Presentation on theme: "Wireless Network Security for Future Internet"— Presentation transcript:
1Wireless Network Security for Future Internet Yasuo OkabeAcademic Center for Computing and Media StudiesKyoto University
2Overview What is Network Security? W-LAN Security Technologies Security Issues on Public Wireless Internet Access ServicesLocation PrivacySummary
31. What is Network Security? a brief introduction
4What is Network Security? sendermessagerecipientadversary?interruptioneavesdroppingmasqueradefabricationmodification
5Active Attacks and Passive Attacks Interruptiondenial of service (DoS)MasqueradeFabricationreplayModificationPassive AttacksEavesdropping (or Wiretapping)get the content of messages without the sender/recipient being aware of itMonitoringobserve who sends a message to whom at whenPassive attacks are more difficult to detect than active attacks
6Repudiation??sendermessagerecipientadversary?The sender denies the fact he have sent the messageThe sender tells a lie.The recipient tells a lie.An adversary fabricated the message.The recipient denies the fact she have received the messageAn adversary masqueraded as the recipient.The received message is different from what is sent.The sender tells a lieThe recipient tells a lineAn adversary modified it.｝BothIt is meaningless one can believe firmly the opponent tells a lie but he cannot prove it to a third person.
7Network Security Attributes in Computer Security Authentication ConfidentialityIntegrityAvailabilityAuthenticationconfirm both the sender and the recipients surely have the authority to do the act a the communicationNonrepudiationprevent either the sender or the recipient from denying the communicationWhen a message is sent, the recipient can prove that the message is sent from the sender, and vice versa.Concealmentassure to be kept unnoticed the fact communication is done between the sender and the recipients to others
9Wireless LAN IEEE802.11 Wi-Fi (Wireless Fidelity) A set of standards for wireless local area networks (W-LAN)Developed by IEEE LAN/MAN Standards Committee (IEEE802).IEEE (1997), 11b (1999), 11a (1999), 11g(2003)IEEE i (2004)Wi-Fi (Wireless Fidelity)A family of related specifications based on IEEE but slightly modified.Specified by Wi-Fi Alliance
10W-LAN Security Access Control at Access Points Stealth ESSIDstop announcement of ESSID (Extended Service Set ID)But, ESSID can be sniffed by monitoring.MAC Address Registrationdeny packets from a client whose MAC addresse is not registerredBut, MAC addresses can be sniffed and be spoofed.WEP, WPA, … 〔T.B.D. later〕Restriction at Access PointsIP address restriction／port filteringDisabling direct communication among clients
11WEP (Wired Equivalent Privacy) Authentication and Encryption by a WEP Key64bit WEP (40bit key＋24bit IV)128bit WEP (104bit key＋24bit IV)Two mode of authenticationOpen System authenticationNo actual authentication at association, but data is encrypted by WEP keyShared Key authenticationFour-way challenge-response handshake at association
12WEP Encryption Details CRC32Data (plain text)ICV(Integrity Check Value)RC4XOR (exclusive OR)WEP keyKey streamIV(Initial Vector)(encrypted)MAC headerIVData (encrypted)ICVFCS(Frame Check Sum)IV and hence key stream are frequently changed,so as to protect against brute-force attack.
13Vulnerability of WEP Relatively shortness of IV Key remains static 224 ≒ 16,000,000The same number of packets may be sent only in 10 minutes in 54Mbps W-LAN.Crackers can get the XOR of plain-text data if he find two frames with the same IV(D1+K) + (D2+K) = D1+D2, where D1 and D2 are original data and K is the key stream.Key remains staticsometimes yearly…RC4 is known to be weak.Note that cracking can be done passively
16WPA (Wi-Fi Protected Access) WPA-TKIPImprovement of WEPUse a temporal key instead of WEP keyKey is assigned per client, per association and periodically changedTKIP: Temporal Key Integrity ProtocolKey stream is generated by RC4 from 48bit IV (initial vector)avoid reuse same IV.WPA-AESUse of AES (Advanced Encryption Standard) instead of RC4.
17WPA-PSK WPA-PSK (Pre-Shared Key) Weakness Replacement of WEPInitial association between AP and client is done with a pass phase as a pre-shared keyWeaknessAttacker who have the pre-shared key can eavesdrop all packets.Dictionary attack may succeed if the pre-shared key is not choose enough long and not guessable.
