Presentation is loading. Please wait.

Presentation is loading. Please wait.

Background Study :802.11i Encryption. MK (Master Key) PMK (Pair-wise Master Key) PTK (Pair-wise Transient Key) GMK (Group Master Key) GTK (Group Transient.

Published byFaith Greeley Modified over 9 years ago

Similar presentations

Presentation on theme: "Background Study :802.11i Encryption. MK (Master Key) PMK (Pair-wise Master Key) PTK (Pair-wise Transient Key) GMK (Group Master Key) GTK (Group Transient."— Presentation transcript:

1 Background Study :802.11i Encryption

2 MK (Master Key) PMK (Pair-wise Master Key) PTK (Pair-wise Transient Key) GMK (Group Master Key) GTK (Group Transient Key)

3 Background Study : ECC (Elliptic Curve Cryptography)[Neil Koblitz, Victor Miller, 1985] General Form 質數體 二元體

4 質數體加法規則 O: Point at infinity P+O=O+P=P

5 乘法規則 nP=O n 稱為 order Given G, Q=dG, d is randomly selected. It is nearly impossible to derive d ( 橢圓曲線離散對數 問題 ). G is called generator. Q is called public key. d is called private key.

6 ECCDH Given E, a generator point P. A selects a private key da. A derives public key Qa= da ∙ P B selects a private key db. B derives public key Qb=db ∙ P A and B exchange their public Key A derives share key Sab=da ∙ Qb B derives share key Sab=db ∙ Qa

7 Bilinear pairing Establishment of a session key requires only one message for exchange Two cyclic group bilinear mapping G1: cyclic addition group, G2 cyclic multiply group

8

9 Introduction Roaming delay is composed by –Channel scanning and probing Mobile client must disconnect from the current AP and join a new AP and it takes 20ms~380ms –Authentication at the new AP The overall roaming delay should be kept under 50ms, ideally the authentication should not take more than 20ms to allow 30ms for channel scanning and probing.

10 802.11i –Authentication is done by 802.1x, or by a pre- shared key. –PMK, 4-way handshake for PTK, 2-way handshake for GTK. –Full authentication takes 750~1200ms –Roaming authentication takes 200ms, or 50ms for the best case.

11 Proactive key distribution method –Distributes a new PMK to neighbor APs –Roaming authentication time reduce to 21ms on the average. –Heavy burden on AS –AP must track the movement of clients Pre-authentication –A client connects to multiple APs first. –0 delay –Impose heavy burden on AS and may not extend beyond the first access router

12 Predictive authentication –All the neighboring APs can receive the authentication response. –Drawbacks are similar to pre-distribution 802.11r –Authentication time of best case is 10ms –Pre-distribution of the keys to all the AP within the subnet –Drawbacks still remain

13 Reducing 4-way handshake is important. Best case analysis of 4-way handshake is 20ms. Inter-domain roaming

14 Background IDC (Identity-based Cryptography) –Known identity information is used in ID-based cryptography to derive a public key thus no public key exchange is necessary. –Identity value may be alphanumeric character string or MAC address. PKG (Private Key Generator) –Given private key to the ID owner through a secure channel

15 Bilinear map Multiply integers with points on elliptic curves –Given P and sP, it is nearly impossible to compute s

16 Public/private key generation –PKG uses a master key s and a fixed point P on a elliptic curve. –Public key Oid PKG hashes user ’ s ID to a point Qid on the curve. –Private key s ∙Qid P, s∙P, cryptographic function H1 can be made available in public

17

18

19

20 Proposed scheme SFRIC To use a WLAN, a user logs into the network through 802.11i process. For static client SFRIC is not necessary SFRIC has 2 phases. In phase 1 a client accesses the PKG to get a private key. When the client decides to roam it first finds and joins a new APs by probing and scanning, and follows the phase 2 procedure to exchange authentication messages.

21

22 Phase 1 preparation APs and client both contact to PKG with their MAC and receive a private key via secure channel Private key of client –{MAC||expiration date||expiration hour||Nounce} Private key of AP –{MAC||current date||current hour} Both are periodically refreshed in every hour

23 Phase 2 roaming

24

25 Comment Figure 3 says message 1 is encrypted in Ka, but figure 4 says it is K1 to be used for encrypted instead.

26 Comment: The above equation can prove anything. Comment:(rK a, sP)=(K c -1, rP)? Serious error in equation. Can not prove security key of a equals to security key of c sK a = K c -1 ??

27 {MACc} is called the proof of ID. If the MAC address of ID matches the MAC address in the packet header, the sender is proven to posses the MAC address and the right private key. Comment: Verification of MAC is smart but weak.

28 Comment: If MACc is encrypt by c ’ s private key, there is no way to decrypt it in a.

29

30 Performance Analysis

31 The most time consuming is the pairing operations E2, D1, and D2, while the cost of the rest is almost negligible. Comment: I am not convincible why E1 pairing operation can be negligible. Comment: Authors is too optimistic to neglect the network operation, especially in worst cases.

32 Comment: Inconsistent typos

33 The authors claim there will be only 2 pairing operations require, which take 17ms (cited by [23] that one pairing operation is 8.7ms for best case), one can be done in advance. Comment: there is no simulation for the computation. Nothing but site by other work. Conviction is weak.

34 Thank You

35 Review Suggestion Rate the importance of the topic addressed in the paper and its timeliness within its area of research Excellent Above average Average Below average None Rate the technical contribution of the paper, its soundness and scientific rigour Excellent Solid work Valid work Marginal work Questionable Rate the novelty and originality of the work presented in the paper Pioneering Novel Some Novel Minor variation It has been said many times before

36 Rate the paper organization, the clearness of text and figures, the completeness and accuracy of references. Excellent Well written Readable Substantial revision work is needed Unacceptable Strengths: Weakness: Recommended changes:

Download ppt "Background Study :802.11i Encryption. MK (Master Key) PMK (Pair-wise Master Key) PTK (Pair-wise Transient Key) GMK (Group Master Key) GTK (Group Transient."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
An Introduction to Identity-based Cryptography

An Introduction to Identity-based Cryptography
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.

Secure Sockets Layer 1 / 99  SSL is perhaps the widest used security protocol on the Internet today.  Together with DC enables secure communication.
Cryptography 101 Frank Hecker

Cryptography 101 Frank Hecker

Similar presentations

Ads by Google