Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems,

Published byJared Willis Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems,"— Presentation transcript:

1 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems, Inc. Bernard Aboba, Tim Moore Microsoft Jesse Walker, Intel Bob Beach, Symbol Bob O’Hara, Informed Technology

2 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 2 Outline Introduction, Goals MAC Management Overview of 802.1X and EAP Packet exchanges Roaming Sample topologies Privacy Algorithms Proposed 802.11 and 802.1X Summary

3 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 3 Introduction Represents merger of proposals 163, 362, and 382 Define MAC security negotiation mechanism Uses Kerberos V for authentication and fast handoff Uses 802.1X and EAP as authentication transport Addresses shortcomings of WEP/RC4 encryption Works with Kerberos KDC and (optionally) RADIUS authentication server

4 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 4 Goals Extensible system Authentication done at higher layer protocol Per-session key distribution Promote multi-vendor interoperability Minimize changes to IEEE 802.11, 802.1X Define mandatory authentication method Fast handoff Fix RC4 problems Ability to add new authentication methods easily (without changing 802.11)

5 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 5 Approach Based on existing protocols –Kerberos V (RFC 1510) –GSS-API (RFC 2743) –IAKERB (draft-ietf-cat-iakerb-05.txt) –EAP-GSS (draft-aboba-pppext-eapgss-02.txt) –802.1X/EAPOL –EAP (RFC 2284) 802.11enhancements –MAC security management –New model for authentication/association sequences –New privacy algorithm

6 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 6 MAC Security Management Provide means to register security algorithms –Open, Shared, Upper Layer Provide means to distribute security configuration information –e.g. principal name, realm, etc. Provide means to discover and select MAC level security options –e.g. privacy algorithm, message authentication

7 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 7 Registering Security Algorithms Provide means to register a new security algorithm with IEEE 802 and obtain unique identifier for it Three initial algorithms: –Current ones: Open and Shared –New one: Upper Layer Others can be added later

8 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 8 Advertising Security Options Modeled on “supported rates” AP advertises security options in probe response –Placed in probe response only if STA requests it in probe request STAs collect this information prior to associations and can make association and roaming decisions based upon it

9 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 9 Selecting security options STA requests security options in association request from available options contained in probe response AP accepts/rejects association based on request contents No additional protocol handshakes necessary –No impact on roaming performance

10 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 10 802.11 to 802.1X adaptation layer SupplicantAuthenticator Supplicant 1...N1...N One IEEE 802.11 physical port becomes 1 to N virtual IEEE 802.1X ports. Map 802.11 association IDs to the virtual ports

11 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 11 IEEE 802.1X Terminology Controlled port Uncontrolled port SupplicantAuthentication ServerAuthenticator Pieces of the system.

12 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 12 Normal Data Authentication traffic Wireless laptopAuthentication ServerAccess Point 802.1X trafficAuthentication traffic Wireless client associaton at 802.11 layer: Data blocked by the AP Access Point blocks everything except 802.1X to authentication traffic. Authentication traffic is allowed to flow. Access point encapsulates 802.1X traffic into authentication server traffic and vice versa.

13 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 13 Normal Data Authentication traffic Wireless laptop Authentication ServerAccess Point 802.1X trafficAuthentication traffic Wireless client mutually authenticates with Authentication Server Access Point blocks everything except 802.1X to authentication traffic. In the authentication process the supplicant securely obtains a WEP key.

