Presentation is loading. Please wait.

Presentation is loading. Please wait.

Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Published byAllan Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:"— Presentation transcript:

1 Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src: Computers & Security, Vol. 26, 2007, pp. 401-409

2 Outline Introduction 3 Levels AKE Requirements for IEEE 802.11 WLANs AKE Methods overview  Legacy AKE Methods  Layered AKE Methods  Access control-based layered AKE method Comparison results Multi-layer AKE framework Conclusion

3 Introduction Two key security aspects in 802.11  Authentication of the wireless user/device  Data confidentiality between the wireless device and the network Three major issues with today’s authentication mechanisms for wireless networks  Lack of mutual authentication between the user and the network  Shared communication channel could be monitored by any malicious user  Attacker might figure out the password by observing the pair of challenge and response messages

4 3 Levels AKE Requirements for IEEE 802.11 WLANs Mandatory requirements  Mutual authentication  Credential security.  Resistance to dictionary attack  Man-in-the-middle attack protection  Immune to forgery attacks  Anti-replay  Strong session key Recommended requirements  Management message authentication  Authenticate users  Key integrity check  Weak key protection Additional Operational requirements  No computational burden  Ease implementation  Fast reconnection

5 AKE Methods overview Legacy AKE methods Layered AKE methods  TLS embedded protocol  Layered method with cryptographic design Access control-based layered AKE method  Transitional solution  Long-term scheme

6 Legacy AKE Methods Open System Authentication (OSA)  C  AP: Request & ID  AP  C: Accept/Reject => Simplest & Default Share Key Authentication (SKA)  Challenge/Response => Mutual authentication Wired Equivalent Privacy (WEP)  Pre-shared Key (PSK): Mutually exchange at both endpoints  Weak for the propose of authentication No protection to forgery attacks No replay protection. Misusing RC4 algorithm for the encryption so that the protocol is extremely weak to key attacks Has the security hole that attacker without the encryption key but reusing IV can decrypt the encrypted code

7 Layered AKE Methods (1/2) TLS embedded protocol  EAP-TTLS, EAP-FAST Prevent dictionary attack & replay attack  EAP-TLS Widely deployed Well-formed and reliable mechanism  PEAP Concern credential security & anti-replay protection  All tunneled authentication protocols are potentially venerable to the man-in-the- middle attack

8 Layered AKE Methods (2/2) Layered method with cryptographic design  EAP-PSK Alleviate computational burden WiMAX for device authentication  EAP-PSEKE Simple password authentication Prevent man-in-the-middle and off-line dictionary attacks  Advantage High efficient & easily deployable authentication framework  Disadvantage No identity protection; no protected ciphersuite negotiation; and no fast reconnection capability

9 Access control-based layered AKE method IEEE 802.1X (2004)  Port-based network access control Transitional solution  WPA Authentication: 802.1X & EAP Traffic encryption: Temporal key integrity protocol (TKIP) Variable  T=Temporal Key  I=Intermediate Key  K=Per-packet Key  A=802 MAC address of the local Wireless interface Steps  I=T  A  K=B  I  Streamkey =RC4(IV, K)

10 Long-term scheme 3 components of 802.11  802.1X for authentication  Robust Security Network (RSN) for keeping the track of associations  Advanced Encryption Standard-based Counter Mode CBC-MAC Protocol (AES-CCMP) to provide integrity, replay protection and confidentiality 802.11i :  4 way handshake authentication  Security enhancements to 802.11  Complete protection of the Layer 2 packet  Unavoidable weaknesses & Complicated to implement

11 Comparison results

12 Multi-layer AKE framework 3 components  Access control 802.1X  Mutual authentication & Key distribution EAP+TLS  New functionalities Based on TLS-EAP in higher layer

13 Conclusion EAP-based layered AKE methods  More promising since provide the strong security by EAP-TLS as well as some complementary features Multi-layered AKE framework Future works  New functionalities provided by other high-layer protocols  Extensions to the proposed framework for the purpose of efficiency  Support sufficiently fast handovers among access points  How to handle fast-roaming users by these AKE methods

Download ppt "Comparative studies on authentication and key exchange methods for 802.11 wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:"

Similar presentations

CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

Similar presentations

Ads by Google