P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

802.1 AE/AF Platform considerations
Encrypting Wireless Data with VPN Techniques
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Chapter 07 Designing and Implementing Security for WLAN
CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Solutions for WEP Bracha Hod June 1, i Task Group  Addresses WEP issues –No forgery protection –No protection against replays –Attack through.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
CSCE 715: Network Systems Security
WEP Protocol Weaknesses and Vulnerabilities
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
By Ramin Hedayatzadeh. “IEEE i or WPA2” Introduction Integrity of WEP to WPA (necessity) WPA and its second generation WPA2 concepts Definition.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Network Layer Security Network Systems Security Mort Anvari.
Doc.: IEEE /0964r0 Submission September 2010 David Halasz, AclaraSlide 1 Smart Grid and Key Lengths Date: Authors:
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Port Based Network Access Control
History and Implementation of the IEEE 802 Security Architecture
1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann
Robust Security Network (RSN) Service of IEEE
Message Authentication Code
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Authentication and handoff protocols for wireless mesh networks
Wireless Protocols WEP, WPA & WPA2.
Some LB 62 Motions January 13, 2003 January 2004
Considerations on WDS Addressing Tricci So 7 May 2004 Prepared by
Chapter 8 Network Security.
IEEE i Dohwan Kim.
Wireless Network Security
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Security of Wireless Sensor Networks
Counter With Cipher Block Chaining-MAC
Presentation transcript:

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003

2 Agenda – Analyze Security Techniques Of Candidate Stacks & Present Conclusions / i Key Management Encryption Authentication Bluetooth Profile Approach Layered Framework ZigBee / Government Considerations Areas for Convergence Backup Slides

Security i Specification for Enhanced Security IEEE 802.1X-based authentication mechanisms are used, with AES in CCMP mode, to establish an Robust Security Network (RSN). IEEE 802.1X-2001 defines a framework based on the Extensible Authentication Protocol (EAP) over LANs, also known as EAPoL. EAPoL is used to exchange EAP messages. EAP messages perform authentication and are used for key derivation between a STA and an EAP entity known as the Authentication Server (AS) i defines a 4-way handshake using EAPoL for key management / key derivation.

i Authentication & Key Management Overview

EAP Encapsulation EAPoL frames are normal IEEE data frames, thus they follow the format of IEEE MSDUs and MPDUs.

6 EAPoL for Key Exchange Packet Type = 0x03 in the 802.1X header indicates EAPoL-Key message. Used by the Authenticator and Supplicant to derive or exchange cryptographic keying information. After the association first forms, only IEEE 802.1X protocol messages (i.e., EAP and its associated authentication method) flow across the link until authentication completes The Supplicant’s IEEE 802.1X Port Access Entity (PAE) filters all non-EAP traffic during this period. Until authentication completes with the distribution of a Pairwise Master Key (PMK), the PAE ensures that only EAP packets are sent or received between this STA and the wireless medium.

RSN Information Element

8 Successful 802.1X Authentication Exchange

9 4-Way Handshake to Derive Encryption & Authentication Keys

10 4-Way Handshake to Derive Encryption & Authentication Keys

11 Pairwise Key Hierarchy Derivation Process – For Unicast

12 Group Key Hierarchy Derivation Process – For Multicast

13 AES Counter + CBC-MAC (CCMP) Provides Encryption & Authentication The CCMP protocol is based on AES using the CCM mode of operation. The CCM mode combines Counter (CTR) mode privacy and Cipher Block Chaining Message Authentication Code (CBC-MAC) authentication. These modes have been used and studied for a long time, have well-understood cryptographic properties, and no known patent encumbrances. They provide good security and performance in both hardware or software.

CCMP Encapsulation

CCMP Decapsulation

16 Bluetooth Security: LAN Access Profile - A Cross-Layered Approach From “Bluetooth Security Whitepaper” Bluetooth SIG Security Expert Group

17 Bluetooth Security Overview Bluetooth takes a cross-layered approach to implementing security: SAFER+ algorithm used at the Baseband for encryption & authentication. Link Manager specification covers link level procedures for configuring security. HCI specification details how a host controls security & how security-related events are reported by a Bluetooth module to its host. Bluetooth SIG whitepaper exists for implementing security and provides examples of how services might use security. Drawback: SAFER+ (Secure And Fast Encryption Routine) was beaten out by Rijndael for selection for AES in the U.S. Existing Bluetooth security does not satisfy U.S. DoD requirements.

18 ZigBee / Security Like i, ZigBee relies on AES CCM as a mainstay for encryption + authentication. CCM mode consists of CTR mode encryption combined with CBC-MAC authentication to produce an authenticate-and-encrypt block cipher using NIST-approved AES. AES CCM is intended to provide encryption, sender authentication, and message integrity.

19 ZigBee Key Management Currently ZigBee is establishing its key management / key distribution techniques. Elliptic Curve based techniques are supposedly in the works Need additional input on ZigBee security from a member representative…

20 Government Considerations Currently, there exist four FIPS-approved symmetric key algorithms for encryption: Advanced Encryption Standard (AES) Data Encryption Standard (DES) Triple-DES Skipjack AES is the FIPS-Approved symmetric encryption algorithm of choice. FIPS 197, Advanced Encryption Standard (AES), specifies the AES algorithm ( FIPS 197http://csrc.nist.gov/cryptval/ i is compliant with NIST FIPS 197 and FIPS validation requirements.

21 Areas for Convergence AES CCM should be called out by at the MAC sublayer for authentication and encryption. Key Management is a crucial area for wireless security i is good but may be too “heavy” for smart sensors. Access to ZigBee techniques would be useful in this area Bluetooth implements a layered approach, but is not in compliance with NIST or DoD requirements. A strong, layered approach for security would be AES CCM at the MAC plus i constructs including 802.1X EAPoL for mutual key derivation / key exchange. Any additional information from Axonn or ZigBee? Form Subgroup?

Backup Slides

23 Bluetooth Versus OSI Model