Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE 802.11) this would be an access.

Published byBryce Cook Modified over 9 years ago

Similar presentations

Presentation on theme: "By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE 802.11) this would be an access."— Presentation transcript:

1 By: Alex Feldman

2  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE 802.11) this would be an access point.  In case of WiMax (IEEE 802.16) it is a base station.

3  The mobile station may need to change its connection point to the network.  The connection point “Hands Over” the connection to the new point.  It has to be secure  It has to be fast  It has to be standardized

4  Supplicant (Sta)– the station entering the network to be authenticated.  Authenticator (Au) – the access point directly connected to the station, and acting as a proxy to the authentication server.  Authentication Server (AS) – database containing credentials for all users, reachable by the authenticator.

5

6  Extensible Authentication Protocol -Transport Layer Security  Widely supported but rarely used.  8-way handshake. Very secure but also very time consuming.  Doesn’t scale well when clients handoff often.

7  PMK - Pairwise Master Key  PTK – Pairwise Transient Key  EMSK – Extended Master Session Key  RADIUS – Remote Authentication Dial In User Service. Uses a shared secret to cipher and authenticate the communication.

8 1. Authentication – PMK and EMSK generated on SA and Station. 2. AS moves PMK to Au by using RADIUS. 3. 4-way handshake – PTK generated by Au and Station

9  When a station changes access points, re- authenticating the PMK is slow.  Only the PTK needs to be renewed, and PMK can be left alone.  How do we transmit the PMK from Au1 to Au2????

10  Au1 is a bad guy. Pushes false PMK  Sta is a bad guy that gets access to Au2  Sta is a good guy that gets a denial of service  Au2 is a bad guy. Pulls PMK from Au1. Now it can decipher traffic.

11  Don’t use AS for re-authentication!  Pull/Push policies to transfer keys.  Provides good performance.  More complicated.  Use when:  Handover speed is crucial & path to the AU is long  Don’t want to be dependant on the AU server

12  Contact the Au on every handover.  Slower performance.  Gained security.  Possible danger if the protocol used to move PMK is not strong. Need good reasons to transfer PMKs.

13  Goal: reduce the number of packets required for TLS exchange by re-using information generated in the first authentication.  EMSK remained on the Authentication Server, so it can be used to re-authenticate the Station

14 Based on contacting the Authentication server Au PTK

15  EAP-TLS took 2.34 seconds on average  Proposed protocol took 0.62 seconds on average  74% improvement over EAP- TLS!  82% improvement when including retransmissions

16  Internet Engineering Task Force (IETF) – working on new standard to used the EMSK for re-authentication.  Pull and push methods to transfer keys for nodes within same mobility domains

17  EAP-TLS is slow for re-authentication.  Big improvements can be made by following the proposed protocol, which  Reduces number of packets required  Reduces retransmissions  Decreases time

18  Original paper written by: Romano Fantacci, Leonardo Maccari, and Tommaso Pecorella from:University of Florence Federico Frosali from: Telecom Italia Lab

Download ppt "By: Alex Feldman.  A mobile station is connected to the network wirelessly through another device.  In case of WiFi (IEEE 802.11) this would be an access."

Similar presentations

RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Transport Layer Flow. Socket Connections UDP Segment Structure.

Transport Layer Flow. Socket Connections UDP Segment Structure.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Similar presentations

Ads by Google