Presentation is loading. Please wait.

Presentation is loading. Please wait.

11i PSK use in 11s: Consider Dangerous

Published bySonny Susman Modified over 5 years ago

Similar presentations

Presentation on theme: "11i PSK use in 11s: Consider Dangerous"— Presentation transcript:

1 11i PSK use in 11s: Consider Dangerous
2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 11i PSK use in 11s: Consider Dangerous Date: Authors: Notice: This document has been prepared to assist IEEE It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE Patent Policy and Procedures: The contributor is familiar with the IEEE 802 Patent Policy and Procedures < ieee802.org/guides/bylaws/sb-bylaws.pdf>, including the statement "IEEE standards may include the known use of patent(s), including patent applications, provided the IEEE receives assurance from the patent holder or applicant with respect to patents essential for compliance with both mandatory and optional portions of the standard." Early disclosure to the Working Group of patent information that might be relevant to the standard is essential to reduce the possibility for delays in the development process and increase the likelihood that the draft publication will be approved for publication. Please notify the Chair as early as possible, in written or electronic form, if patented technology (or technology under patent application) might be incorporated into a draft standard being developed within the IEEE Working Group. If you have questions, contact the IEEE Patent Committee Administrator at D. Harkins, Tropos Networks D. Harkins, Tropos Networks

2 2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 Abstract Known attacks against i PSK authentication make it unsuitable for use in a mesh network. D. Harkins, Tropos Networks D. Harkins, Tropos Networks

3 PSK Authentication from 802.11i
Sept 2006 PSK Authentication from i PSK SSID supplicant authenticator PSK SSID Anonce PBKDF2 PBKDF2 PMK PMK Snonce, MIC MIC PRF-x MIC PRF-x PTK PTK D. Harkins, Tropos Networks

4 What’s the Attack? An observer of the exchange knows:
2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 What’s the Attack? An observer of the exchange knows: the SSID from beacons and probe responses, both nonces, the PRF, PBKDF2, a frame with a valid MIC It is possible to launch a passive attack capture an exchange perform a dictionary attack using the above information Described by Bob Moscowitz in “Weakness in Passphrase Choice in WPA Interface”, November, 2003 Utilities exist to launch this attack e.g. coWPAtty, WPAcracker FPGA acceleration of coWPApatty can attempt ~1000/s. These can be easily clustered to further decrease cracking time. there exists a database of precomputed hash table of top 1,000,000 most popular passwords and 1,000 most popular SSIDs D. Harkins, Tropos Networks D. Harkins, Tropos Networks

5 2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 What’s the Problem? 11i’s PSK authentication also doesn’t provide Perfect Forward Secrecy all traffic previously sent can be decrypted all future traffic can be decrypted bogus frames can be injected into current traffic Deployment experience shows this is a big problem PSKs are typically shared– i.e. not bound to specific supplicant MAC address. Phrases over 20 characters are not really possible when humans are involved. Random strings are difficult to remember and prone to misconfiguration. Therefore PSKs are typically weak and consist of words and phrases found in a dictionary. There is only ~1.5 bits of entropy per character too, making it unsuitable for generation of a 128bit encryption key. D. Harkins, Tropos Networks D. Harkins, Tropos Networks

6 Why is this so bad for a mesh?
2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 Why is this so bad for a mesh? The dynamic nature of a mesh basically ensures that PSKs will be shared to do otherwise would require an onerous and unscalable configuration of every MPs PSK on every other MP: O(N) problem. Attacking i PSK allows access to the network behind an AP for attackers within earshot of the AP. Attacking s PSK would allow the mesh to grow unbounded to unauthorized MPs and clients the mesh grows, further increasing unauthorized traffic being sent onto the wired network behind the mesh. the larger the mesh the more opportunity for more attackers to see the mesh and attack it. D. Harkins, Tropos Networks D. Harkins, Tropos Networks

7 Sept 2006 D. Harkins, Tropos Networks

8 Summary and Suggestion
2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 Summary and Suggestion 11s must support some form of PSK authentication Existing 11i scheme should be replaced New PSK authentication scheme should have the following properties must not be susceptible to passive attack must provide Perfect Forward Secrecy: the property that “disclosure of long term secret keying material does not compromise the secrecy of exchanged keys from earlier runs”-- Diffie, van Oorshot, and Wiener in Authentication and Authenticated Key Exchanges. must provide some level of DoS resistance D. Harkins, Tropos Networks D. Harkins, Tropos Networks

9 Questions? Sept 2006 doc.: IEEE 802.11-06/xxxxr0 2/25/2019
D. Harkins, Tropos Networks D. Harkins, Tropos Networks

10 2/25/2019 doc.: IEEE /xxxxr0 Sept 2006 Straw Poll PSK authentication as defined by i is inappropriate for use in 11s Yes: No: Don’t know: Don’t care: D. Harkins, Tropos Networks D. Harkins, Tropos Networks

Download ppt "11i PSK use in 11s: Consider Dangerous"

Similar presentations

Beacon Measurement on Pilot Frames

Beacon Measurement on Pilot Frames
Coexistence Motions for LB84 Comment Resolution

Coexistence Motions for LB84 Comment Resolution
LB84 General AdHoc Group Sept. Closing TGn Motions

LB84 General AdHoc Group Sept. Closing TGn Motions
LB84 General AdHoc Group Sept. Closing TGn Motions

LB84 General AdHoc Group Sept. Closing TGn Motions
[ Interim Meetings 2006] Date: Authors: July 2005

[ Interim Meetings 2006] Date: Authors: July 2005
IEEE White Space Radio Contribution Title

IEEE White Space Radio Contribution Title
TGu/TGv Joint Session Date: Authors: July 2005 July 2005

TGu/TGv Joint Session Date: Authors: July 2005 July 2005
London TGu Motions Authors: January 2007 Date: Month Year

London TGu Motions Authors: January 2007 Date: Month Year
LB73 Noise and Location Categories

LB73 Noise and Location Categories
LB73 Noise and Location Categories

LB73 Noise and Location Categories
Waveform Generator Source Code

Waveform Generator Source Code
TGu Closing Report Date: Authors: November 2005

TGu Closing Report Date: Authors: November 2005
March 2014 Election Results

March 2014 Election Results
TGp Closing Report Date: Authors: July 2007 Month Year

TGp Closing Report Date: Authors: July 2007 Month Year
Attendance and Documentation for the March 2007 Plenary

Attendance and Documentation for the March 2007 Plenary
[ Policies and Procedure Summary]

[ Policies and Procedure Summary]
3GPP liaison report May 2006 May 2006 Date: Authors:

3GPP liaison report May 2006 May 2006 Date: Authors:
Motion to accept Draft p 2.0

Motion to accept Draft p 2.0
Protected SSIDs Date: Authors: March 2005 March 2005

Protected SSIDs Date: Authors: March 2005 March 2005
3GPP liaison report July 2006

3GPP liaison report July 2006

Similar presentations

Ads by Google