18WPA-EAP EAP (Extensible Authentication Protocol) EAP-TLS Authentication based on 802.1x with a Radius authentication serverEAP-TLSBased on PKIServer and client mutually authenticate by certificatesEAP-PEAPID/Password basedUse of PKI is optionalMS-CHAP v2Server and client mutually authenticate via ID/passwordEAP-SIMUsing SIM (GSM Subscriber Identity Module)CorrespondingNodeAuthentication ServerAccess PointMobile Node
20How to use EAP-TLS based on PKI Application Server (web)RACARA AdministratorApplyCA AdministratorAuthorityDelegationSmart CardIdentifyAuthorizeUserRA OperatorAdmin Server (web)Issue RequestIssue CertificateLDAPRADIUSAP
21OpenWRT http://openwrt.org/ Alternative firmware for commodity W-LAN routersSupports many platforms, including Buffalo’s productsOpen source based on LinuxCLISupports many features like 802.1x with Radius, VPN, etc.Customizable by users themselves.DD-WRTA branch of OpenWRTGUI
223. Security Issues on Public Wireless Internet Access Service
23Status of public wireless Internet access Remarkably rapid deployment of IEEE802.11b/g W-LAN in these 10 yearsNow almost all Note PCs have W-LAN build in.Security risks/incidents have become a social problem.“Public wireless LAN” or “wireless HotSpot”Public Internet Access Service using W-LAN technologyAttracts attention of the mass media.In U.S.Bankruptcy of MobileStar (2001)In JapanPaid services are not necessarily satisfactoryMIS stops the service （2002）Livedoor Wireless canceled the plan of extending the coverageEach of NTT group company provides service in unsystematic way.HOTSPOT (NTT.com), M-Zone (NTT DoCoMo),Wireless LAN Club (NTT BP), FletsSpot (NTT East/West)
24Difficulty in the business model of public wireless Internet access service Issues in cover areaConflict among service providers at public hot spots like railway stations, airports, hotelsNumber of channels of IEEE802.11b/g is very smallIn most places only one service availableUsers who subscribes the service can use it.Most of the spots are located at metropolis, few in local cities.Covers only spots, not areaEnormous investment is needed to cover area, compared to 3G mobile phone serviceSeveral projects conducted by local governments are suspended in U.S.
26Google WiFiA free wireless Internet service in Mountain View by GoogleMore than 400 APs.Service area: almost the whole areal of 18km2Unique user：15,000/month“We're offering to the city of Mountain View as part of our ongoing efforts to reach out to our hometown.”
27eduroamW-LAN roaming architecture among academic and research institutes in Europe and other countries.IEEE802.1x (EAP-TTLS)＋raduis federationRoaming between commercial service providers in Europe (experimental)
28Is FREE service really possible? We already have Internet Infrastracuture.Most of office/shops/houses have broadband access.ADSL (1～10Mbps) ⇒ FDDH (100Mbps～1Gbps)Providing it to visitors is feasibleWe rarely consumes the bandwidth fullyWireless service needs little cost.The issue is securityRisk of providing network access to unknown visitorsAccess to the private network can be prohibited butMalicious access to the Internet is hard to limit
29Security in public wireless Internet services What is the difference between W-LAN and public Wireless Access?For users:Eavesdropping, MIM (man-in-the-middle) attackMasquerading (Impersonation)For host people of access pointsAccounting (in paid service only)Avoiding anonymous use
30Limitation of Wireless-LAN authentication and encryption technologies for public wireless service Stealth ESSID?ESSID must be announced to publicMAC address filteringCan very easily be spoofedIssues in scalabilityWEP (encryption)Pre-shared keyThe key is shared by all usersWPA-EAPIEEE802.1xCannot be used in public services.Encryption is done only in Wireless section(between AP and client)
31ISP type W-LAN service Features Centralized Management by ISP Wireless AP and Access Network are owned by ISPISP manages Authentication Server and issues acountsSubscriber must rely on ISPIssuesContract is needed between the ISP and subscribersCorresponding NodeISPNetworkAuthenticationServerAccessPoint1.2.AS: authentication serverAP: access pointMN: mobile nodeCN: corresponding nodeAuthorizationDataMobile Node
32Wireless Internet Service by a single ISP MN (mobile node)Auth ServerAP (Access Point)ISPInternetCN (corresponding node)Mutual AuthenticationISP’s private networkMutual trust relation
