Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-14/0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for 802.11 Date: 2014-07-15 Authors:

Published byStella Thornton Modified over 9 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-14/0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for 802.11 Date: 2014-07-15 Authors:"— Presentation transcript:

1 doc.: IEEE 802.11-14/0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for 802.11 Date: 2014-07-15 Authors: July 2014

2 doc.: IEEE 802.11-14/0888 r00 Submission Security and Privacy Paul Lambert, MarvellSlide 2 July 2014

3 doc.: IEEE 802.11-14/0888 r00 Submission Wireless Threats for 802.11 Communications The location and capabilities of an attacker in the network is a useful way to categorize vulnerabilities. Slide 3Paull Lambert - Marvell November 2013

4 doc.: IEEE 802.11-14/0888 r00 Submission 802.11 Security – What Could be Improved Wireless security is hard to setup and use in consumer devices Passwords are still the dominate way consumer products setup 802.11 security –Why are Open, WEP and TKIP are still being used –WEP and TKIP should be removed from 802.11 –Opportunistic Security could eliminate Open 802.11 lacks adequate support for peer-to-peer authentication Paul Lambert, MarvellSlide 4 July 2014

5 doc.: IEEE 802.11-14/0888 r00 Submission Opportunistic Security “In contrast to the established approach of delivering strong protection some of the time, opportunistic security strives to deliver at least some protection most of the time. The primary goal is therefore broad interoperability, with security policy tailored to the capabilities of peer systems.” Paul Lambert, MarvellSlide 5 July 2014 http://datatracker.ietf.org/doc/draft-dukhovni-opportunistic-security

6 doc.: IEEE 802.11-14/0888 r00 Submission Strong Device-to-Device Authentication IEEE 802.11 does not have a “good” solution for device-to-device authentication Preshared keys are problematic: –Difficult to install –Poor authentication (can be reshared) EAP based methods are designed to use a remote server –Difficult to configure –Few APs have built in server (one approach for perr-to-peer) Paul A. Lambert (Marvell)Slide 6

7 doc.: IEEE 802.11-14/0888 r00 Submission Device-to-Device Authentication Possible Use Cases and Benefits Simplified secure device discovery –All devices have an provable identity –Enables good peer-to-peer security Easy device enrollment and installation –Provable identity greatly simplifies installation process –Simplified installation of headless devices (sensors, etc) Cost and complexity reduced for systems needing centralized authorization Paul A. Lambert (Marvell)Slide 7

8 doc.: IEEE 802.11-14/0888 r00 Submission Peer-to-Peer Identity Framework Every device has a public / private key – hash of public key is used as identity –True peer-to-peer (either side can initiate) –Preassociation key exchange –based on well defined cryptographic standards (ECDH, etc.) –Used to simplify user experience for device enrollment Paul A. Lambert (Marvell)Slide 8

9 doc.: IEEE 802.11-14/0888 r00 Submission Examples of Hash Based Cryptographic Identifiers Bitcoin –e.g. 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v IPv6 and HIP (RFC 5201) Paul Lambert, MarvellSlide 9

10 doc.: IEEE 802.11-14/0888 r00 Submission Simple Device Enrollment Devices have a identity out-of-the box –Self generated key pair –Binding of wireless authentication to a specific device Label based on public key (truncated readable hash) Remote enrollment based on knowing identity Enrollment authentication may be facilitated by –QR code, NFC, Bluetooth –Human label validation Paul A. Lambert (Marvell)Slide 10

11 doc.: IEEE 802.11-14/0888 r00 Submission Scalable Access Authorization Paul A. Lambert (Marvell)Slide 11 Can I 2 enter network? K 1 K 2 Access control servers do NOT need to hold any secrets I 1 I 2 K i is device unique public key I i is device unique identifier from hash of K i, Cipher Suite

12 doc.: IEEE 802.11-14/0888 r00 Submission Communication privacy is not a new issue. Paul Lambert, MarvellSlide 12 November 2013 Privacy was an important selling point for dial based phones (1912) since they did not require an operator. http://en.wikipedia.org/wiki/Privacy

