Doc.: IEEE 802.11-14/0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for 802.11 Date: 2014-07-15 Authors:

Slides:

Advertisements

Similar presentations

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:

Advertisements

Submission doc.: IEEE 11-14/0430r2 March 2014 Dan Harkins, Aruba NetworksSlide 1 Randomized MAC Addresses for Privacy Enhancement Date: Authors:

Doc.: IEEE /2913r0 Submission November 2007 Kapil Sood, Intel CorporationSlide 1 Protecting Associations Attacks – Some Considerations Date:

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN

Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.

Doc.: IEEE /1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide Privacy Date: Authors: November 2013.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Doc.: IEEE /0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: Authors:

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Doc.: IEEE /0585r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 IEEE ah and Security Date: Authors:

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Environment => Office, Campus, Home  Impact How, not Whether A Checklist for Wireless Access Points.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.

Doc.: IEEE /0893 r00 Submission July 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Service Discovery Proposal Date: Authors: Previous.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

Submission doc.: IEEE 11-12/0281r0 March 2012 Jarkko Kneckt, NokiaSlide 1 Recommendations for association Date: Authors:

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Submission doc.: IEEE 11-13/0523r2 May 2013 Katsuo Yunoki, KDDI R&D LaboratoriesSlide 1 Understanding Current Situation of Public Wi-Fi Usage - Possible.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

Submission doc.: IEEE /1128r1 September 2015 Dan Harkins, Aruba Networks (an HP company)Slide 1 Opportunistic Wireless Encryption Date:

Lecture 24 Wireless Network Security

Doc.: IEEE /1164 r00 Submission September 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Some Par and 5C Requirements Date: Authors:

Doc.: IEEE /200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.

Doc.: IEEE /0123r0 Submission January 2009 Dan Harkins, Aruba NetworksSlide 1 Secure Authentication Using Only A Password Date:

Submission doc.: IEEE 11-12/0553r4 May 2012 Jarkko Kneckt, NokiaSlide 1 Response Criteria of Probe Request Date: Authors:

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Submission doc.: IEEE 11-12/535r1 May 2012 Jarkko Kneckt, NokiaSlide 1 Scanning and FILS requirements Date: Authors:

Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:

Doc.: IEEE /0027r0 Submission January 2006 Slide 1 WiNOT Consortium: Proposal for online enrollment cluster Notice: This document has been prepared.

Doc.: IEEE /109r1 Submission July 2002 J. Edney, H. Haverinen, J-P Honkanen, P. Orava, Nokia Slide 1 Temporary MAC Addresses for Anonymity Jon.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Security Framework Date: Authors:

Doc.: IEEE /1313r2 Submission November 2013 Stephen McCann, BlackberrySlide 1 TGaq Mini Tutorial Date: Authors:

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Doc.: IEEE / wng Submission March 2012 Paul A. Lambert (Marvell)Slide 1 Key Centric Identity Date: Authors:

Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.

Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.

SOHO Security Recommendations. Change default user/password Of the AP/router Typical  admin – admin  root – root  root – 1234  Admin - There are web.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Randomized MAC Addresses for Privacy Enhancement

P802.11aq Waiver request regarding IEEE RAC comments

September 2011 April 2009 doc.: IEEE /xxxxr0

Follow-Up on WUR Discovery Frame and Discovery Channel

Follow-Up on WUR Discovery Frame and Discovery Channel

Follow-Up on WUR Discovery Frame and Discovery Channel

The pitfalls of address randomization in wireless networks

The pitfalls of address randomization in wireless networks

Presentation transcript:

doc.: IEEE /0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for Date: Authors: July 2014

doc.: IEEE /0888 r00 Submission Security and Privacy Paul Lambert, MarvellSlide 2 July 2014

doc.: IEEE /0888 r00 Submission Wireless Threats for Communications The location and capabilities of an attacker in the network is a useful way to categorize vulnerabilities. Slide 3Paull Lambert - Marvell November 2013

