Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 1 An Empirical Analysis of the 4- way Hand-shake 1 Nick.

Published byAlyson Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 1 An Empirical Analysis of the 4- way Hand-shake 1 Nick."— Presentation transcript:

1 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 1 An Empirical Analysis of the 4- way Hand-shake 1 Nick Petroni, Jr. npetroni@waa-assoc.com William A. Arbaugh waa@waa-assoc.com WAA Associates, LLC. 1. This work funded under a contract with the U.S. Defense Information Systems Agency (DISA)

2 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 2 Experiment Equipment Tested equipment –Access Points from 3 vendors –Client cards from 4 vendors –4 software clients (1 card-specific) STA –1.8GHz Pentium 4m Laptop –256 MB RAM –Windows XP Professional Service Pack 1 Measurement host –Identical hardware to client host –WildPackets AiroPeek NX 2.0

3 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 3 Test Procedure 1.Power up first AP on channel 1 in RF free environment. 2.STA associates to first AP 3.Power up second AP on channel 6 4.Power down first AP to force reassociation with second AP 5.Timing host listens on channel 6.

4 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 4 Layout STA Measurement Host AP1 AP2 10 feet 5 feet 7 feet 3 feet

5 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 5 Interoperability Matrix ClientCardAPResult Client1Cards 1,3ALLTimed Client1Cards 2,4AP 1Proprietary behavior observed Client1Cards 2,4AP 2-3Timed Client2Cards 1-3ALLClient is card specific Client2Card4AP1Proprietary behavior observed Client2Card4AP2Client2/AP2 do not interoperate Client2Card4AP3Timed Client3Cards 1,3ALLTimed Client3Card2ALLClient3/Card2 do not interoperate Client3Card4AP 1Proprietary behavior observed Client3Card4AP 2-3Timed Client4Cards 1,3ALLTimed Client4Cards 2,4AP 1Proprietary behavior observed Client4Cards 2,4AP 2-3Timed

6 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 6 Problems Encountered Client Problems –Multiple clients sent EAPOL Start in response to first EAPOL Key Packet –One client occasionally sent EAPOL Key response (second message) to the previous AP, even after receiving first key message from new AP

7 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 7 Problems Encountered Card Problems –Multiple cards did full Association instead of Reassociation

8 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 8 Problems Encountered Interoperability Problems –One client could not successfully authenticate with one AP regardless of card used. –One client/card combination failed to interoperate –One combination of client/card/AP consistently resulted in 1.Reassociation 2.4-way handshake 3.Deauthentication 4.Full Association 5.4-way handshake –Two cards used (seemingly) proprietary means with the same AP, failing to ever do a 4-way HS

9 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 9 Results- Client Comparison

10 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 10 Results- Client1

11 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 11 Results- Client1

12 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 12 Results- Client2

13 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 13 Results- Client3

14 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 14 Results- Client3

15 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 15 Results- Client4

16 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 16 Results- Client4

17 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 17 Results- Effect of AP

18 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 18 Results- Effect of AP

19 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 19 Results- Effect of Card

20 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 20 Results- Effect of Card

21 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 21 Summary of Results Interoperability problems were MUCH larger than expected. An optimized client on a Pentium 4 (we didn’t have a client for a PDA to test) has a ~20ms latency for the 4-way.

22 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 22 Conclusions A 4-way latency of ~20ms in the best case (no RF contention, fast processor, no RADIUS delay as in PMK caching) creates a total layer 2 latency that will likely exceed 50ms when combined with the probe phase latency. We’ve already dropped 2.5 VoIP packets and we haven’t added in the layer 3 latency yet.

23 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 23 Recommendations WECA should consider a “bake off” to quickly identify interoperability problems. TGi should consider splitting the PAR into two working groups. The first would complete the current draft components, and the second would define a fast hand-off specification that utilizes the current key hierarchy.

24 doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 24 Thanks Vendors for providing TKIP equipment. Tim Moore and Nancy Cam-Winget for answering questions. Wildpackets for providing Airopeek NX v2 for testing. DISA for funding the work.

