Doc.: IEEE 802.11-01/610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and 802.11 key interactions Tim Moore.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Advertisements

Doc.: IEEE /252 Submission May 2001 Bernard Aboba, MicrosoftSlide 1 Issues with the 802.1X State Machine IEEE 802.1X Revision PAR Bernard Aboba.
Filtering and Security By Mohammad Shanehsaz June 2004.
Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Installing Samba Vicki Insixiengmay Jonathan Krieger.
Windows 2003 and 802.1x Secure Wireless Deployments.
CSCI 6962: Server-side Design and Programming
Ch. 5 – Access Points. Overview Access Point Connection.
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless and Security CSCI 5857: Encoding and Encryption.
70-411: Administering Windows Server 2012
CWNA Guide to Wireless LANs, Second Edition
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Doc.:IEEE /0129r3 May 2012 Santosh Abraham, Qualcomm Inc. Short Beacon Slide 1 Authors:
Wireless LANs Prof. F. Tobagi MAC Management 1.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Doc.: IEEE /684r0 Submission November 2002 Martin Lefkowitz, Trapeze NetworksSlide 1 Extended Keymap ID Martin Lefkowitz Trapeze Networks.
Doc.: IEEE /562r1 Submission November 2001 Tim Moore, Bernard Aboba/Microsoft Authenticated Fast Handoff IEEE Tgi Tim Moore Bernard Aboba.
BAI513 - PROTOCOLS ARP BAIST – Network Management.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.
Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.
802.1X & EAP State Machines (found at: Jim Burns Paul Congdon Nick Petroni John Vollbrecht.
Doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.
Port Based Network Access Control
Proposed solutions to comments on section 7
Robust Security Network (RSN) Service of IEEE
Authentication and Upper-Layer Messaging
802.1X and key interactions Tim Moore November 2001
MAC Address Hijacking Problem
July 2002 Threat Model Tim Moore Tim Moore, Microsoft.
802.1X and AKE Comparison Nancy Cam-Winget, Atheros
Tim Moore, Microsoft Corporation Clint Chaplin, Symbol Technologies
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Roaming timings and PMK lifetime
Responses to Clause 5 Comments
802.1X and AKE Comparison Nancy Cam-Winget, Atheros
Roaming timings and PMK lifetime
Cooperative AP Discovery
Use of EAPOL-Key messages
Roaming timings and PMK lifetime
Presentation transcript:

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and key interactions Tim Moore

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Topics 802.1X key generation 802.1X in small networks 802.1X and VLANs

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X 802.1X consists of –Authentication Includes option for always allowed or always denied Station assumes authenticated if authenticator does not respond Multiple authentication methods supported via EAP –Key distribution Requires a master key known by supplicant and authenticator –Normally obtained from authentication but not required by 1X Supports updating keys but doesn’t give the policy i.e. have often to change keys, how to derive new keys, etc.

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X Key generation EAPOL-Key is used to send keys between authenticator and supplicant –Sent as unicast data packets so message is acknowledged Requires a master key known by authenticator and supplicant to sign and encrypt the keys being sent in the EAPOL-Key message –Normally master key generated by the authentication Allows for the master key to be used as a key by sending no key in the EAPOL-Key message

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X re-keying EAPOL-Key message can be sent anytime after authentication (but may be before EAP-Success) and may be sent multiple times –I.E. authenticator can update keys whenever it wants X re-authenticates to generate a new master key –Recommend re-authentication at intervals e.g. once at hour

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft EAPOL-Key interval 802.1X can update the keys without re-authenticating Update rate is dependent on –CPU load deriving new keys –CPU load to encrypt, sign and decrypt the keys –Waiting for last key update to be updated in hardware Decrypting and validating key Current testing shows this to be < 135ms on a current systems

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Key synchronization during updates Doesn’t use time synchronization –Very difficult to synchronize and not lose packets –Note: There is a time stamp in EAPOL-Key messages that can be used to attempt to synchronize the setting of the keys if required Currently used as replay protection Use two key indexes –Use one index while updating another index –EAPOL-Key sender always updates its own table before sending message –Receiver should start using new key as soon as it receives the key –Sender can wait until see new index being used by all required receivers before sending with the new key Allow multiple keys for key mapping table –Currently with key mapping there is a time hole because there is only one key –Note: Already need to support two keys per station for transmit and receive keys –Recommendation: Allow multiple keys for key mapping table

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X/SetKey interaction 802.1X should use SetKeys to update the encryption key –Call SetKey before sending an EAPOL-Key message –Call SetKey after receiving an EAPOL-Key message –EAPOL-Keys should not use the master key as an encryption key –Stations must be able to derive encryption keys and use EAPOL-Key message to send updates at intervals –EAPOL-Key message should alternate between two key indexes –Two key indexes should be available for each send and receive key Including Key mapping table –The EAPOL-Key message sender should update keys in the following sequence Update local receive key Send the Senders Transmit key Send the Senders Receive key –Sender should check receive messages for new index being used and start using new key for transmit when all receives indicate they are using new transmit key index. Update local transmit key