doc.: IEEE /0888 r00 Submission Security – What Could be Improved Wireless security is hard to setup and use in consumer devices Passwords are still the dominate way consumer products setup security –Why are Open, WEP and TKIP are still being used –WEP and TKIP should be removed from –Opportunistic Security could eliminate Open lacks adequate support for peer-to-peer authentication Paul Lambert, MarvellSlide 4 July 2014

doc.: IEEE /0888 r00 Submission Opportunistic Security “In contrast to the established approach of delivering strong protection some of the time, opportunistic security strives to deliver at least some protection most of the time. The primary goal is therefore broad interoperability, with security policy tailored to the capabilities of peer systems.” Paul Lambert, MarvellSlide 5 July

doc.: IEEE /0888 r00 Submission Strong Device-to-Device Authentication IEEE does not have a “good” solution for device-to-device authentication Preshared keys are problematic: –Difficult to install –Poor authentication (can be reshared) EAP based methods are designed to use a remote server –Difficult to configure –Few APs have built in server (one approach for perr-to-peer) Paul A. Lambert (Marvell)Slide 6

doc.: IEEE /0888 r00 Submission Device-to-Device Authentication Possible Use Cases and Benefits Simplified secure device discovery –All devices have an provable identity –Enables good peer-to-peer security Easy device enrollment and installation –Provable identity greatly simplifies installation process –Simplified installation of headless devices (sensors, etc) Cost and complexity reduced for systems needing centralized authorization Paul A. Lambert (Marvell)Slide 7

doc.: IEEE /0888 r00 Submission Peer-to-Peer Identity Framework Every device has a public / private key – hash of public key is used as identity –True peer-to-peer (either side can initiate) –Preassociation key exchange –based on well defined cryptographic standards (ECDH, etc.) –Used to simplify user experience for device enrollment Paul A. Lambert (Marvell)Slide 8

doc.: IEEE /0888 r00 Submission Examples of Hash Based Cryptographic Identifiers Bitcoin –e.g. 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v IPv6 and HIP (RFC 5201) Paul Lambert, MarvellSlide 9

doc.: IEEE /0888 r00 Submission Simple Device Enrollment Devices have a identity out-of-the box –Self generated key pair –Binding of wireless authentication to a specific device Label based on public key (truncated readable hash) Remote enrollment based on knowing identity Enrollment authentication may be facilitated by –QR code, NFC, Bluetooth –Human label validation Paul A. Lambert (Marvell)Slide 10

doc.: IEEE /0888 r00 Submission Scalable Access Authorization Paul A. Lambert (Marvell)Slide 11 Can I 2 enter network? K 1 K 2 Access control servers do NOT need to hold any secrets I 1 I 2 K i is device unique public key I i is device unique identifier from hash of K i, Cipher Suite

doc.: IEEE /0888 r00 Submission Communication privacy is not a new issue. Paul Lambert, MarvellSlide 12 November 2013 Privacy was an important selling point for dial based phones (1912) since they did not require an operator.

doc.: IEEE /0888 r00 Submission Wi-Fi Privacy Concerns Seattle Police Deactivate Wi-Fi Spy Grid After Privacy OutcrySeattle Police Deactivate Wi-Fi Spy Grid After Privacy Outcry (Nov 2013) A DHS and Seattle police network collecting location information CreepyDOL WiFi surveillance project debuts at Blackhat/DEFCONCreepyDOL WiFi surveillance project debuts at Blackhat/DEFCON (Aug 2013) DIY surveillance with low-cost Wi-Fi based sensors that capture MAC addresses Wi-Fi Trashcans Now Silently Tracking Your Smartphone DataWi-Fi Trashcans Now Silently Tracking Your Smartphone Data (Aug 2013)... the company boasted that the cans, which included LCD advertising screens, "provide an unparalleled insight into the past behavior of unique devices"—and hence of the people who carry them around "Technopanic" mounts over Google's Wi-Fi Privacy violations"Technopanic" mounts over Google's Wi-Fi Privacy violations (Mar 2013) A DHS and Seattle police network collecting location information Paul Lambert, MarvellSlide 13 November 2013

