KAIS T Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Slides:



Advertisements
Similar presentations
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Security for Wireless Networks Presenter Name Job Title Company.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE Wireless Local Area Networks (WLAN’s).
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
KIRAN CHAMARTHI NETWORK SECURITY
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Mobile and Wireless Communication Security By Jason Gratto.
Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Eugene Chang EMU WG, IETF 70
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
KAIS T Wireless Network Security and Interworking Minho Shin, et al. Proceedings of the IEEE, Vol. 94, No. 2, Feb Hyeongseop Shim NS Lab, Div. of.
WEP Protocol Weaknesses and Vulnerabilities
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Wireless security Wi–Fi (802.11) Security
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Protocols WEP, WPA & WPA2.
The Tunneled Extensible Authentication Method (TEAM)
Presentation transcript:

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers & Security (2007) 2007/09/11 CS Div. NS Lab. Young joo Shin

2/16 Contents Introduction Authentication & Key Exchange(AKE) method requirements for IEEE WLANs AKE methods overview Comparison results Multi-layer AKE framework and its design guidelines Conclusion

Introduction IEEE A set of wireless LAN (WLAN) standards (802.11, b, a, etc) Designed to offer reliable data transmission under diverse environments Provides higher data transmission rate and lower cost Two key security aspects of IEEE Authentication of wireless user/device Data confidentiality between the wireless device and the network 3/16

Introduction Authentication and Key Exchange (AKE) mechanism An important building block for authentication & confidentiality Many AKE methods for WLANs EAP-TLS, PEAP, 802.1X, WPA, i, etc In this paper The general requirements for WLAN AKE methods are identified WLAN AKE methods are reviewed and compared against the requirements A multi-layer AKE framework is proposed based on the analysis 4/16

AKE method requirements for IEEE WLANs AKE method requirements Mandatory Recommended/desired Additional operational Mandatory requirements Mutual authentication Credential security Resistance to dictionary attack Man-in-the-middle attack protection Immune to forgery attacks Anti-replay (packet forgery) protection Strong session key 5/16

AKE method requirements for IEEE WLANs Recommended/desired requirements Management message authentication Authenticate users Key integrity check Weak key protection Additional operational requirements No computational burden Ease implementation Fast reconnection 6/16

AKE methods overview Proposed WLAN AKE methods are classified into Legacy AKE method Layered AKE method Access control-based layered AKE method Legacy AKE method The simplest and default method for legacy Wired Equivalent Privacy (WEP) protocol (1997) Pre-shared key, challenge/response No protection to forgery attacks No replay protection Extremely weak to key attacks (due to misusing RC4 algorithm) One key is used for authentication and traffic encryption 7/16

AKE methods overview Layered AKE methods The security mechanisms in a single layer would not be sufficient Some deployments of WLANs use layered AKE methods EAP-TLS, EAP-TTLS, PEAP, EAP-SPEKE, EAP-FAST, EAP-PSK EAP (Extensible Authentication Protocol) Framework offering a basis for carrying other authentication methods High extensibility due to independence from any particular authentication algorithm Two of layered AKE methods TLS embedded protocol Layered method with cryptographic design 8/16

AKE methods overview TLS embedded protocol TLS (Transport Layer Security) is a certificate-based method EAP-TLS Provides mutual authentication EAP-TTLS, PEAP Address the weakness of insecure authentication channel during the authentication phase Credential security, anti-replay 9 /16 TLS embedded protocol layered modelEAP-TTLS protocol

AKE methods overview Layered method with cryptographic design Incorporates with cryptographic algorithms during authentication phase Password-based authentication Gains the security of public key encryption without the costs of certificates EAP-FAST(Flexible Authentication via Secure Tunneling) EAP-PSK (Pre-Shared Key) EAP-SPEKE (Simple Password Exponential Key Exchange) Layered AKE methods Provide a highly efficient, easily deployable authentication framework Secure than WEP Contain certain disadvantages such as No identity protection No protected ciphersuite negotiation No fast reconnection capability 10/16

AKE methods overview Access control-based layered AKE method IEEE 802.1X provides a port-based network access control Layered AKE methods based on 802.1X Transitional solution, long-term scheme Transitional solution WPA (Wi-Fi Protected Access) WEP X with EAP + TKIP(Temporal Key Integrity Protocol) Compatible with legacy hardware e.g., RC4 11/16

AKE methods overview Long-term scheme WPA2 (IEEE i) 802.1X access control + EAP authentication + AES-CCMP traffic encryption Four-way handshake Crucial security enhancements to legacy Not deployable and complicated to implement 12/16 4-way handshake

Comparison Results 13/16 LegacyLayeredAccess control-based Layered

Multi-layer AKE framework and its design guidelines Multi-layer AKE framework The protected ciphersuite negotiation, mutual authentication and key management Flexible framework for various user authentication and key distribution (password, certificate, smart card, etc) New functionalities could be easily incorporated into the framework The framework can address threats caused new security concerns or development challenges of wireless technologies 14/16 A multi-layered AKE framework for WLANs

Multi-layer AKE framework and its design guidelines Multi-layer AKE framework design guidelines Conduct a risk analysis to determine the required protection level and then find the most cost-effective protection against attacks Consider preventing from some types of DoS attacks Make decision on how to find the tradeoff between easy implementation and strong security Consider combination of existing mechanisms to overcome existing problems 15/16

Conclusion The AKE requirements for WLAN have been identified The proposed AKE methods are reviewed and compared against the requirements Legacy AKE methods Layered AKE methods Access control-based layered AKE methods A new framework for AKE method is proposed Fairy strong security, flexibility and extensiblity 16/16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.