13 doc.: IEEE 802.11-14/0888 r00 Submission Wi-Fi Privacy Concerns Seattle Police Deactivate Wi-Fi Spy Grid After Privacy OutcrySeattle Police Deactivate Wi-Fi Spy Grid After Privacy Outcry (Nov 2013) A DHS and Seattle police network collecting location information CreepyDOL WiFi surveillance project debuts at Blackhat/DEFCONCreepyDOL WiFi surveillance project debuts at Blackhat/DEFCON (Aug 2013) DIY surveillance with low-cost Wi-Fi based sensors that capture MAC addresses Wi-Fi Trashcans Now Silently Tracking Your Smartphone DataWi-Fi Trashcans Now Silently Tracking Your Smartphone Data (Aug 2013)... the company boasted that the cans, which included LCD advertising screens, "provide an unparalleled insight into the past behavior of unique devices"—and hence of the people who carry them around "Technopanic" mounts over Google's Wi-Fi Privacy violations"Technopanic" mounts over Google's Wi-Fi Privacy violations (Mar 2013) A DHS and Seattle police network collecting location information Paul Lambert, MarvellSlide 13 November 2013

14 doc.: IEEE 802.11-14/0888 r00 Submission But wait – Wi-Fi “location” is also a service! Location-based Wi-Fi services can add immediate value to Wi-Fi deployments Location-based Wi-Fi services can add immediate value to Wi-Fi deployments (Oct 2013) “Knowing where someone is can be important because you are then in a better position to do something for or with them.” In-Location AllianceIn-Location Alliance (Nov 2013) “There are countless uses for accurate indoor positioning...” Renew - Wi-Fi based market information Renew - Wi-Fi based market information (Nov 2013) The Renew Network extends to over three million professionals in the City of London everyday. Our units have been strategically placed to achieve optimum viewing time, enabling our clients to receive a constant and continuous space to accommodate commercial campaigns. Paul Lambert, MarvellSlide 14 November 2013

15 doc.: IEEE 802.11-14/0888 r00 Submission Privacy Threats Source of Threats: –Hackers, private investigators, stalkers, paparazzi –Marketing firms and retail outlets –Police, Government Agencies Non-threats: –Marketing firms and retail outlets (with user approval) –Personal home automation (of home user) –... Etc. It is very important to identify ways to enable tracking when it is a “service”, but prevent unauthorized tracking Paul Lambert, MarvellSlide 15 November 2013

16 doc.: IEEE 802.11-14/0888 r00 Submission What we should avoid as a 802.11 privacy solution From one system vendor: “Participation in Wi-Fi location services is completely up to the customer or visitor - they can opt out simply by turning off their Wi-Fi signal.” Paul Lambert, MarvellSlide 16 July 2014

17 doc.: IEEE 802.11-14/0888 r00 Submission Privacy versus other Security Services in 802.11 Privacy protection is provided by encryption and authentication –But this just protects the disclosure “data” –Good security (e.g. RSN) is a first step and is not the subject of this analysis and is assumed as a starting point Privacy of identity and location must consider other information in 802.11 frames that can be used to track a device –the MAC address –Active probing and SSIDs Paul Lambert, MarvellSlide 17 November 2013

18 doc.: IEEE 802.11-14/0888 r00 Submission Where can 802.11 privacy be improved? MAC Addresses are unique per device –Enable detailed tracking by passive capture –MAC addresses may be used in IPv6 addresses and carried beyond the WLAN and will directly identify the connecting device SSIDs are sometimes unique –Enable tracking when used in probe requests and indicate a devices commonly used APs –The profile of multiple SSIDs used in probing are a good fingerprint of a users identity 802.11u is unprotected and may indicate user interests Others? Paul Lambert, MarvellSlide 18 November 2013

19 doc.: IEEE 802.11-14/0888 r00 Submission Passive Scanning and Monitor APs The primary scenarios to consider that are a “threat” and not “services” are passive monitoring and APs used for monitoring Slide 19Paull Lambert - Marvell November 2013

20 doc.: IEEE 802.11-14/0888 r00 Submission Possible Technical Solutions for Privacy Ephemeral MAC Addresses –use local addresses that change occasionally Limit active scanning Define alternate ways to discover “services” and Aps Capability bits to indicate “willingness to be tracked” Others? Paul Lambert, MarvellSlide 20 November 2013

