Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effortless Secure Wireless Enrollment Jeff Shirley David Evans.

Published byEmil Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "Effortless Secure Wireless Enrollment Jeff Shirley David Evans."— Presentation transcript:

1 Effortless Secure Wireless Enrollment Jeff Shirley David Evans

2 jshirley@cs.virginia.edu Jeff Shirley About Me Second year PhD student under David Evans Second year PhD student under David Evans Research interests primarily in security topics Research interests primarily in security topics Projects Projects –“Automatically Hardening Web Applications Using Precise Tainting” - Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans (published 30 May, SEC 05)  Automatically securing PHP applications –“Effortless Secure Wireless Enrollment” – w/ David Evans  Improving methods for enrolling clients on secured wireless networks

3 jshirley@cs.virginia.edu Jeff Shirley Secure Wireless Enrollment Mutual authentication between network and wireless client during enrollment Mutual authentication between network and wireless client during enrollment –Enrolling temporary users –Visitors How to verify that the enrollee is the newly authorized user? How to verify that the enrollee is the newly authorized user? How to verify that the wireless network is the trusted network? How to verify that the wireless network is the trusted network?

4 jshirley@cs.virginia.edu Jeff Shirley Location-Limited Side Channels Network limits enrollment to clients physically present at specific location Network limits enrollment to clients physically present at specific location –Clients connect only to network verified through the same channel USB, Audio [Balfanz+, NDSS 2002] USB, Audio [Balfanz+, NDSS 2002] Visual [McCune+, Oakland 2005] Visual [McCune+, Oakland 2005] Audio tones Audio tones –Human evident, relatively limited range –Available on a wide variety of devices (laptops, PDAs, cellphones, etc.)

5 jshirley@cs.virginia.edu Jeff Shirley Enrollment Techniques Compared Conventional Wireless Enrollment Not based on physical verification of client identity (often, passwords are used) Not based on physical verification of client identity (often, passwords are used) Uses a single authentication channel Uses a single authentication channel Little or no authentication of the wireless network to the clients Little or no authentication of the wireless network to the clients Evident to computers, but not humans Evident to computers, but not humans Often requires manual key transfer for secured networks Often requires manual key transfer for secured networks Enrollment w/ Location- Limited Channels Limits enrollment to client devices physically present at a specific location Limits enrollment to client devices physically present at a specific location Uses multiple authentication channels (audio + wireless) Uses multiple authentication channels (audio + wireless) Can authenticate both ways Can authenticate both ways Human evident and tamper evident Human evident and tamper evident Enrollment can be almost completely automated with little loss of security Enrollment can be almost completely automated with little loss of security

6 jshirley@cs.virginia.edu Jeff Shirley Previously authorized user acts as intermediary Previously authorized user acts as intermediary Audio challenge-response protocol Audio challenge-response protocol Enrollment Protocol Audio ChannelWirelessWired Network C C { } KP S {N a } KU c + N a +{N b } KU a N b +{ } KP S New Client Authorized Enroller Enrollment Server

7 jshirley@cs.virginia.edu Jeff Shirley Current Status Working implementation Working implementation Distributing client software securely Distributing client software securely –Signed Java applets available from insecure wireless network Ensuring interoperability with existing systems Ensuring interoperability with existing systems –Initial implementation of the protocol enrolls users for standard EAP-TLS authentication Tradeoff between reliability of audio channel and transmission speed (3.0 - 4.5 bytes/s) Tradeoff between reliability of audio channel and transmission speed (3.0 - 4.5 bytes/s)

8 jshirley@cs.virginia.edu Jeff Shirley Demo Enrollment/key exchange takes place through audio tones Enrollment/key exchange takes place through audio tones Two Java applets Two Java applets –One on new enrollee’s machine –One on machine controlled by previously authorized user

9 jshirley@cs.virginia.edu Jeff Shirley Questions? Email: jshirley@cs.virginia.edu Email: jshirley@cs.virginia.edujshirley@cs.virginia.edu

Download ppt "Effortless Secure Wireless Enrollment Jeff Shirley David Evans."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
Nasca 2007 200 400 600 800 1000 Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.

Nasca Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Network Security Chapter 8 8.7 - 8.10. Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.

Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
? INTERNET WHAT, WHY, HOW. DEFINITION The Internet is a massive public spiderweb of computer connections. It connects personal computers, laptops, tablets,

? INTERNET WHAT, WHY, HOW. DEFINITION The Internet is a massive public spiderweb of computer connections. It connects personal computers, laptops, tablets,

Similar presentations

Ads by Google