Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Unification Theory William Arbaugh University of Maryland College Park.

Published byClifton Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Unification Theory William Arbaugh University of Maryland College Park."— Presentation transcript:

1 Wireless Unification Theory William Arbaugh University of Maryland College Park

2 Bureaucracy  Speakers please introduce yourself to me and provide a copy of your slides to the note taker  Workshop should be interactive- ask questions, answer questions

3 What do you want from the Workshop? ?

4 Welcome!  Program consists of talks and discussions  Want to focus on discussions (more to follow)  Goal is to identify hard research problems and potential bureaucratic and standardization stumbling blocks

5 Technical Trends  Wireless access is becoming ubiquitous and broadband in nature  Users are become more mobile  Mobility for data access is changing from “discrete mobility” to “continous mobility”  Base stations are cheaper with less physical security  All of the wireless technologies have differing authentication and access control frameworks!  Interworking

6 Threat  Interworking allows attackers to find the “path of least resistance” and establish “man in the middle attacks” The network with the weakest security will be the entry point The network with the weakest security will be the entry point  Providers will either not allow networks with weak security to join (limit Interworking growth) or allow it which introduces security problems.

7 Workshop Goals  How do we tie these networks together in a secure fashion? Deal with legacy networks? Deal with legacy networks? Deal with future networks? Deal with future networks? Vertical/Horizontal roaming? Vertical/Horizontal roaming?

8 Technical  Patch work of technology EAP A5 PEAP TLS AES-CCM CAVE CHAP AKA HLR VLR

9 Standardize it? IRTF IETF IEEE WWRF ISO 3GPP

10 How do we do it?  I have no idea!  One of the main motivations for this workshop!

11 Things to think about  What are the research questions?  What are the problems? Standardization problems Standardization problems Technical problems Technical problems Policy problems Policy problems

12 Technical Overview  IEEE 802.1x  EAP  Roaming

13 IEEE 802.1x  Provides access control and key distribution method to AP/base station  Centralized authentication  Uses EAP

14 Dual Port Model Controlled PortUncontrolled Port Authenticator System Port unauthorized LAN Access Point Access Server Client / Supplicant

15 Trust Relationships EAP method Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.

16 Trust Relationships EAP method Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established. Transitively derived

17 Trust Relationships  Note that the client and the AP/Base station have no direct trust relationship  It is derived transitively if and only if the infrastructure establishes a trust relation between the AP and the RADIUS server

18 EAP Session Authentication Server SupplicantAuthenticator EAP REQUEST/IDENTITY EAP RESPONSE/IDENTITY (MyID) EAP REQUEST/OTP, OTP Challenge EAP RESPONSE/OTP, OTP PW EAP Success Port authorized

19 EAP Authentication  Authentication may not be mutual  Loss of anonymity due to identity request  What are you authenticating? User? User? Device? Device? Do we need both? Do we need both?

20 Roaming Challenges  What is equivalent security?  Hand-off’s between differing physical and MAC layers in under 30ms? Soft hand-over easy at layers 2 and below but more difficult at layer 3 and above Soft hand-over easy at layers 2 and below but more difficult at layer 3 and above Hard hand-over just plain hard Hard hand-over just plain hard  Some authentication methods are complex, compute intensive, and take too long

21 What did I miss?

Download ppt "Wireless Unification Theory William Arbaugh University of Maryland College Park."

Similar presentations

Authentication.

Authentication.
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
WiMAX Network Architecture and Emergency - Status Update – 7th Emergency Services Workshop College Park, MD, USA - 11-13 May 2010 Contact:

WiMAX Network Architecture and Emergency - Status Update – 7th Emergency Services Workshop College Park, MD, USA May 2010 Contact:
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Similar presentations

Ads by Google