14 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 14 Normal Data Authentication traffic Wireless laptopAuthentication ServerAccess Point 802.1X trafficAuthentication traffic Wireless client and AP use WEP key, AP allows traffic to flow After successful EAP authentication, the Access Point allows all traffic to the Wireless laptop. The Wireless laptop sets the WEP keys through the MLME interface. (e.g. NIC driver)

15 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 15 EAP Framework EAP provides a flexible link layer security framework –Simple encapsulation protocol No dependency on IP ACK/NAK, no windowing No fragmentation support –Few link layer assumptions Can run over any link layer (PPP, 802, etc.) Does not assume physically secure link –Methods provide security services Assumes no re-ordering Can run over lossy or lossless media –Retransmission responsibility of authenticator (not needed for 802.1X or 802.11) EAP methods based on IETF standards –Transport Level Security (TLS) (supported in Windows 2000) –GSS_API (including Kerberos)

16 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 16 EAP Architecture EAPLayer MethodLayer EAPEAP TLSTLS MediaLayer NDISAPIs EAPAPIs PPP802.3802.5802.11 IKEIKEGSS_APIGSS_API

17 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 17 EAP-GSS and IAKERB EAP-GSS (draft-aboba-pppext-eapgss-02.txt) –Use of GSS_API authentication methods within EAP –Typically will NOT use SPNEGO IAKerb (draft-ietf-cat-iakberb-05.txt) –GSS-API method enabling proxy Kerberos –STA not able to talk to KDC directly prior to authentication –Initial authentication IAKERB enables STA to obtain TGT, Ticket to AP –Handoff Ticket to AP

18 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 18 Initial Contact Associate EAP Identity Request EAP Identity Response EAP-GSS Request (Empty) EAP-GSS Response (IAKERB: AS_REQ) AS_REQ EAP-GSS Request (IAKERB: AS_REP)AS_REP EAP-GSS Response (IAKERB: TGS_REQ) TGS_REQ EAP-GSS Request (IAKERB: TGS_REP) TGS_REP EAP IAKERB Response (Empty) EAP-Success EAP-Key (AP_REQ) EAP-Key (AP_REP) STA AP KDC 802.1X is Unblocked 802.11 is Unblocked Probe Request/Response

19 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 19 Operational Details Authentication method defaults to IAKERB –STA can attempt SPNEGO –AP can choose IAKERB if it doesn’t support anything else EAP-Key packets passed up and down via driver interface and 802.11 SAP –On STA, GSS_API implementation needs to be able to generate AP_REQ, send it down to driver –On AP, need ability to validate received AP_REQ, force 802.1X controlled port into authorized state 802.11 encryption turned on after AP_REQ/AP_REP exchange –AP turns on encryption after sending AP_REP –STA turns on encryption after receiving AP_REP –If EAP-Key exchange occurs prior to completion of 802.1X, then part of the 802.1X exchange may be encrypted!

20 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 20 Security Services Authentication of client to KDC (TGS_REQ) –PADATA typically NOT used with AS_REQ! Authentication of KDC to client (AS_REP, TGS_REP) Session key for client-AP communication (TGS_REP, AP_REQ) TGT, Session key for client-KDC communication (AS_REP) Authentication of client to AP (AP_REQ) Authentication of AP to client (AP_REP)

21 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 21 Roaming Within Realm Associate EAP Identity Request? EAP Identity Response? EAP-Success EAP-Key (AP_REQ) EAP-Key (AP_REP) STA AP KDC 802.1X is Unblocked 802.11 is Unblocked Probe Request/Response

22 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 22 Roaming Issues How does the STA discover the AP realm, principal name? –Realm, Principal name placed in Probe Response if asked for by the STA How does the AP obtain the authorizations for the supplicant? –Can contact RADIUS server Adds an extra roundtrip No authorization-only message in RADIUS –Contact with backend server undesirable Kerberos tickets are reusable, don’t require KDC validation RADIUS server typically unable to validate the AP_REQ, since it won’t have access to the AP key Eliminating backend server contact reduces latency –Authorizations included in Authorization data of AP ticket Authorizations obtained by KDC from RADIUS server on initial contact and plumbed by the AP on ticket/authenticator validation

23 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 23 RADIUS Topology Authenticator (e.g. Access Point) Supplicant Enterprise Network Semi-Public Network / Enterprise Edge Authentication Server RADIUSRADIUS EAP Over Wireless (EAPOW) EAP Over RADIUS PAE PAE

