IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Slides:

Advertisements

Similar presentations

Chapter 07 Designing and Implementing Security for WLAN

Advertisements

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Security+ Guide to Network Security Fundamentals, Third Edition

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

WLAN What is WLAN? Physical vs. Wireless LAN

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Security in Wireless Networks IEEE i Presented by Sean Goggin March 1, 2005.

By Ramin Hedayatzadeh. “IEEE i or WPA2” Introduction Integrity of WEP to WPA (necessity) WPA and its second generation WPA2 concepts Definition.

WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Lecture 24 Wireless Network Security

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Wireless security Wi–Fi (802.11) Security

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:

1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann

CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)

History and Implementation of the IEEE 802 Security Architecture

Authentication and handoff protocols for wireless mesh networks

Wireless Protocols WEP, WPA & WPA2.

We will talking about : What is WAP ? What is WAP2 ? Is there secure ?

IEEE i Dohwan Kim.

Wireless Network Security

Presentation transcript:

IEEE 802.11i Aniss Zakaria 60-564 Survey Fall 2004 Friday, Dec 3, 2004

Survey based on two main papers: IEEE 802.11i Standard, http://standards.ieee.org ,June 2004 Jyh-Cheng Chen, Ming-Chia Jiang and Yi-Wen Liu, “Wireless LAN Security and IEEE 802.11i”, url = http://wire.cs.nthu.edu.tw/wire1x/WC02-124-post.pdf , 2004 Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.11 Introduction: WLANs are in everywhere. Authentication modes: Open System Authentication. Just supply correct SSID. Shared key Authentication. Relay on WEP. WEP: Wired Equivalent Privacy. WEP is weak and breakable. AirSnort. Friday, Dec 3, 2004 IEEE 802.11i

WEP Without WEP, no confidentiality, integrity, or authentication of user data The cipher used in WEP is RC4, keylength from 40 up to 104 bits Key is shared by all clients and the base station compromising one node compromises network Manual key distribution among clients makes changing the key difficult Friday, Dec 3, 2004 IEEE 802.11i

WEP .. cont Friday, Dec 3, 2004 IEEE 802.11i

How does WEP “work”? What’s wrong with WEP? 24 bits 802.11 Hdr Data Append ICV = CRC32(Data) Data 802.11 Hdr ICV Check ICV = CRC32(Data) Data 802.11 Hdr IV ICV Select and insert IV Per-packet Key = IV || RC4 Base Key RC4 Encrypt Data || ICV Remove IV from packet Per-packet Key = IV || RC4 Base Key RC4 Decrypt Data || ICV 24 bits Friday, Dec 3, 2004 IEEE 802.11i

IV is the main problem: IV is only 24 bits provide a 16,777,216 different RC4 cipher streams for a given WEP key Chances of duplicate IVs are: 1% after 582 encrypted frames 10% after 1881 encrypted frames 50% after 4,823 encrypted frames 99% after 12,430 encrypted frames Increasing Key size will not make WEP any safer. Why? refer to Jesse Walker paper “IEEE 802.11i wireless LAN: Unsafe at any key size”, http://www.dis.org/wl/pdf/unsafe.pdf, Oct 2000 Friday, Dec 3, 2004 IEEE 802.11i

IV is the main problem: Friday, Dec 3, 2004 IEEE 802.11i

Review of the cipher RC4 What’s wrong with WEP? Pseudo-random number generator “key stream” byte b  Ciphertext data byte c = p  b Plaintext data byte p Decryption works the same way: p = c  b Thought experiment: what happens when p1 and p2 are encrypted under the same “key stream” byte b? c1 = p1  b c2 = p2  b Then: c1  c2 = (p1  b)  (p2  b) = p1  p2 Friday, Dec 3, 2004 IEEE 802.11i

We need a solution: IEEE 802.11 has formed a new Task Group “i” to solve WEP problems. Wi-Fi Protected Access (WPA) was created by the Wi-Fi Alliance in 2002 – in part out of impatience with the slow - moving 802.11i standard. WPA focus mainly on legacy (current) equipments, require only firmware update. IEEE 802.11i has added a newer Encryption mechanism which require changes in current WLAN equipments. 802.11i has been ratified by the IEEE in June 2004. Unlike 802.11a, b and g specifications, all of which define physical layer issues, 802.11i defines a security mechanism that operates between the Media Access Control (MAC) sublayer and the Network layer. The Wi-Fi Alliance refers to the new 802.11i standard as WPA2. Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.11i standard: IEEE 802.11 TGi has defined two major frameworks: Pre-RSN RSN The definition of RSN according to IEEE 802.11i standard is a Security Network which only allows the creation of Robust Security Network Associations (RSNA). simply, Pre-RSN is what current WLANs are, but RSN systems are what IEEE 802.11i systems should be. Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.11i Frameworks: Pre-RSN IEEE 802.11 entity authentication Open System authentication Allows a station to be authentication without having a correct WEP key Shared Key authentication The AP send a challenge packet to the Mobile Station The MS encrypt the challenge packet using the shared WEP key and send the encrypted result back to the AP Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.11i Frameworks: RSN Authentication Enhancement: IEEE 802.11i utilizes IEEE 802.1X for its authentication and key management services. Key Management and Establishment: Manual key management Automatic key management Encryption Enhancement: Temporal Key Integrity Protocol (TKIP) Counter-Mode/CBC-MAC Protocol (CCMP) So .. These are the 3 enhancements which IEEE 802.11i has introduced .. We will talk about each of these items individually in the following slides. Friday, Dec 3, 2004 IEEE 802.11i