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Roaming between APs No IAPP –802.1X does re-authentication Maybe NULL authentication or a fast re-auth (e.g. TLS resume) Get new master key EAPOL-Key messages to send new encryption keys to station IAPP –Client authenticates to new AP via signature in re-associate message –Via IAPP, New AP sends signature to old AP for validation –Old AP validates signature, sends master key to new AP –If session-timeout attribute in IAPP RADIUS context is 0 and termination-action = RADIUS, then Set 802.1X state to FORCE_AUTH –Else Set 802.1X portStatus to Authorized Set 802.1X state to AUTHENTICATED –EAPOL-Key messages used to send new encryption keys to station

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 801.X and WEP 802.1X must be unencrypted Otherwise on roaming 802.1X is encrypted and the new AP cannot decrypt unless IAPP is supported Recommendation: Data frames of Ethertype 802.1X (888E) bypass encryption

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and IBSS 802.1X works with IBSS –Each station should authenticate who is allowed to communicate to it –Requires 802.1X supplicant and authenticator on each station, see later for simple way to do this –Stations need to learn whether another station needs 802.1X from probe Need this to decide which encryption key to configure: the master key or a derived key Need a way to decide who generates the keys –802.1X doesn’t specify this

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft IBSS and encryption keys If different receive/transmit keys are required –Authenticator sends transmit key If single transmit/receive key is supported –If sending EAPOL-Key dest MAC address < own MAC address Do not use key as encryption key and use key received in EAPOL-Key messages –Else Do use in sending EAPOL-Key message and ignore EAPOL-Key messages received

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X in small networks

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X in small networks May want to use shared network password –How to do this with 802.1X? May want to have individual user authentication but with simple UI –How to do this with 802.1X?

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Shared Password Use shared password as master key for EAPOL-Key message Works with Infrastructure and IBSS Access Point ignores all 802.1X messages from station –No authentication using EAP –Using key distribution and update support in 802.1X –Send EAPOL-Key messages with default and key-mapping encryption keys, the message is signed and encrypted using the shared password –Only supplicants with the shared password can get the encryption keys

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Shared Password implementation Authenticator state machine, authentication server and Radius client not required –Access Point should ignore received 802.1X messages Supplicant state machine –Need DISCONNECTED, CONNECTING and AUTHENTICATED states (3 out of 7 states)

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Supplicant state machine DISCONNECTED eapSuccess = FALSE eapFail = FALSE startCount = 0 logoffSend = FALSE Prevousid = 256 suppStatus = Unauthorized Intialize || !portEnabled CONNECTING startWhen = startPeriod startCount = startCount + 1 reqId = FALSE txStart AUTHENTICATED eapSuccess = FALSE eapFail = FALSE suppStatus = Authorized UCT (startWhen == 0) && (startCount >= maxStart) (startWhen == 0) && (startCount < maxStart) eapSuccess && !(initialize || !portEnabled) && !userLogoff && !logSent

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Individual user authentication An example Requires full implementation of 802.1X for supplicant, authenticator and authentication server –Doesn’t require RADIUS Each station has a self-signed certificate. Access Point has authenticator and authentication server built in –No radius implementation since both on the same machine Authentication server and supplicant implements EAP- TLS

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Supplicant Standard EAP-TLS –No difference from talking to an AP that uses RADIUS to the authentication server

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Authentication server authenticating user Check internal table for username –If not allowed, send EAP-failure –Else validate certificate If valid –If user allowed then If certificate matches certificate in table then send EAP-success Else send EAP-Failure –Else display message to admin with username –If admin allows user Add user and certificate to table with allowed –Else Add user to table with disallowed –Endif Else –Send EAP-failure Endif Display could be a web page with a list of users requesting for access –Admin can select users to allow/disallow access

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and VLANs

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and VLANs 802.1X suggests the use of VLANs or VPNs to isolate different user groups –Access Point is a level 2 device so VLANs are the obvious way to do this Need to be able to separate broadcast traffic in –Broadcast messages from different ‘networks’ so not duplicating traffic –Use different broadcast keys for each VLAN –Need 2 keys per VLAN to allow the keys to be changed

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft 802.1X and default key table Allow the default key table to be increased from 4 keys to 256 keys –Half the keys for transmit and half for receive –Enable the spare bits to be used as part of the keyid –Add attribute to association request containing size of default key table

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Motion To instruct editor to modify the key mapping table to allow 2 keys per station for ESNs and to use the KeyID to select which key is used

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Motion To instruct editor to add text to so 802.1X data packets are not encrypted

doc.: IEEE /610r0 Submission November 2001 Tim Moore, Microsoft Motion Request 1aa to add to EAPOL-Key message section –If key management is used and supplicant and authenticator is available at both ends then the lower MAC address owns the key management –Enable the EAPOL-Key carry a Nonce rather than the key material

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.