24 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 24 Kerberos Topology Authenticator (e.g. Access Point) Supplicant Enterprise Network Semi-Public Network / Enterprise Edge Authentication Server KDCKDC EAP Over Wireless (EAPOW) EAP-GSS with IAKERB Kerberos PAE PAE

25 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 25 RADIUS with EAP-GSS Topology Authenticator (e.g. Access Point) Supplicant Enterprise Network Semi-Public Network / Enterprise Edge Authentication Server RADIUSRADIUS EAP Over Wireless (EAPOW) EAP-GSS with IAKERB EAP-GSS Over RADIUS PAE PAE KDCKDC

26 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 26 Broadcast Key Distribution Broadcast key(s) gets securely delivered to the station via IEEE 802.1X EAPOL-Key. –EAPOL-Key message encrypted using session key obtained in AP_REQ/AP_REP exchange Authentication server timer gets configured to re-authenticate/re-key the client.

27 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 27 Addressing WEP Limitations The problems with 802.11 use of WEP Short Term fixes to WEP Using AES as new privacy algorithm

28 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 28 WEP Analysis The WEP encapsulation suffers from 3 major design flaws –IV too small (generic flaw) –Per-packet key construction by concatenating IV to key (generic flaw) –No weak-key avoidance (RC4 specific flaw) Together these problems render WEP privacy meaningless at any key size

29 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 29 Short term fix proposal Replace the too-small IV with a 128-bit IV –Goal is 2 128 per-packet keys to avoid definition of an IV avoidance algorithm Compute per packet key in a new way –XOR IV with base key Compatible with existing RC4 hardware New packet format required

30 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 30 Short Term WEP Format 802.11 Hdr 128-bit IV Data WEP ICV 802.11 Hdr 128-bit IV EncryptDecrypt Data WEP ICV

31 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 31 Long term solution Use AES-128 as the new cryptographic primitive Use AES in Offset Codebook Mode OCB mode –128-bit session key –per packet 128-bit IV –algorithm provides both privacy and data integrity –avoid 2 passes over packet Add session sequence number to avoid replay Map base key to session key –use OCB mode tag to compute session key, to minimize number of cryptographic primitives implemented

32 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 32 Long Term WEP Format 802.11 Hdr 128-bit IV Seq Num Data 128-bit MIC Seq Num Data 802.11 Hdr 128-bit IV 128-bit MIC Encrypt Decrypt

33 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 33 Changes to 802.1X EAPOL-Key message used to carry AP_REQ/AP_REP exchange EAPOL-Key message needs to go from Supplicant (STA) to Authenticator (AP) –802.1XD8 spec only supports sending EAPOL- Key from Authenticator to Supplicant

34 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 34 Mapping to Requirements (1) Mutual authentication (4.1.1): satisfied by Kerberos V Accommodation with QoS (4.2.1): satisfied by Kerberos V Access control (4.2.2): GSS-API can be integrated into 802.11 access control model Key derivation (4.4.1): satisfied by all GSS-API mechanisms Security service negotiations (4.5.1): satisfied by EAP or SPNEGO pseudo-mechanism Extensibility (4.5.2): extensibility via EAP or GSS-API

35 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 35 Mapping to Requirements (2) One mandatory-to-implement algorithm (4.5.3): Kerberos V only mandatory-to-implement security mechanism Scalability to all 802.11 environments (4.6) –Mandatory to implement mechanisms support Enterprise, SoHo –PKINIT for ad hoc support Security framework must protect network traffic from eavesdropping: satisfied by RC4 Fixes/AES (4.3.1) Security framework must allow for authentication of the source of each packet: satisfied by AES with sequence number (4.3.3)

36 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 36 For Further Investigation Simulation of AES computational load Roaming authorizations EAP negotiation and support for additional authentication types Integration of 802.1X and 802.11 state machines

37 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 37 Summary This proposal will promote multi-vendor interoperability by making authentication an upper layer function based on 802.1X Largely based on existing protocols with minor changes to 802.11 Changes to 802.1X specification should be made to enable transmission of keys from STA to AP Changes to the IEEE 802.11 specification should be made to allow for mixed WEP cells and for more secure WEP data packets.