doc.: IEEE /0888 r00 Submission But wait – Wi-Fi “location” is also a service! Location-based Wi-Fi services can add immediate value to Wi-Fi deployments Location-based Wi-Fi services can add immediate value to Wi-Fi deployments (Oct 2013) “Knowing where someone is can be important because you are then in a better position to do something for or with them.” In-Location AllianceIn-Location Alliance (Nov 2013) “There are countless uses for accurate indoor positioning...” Renew - Wi-Fi based market information Renew - Wi-Fi based market information (Nov 2013) The Renew Network extends to over three million professionals in the City of London everyday. Our units have been strategically placed to achieve optimum viewing time, enabling our clients to receive a constant and continuous space to accommodate commercial campaigns. Paul Lambert, MarvellSlide 14 November 2013

doc.: IEEE /0888 r00 Submission Privacy Threats Source of Threats: –Hackers, private investigators, stalkers, paparazzi –Marketing firms and retail outlets –Police, Government Agencies Non-threats: –Marketing firms and retail outlets (with user approval) –Personal home automation (of home user) –... Etc. It is very important to identify ways to enable tracking when it is a “service”, but prevent unauthorized tracking Paul Lambert, MarvellSlide 15 November 2013

doc.: IEEE /0888 r00 Submission What we should avoid as a privacy solution From one system vendor: “Participation in Wi-Fi location services is completely up to the customer or visitor - they can opt out simply by turning off their Wi-Fi signal.” Paul Lambert, MarvellSlide 16 July 2014

doc.: IEEE /0888 r00 Submission Privacy versus other Security Services in Privacy protection is provided by encryption and authentication –But this just protects the disclosure “data” –Good security (e.g. RSN) is a first step and is not the subject of this analysis and is assumed as a starting point Privacy of identity and location must consider other information in frames that can be used to track a device –the MAC address –Active probing and SSIDs Paul Lambert, MarvellSlide 17 November 2013

doc.: IEEE /0888 r00 Submission Where can privacy be improved? MAC Addresses are unique per device –Enable detailed tracking by passive capture –MAC addresses may be used in IPv6 addresses and carried beyond the WLAN and will directly identify the connecting device SSIDs are sometimes unique –Enable tracking when used in probe requests and indicate a devices commonly used APs –The profile of multiple SSIDs used in probing are a good fingerprint of a users identity u is unprotected and may indicate user interests Others? Paul Lambert, MarvellSlide 18 November 2013

doc.: IEEE /0888 r00 Submission Passive Scanning and Monitor APs The primary scenarios to consider that are a “threat” and not “services” are passive monitoring and APs used for monitoring Slide 19Paull Lambert - Marvell November 2013

doc.: IEEE /0888 r00 Submission Possible Technical Solutions for Privacy Ephemeral MAC Addresses –use local addresses that change occasionally Limit active scanning Define alternate ways to discover “services” and Aps Capability bits to indicate “willingness to be tracked” Others? Paul Lambert, MarvellSlide 20 November 2013

doc.: IEEE /0888 r00 Submission Ephemeral MAC Addresses Virtual STAs could be defined that allow a device to have a different MAC address for each BSSID What happens to DHCP allocation and routing tables? –Rapid changes are a problem, occasional changes are enough to prevent correlation of a device to a human Not easy to change with an active association –But could only change on new connections Roaming and fast handoff might be impacted –But MAC addresses could remain the same for roaming and only change when not actively associated Careful use of Ephemeral MAC Addresses would provide significant improvements in address privacy! Paul Lambert, MarvellSlide 21 November 2013

doc.: IEEE /0888 r00 Submission A few Proposals for Privacy Enhancements Temporary MAC Addresses for AnonymityTemporary MAC Addresses for Anonymity Anonymous MAC AddressesAnonymous MAC Addresses SlyFi-Enhancing_80211_Privacy SlyFi-Enhancing_80211_Privacy Service Discovery ProposalService Discovery Proposal Privacy Privacy random-macs-for-privacyrandom-macs-for-privacy Privacy Enhanced WirelessPrivacy Enhanced Wireless IEEE /0367r2 Privacy Enhanced Wireless “When a STA is not a member of a BSS it should periodically change its MAC address to a random value. “ IEEE should adopt /0367r2 Paul Lambert, MarvellSlide 22 July 2014