Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Published byMuriel Burke Modified over 9 years ago

Similar presentations

Presentation on theme: "IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004"— Presentation transcript:

1 IEEE 802.11i Aniss Zakaria 60-564 Survey Fall 2004 Friday, Dec 3, 2004

2 Survey based on two main papers:
IEEE i Standard, ,June 2004 Jyh-Cheng Chen, Ming-Chia Jiang and Yi-Wen Liu, “Wireless LAN Security and IEEE i”, url = , 2004 Friday, Dec 3, 2004 IEEE i

3 IEEE 802.11 Introduction: WLANs are in everywhere.
Authentication modes: Open System Authentication. Just supply correct SSID. Shared key Authentication. Relay on WEP. WEP: Wired Equivalent Privacy. WEP is weak and breakable. AirSnort. Friday, Dec 3, 2004 IEEE i

4 WEP Without WEP, no confidentiality, integrity, or authentication of user data The cipher used in WEP is RC4, keylength from 40 up to 104 bits Key is shared by all clients and the base station compromising one node compromises network Manual key distribution among clients makes changing the key difficult Friday, Dec 3, 2004 IEEE i

5 WEP .. cont Friday, Dec 3, 2004 IEEE i

6 How does WEP “work”? What’s wrong with WEP? 24 bits
Hdr Data Append ICV = CRC32(Data) Data Hdr ICV Check ICV = CRC32(Data) Data Hdr IV ICV Select and insert IV Per-packet Key = IV || RC4 Base Key RC4 Encrypt Data || ICV Remove IV from packet Per-packet Key = IV || RC4 Base Key RC4 Decrypt Data || ICV 24 bits Friday, Dec 3, 2004 IEEE i

7 IV is the main problem: IV is only 24 bits provide a 16,777,216 different RC4 cipher streams for a given WEP key Chances of duplicate IVs are: 1% after 582 encrypted frames 10% after 1881 encrypted frames 50% after 4,823 encrypted frames 99% after 12,430 encrypted frames Increasing Key size will not make WEP any safer. Why? refer to Jesse Walker paper “IEEE i wireless LAN: Unsafe at any key size”, Oct 2000 Friday, Dec 3, 2004 IEEE i

8 IV is the main problem: Friday, Dec 3, 2004 IEEE i

9 Review of the cipher RC4 What’s wrong with WEP?
Pseudo-random number generator “key stream” byte b Ciphertext data byte c = p  b Plaintext data byte p Decryption works the same way: p = c  b Thought experiment: what happens when p1 and p2 are encrypted under the same “key stream” byte b? c1 = p1  b c2 = p2  b Then: c1  c2 = (p1  b)  (p2  b) = p1  p2 Friday, Dec 3, 2004 IEEE i

10 We need a solution: IEEE has formed a new Task Group “i” to solve WEP problems. Wi-Fi Protected Access (WPA) was created by the Wi-Fi Alliance in 2002 – in part out of impatience with the slow - moving i standard. WPA focus mainly on legacy (current) equipments, require only firmware update. IEEE i has added a newer Encryption mechanism which require changes in current WLAN equipments. 802.11i has been ratified by the IEEE in June 2004. Unlike a, b and g specifications, all of which define physical layer issues, i defines a security mechanism that operates between the Media Access Control (MAC) sublayer and the Network layer. The Wi-Fi Alliance refers to the new i standard as WPA2. Friday, Dec 3, 2004 IEEE i

11 IEEE i standard: IEEE TGi has defined two major frameworks: Pre-RSN RSN The definition of RSN according to IEEE i standard is a Security Network which only allows the creation of Robust Security Network Associations (RSNA). simply, Pre-RSN is what current WLANs are, but RSN systems are what IEEE i systems should be. Friday, Dec 3, 2004 IEEE i

12 IEEE 802.11i Frameworks: Pre-RSN IEEE 802.11 entity authentication
Open System authentication Allows a station to be authentication without having a correct WEP key Shared Key authentication The AP send a challenge packet to the Mobile Station The MS encrypt the challenge packet using the shared WEP key and send the encrypted result back to the AP Friday, Dec 3, 2004 IEEE i

13 IEEE 802.11i Frameworks: RSN Authentication Enhancement:
IEEE i utilizes IEEE 802.1X for its authentication and key management services. Key Management and Establishment: Manual key management Automatic key management Encryption Enhancement: Temporal Key Integrity Protocol (TKIP) Counter-Mode/CBC-MAC Protocol (CCMP) So .. These are the 3 enhancements which IEEE i has introduced .. We will talk about each of these items individually in the following slides. Friday, Dec 3, 2004 IEEE i

14 Authentication Enhancement
IEEE 802.1X: Port-based authentication mechanism used for both wired and wireless networks. Already implemented in many Operating Systems like Windows XP SP1. It provide a framework to authenticate and authorize devices connecting to network. IEEE 802.1X has three main pieces: Supplicant Authenticator Authentication Server (AS) Friday, Dec 3, 2004 IEEE i

