Presentation is loading. Please wait.

Presentation is loading. Please wait.

Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date: 2016-03-16.

Published byJayson Potter Modified over 8 years ago

Similar presentations

Presentation on theme: "Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date: 2016-03-16."— Presentation transcript:

1 Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date: 2016-03-16 Authors:

2 Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 2 Abstract Security is a delicate topic Past experiences with insufficient 802.11/Wi-Fi security WEP, WPA1, WPS … Huge market impact because of press reports etc. Opportunistic Wireless Encryption (OWE) fills a (severe) gap in the IEEE 802.11 standard 802.11 does not allow for unauthenticated but encrypted operation OWE is simple to add, requires no hardware changes Few software changes, can even operate on legacy equipment OWE is simple to use, no configuration required

3 Submission doc.: IEEE 802.11-16/313r1 Situation analysis Slide 3Guido R. Hiertz, Ericsson et al. March 2016 Authenticated NoYes Encrypted No Open Free, anonymous access Often combined with captive portal re terms & conditions Captive portal IP layer Credential submission through HTTPS Yes Missing in 802.11 Free, anonymous access like “Open” method Wireless traffic encrypted, secure Client protection RSNA or Captive portal & opportunistic encryption combined

4 Submission doc.: IEEE 802.11-16/313r1 Captive Portals Typical Captive Portal operation IP based Client is blocked from Internet access until successfully performing HTTP login Captive Portal gateway intercepts HTTP requests and redirects them to login page After successful credential check record MAC address as permitted Optionally, have client access an operator’s HTTPS webpage to push (secure) Cookie to client Have client perform frequent page refresh to check for Cookie March 2016 Guido R. Hiertz, Ericsson et al.Slide 4

5 Submission doc.: IEEE 802.11-16/313r1 Captive Portal usage Mostly for guests Hotel, airport, lounge, restaurant … Widely applied Simple to use, access through webpage Provision of credentials or acknowledgment of terms March 2016 Guido R. Hiertz, Ericsson et al.Slide 5

6 Submission doc.: IEEE 802.11-16/313r1 Threats in unencrypted WLANs ARP Glue between IP & L2 Caches can be poisoned Man in the middle attack to redirect traffic DNS Privacy issues with overheard DNS requests Severe attacks with malicious DNS responses Even DNSSec is unencrypted Pervasive monitoring Eavesdropping E.g. common PSK may reveal individual PTK Only encryption allows for PMF PMF (Protected management frames) needed to prevent disassociation attacks PMF mandatory with WFA 802.11ac March 2016 Guido R. Hiertz, Ericsson et al.Slide 6

7 Submission doc.: IEEE 802.11-16/313r1 OWE implementation aspects Minor software changes Can be added with driver updates OWE adds Diffie- Hellmann key exchange prior to existing RSNA operation No hardware changes needed No new encryption methods needed No additional frames need to be exchanged No changes to RSNA process March 2016 Guido R. Hiertz, Ericsson et al.Slide 7

8 Submission doc.: IEEE 802.11-16/313r1 RSNA authentication At least ten frames needed to securely associate with AP Probe frames are optional Credentials can be provided as pre-shared key or through EAP (Extensible Authentication Protocol) EAP may require up to 14 additional messages March 2016 Guido R. Hiertz, Ericsson et al.Slide 8

9 Submission doc.: IEEE 802.11-16/313r1 OWE based authentication OWE requires no additional frames to be exchanged On the fly, generate secret, random credentials Used as input to unmodified RSNA process Standard generation of depending keys: PTK, GTK … March 2016 Guido R. Hiertz, Ericsson et al.Slide 9

10 Submission doc.: IEEE 802.11-16/313r1 OWE based authentication (zoom in) March 2016 Guido R. Hiertz, Ericsson et al.Slide 10

11 Submission doc.: IEEE 802.11-16/313r1 Conclusion Security is one of 802.11’s key topics No other topic related to 802.11 attracts so much attention than broken security A huge number of WLANs operates unencrypted Introducing security in this important market segment is important OWE comes at no cost No over the air overhead Diffie-Hellmann widely implemented with EAP key exchange, e.g. EAP-TLS No new encryption code needed OWE & Open access may operate concurrently on same AP Even during such a legacy transitioning period OWE implementations will already benefit from being protected March 2016 Guido R. Hiertz, Ericsson et al.Slide 11

12 Submission doc.: IEEE 802.11-16/313r1 Recommendation Integrate OWE into IEEE P802.11-REVmc/D5.1 resp. IEEE 802.11-2016 Apply the changes proposed in 802.11-15/1184r7 Slide 12Guido R. Hiertz, Ericsson et al. March 2016

13 Submission doc.: IEEE 802.11-16/313r1March 2016 Guido R. Hiertz, Ericsson et al.Slide 13 References 1.V. Dukhovni, “Opportunistic Security: Some Protection Most of the Time,” IETF RFC 7435, Dec. 2014.

Download ppt "Submission doc.: IEEE 802.11-16/313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date: 2016-03-16."

Similar presentations

Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
IEEE 802.11i: A Retrospective Bernard Aboba Microsoft March 2004.

IEEE i: A Retrospective Bernard Aboba Microsoft March 2004.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade - 12.09.2011 Wenche Backman-Kamila.

CSC – Tieteen tietotekniikan keskus Oy CSC – IT Center for Science Ltd. WLAN Information Security Workshop on Wireless Belgrade Wenche Backman-Kamila.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.

Bootstrapping MIP6 Using DNS and IKEv2 (BMIP) James Kempf Samita Chakrarabarti Erik Nordmark draft-chakrabarti-mip6-bmip-01.txt Monday March 7, 2005.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE 802.11-11/0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: 2011-07-17 Authors: NameAffiliationsAddressPhoneemail.

Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Similar presentations

Ads by Google