38 doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 38 For More Information AES –http://www.nist.gov/aeshttp://www.nist.gov/aes IEEE 802.1X –http://grouper.ieee.org/groups/802/1/pages/802.1x.htmlhttp://grouper.ieee.org/groups/802/1/pages/802.1x.html Kerberos/GSS-API –http://www.ietf.org/rfc/rfc1510.txt (Kerberos V)http://www.ietf.org/rfc/rfc1510.txt –http://www.ietf.org/rfc/rfc2743.txt (GSS-API)http://www.ietf.org/rfc/rfc2743.txt –http://www.ietf.org/internet-drafts/draft-ietf-cat-iakerb-05.txthttp://www.ietf.org/internet-drafts/draft-ietf-cat-iakerb-05.txt RADIUS –http://www.ietf.org/rfc/rfc2138.txthttp://www.ietf.org/rfc/rfc2138.txt –http://www.ietf.org/rfc/rfc2139.txthttp://www.ietf.org/rfc/rfc2139.txt –http://www.ietf.org/rfc/rfc2548.txthttp://www.ietf.org/rfc/rfc2548.txt –http://www.ietf.org/rfc/rfc2865.txthttp://www.ietf.org/rfc/rfc2865.txt –http://www.ietf.org/rfc/rfc2866.txthttp://www.ietf.org/rfc/rfc2866.txt –http://www.ietf.org/rfc/rfc2867.txthttp://www.ietf.org/rfc/rfc2867.txt –http://www.ietf.org/rfc/rfc2868.txthttp://www.ietf.org/rfc/rfc2868.txt –http://www.ietf.org/rfc/rfc2869.txthttp://www.ietf.org/rfc/rfc2869.txt EAP –http://www.ietf.org/rfc/rfc2284.txthttp://www.ietf.org/rfc/rfc2284.txt –http://www.ietf.org/rfc/rfc2716.txthttp://www.ietf.org/rfc/rfc2716.txt –http://www.ietf.org/internet-drafts/draft-aboba-pppext-eapgss-02.txthttp://www.ietf.org/internet-drafts/draft-aboba-pppext-eapgss-02.txt

Download ppt "Doc.: IEEE 802.11-00/419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems,"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-01/039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE802.11 System Submitted to IEEE802.11.

Doc.: IEEE /039 Submission January 2001 Haverinen/Edney, NokiaSlide 1 Use of GSM SIM Authentication in IEEE System Submitted to IEEE
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Doc.: IEEE 802.11-00/037 Submission March 2000 Duncan Kitchin, Jesse Walker, Intel NIDSlide 1 Proposal for Enhanced Encryption Duncan Kitchin Jesse Walker.

Doc.: IEEE /037 Submission March 2000 Duncan Kitchin, Jesse Walker, Intel NIDSlide 1 Proposal for Enhanced Encryption Duncan Kitchin Jesse Walker.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
802.11 security Courtesy of William Arbaugh with Univ. of Maryland Jesse Walker with Intel Gunter Schafer with TU Berlin Bernard Aboba with Microsoft.

security Courtesy of William Arbaugh with Univ. of Maryland Jesse Walker with Intel Gunter Schafer with TU Berlin Bernard Aboba with Microsoft.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Solutions for WEP Bracha Hod June 1, 2003 2 802.11i Task Group  Addresses WEP issues –No forgery protection –No protection against replays –Attack through.

Solutions for WEP Bracha Hod June 1, i Task Group  Addresses WEP issues –No forgery protection –No protection against replays –Attack through.

Similar presentations

Ads by Google