P Security Survey and Recommendations By: Ryon Coleman October 16, 2003
2 Agenda – Analyze Security Techniques Of Candidate Stacks & Present Conclusions / i Key Management Encryption Authentication Bluetooth Profile Approach Layered Framework ZigBee / Government Considerations Areas for Convergence Backup Slides
Security i Specification for Enhanced Security IEEE 802.1X-based authentication mechanisms are used, with AES in CCMP mode, to establish an Robust Security Network (RSN). IEEE 802.1X-2001 defines a framework based on the Extensible Authentication Protocol (EAP) over LANs, also known as EAPoL. EAPoL is used to exchange EAP messages. EAP messages perform authentication and are used for key derivation between a STA and an EAP entity known as the Authentication Server (AS) i defines a 4-way handshake using EAPoL for key management / key derivation.
i Authentication & Key Management Overview
EAP Encapsulation EAPoL frames are normal IEEE data frames, thus they follow the format of IEEE MSDUs and MPDUs.
6 EAPoL for Key Exchange Packet Type = 0x03 in the 802.1X header indicates EAPoL-Key message. Used by the Authenticator and Supplicant to derive or exchange cryptographic keying information. After the association first forms, only IEEE 802.1X protocol messages (i.e., EAP and its associated authentication method) flow across the link until authentication completes The Supplicant’s IEEE 802.1X Port Access Entity (PAE) filters all non-EAP traffic during this period. Until authentication completes with the distribution of a Pairwise Master Key (PMK), the PAE ensures that only EAP packets are sent or received between this STA and the wireless medium.
RSN Information Element
8 Successful 802.1X Authentication Exchange
9 4-Way Handshake to Derive Encryption & Authentication Keys
10 4-Way Handshake to Derive Encryption & Authentication Keys
11 Pairwise Key Hierarchy Derivation Process – For Unicast
12 Group Key Hierarchy Derivation Process – For Multicast
13 AES Counter + CBC-MAC (CCMP) Provides Encryption & Authentication The CCMP protocol is based on AES using the CCM mode of operation. The CCM mode combines Counter (CTR) mode privacy and Cipher Block Chaining Message Authentication Code (CBC-MAC) authentication. These modes have been used and studied for a long time, have well-understood cryptographic properties, and no known patent encumbrances. They provide good security and performance in both hardware or software.
CCMP Encapsulation
CCMP Decapsulation
16 Bluetooth Security: LAN Access Profile - A Cross-Layered Approach From “Bluetooth Security Whitepaper” Bluetooth SIG Security Expert Group
17 Bluetooth Security Overview Bluetooth takes a cross-layered approach to implementing security: SAFER+ algorithm used at the Baseband for encryption & authentication. Link Manager specification covers link level procedures for configuring security. HCI specification details how a host controls security & how security-related events are reported by a Bluetooth module to its host. Bluetooth SIG whitepaper exists for implementing security and provides examples of how services might use security. Drawback: SAFER+ (Secure And Fast Encryption Routine) was beaten out by Rijndael for selection for AES in the U.S. Existing Bluetooth security does not satisfy U.S. DoD requirements.
18 ZigBee / Security Like i, ZigBee relies on AES CCM as a mainstay for encryption + authentication. CCM mode consists of CTR mode encryption combined with CBC-MAC authentication to produce an authenticate-and-encrypt block cipher using NIST-approved AES. AES CCM is intended to provide encryption, sender authentication, and message integrity.
19 ZigBee Key Management Currently ZigBee is establishing its key management / key distribution techniques. Elliptic Curve based techniques are supposedly in the works Need additional input on ZigBee security from a member representative…
20 Government Considerations Currently, there exist four FIPS-approved symmetric key algorithms for encryption: Advanced Encryption Standard (AES) Data Encryption Standard (DES) Triple-DES Skipjack AES is the FIPS-Approved symmetric encryption algorithm of choice. FIPS 197, Advanced Encryption Standard (AES), specifies the AES algorithm ( FIPS 197http://csrc.nist.gov/cryptval/ i is compliant with NIST FIPS 197 and FIPS validation requirements.
21 Areas for Convergence AES CCM should be called out by at the MAC sublayer for authentication and encryption. Key Management is a crucial area for wireless security i is good but may be too “heavy” for smart sensors. Access to ZigBee techniques would be useful in this area Bluetooth implements a layered approach, but is not in compliance with NIST or DoD requirements. A strong, layered approach for security would be AES CCM at the MAC plus i constructs including 802.1X EAPoL for mutual key derivation / key exchange. Any additional information from Axonn or ZigBee? Form Subgroup?
Backup Slides
23 Bluetooth Versus OSI Model