Download ppt "Doc.: IEEE 802.11-03/0563-00-000i Submission July 2003 Petroni,Arbaugh WAA Associates, LLC.Slide 1 An Empirical Analysis of the 4- way Hand-shake 1 Nick."

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-01/553r0 Submission September 2001 Tim Moore, Bernard Aboba/Microsoft Authenticated Fast Handoff IEEE 802.11 Tgi Tim Moore Bernard Aboba.

Doc.: IEEE /553r0 Submission September 2001 Tim Moore, Bernard Aboba/Microsoft Authenticated Fast Handoff IEEE Tgi Tim Moore Bernard Aboba.
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.

IEEE P802 Handoff ECSG Submission July 2003 Bernard Aboba, Microsoft Detection of Network Attachment (DNA) and Handoff ECSG Bernard Aboba Microsoft July.
Advantage Century Telecommunication Corp. AIL: Actively Intelligent Link-Layer Handoff Guo-Yuan Mikko Wang

Advantage Century Telecommunication Corp. AIL: Actively Intelligent Link-Layer Handoff Guo-Yuan Mikko Wang
Doc.: IEEE 802.11-10/0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date: 2010-01-07.

Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Fast roaming in WPA T. Wolniewicz PIONIER. Events causing access-point switching Moving wireless client Metwork card switching in search of better conditions.

Fast roaming in WPA T. Wolniewicz PIONIER. Events causing access-point switching Moving wireless client Metwork card switching in search of better conditions.
Doc.: IEEE 802.11-12/0041r1 Submission NameAffiliationsAddressPhoneemail Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.

Doc.: IEEE /0041r1 Submission NameAffiliationsAddressPhone Robert Sun; Yunbo Li; Edward Au; Phillip Barber Huawei Technologies Co., Ltd.
CSMA/CA in IEEE 802.11 1 Physical carrier sense, and Virtual carrier sense using Network Allocation Vector (NAV) NAV is updated based on overheard RTS/CTS/DATA/ACK.

CSMA/CA in IEEE Physical carrier sense, and Virtual carrier sense using Network Allocation Vector (NAV) NAV is updated based on overheard RTS/CTS/DATA/ACK.
Doc.: IEEE 802.11-03/533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,

Doc.: IEEE /533r0 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Doc.: IEEE 802.11-03/533r3 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,

Doc.: IEEE /533r3 Submission July 2003 Clint Chaplin, Symbol TechnologiesSlide 1 Proposal for Fast Roam Fast Handoff Study Group Clint Chaplin,
Wireless Design for Voice Last Update 2011.06.11 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Wireless Design for Voice Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Fast Wireless Handoff in 802.11 Networks Sangho Shin Andrea G. Forte Anshuman S. Rawat Henning Schulzrinne.

Fast Wireless Handoff in Networks Sangho Shin Andrea G. Forte Anshuman S. Rawat Henning Schulzrinne.
Handoff Delay for 802.11b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.

Handoff Delay for b Wireless LANs Masters Project defense Anshul Jain Committee: Dr. Henning Schulzrinne, Columbia University Dr. Zongming Fei, University.
Doc.: IEEE 802.11-04/0748r0 Submission July 2004 Spilman, Azimuth Systems Test Methodology for Measuring BSS Transition Time Jeremy Spilman Azimuth Systems.

Doc.: IEEE /0748r0 Submission July 2004 Spilman, Azimuth Systems Test Methodology for Measuring BSS Transition Time Jeremy Spilman Azimuth Systems.
Doc.: IEEE 802.11-04/0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.

Doc.: IEEE /0476r3 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Pre-Keying Jesse Walker and Emily Qi Intel Corporation.
Doc.: IEEE 802.11-03/540 Submission July 2003 Arunesh Mishra, Min-ho Shin, William Arbaugh, Insun Lee, Kyunghun Jang. Fast handoffs using Fixed Channel.

Doc.: IEEE /540 Submission July 2003 Arunesh Mishra, Min-ho Shin, William Arbaugh, Insun Lee, Kyunghun Jang. Fast handoffs using Fixed Channel.
WEP Protocol Weaknesses and Vulnerabilities

WEP Protocol Weaknesses and Vulnerabilities

Similar presentations

Ads by Google