KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of CS September 11, 2007

2 / Chapter 14. Multicast Security and Copyright Protection I Contents Introduction Security in 3G Overview of Wi-Fi Protected Access (WPA) 3G/WLAN Interworking Conclusion

3 / Chapter 14. Multicast Security and Copyright Protection I Introduction Why wireless internetworking? Various wireless technologies From WPANs to 3G cellular networks No single technology considered best Different coverage and bandwidth limitations For ubiquitous and high-performance wireless services Security and performance in wireless internetworking Composition of secure architectures May produce an insecure result High bandwidth with mobility Demands efficient authentication during handover

4 / Chapter 14. Multicast Security and Copyright Protection I Security in 3G (1/3) AKA Protocol in UMTS MS Home Network Serving Network Registration Request Auth Request AV = (RAND, XRES, CK, IK, AUTN) Challenge = (RAND, AUTN) Verify AUTN Compute RES Retrieve user-specific K from its subscriber DB Generate RAND Generate AV Response = RES Verify RES Channel Established

5 / Chapter 14. Multicast Security and Copyright Protection I Security in 3G (2/3) Access security in CDMA2000 Adopted the AKA protocol with an optional extension New cryptographic functions f11 generates a UAK (UIM Authentication Key) to include in the AV UMAC is the message authentication function on UAK UAK protects a rogue shell attack

6 / Chapter 14. Multicast Security and Copyright Protection I Security in 3G (3/3) Security issues in AKA Separation of the AV generation and authentication Facilitates faster roaming But requires a trust relationship roaming partners Not a full mutual authentication Network authenticates the user by challenge-response User only authenticates the network by verifying a MAC

7 / Chapter 14. Multicast Security and Copyright Protection I Overview of (1/2) Authentication Open system authentication Shared key authentication Uses challenge-response with a shared key InitiatorResponder Challenge Tex t = WEP PRNG(K, IV) Auth Request Challenge Text Verify CRC ICV and Challenge Text e K (Challenge Text||new IV)

8 / Chapter 14. Multicast Security and Copyright Protection I Overview of (2/2) Access Control Closed network access control Clients with knowledge of the network name or SSID can join Access control lists Each AP limits client to those using a listed MAC address Security problems

9 / Chapter 14. Multicast Security and Copyright Protection I Wi-Fi Protected Access (1/3) Wi-Fi Protected Access (WPA) New security architecture for by Wi-Fi Alliance WPA I Interim solution Required only firmware and driver updates WPA 2 Complete redesign New algorithms and, unfortunately, new hardware as well

10 / Chapter 14. Multicast Security and Copyright Protection I Wi-Fi Protected Access (2/3) Authentication and access control Restricts network connectivity to authorized users via 802.1X IEEE 802.1X standard Provides a framework where various authentication methods can be used Employs the EAP (Extensible Authentication Protocol) Any auth mechanism can be encapsulated in the EAP req/res msgs EAP can route message to a centralized server

11 / Chapter 14. Multicast Security and Copyright Protection I Wi-Fi Protected Access (3/3) Known security problems Venerable to DoS attacks Management frame are not protected nor authenticated Possible hijack of sessions without encryption Trust relationships with the WPA Trust in the AP

12 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (1/9) Roaming scenario IL-3G, NY-3G, NY-WLAN Case 1 NY-WLAN operates independently Bill already has an account with NY-WLAN Case 2 IL-3G has a roaming agreement with WLAN Case 3 IL-3G and NY-WLAN do not have a roaming agreement But NY-3G and NY-WLAN do

13 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (2/9) Independent internetwork authentication Makes no effort at integration In Case 1 Bill already has a security association with NY-WLAN Solution to authenticate by the new network protocol Discussion Does not require a trust relationship between networks Roaming agreement, secure channel Accounting billing of each network should be independent

14 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (3/9) Centralized internetwork authentication In Case 2 Bill can use NY-WLAN’s service without registration NY-WLAN authenticates Bill’s account from IL-3G Centralized authentication methods Foreign network ensures that the client is legitimate user of the home network

15 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (4/9) Centralized internetwork authentication (Cont.) Proactive key distribution 1. oAS detects MS’s visit 2. oAS requests H-AAA for context distribution 3. H-AAA calculates potential nASs 4. H-AAA predistributes context to nASs

16 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (5/9) Centralized internetwork authentication (Cont.) Discussion Foreign and home networks should have roaming agreement With N networks, overhead of roaming agreement is O(N 2 ) Introduction of dedicated third party, an AAA-broker Centralized authentication methods High authentication latency Proactive key distribution schemes Require accurate handoff prediction system

17 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (6/9) Context Transfer In Case 3 Suppose NY-3G and NY-WLAN trust each other enough to share Bill’s info NY-3G can provide Bill’s security context to NY-WLAN to allow to access Reactive context transfer Context is delivered from the old network to the new network after handoff 1. MS visits new network 2. nAS obtains the address of oAS 3. nAS requests context transfer to oAS 4. oAS transfers context of MS to nAS 5. After verifying the context, nAS allows MS to access 6. H-AAA may optionally verify MS’s authenticity after handoff

18 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (7/9) Context Transfer (Cont.) Proactive context transfer Context transfer occurs before MS visits the new network Soft handoff and prediction 1. oAS detects MS’s visit 2. oAS calculates potential nASs 3. oAS predistributes context to nASs

19 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (8/9) Context Transfer (Cont.) Ticket forwarding oAS can issue a ticket containing context to the client 1. Client provide n AS with the ticket upon visit 2. oAS detects MS’s visit 3. oAS calculates potential nASs 4. oAS issues tickets for each potential nAS, and sends to MS 5. MS provides nAS with corresponding ticket after handoff 6. nAS verifies the ticket and accepts MS

20 / Chapter 14. Multicast Security and Copyright Protection I 3G/WLAN Interworking (9/9) Context Transfer (Cont.) Discussion Allows a network verify authenticity of MS not from scratch Accounting and billing is an open issue Security based on the strong assumption nAS believes that the association between MS and oAS is secure

21 / Chapter 14. Multicast Security and Copyright Protection I Conclusion Access security in 3G AKA Protocol in UMTS and CDMA200 Overview of Wi-Fi Protected Access (WPA) 3G/WLAN Interworking Centralized internetwork authentication Context transfer