33 WLAN roaming among ISPs CNInternet(exapmple)iPasseduroamHome ISPAAA serverRoam ISPAccess pointsAuthenticationMNTrust relation between Home ISPAnd Roam ISP is necessaryMutual trust relation
34Self-managed model Features Managed typically with one or a few APs, independentlyDaily operational cost is not so high.Security policy depends on the host personGrass-root deployment is possibleIssuesVery costly to assure security level as high as the user can be traced when an incident occurs.No protection if the host person has malicious attempt.CorrespondingNode2.Host person’s networkAccessPoint(1.)Mobile Node
35Self-managed FreeSpot （Free Service） CNInternetHost person of APsEavesdropMasqueradeFabricationAPMaliciousadversaryNaïve authenticationMNRepudiation
36Autonomous Distributed Model Comparison of Public WLANService ModelsAutonomous Distributed ModelHighISP ModelFramework toenhance the security ofself-managednetwork modelSecuritySelf-Managed ModelLowHighManagement CostLow
37Autonomous Distributed Model Network ofAuthenticationSystemCorrespondingNodeAuthenticationServerassuming littleconfidentialityAP host’sNetworkAccess PointAuthorizationAuthenticationDataMobile Node
38Categorization of Security Procedures of Autonomous Distributed Public WLAN servicesCategorize authentication mechanisms based on the following two aspects:Authentication Transaction at Access PointRelayedPassed ThroughData PathTunnelingDirect[ Pros and Cons of Four Models ]Authentication Treatment at APRelayed:Eliminate malformed authenticationMake an AP busierData PathTunneling:Acquire location privacy of MNsDetour via AS is forcedIn the other case, pro and con go across.[ Properties and Name of Each Model ]Data PathNo Auth. at APAuth. at APTunnelPATPRATPDirectPADPRADP
43What is Location Privacy? Location privacy is the combination of information ofwhen and where you are, and who you areYour location privacy is expected to be disclosed to neither ofcorresponding nodeauthentication serveraccess pointTrade off withAnonymity v.s. securityLocation-aware serviceAuthenticationServerCorrespondingNodeAccess PointMobile NodeYou are here!
44Location privacy in ISP type W-LAN service The authentication server knowswho you arewhere you are nowTo whom you are communicatingUsers are forced to rely on the service providerMobile phone carriers does.Corresponding NodeAuthenticationServerAccessPoint1.2.AuthorizationMobile NodeData
45Location Privacy in Roaming Service AuthenticationServerCorrespondingNodeAuthentication server knowswho you arewhere you areAccess point may knowto whom you are communicatingCorresponding node will knowwhere the MN isAccess PointMobile Node
46How pseudonym conceals location privacy in roaming service Home ISPAuthenticationServerAccess point may knowwhere you areto whom you are communicatingwhich is your home ISP, not who you areAuthentication server may knowwho you arewhich roam ISP you are using, not where you areCorrespondingNodeRoam ISPAccess PointAuthenticationproxy serverAccess withpseudonymMobile Node
47Location privacy in VPN-based Tunneling Path Model Home ISPAuthentication serverknowswho you arewhere you areAccess point cannotknowto whom you are communicatingCorresponding node cannot knowwhere the MN isCorrespondingNodeTunneling ServerAccessPointRoam ISPAuthorizationVPN TunnelDataMobile Node
49Summary Security issues of W-LAN roaming services Proposal of autonomous distributed public wireless Internet access architectureMIAKO.netA service model for implementing ubiquitous networking with a grass-root W-LAN roaming with enough security.
50Categorized security problems of public WLAN services [ Concluding Remarks ]Categorized security problems of public WLAN servicesProposed an Autonomous Distributed public WLAN service modelCompared some security procedures of Autonomous Distributed public WLAN serviceEach procedure has its pros and cons therefore we cannot say which is the best for future useMIAKO.NET public wireless serviceThis is based on PATP model[ References ]A. Balanchandran et al., ‘Wireless Hotspots: Current Challenges and Future Cirections’, 2003N. Borisov et al., ‘(In)Security of the WEP Algorithm’, 2001D. Golombek, ‘Single Computer Breaks 40-bit RC4 in under 8 Days’, 1996T. Komura et al., ‘The MIAKO.NET Public Wireless Internet Service in Kyoto’, 2003Y. Matsunaga et al., ‘Secure Authentication System for Public WLAN Roaming’, 2003L. Ackerman et al., ‘Wireless Location Pricay: Low and Policy in the U.S., EU and Japan’,- ISOC Member Brefing, 2003