE Tgi Tim Moore Bernard Aboba.
Lecture 24 Wireless Network Security
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Wireless security Wi–Fi (802.11) Security
Doc.: IEEE /109r1 Submission July 2002 J. Edney, H. Haverinen, J-P Honkanen, P. Orava, Nokia Slide 1 Temporary MAC Addresses for Anonymity Jon.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /xxxxr0 July 2011 Padam Kafle, Nokia Submission Simplification of Enablement Procedure for TVWS Authors: Date: July 18, 2011 NameCompanyAddressPhone .
Wi-Fi Technology PRESENTED BY:- PRIYA AGRAWAL.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Fall 2006CS 395: Computer Security1 Key Management.
Services Distribution Services (for APs) – Association – mobile stations connect themselves to base stations – Reassociation – a station may change.
Doc.: IEEE /322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,
IEEE Wireless LAN Standard
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
November 18, 2002 IETF #55, ATLANTA1 Problem with Compound Authentication Methods Jesse Walker Intel Corporation (
Pre-authentication Problem Statement (draft-ohba-hokeyp-preauth-ps-00
Open issues with PANA Protocol
Authentication and Upper-Layer Messaging
Katrin Hoeper Channel Bindings Katrin Hoeper
Radius, LDAP, Radius used in Authenticating Users
doc.: IEEE /xxx Jon Edney, Nokia
Virtual LANs.
802.1X and key interactions Tim Moore November 2001
Security of a Local Area Network
Issues of MAC Management Security
Wireless LAN Security 4.3 Wireless LAN Security.
Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008
IEEE MEDIA INDEPENDENT HANDOVER DCN:
PEKM (Post-EAP Key Management Protocol)
Limiting Degrees of Freedom for Measurement Requests
Partial Proposal to TGw - AMID
WLAN Security Antti Miettinen.
Security for Measurement Requests and Information
Security for Measurement Requests and Information
Security for Measurement Requests and Information
Changes to SAE State Machine
Antti Miettinen (modified by JJ)
Link Setup Flow July 2011 Date: Authors: Name Company
Infrastructure Service Discovery
Session MAC Address Solves Deadlocks
Link Setup Flow July 2011 Date: Authors: Name Company
On ESS Mesh Device Discovery
Presentation transcript:

MAC Address Hijacking Problem doc.: IEEE 802.11-02/141r0 February 2002 MAC Address Hijacking Problem Jon Edney, Henry Haverinen, J-P Honkanen, Pekko Orava J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

February 2002 Introduction This presentation describes a security problem related to MAC address “ownership” and MAC address hijacking attacks Solution alternatives are also discussed J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

MAC Address Hijacking Attack February 2002 MAC Address Hijacking Attack Good guy is connected to the WLAN after authentication and initiates a file transfer from a server Bad guy wants to intercept the transfer and associates to another (local) AP using good guy’s MAC address Bad guy does full authentication using his own (valid) credentials. He will be accepted by the second AP and then the MAC frames that were destined to the good guy will be sent to the bad guy instead Good guy’s transfer will be successfully intercepted In this scenario the second AP treats the new association as if the old station did a slow roam This situation could occur in a public hot spot for example J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

Problem MAC address is not included in the authentication process February 2002 Problem MAC address is not included in the authentication process No authorization to use a given MAC address is required How could a station prove it owns its MAC address in the first place? J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

MAC Address Checks at AAA Server? February 2002 MAC Address Checks at AAA Server? Any MAC address privacy solution will prevent transmitting the station’s fixed MAC address to AAA server in the Calling-Station-Id attribute AP cannot learn the fixed MAC address securely before authentication and key distribution have been completed We cannot require users to register their MAC addresses with the server Impractical, unfriendly to the user Won’t work if the AAA server is a proxy server to another type of authorization infra (e.g. GSM roaming or certificate roaming) Independent backend AAA servers are used on shared public networks A server cannot know if a given MAC address has been bound to some credentials in another server => It is infeasible to perform MAC address checks in the AAA server J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

Local EAP identity/MAC Address Binding Checks? February 2002 Local EAP identity/MAC Address Binding Checks? EAP Identity – MAC address mapping is a “many to many” relationship In PEAP or TTLS, the actual identity is not shown to AAA client. A shared anonymous identity may be used (such as “anonymous@isp.com”) EAP/SRP and EAP/SIM use pseudonym identities that change on each authentication exchange => The local WLAN network cannot guarantee MAC address “ownership” by binding it to an EAP identity J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

February 2002 Proposed Solution MAC address is owned in the local ESS (subnet) by whoever uses it first If MAC address is not in use in the ESS, then anyone can start using it If MAC address is in use, then all associations, reassociations and disassociations need to be protected with MSK If station can prove it knows the MSK, then the station is authorized to use the MAC address Knowledge of MSK is required even with full authentication EAP identity is not checked – station can use any EAP identity J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

How to Check if an Address is in Use? February 2002 How to Check if an Address is in Use? When a station tries to associate with a ”new” MAC address, the AP needs to verify that the MAC address is not in use A possible approach: AP unicasts a query to the proposed MAC address or broadcasts a query to all APs in the subnet If the address is in use, then the “old” AP (in which the address is associated) must respond with a reject message J. Edney, H. Haverinen, J-P Honkanen, P. Orava ,Nokia

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.