21 doc.: IEEE 802.11-14/0888 r00 Submission Ephemeral MAC Addresses Virtual STAs could be defined that allow a device to have a different MAC address for each BSSID What happens to DHCP allocation and routing tables? –Rapid changes are a problem, occasional changes are enough to prevent correlation of a device to a human Not easy to change with an active association –But could only change on new connections Roaming and fast handoff might be impacted –But MAC addresses could remain the same for roaming and only change when not actively associated Careful use of Ephemeral MAC Addresses would provide significant improvements in 802.11 address privacy! Paul Lambert, MarvellSlide 21 November 2013

22 doc.: IEEE 802.11-14/0888 r00 Submission A few Proposals for 802.11 Privacy Enhancements 2002 - Temporary MAC Addresses for AnonymityTemporary MAC Addresses for Anonymity 2004 - Anonymous MAC AddressesAnonymous MAC Addresses 2008 - SlyFi-Enhancing_80211_Privacy SlyFi-Enhancing_80211_Privacy 2013 - Service Discovery ProposalService Discovery Proposal 2013 - 802.11 Privacy802.11 Privacy 2014 - random-macs-for-privacyrandom-macs-for-privacy 2014 - Privacy Enhanced WirelessPrivacy Enhanced Wireless IEEE 802.11-14/0367r2 Privacy Enhanced Wireless “When a STA is not a member of a BSS it should periodically change its MAC address to a random value. “ IEEE 802.11 should adopt 802.11-14/0367r2 Paul Lambert, MarvellSlide 22 July 2014

Download ppt "Doc.: IEEE 802.11-14/0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for 802.11 Date: 2014-07-15 Authors:"

Similar presentations

Doc.: IEEE 802.11-09/0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced 802.11 Security Date: 2009-03-13 Authors:

Doc.: IEEE /0413r0 Submission March 2009 Dan Harkins, Aruba NetworksSlide 1 A Study Group for Enhanced Security Date: Authors:
Submission doc.: IEEE 11-14/0430r2 March 2014 Dan Harkins, Aruba NetworksSlide 1 Randomized MAC Addresses for Privacy Enhancement Date: 2014-03-18 Authors:

Submission doc.: IEEE 11-14/0430r2 March 2014 Dan Harkins, Aruba NetworksSlide 1 Randomized MAC Addresses for Privacy Enhancement Date: Authors:
Doc.: IEEE 802.11-07/2913r0 Submission November 2007 Kapil Sood, Intel CorporationSlide 1 Protecting Associations Attacks – Some Considerations Date: 2007-11-15.

Doc.: IEEE /2913r0 Submission November 2007 Kapil Sood, Intel CorporationSlide 1 Protecting Associations Attacks – Some Considerations Date:
Omniran-13-0063-00-0000 1 IEEE 802 Enhanced Network Detection and Selection Date: 2013-08-26 Authors: NameAffiliationPhoneEmail Max RiegelNSN+49 173 293.

Omniran IEEE 802 Enhanced Network Detection and Selection Date: Authors: NameAffiliationPhone Max RiegelNSN
Doc.: IEEE 802.11-03/173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.

Doc.: IEEE /173r1 Submission Byoung-Jo Kim, AT&T March 2003 Slide 1 Coexistence of Legacy & RSN STAs in Public WLAN Byoung-Jo “J” Kim AT&T Labs-Research.
Doc.: IEEE 802.11-13/1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 802.11 Privacy Date: 2013-11-14 Authors: November 2013.

Doc.: IEEE /1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide Privacy Date: Authors: November 2013.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Doc.: IEEE 802.11-12/0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: 2012-5-6 Authors:

Doc.: IEEE /0573r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 Scalable Authentication Date: Authors:
VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © 2003. All rights.

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.

195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Doc.: IEEE 802.11-12/0585r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 IEEE 802.11ah and Security Date: 2012-5-6 Authors:

Doc.: IEEE /0585r1 Submission May 2012 David Halasz, Motorola MobilitySlide 1 IEEE ah and Security Date: Authors:
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Similar presentations

Ads by Google