Authentication Enhancement IEEE 802.1X: Port-based authentication mechanism used for both wired and wireless networks. Already implemented in many Operating Systems like Windows XP SP1. It provide a framework to authenticate and authorize devices connecting to network. IEEE 802.1X has three main pieces: Supplicant Authenticator Authentication Server (AS) Friday, Dec 3, 2004 IEEE 802.11i

Authentication Enhancement IEEE 802.1X: Authenticator and supplicant communicate with one another by using the Extensible Authentication Protocol (EAP, RFC-2284). EAP originally designed to work over PPP, but IEEE 802.1X define a method to use EAP Over LAN (EAPOL) The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS, TTLS and smart cards such as EAP SIM etc. Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.1X: Ethernet type of EAPOL is 88-8E. Authentication Enhancement IEEE 802.1X: Ethernet type of EAPOL is 88-8E. Friday, Dec 3, 2004 IEEE 802.11i

IEEE 802.1X: Authentication Enhancement Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Two ways to support key distribution: Manual key management Administrator will manually configure keys. Automatic Key management IEEE 802.1x used for key management services, only available on RSNA. Two Key Hirarechies: Pairwise key hierarchy Group key hierarchy Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Pairwise key hierarchy Master Key – represents positive access decision Pairwise Master Key (PMK) – represents authorization to access 802.11 medium Pairwise Transient Key (PTK) – Collection of operational keys: Key Confirmation Key (KCK) – used to bind PTK to the AP, STA; used to prove possession of the PMK Key Encryption Key (KEK) – used to distribute Group Transient Key (GTK) Temporal Key (TK) – used to secure data traffic Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Pairwise key hierarchy Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Pairwise key hierarchy 4-way handshake: The 4-way handshake does several things: Confirms the PMK between the supplicant and authenticator. Establishes the temporal keys to be used by the data-confidentiality protocol Authenticates the security parameters that were negotiated Performs the first group key handshake Provides keying material to implement the group key handshake Friday, Dec 3, 2004 IEEE 802.11i

4-way handshake: Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Group key hierarchy Group Master Key (GMK) – which is a random number. Group Transient Key (GTK) – An operational keys: Temporal Key – used to “secure” multicast/broadcast data traffic 802.11i specification defines a “Group key hierarchy” Entirely gratuitous: impossible to distinguish GTK from a randomly generated key Friday, Dec 3, 2004 IEEE 802.11i

Key Management and Establishment: Group key hierarchy Friday, Dec 3, 2004 IEEE 802.11i

Encryption Enhancement: Two main Encryption algorithms are used: TKIP Temporal Key Integrity Protocol CCMP Counter-Mode/CBC-MAC Protocol Path: WEP -> WPA -> 802.11i WPA = TKIP + IEEE 802.1x 802.11i = TKIP + IEEE 802.1x + CCMP Friday, Dec 3, 2004 IEEE 802.11i

Encryption Enhancement: TKIP: Stronger privacy - Still uses RC-4 encryption - Key rollover (temporal key) - Expand IV space (24  48 bits Stronger integrity - Message Integrity Code (MIC) - computed with own integrity algorithm (MICHAEL) - Separate integrity key - Integrity counter measures TKIP consider as a short-term solution for WLAN security. used to ease the transition from current WEP WLAN to the next RSN networks. Friday, Dec 3, 2004 IEEE 802.11i

Encryption Enhancement: TKIP: TKIP uses the IV and base key to hash a new key – thus a new key will be available every packet; weak keys are mitigated. Friday, Dec 3, 2004 IEEE 802.11i

Encryption Enhancement: CCMP: Long-term solution. Mandatory for RSNA systems. IV size is 48 bits. Uses stronger encryption of AES which uses the CCM mode (RFC 3610) with 128-bit key and 128-bit block size. CCM mode combines Counter-Mode (CTR) and Cipher Block Chaining Message Authentication Code (CBC-MAC). For Privacy: AES-CCM (128 bit key) Integrity: CBC-MAC Support preauthorization so clients can preauthorize when roaming, if they already had a full authorization in their home network. Friday, Dec 3, 2004 IEEE 802.11i

Friday, Dec 3, 2004 IEEE 802.11i

802.11i Summary Data protocols provide confidentiality, data origin authenticity, replay protection Data protocols require fresh key on every session Key management delivers keys used as authorization tokens, proving channel access is authorized Architecture ties keys to authentication Friday, Dec 3, 2004 IEEE 802.11i