Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil.

Published byAvice James Modified over 9 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil."— Presentation transcript:

1 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil

2 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Requirements Good security solution in an unmanaged environment (eg compare to configuration ease of Ethernet based network) –No WEP keys, passwords etc Limited implementation impact Scalability: single client for use in various environments

3 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Example Scenario Home user has DSL/Cable and two PCs –Wants to create wireless home network Typical Security Threats –Neighbors try to access the broadband pipe –Or steal files from PCs User does not care for any extra passwords or software

4 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Solution Elements Covered in other proposals –Stronger encryption –Diffie-Hellman based session key generation –MAC address based Access Control List –Extensibility/Negotiation Specific element –‘Zero-Management’ MAC address authentication

5 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Outline Single static random private/public key pair per MAC address On first contact, APs, Stations learn MAC/PubKey pairs for other devices if they are on the Access Control List On subsequent contacts, stored MAC/PubKey can be used to prove identity of other device

6 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Access Control List ACL can operate usefully because MAC addresses can be authenticated ACL could be managed through MIB Or, learning mode also (eg learn next STA if button is pressed)

7 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Diffie-Hellman key exchange Alice and Bob want to construct a private key over a public channel. Both agree on a public prime p and primitive root g modulo p. Alice chooses a random value x Alice sends g x mod p to Bob Bob chooses a random value y Bob sends g y mod p to Alice Alice computes g xy mod p as (g x mod p) y mod p Bob computes g xy mod p as (g y mod p) x mod p Discrete logarithm problem: Given g, p, and g x mod p, find x. Diffie-Hellman problem: Given g, p, g x mod p, and g y mod p, find g xy mod p.

8 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Simplified Outline of Operation 1)STA derives its Public Key X’= g X mod p from its fixed Private Key X and sends X’ to AP over the air as part of the Authentication Request 2)AP checks MAC address and X’ to its records. If successful, AP derives Public Key Y’=g Y mod p from its fixed Private key Y and sends Y’ to STA over the air 3)STA calculates Z STA = (Y’) X mod p, and sends a hashed value H(Z STA ) to the AP over the air. 4)AP calculates Z AP = (X’) Y mod p. If the STA has knowledge of X and completed the calculation successfully, Z STA equals Z AP and therefore H(Z STA ) equals H(Z AP ). If this comparison fails, this points to a Rogue STA. Otherwise, STA identity is proven 5)AP and STA derive a session key from Z. Eavesdroppers can not derive Z or the session key.

9 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Detected Attacks Trying to authenticate with MAC address not in ACL Trying to authenticate with correct MAC address – different public key Trying to authenticate with correct MAC address and public key – unable to calc session key (not knowing private key) Authentication can be mutual!

10 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Attacks Not Addressed ‘Stolen’ STAs – access allowed until removed from ACL Compromised private key In targeted environments, ease of use more important than quest for perfect security

11 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Implementation Impact Generation of static private keys –At manufacture time (pre-calculated) –Or on first start-up of AP/STA Modular Exponentiation –Scalable security by private key length –Results may be cached Non-Volatile Memory –As low as 22 bytes per MAC/PubKey learned

12 doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Some Details… Broadcast/Multicast Key Management –At authentication, AP sends key information to newly authenticated STA IBSS mode –Individual session-key/authentication per STA-STA link Direct STA to STA traffic within a BSS? –Only AP may have ability to authenticate STAs and has ACL. Possible solution: AP acts as Key Distribution Center for the BSS and generates and distributes session keys for direct STA to STA traffic within its BSS Backward Compatibility –Current WEP may still be used for traffic to legacy stations, if this support is required. Broadcast/multicast must use WEP also, then! Session Key Lifetime –A new session key may be generated at any required time, based on local policy decision

Download ppt "Doc.: IEEE 802.11-00/200 Submission September 2000 Ron Brockmann, Intersil Plug-n-Play Security in the Home & Small Business Ron Brockmann Intersil."

Similar presentations

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Strong Password Protocols

Strong Password Protocols
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
WIRELESS LAN SECURITY Using

WIRELESS LAN SECURITY Using

Similar presentations

Ads by Google