Presentation is loading. Please wait.

Presentation is loading. Please wait.

D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies."— Presentation transcript:

1 D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies his or her acknowledgement of the confidential nature of its contents and his or her obligation not to reproduce, transmit to a third party, disclose or use for commercial purposes any of its contents whatsoever without France Telecom’s prior written agreement. France Telecom Research & Development Network Access Control Schemes Vulnerable to Covert Channels 11/03/2004 Florent Bersani & Anne-Sophie Duserre

2 Distribution of this document is subject to France Telecom’s authorization D2 - 29/06/2015 France Telecom Research & Development Agenda  Context  Network Access Control ?  Covert channels ?  Examples  In mobile phone networks : DECT, GSM  In IEEE 802.11 WLANs  Discussion  Impact  Solutions

3 Distribution of this document is subject to France Telecom’s authorization D3 - 29/06/2015 France Telecom Research & Development Agenda  Context  Network Access Control ?  Covert channels ?  Examples  In mobile phone networks : DECT, GSM  In IEEE 802.11 WLANs  Discussion  Impact  Solutions

4 Distribution of this document is subject to France Telecom’s authorization D4 - 29/06/2015 France Telecom Research & Development NAC: the first line of defense  Network access control is about :  Securely verifying the identity of a device/user that wants to connect to a network  Checking if this device/user is indeed authorized to do so  Robust network access control is the key:  To properly defined security zones  To financial valuation of network access

5 Distribution of this document is subject to France Telecom’s authorization D5 - 29/06/2015 France Telecom Research & Development NAC in a roaming situation

6 Distribution of this document is subject to France Telecom’s authorization D6 - 29/06/2015 France Telecom Research & Development Covert channels: abusing protocols  A communication channel is covert if it is neither designed nor intended to transfer information at all. [Lampson73]  For network protocols, a covert channel is rather a communication channel that is abused to unnoticeably transfer unexpected data.  These channels provide venues to circumvent the policy

7 Distribution of this document is subject to France Telecom’s authorization D7 - 29/06/2015 France Telecom Research & Development Agenda  Context  Network Access Control ?  Covert channels ?  Examples  In mobile phone networks : DECT, GSM  In IEEE 802.11 WLANs  Discussion  Impact  Solutions

8 Distribution of this document is subject to France Telecom’s authorization D8 - 29/06/2015 France Telecom Research & Development DECT 1 Portable Part DECT Fixed Part Inter- Working Unit Local and/or Public Phone Network DECT Common Interface

9 Distribution of this document is subject to France Telecom’s authorization D9 - 29/06/2015 France Telecom Research & Development DECT NAC in roaming scenarios K S =PRF(K,R S ) & RES1=PRF'(K S,RAND_F)

10 Distribution of this document is subject to France Telecom’s authorization D10 - 29/06/2015 France Telecom Research & Development GSM BTS MS BSC BTS VLRHLR AuC MSC Transport Network

11 Distribution of this document is subject to France Telecom’s authorization D11 - 29/06/2015 France Telecom Research & Development GSM NAC in roaming situations K C =PRF(K I,RAND) & SRES1=PRF'(K I,RAND)

12 Distribution of this document is subject to France Telecom’s authorization D12 - 29/06/2015 France Telecom Research & Development WLAN 2 PeerPass-through AuthenticatorAuthentication Server EAP Peer 1 Proxy RADIUS Server Home RADIUS Server Wireless Access Point

13 Distribution of this document is subject to France Telecom’s authorization D13 - 29/06/2015 France Telecom Research & Development WLAN NAC in roaming situations (1/2)

14 Distribution of this document is subject to France Telecom’s authorization D14 - 29/06/2015 France Telecom Research & Development WLAN NAC in roaming situations (2/2)  EAP [RFC 3748] may transport EAP methods that are opaque to the Visited AS, e.g. PEAP or EAP- PSK  A rogue Home AS may use this communication channel that it is granted with its user for other purposes than authentication!

15 Distribution of this document is subject to France Telecom’s authorization D15 - 29/06/2015 France Telecom Research & Development Agenda  Context  Network Access Control ?  Covert channels ?  Examples  In mobile phone networks : DECT, GSM  In IEEE 802.11 WLANs  Discussion  Impact  Solutions

16 Distribution of this document is subject to France Telecom’s authorization D16 - 29/06/2015 France Telecom Research & Development Impact  What the impact of the covert channel ?  Feasibility  Attraction  Detectability  The covert channel we present should be taken into account  When signing roaming agreements –pricing of the authentication traffic –choice of appropriate EAP methods  When designing a threat model for WLANs

17 Distribution of this document is subject to France Telecom’s authorization D17 - 29/06/2015 France Telecom Research & Development Solutions  Revert to another NAC schemes  Cryptography has long recognized that multi-party protocols warrant specific research  A thorough threat model should be determined  A relevant protocol should then be selected  Tweak the standards (Design EAP methods that may be split between the visited AS and the home AS)  Decrease the potential attraction of this channel  Make the channel uninteresting for non-authentication traffic  Monitor for this channel  Monitor the statistics of EAP dialogs

18 Distribution of this document is subject to France Telecom’s authorization D18 - 29/06/2015 France Telecom Research & Development Questions & Comments

19 Distribution of this document is subject to France Telecom’s authorization D19 - 29/06/2015 France Telecom Research & Development Questions & Comments florent.bersani@francetelecom.com

20 Distribution of this document is subject to France Telecom’s authorization D20 - 29/06/2015 France Telecom Research & Development References  [Lampson73] B. W. Lampson, "A Note on the Confinement Problem," Communications of the ACM, 16:10, pp. 613-615, October 1973.  [RFC 3748] B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz, Extensible Authentication Protocol (EAP), June 2004, RFC 3748

Download ppt "D1 - 29/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
doc.: IEEE <doc#>

doc.: IEEE <doc#>
ITU-T SG13 futures session – July 25, 2003 - D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.

ITU-T SG13 futures session – July 25, D1 Present document contains informations proprietary to France Telecom. Accepting this document means for.
ITU-T SG13 futures session – July 25, 2003 - D1 France Télécom R&D Present document contains informations proprietary to France Telecom. Accepting this.

ITU-T SG13 futures session – July 25, D1 France Télécom R&D Present document contains informations proprietary to France Telecom. Accepting this.
D1 - 12/05/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.

D1 - 12/05/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.

1 Role of Authorization in Wireless Network Security Pasi Eronen Jari Arkko November 3, 2004 This document has been produced partially in the context of.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
D1 - 27/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.

D1 - 27/06/2015 The present document contains information that remains the property of France Telecom. The recipient’s acceptance of this document implies.
1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.

1 An overview Always Best Connected Networks Dênio Mariz Igor Chaves Thiago Souto Aug, 2004.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.

 The GSM network is divided into two systems. each of these systems are comprised of a number of functional units which are individual components of the.
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
GGRF Doc. 21/00 1 GSM Global Roaming Forum Title: Source: Meeting Date: 6-Oct-2000 Meeting # : GGRF #2 Location: Brussels Document Purpose: For Information.

GGRF Doc. 21/00 1 GSM Global Roaming Forum Title: Source: Meeting Date: 6-Oct-2000 Meeting # : GGRF #2 Location: Brussels Document Purpose: For Information.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Similar presentations

Ads by Google