Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stefan Rommer, Mats Näslund, András Méhes (Ericsson)

Published byBlake Craig Modified over 6 years ago

Similar presentations

Presentation on theme: "Stefan Rommer, Mats Näslund, András Méhes (Ericsson)"— Presentation transcript:

1 Stefan Rommer, Mats Näslund, András Méhes (Ericsson)
Month 2002 doc.: IEEE /xxxr0 July 2002 MIC’ for Public Access Stefan Rommer, Mats Näslund, András Méhes (Ericsson) S. Rommer, M. Näslund, A. Méhes (Ericsson) John Doe, His Company

2 Introduction Similar to 02/346 (was presented in Sydney).
July 2002 Introduction Similar to 02/346 (was presented in Sydney). This presentation clarifies some aspects. Also: More people here this time Try to get to some conclusion S. Rommer, M. Näslund, A. Méhes (Ericsson)

3 General At public access sites: => Special security requirements
July 2002 General At public access sites: APs placed in public spaces Anyone has access to premises People not trusted Charging for services => Special security requirements S. Rommer, M. Näslund, A. Méhes (Ericsson)

4 A hot-spot architecture
July 2002 A hot-spot architecture Layer-2 LAN AP WLAN Support Node (WSN) STA Internet AP Untrusted Trusted (placed in locked room) S. Rommer, M. Näslund, A. Méhes (Ericsson)

5 Trust model In public wireless environments:
July 2002 Trust model In public wireless environments: The wireless link is not trusted The AP is not trusted Someone can tamper with the AP. Tamper-proof APs not realistic. The AP-WSN link is not trusted Someone can insert a rogue AP or host. The WSN is trusted Placed in a locked room or off-site. S. Rommer, M. Näslund, A. Méhes (Ericsson)

6 July 2002 Security threats If someone can access the wired link between AP and the WLAN Support Node (WSN): An attacker may inject packets and interfere with billing (if billing is done in the in the WSN) An attacker may hijack a session An attacker may get free access If someone can tamper with the AP An attacker could reconfigure the AP Anything is possible S. Rommer, M. Näslund, A. Méhes (Ericsson)

7 July 2002 Proposed solution Integrity Protected STA AP WSN Integrity-protect all traffic between station and WSN. Add a MIC to each packet between STA and WSN. Will be transparent to the AP. Can be an add-on to the ”regular” i security. Re-use the existing key-management and possibly HW-functions in the STA. Key for extra MIC only known to STA and WSN S. Rommer, M. Näslund, A. Méhes (Ericsson)

8 Message flow 802.11i MIC’ ”Basic” 802.11i STA AP WSN Payload’
July 2002 Message flow 802.11i MIC’ ”Basic” i STA AP WSN Payload’ RC Payload MIC’ TAG Payload MIC’ Payload AES Encrypted IV Payload MIC’ Michael ICV TKIP Encrypted S. Rommer, M. Näslund, A. Méhes (Ericsson)

9 July 2002 Key details AP WSN PMK, PMK2 PMK2 PMK WSN acts as a RADIUS Proxy and can extract the Pairwise Master Key (PMK). A key for the new MIC can then be derived both at the Station and at the WSN. The WSN will then send a different key (PMK2) to the AP. PMK2 = h(PMK), where h = suitable one-way function. S. Rommer, M. Näslund, A. Méhes (Ericsson)

10 Simplified MSC AS STA AP WSN PMK2 PMK2 = h(PMK) h = one-way function
July 2002 Simplified MSC AS STA AP WSN association EAP-Request / Identity EAP-Response / Identity EAP message exchange Derive PMK Derive PMK RADIUS-Access Accept (PMK) Derive new PMK2 Derive new PMK2 RADIUS-Access Accept (PMK2) EAP-Success PMK2 PMK2 = h(PMK) h = one-way function PMK S. Rommer, M. Näslund, A. Méhes (Ericsson)

11 Why specify it in 802.11i? Light-weight (compared e.g. to IPSec)
July 2002 Why specify it in i? Light-weight (compared e.g. to IPSec) Possible to reuse existing i functions, e.g. the key framework and crypto-HW. A single WLAN-solution will promote interoperability. S. Rommer, M. Näslund, A. Méhes (Ericsson)

12 Conclusion Possible solution for extra MIC: Straw poll:
July 2002 Conclusion Possible solution for extra MIC: 802.11i-like key derivation MIC’ algorithm: e.g. MMH or AES-CBC-MAC The exact details to be worked out Straw poll: Is it of interest to TGi to have this kind of functionality in i? S. Rommer, M. Näslund, A. Méhes (Ericsson)

13 July 2002 Back-up slides S. Rommer, M. Näslund, A. Méhes (Ericsson)

14 Can we use the TKIP and WRAP MICs?
July 2002 Can we use the TKIP and WRAP MICs? Split encryption and integrity protection between AP and WSN Encryption in AP Integrity protection in ASN Not a good solution Technical difficulties (see next slide) Good to keep an integrity check in the AP S. Rommer, M. Näslund, A. Méhes (Ericsson)

15 Can we use the TKIP and WRAP MICs?
July 2002 Can we use the TKIP and WRAP MICs? TKIP MIC: The AP Transmitter Address is needed by the WSN TKIP Countermeasures AES-OCB tag: 802.11e Traffic Class input to integrity code Have to synchronize Replay Counters between AP and WSN AES-CBC-MAC MAC Header is included in integrity code Have to synchronize the Packet Number between AP and WSN CBC-MAC on MPDU level? => Fragmentation in WSN? Conclusion: WRAP MICs are closely tied to the MAC layer. => Not a general solution, we need another MIC field. S. Rommer, M. Näslund, A. Méhes (Ericsson)

Download ppt "Stefan Rommer, Mats Näslund, András Méhes (Ericsson)"

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Michal Rapco 05, 2005 Security issues in Wireless LANs.

Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
WEP Protocol Weaknesses and Vulnerabilities

WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Doc.: IEEE 802.11-01/495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Link-Layer Protection in 802.11i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) 802.11b - up to 11 Mbps, several hundred feet 802.11g - up to 54 Mbps, backward compatible, same frequency 802.11a.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security

Lecture 24 Wireless Network Security
Wireless Security: The need for WPA and 802.11i By Abuzar Amini CS 265 Section 1.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Similar presentations

Ads by Google