Stefan Rommer, Mats Näslund, András Méhes (Ericsson)

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
Wireless security Wi–Fi (802.11) Security
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:
Doc.: IEEE /552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia
History and Implementation of the IEEE 802 Security Architecture
1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Module 48 (Wireless Hacking)
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
OSA vs WEP WPA and WPA II Tools for hacking
Wireless Protocols WEP, WPA & WPA2.
Month Year doc.: IEEE yy/xxxxr0 May 2012
WEP & WPA Mandy Kershishnik.
IT443 – Network Security Administration Instructor: Bo Sheng
Proposed SFD Text for ai Link Setup Procedure
A Wireless LAN Security Protocol
Discussions on FILS Authentication
doc.: IEEE /xxxr0 Mike Moreton
Broadcast Service on WLAN
CSE 4905 Network Security Overview
Wireless LAN Security 4.3 Wireless LAN Security.
Motions to Address Some Letter Ballot 52 Comments
Extra MIC for use in Public Access WLAN
Wireless Network Security
Use of EAPOL-Key messages during pre-auth
Security issues in public access WLAN architectures
Reason Why L2 Per Frame Authentication Is Required
An Example Protocol for FastAKM
3GPP2-WLAN Interworking update
Security Of Wireless Sensor Networks
An Inductive Chosen Plaintext Attack against WEP/WEP2
Jesse Walker and Emily Qi Intel Corporation
AES Associated Data Optimization
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Reducing Overhead in Active Scanning with Simulation Results
Tim Moore, Microsoft Corporation Clint Chaplin, Symbol Technologies
doc.: IEEE /454r0 Bob Beach Symbol Technologies
An Example Protocol for FastAKM
Reducing Overhead in Active Scanning with Simulation Results
Month Year doc.: IEEE yy/xxxxr0 May 2012
Broadcast Service on WLAN
3GPP2-WLAN Interworking update
WPA Coordination Changes
IT4833/6833 WiFi Security Building Blocks (I).
CSE 5/7349 – February 15th 2006 IPSec.
Presentation transcript:

Stefan Rommer, Mats Näslund, András Méhes (Ericsson) Month 2002 doc.: IEEE 802.11-02/xxxr0 July 2002 MIC’ for Public Access Stefan Rommer, Mats Näslund, András Méhes (Ericsson) S. Rommer, M. Näslund, A. Méhes (Ericsson) John Doe, His Company

Introduction Similar to 02/346 (was presented in Sydney). July 2002 Introduction Similar to 02/346 (was presented in Sydney). This presentation clarifies some aspects. Also: More people here this time Try to get to some conclusion S. Rommer, M. Näslund, A. Méhes (Ericsson)

General At public access sites: => Special security requirements July 2002 General At public access sites: APs placed in public spaces Anyone has access to premises People not trusted Charging for services => Special security requirements S. Rommer, M. Näslund, A. Méhes (Ericsson)

A hot-spot architecture July 2002 A hot-spot architecture Layer-2 LAN AP WLAN Support Node (WSN) STA Internet AP Untrusted Trusted (placed in locked room) S. Rommer, M. Näslund, A. Méhes (Ericsson)

Trust model In public wireless environments: July 2002 Trust model In public wireless environments: The wireless link is not trusted The AP is not trusted Someone can tamper with the AP. Tamper-proof APs not realistic. The AP-WSN link is not trusted Someone can insert a rogue AP or host. The WSN is trusted Placed in a locked room or off-site. S. Rommer, M. Näslund, A. Méhes (Ericsson)

July 2002 Security threats If someone can access the wired link between AP and the WLAN Support Node (WSN): An attacker may inject packets and interfere with billing (if billing is done in the in the WSN) An attacker may hijack a session An attacker may get free access If someone can tamper with the AP An attacker could reconfigure the AP Anything is possible S. Rommer, M. Näslund, A. Méhes (Ericsson)

July 2002 Proposed solution Integrity Protected STA AP WSN Integrity-protect all traffic between station and WSN. Add a MIC to each packet between STA and WSN. Will be transparent to the AP. Can be an add-on to the ”regular” 802.11i security. Re-use the existing key-management and possibly HW-functions in the STA. Key for extra MIC only known to STA and WSN S. Rommer, M. Näslund, A. Méhes (Ericsson)

Message flow 802.11i MIC’ ”Basic” 802.11i STA AP WSN Payload’ July 2002 Message flow 802.11i MIC’ ”Basic” 802.11i STA AP WSN Payload’ RC Payload MIC’ TAG Payload MIC’ Payload AES Encrypted IV Payload MIC’ Michael ICV TKIP Encrypted S. Rommer, M. Näslund, A. Méhes (Ericsson)

July 2002 Key details AP WSN PMK, PMK2 PMK2 PMK WSN acts as a RADIUS Proxy and can extract the Pairwise Master Key (PMK). A key for the new MIC can then be derived both at the Station and at the WSN. The WSN will then send a different key (PMK2) to the AP. PMK2 = h(PMK), where h = suitable one-way function. S. Rommer, M. Näslund, A. Méhes (Ericsson)

Simplified MSC AS STA AP WSN PMK2 PMK2 = h(PMK) h = one-way function July 2002 Simplified MSC AS STA AP WSN 802.11 association EAP-Request / Identity EAP-Response / Identity EAP message exchange Derive PMK Derive PMK RADIUS-Access Accept (PMK) Derive new PMK2 Derive new PMK2 RADIUS-Access Accept (PMK2) EAP-Success PMK2 PMK2 = h(PMK) h = one-way function PMK S. Rommer, M. Näslund, A. Méhes (Ericsson)

Why specify it in 802.11i? Light-weight (compared e.g. to IPSec) July 2002 Why specify it in 802.11i? Light-weight (compared e.g. to IPSec) Possible to reuse existing 802.11i functions, e.g. the key framework and crypto-HW. A single WLAN-solution will promote interoperability. S. Rommer, M. Näslund, A. Méhes (Ericsson)

Conclusion Possible solution for extra MIC: Straw poll: July 2002 Conclusion Possible solution for extra MIC: 802.11i-like key derivation MIC’ algorithm: e.g. MMH or AES-CBC-MAC The exact details to be worked out Straw poll: Is it of interest to TGi to have this kind of functionality in 802.11i? S. Rommer, M. Näslund, A. Méhes (Ericsson)

July 2002 Back-up slides S. Rommer, M. Näslund, A. Méhes (Ericsson)

Can we use the TKIP and WRAP MICs? July 2002 Can we use the TKIP and WRAP MICs? Split encryption and integrity protection between AP and WSN Encryption in AP Integrity protection in ASN Not a good solution Technical difficulties (see next slide) Good to keep an integrity check in the AP S. Rommer, M. Näslund, A. Méhes (Ericsson)

Can we use the TKIP and WRAP MICs? July 2002 Can we use the TKIP and WRAP MICs? TKIP MIC: The AP Transmitter Address is needed by the WSN TKIP Countermeasures AES-OCB tag: 802.11e Traffic Class input to integrity code Have to synchronize Replay Counters between AP and WSN AES-CBC-MAC MAC Header is included in integrity code Have to synchronize the Packet Number between AP and WSN CBC-MAC on MPDU level? => Fragmentation in WSN? Conclusion: WRAP MICs are closely tied to the 802.11 MAC layer. => Not a general solution, we need another MIC field. S. Rommer, M. Näslund, A. Méhes (Ericsson)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.