15 Authentication Enhancement
IEEE 802.1X: Authenticator and supplicant communicate with one another by using the Extensible Authentication Protocol (EAP, RFC-2284). EAP originally designed to work over PPP, but IEEE 802.1X define a method to use EAP Over LAN (EAPOL) The EAP protocol can support multiple authentication mechanisms, such as MD5-challenge, One-Time Passwords, Generic Token Card, TLS, TTLS and smart cards such as EAP SIM etc. Friday, Dec 3, 2004 IEEE i

16 IEEE 802.1X: Ethernet type of EAPOL is 88-8E.
Authentication Enhancement IEEE 802.1X: Ethernet type of EAPOL is 88-8E. Friday, Dec 3, 2004 IEEE i

17 IEEE 802.1X: Authentication Enhancement Friday, Dec 3, 2004
IEEE i

18 Key Management and Establishment:
Two ways to support key distribution: Manual key management Administrator will manually configure keys. Automatic Key management IEEE 802.1x used for key management services, only available on RSNA. Two Key Hirarechies: Pairwise key hierarchy Group key hierarchy Friday, Dec 3, 2004 IEEE i

19 Key Management and Establishment:
Pairwise key hierarchy Master Key – represents positive access decision Pairwise Master Key (PMK) – represents authorization to access medium Pairwise Transient Key (PTK) – Collection of operational keys: Key Confirmation Key (KCK) – used to bind PTK to the AP, STA; used to prove possession of the PMK Key Encryption Key (KEK) – used to distribute Group Transient Key (GTK) Temporal Key (TK) – used to secure data traffic Friday, Dec 3, 2004 IEEE i

20 Key Management and Establishment:
Pairwise key hierarchy Friday, Dec 3, 2004 IEEE i

21 Key Management and Establishment:
Pairwise key hierarchy 4-way handshake: The 4-way handshake does several things: Confirms the PMK between the supplicant and authenticator. Establishes the temporal keys to be used by the data-confidentiality protocol Authenticates the security parameters that were negotiated Performs the first group key handshake Provides keying material to implement the group key handshake Friday, Dec 3, 2004 IEEE i

22 4-way handshake: Friday, Dec 3, 2004 IEEE i

23 Key Management and Establishment:
Group key hierarchy Group Master Key (GMK) – which is a random number. Group Transient Key (GTK) – An operational keys: Temporal Key – used to “secure” multicast/broadcast data traffic 802.11i specification defines a “Group key hierarchy” Entirely gratuitous: impossible to distinguish GTK from a randomly generated key Friday, Dec 3, 2004 IEEE i

24 Key Management and Establishment:
Group key hierarchy Friday, Dec 3, 2004 IEEE i

25 Encryption Enhancement:
Two main Encryption algorithms are used: TKIP Temporal Key Integrity Protocol CCMP Counter-Mode/CBC-MAC Protocol Path: WEP -> WPA -> i WPA = TKIP + IEEE 802.1x 802.11i = TKIP + IEEE 802.1x + CCMP Friday, Dec 3, 2004 IEEE i

26 Encryption Enhancement:
TKIP: Stronger privacy - Still uses RC-4 encryption - Key rollover (temporal key) - Expand IV space (24  48 bits Stronger integrity - Message Integrity Code (MIC) - computed with own integrity algorithm (MICHAEL) - Separate integrity key - Integrity counter measures TKIP consider as a short-term solution for WLAN security. used to ease the transition from current WEP WLAN to the next RSN networks. Friday, Dec 3, 2004 IEEE i

27 Encryption Enhancement:
TKIP: TKIP uses the IV and base key to hash a new key – thus a new key will be available every packet; weak keys are mitigated. Friday, Dec 3, 2004 IEEE i

28 Encryption Enhancement:
CCMP: Long-term solution. Mandatory for RSNA systems. IV size is 48 bits. Uses stronger encryption of AES which uses the CCM mode (RFC 3610) with 128-bit key and 128-bit block size. CCM mode combines Counter-Mode (CTR) and Cipher Block Chaining Message Authentication Code (CBC-MAC). For Privacy: AES-CCM (128 bit key) Integrity: CBC-MAC Support preauthorization so clients can preauthorize when roaming, if they already had a full authorization in their home network. Friday, Dec 3, 2004 IEEE i

29 Friday, Dec 3, 2004 IEEE i

30 802.11i Summary Data protocols provide confidentiality, data origin authenticity, replay protection Data protocols require fresh key on every session Key management delivers keys used as authorization tokens, proving channel access is authorized Architecture ties keys to authentication Friday, Dec 3, 2004 IEEE i

Download ppt "IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004"

Similar presentations

Chapter 07 Designing and Implementing Security for WLAN

Chapter 07 Designing and Implementing Security for WLAN
CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

Similar presentations

Ads by Google