Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May.

Published byCalvin Wright Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May."— Presentation transcript:

1 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May 2000 Hierarchical Structure to Enhance WLAN Security

2 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 2 Overview Security Requirements Key Distribution Problem and its solutions Authentication in MAC KPS Features Proposal of a Hierarchical Structure to Enhance WLAN Security

3 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 3 Security Requirements 111.222.33.44123.45.67.89 12 34 56 78 9A BC22 44 66 88 AA CC Internet Physical layer Datalink layer Transport layer Network layer Session layer Presentation layer Application layer IPSec SSL / TSL KPS Internet From: Alice To:Bob Subject: ABC…. From: Alice To:Bob Subject: ABC... PGP/PEM

4 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 4 Security Requirements in MAC (1) Fulfill Various Security level Requirements –From Simple to Complex Systems WLAN’s own Characteristics should be hidden within MAC –Protocols in the upper layers rely on PHY and MAC security –Wireless LAN is easy to eavesdrop and to masquerade –Need to protect as secure as wired LAN

5 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 5 Security Requirements in MAC (2) Secure Key Management –Difficulty of Per-User Key Management –Allow eavesdropping if keys are stolen Secure Authentication with Machine ID –Easier for attackers to connect to WLAN systems

6 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 6 Key Management Problem(1) Per-user Key system is ideal, but practically impossible to deliver many unique keys. –Example; 10 NICs system needs 45 keys in total, 9 keys per each NIC. Where is it secure to store the keys –How to prevent from theft –Write only ROM is not enough An attacker can illegitimately overwrite ROM Labor of key generation and maintenance –Too many keys; N-1 per each NIC (NIC: Network Interface Card)

7 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 7 Solutions to Key Management Implementation of Key Distribution Systems KDC: (Key Distribution Center) CA: (Certification Authority) KPS: (Key Predistribution System)

8 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 8 Key Distribution KDC (Key Distribution Center) –An effective method used in Kerberos etc. –KDC can deliver session keys safely. CA (Certification Authority) –Risky to use a public key cryptography without certification. –CA issues a certification to secure public key cryptography.

9 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 9 Key Distribution -KPS Unique key to each TX/RX pair. –No intermediary as in KDC. Simple protocol Terminates within the MAC layer. Low administrative cost Simple H/W. MAC Address A MAC Address B ……….………...… NIC BNIC A KPS B MAC Address A K AB KPS A MAC Address B K AB

10 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 10 Authentication by KPS(1) Authentication by only MAC-Addresses. –No other information is needed other than a MAC-Address. –It is negligible even if authentication is eavesdropped Perfect Mutual Authentication –Exchange MAC-Addresses between parties –When one feigns another MAC-Address, authentication fails. Robust against S/W cracking –H/W protects from S/W attack, e.g. cracking applications –Robust against Virus, Worm, Trojan horse,...

11 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 11 Authentication by KPS (2) User Authentication is not enough –Someone with malicious intent Machine Identification –Ability to identify Unmanned Devices e.g. AP, Printer…. Authentication on IBSS

12 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 12 Features of KPS Key distribution Algorithm Terminates within only the MAC Layer Mutual authentication between machines Impossible to masquerade Usable also in a IBSS without an AP Low/No management/administrative cost Does not affect the cryptography in other layers

13 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 13 MAC Layer (1) KPS terminates within only the MAC Layer. –Best for security in the Datalink layer of a OSI reference model. –Fits well with IEEE802.11 standard. Physical layer Datalink layer Transport layer Network layer Session layer Presentation layer Application layer

14 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 14 MAC Layer (2) KPS improves the L2 security. More than one method should be used for security enhancement –KPS is in L2 –Robust cryptographies in the upper layer (network or transport layer, etc) EAP, TLS and Kerberos do NOT cipher packets at authentication. –KPS will resolve this problem within the MAC Layer MACIPTCP

15 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 15 802.11with KPS and 802.1x

16 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 16 802.11with KPS and 802.1x 111.222.33.44123.45.67.89 12 34 56 78 9A BC22 44 66 88 AA CC Internet Physical layer Datalink layer Transport layer Network layer Session layer Presentation layer Application layer IPSec SSL / TSL KPS Internet From: Alice To:Bob Subject: ABC…. From: Alice To:Bob Subject: ABC... PGP/PEM

17 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 17 Example of KPS Application Locatio - PDA GPS Digital Camera PCS / Cellular Phone Authentication and Ciphering with KPS

18 doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 18 Conclusion Security is enhanced with a hierarchical structure –KPS fits hierarchical structure for security enhancement –Various security levels –User identification on the higher layer KPS guarantees: –Ciphered communication with a Per-User Key. –Mutual authentication –Ciphering and authentication within the MAC layer. Assurance in the upper layer –No other NIC can listen the communication except the party’s NIC. –The MAC-Address reported by the party’s NIC is right.

Download ppt "Doc.: IEEE 802.11-00/063 Submission May 2000 Y. Kuchiki, M. Ikeda Seiko Epson Corp. Slide 1 Yutaku Kuchiki, Masayuki Ikeda Seiko Epson Corporation May."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Similar presentations

Ads by Google