Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Published byBrandon Cunningham Modified over 10 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group."— Presentation transcript:

1 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group E July 2000 meeting Prasad, Anand aprasad1@lucent.com Raji, Alex araji@lucent.com

2 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 2 Objectives Improve network security capabilities –Critical for business, home and Internet applications Assure alignment with IETF Improve Encryption scheme Assure backward compatibility with the current standard

3 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 3 Overview of 802.11 Security Vulnerabilities* Compromise of encryption key Theft of hardware is equivalent to theft of key Packet spoofing, disassociation attack Rogue AP Known plain-text attack Brute force attack Passive monitoring Replay attack * Derived from Microsoft paper: IEEE 802.11-00/034r1

4 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 4 Proposed 802.11 Security Solutions Flexible/extensible security architecture with backward compatibility Hardware as well as user authentication Key management with support for per station/per session encryption key Mutual authentication (defense against rogue AP) Option to use other/better encryption algorithms Per packet authentication (defense against replay attack and packet spoofing)

5 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 5 Security Proposal Highlights Enhanced encryption key exchange –Support public key exchange (Diffie-Hellman) –Improve WEP key distribution/management Enhanced authentication –Support user as well as machine authentication options –Support extensible authentication protocol (EAP) over wireless with multi-protocol support akin to 802.1x –Support for certificate authentication of hardware Enhanced privacy algorithms –Choice of packet authentication and/or encryption (AH, ESP) –Add anti-replay measures (sequence #) –Support multiple encryption algorithms

6 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 6 802.11e Dynamic Key Exchange

7 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 7 Key Exchange Parameters Support both shared key (WEP) and public key Support infrastructure as well as ad-hoc modes Backward compatibility with 802.11b Address rogue AP vulnerability Flexibility to negotiate a variety of security schemes Adhere to known and trusted security industry practices Assume a short key life Negotiate a single encrypted tunnel per station

8 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 8 Proposed Methodology for Key Exchange Use internet key exchange (IKE, RFC 2409) standard as a model Exchange keys ASAP to establish a secure tunnel (prior to association) Overload KE messages over authentication frames Link key exchange phase to the subsequent phases to prevent session hijacking Provide a mechanism for protocol negotiation for later phases (Authentication and Privacy protocols)

9 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 9 Advantages Public Key Exchange Addresses the following vulnerabilities –Compromise of the encryption key (each session has a new key) –Rogue AP (via X.509 certificate authentication of the AP) –Password cracking (allows encrypted session to be established before authentication) Diffie-Hellman public key algorithm –Well defined negotiation of a secret key between the end points –Eliminates shared key requirement, simplifies management Supports X.509 certificates –Integrated one-way or two-way certificate authentication

10 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 10 Public Key Exchange Requirements Need a good pseudo random number generator –Use MD5(x,y) or SHA(x,y) one-way hashing function Ability to calculate exponential modulus of large numbers –G x MOD p where p is 768 or 1024 bits long –Similar to m e MOD n for RSA calculations Ability to verify certificate digital signatures –Digital signature standard verification (NIST FIP-186) Requires SHA(x,y), g -1 MOD p, and g x MOD p calculation –RSA signature verification Requires SHA(x,y), and m e MOD n calculation

11 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 11 Example Key Exchange Initiator Responder Proposal values, Key (g^x), ID i, Nonce i Selected proposal, Key (g^y), ID r, Nonce r, Hash r Hash i Skey = Hash(Nonce i +Nonce r +g^xy) g^xy = (g^x)^y MOD p Hash r = Hash(g^xy+ID i +ID r +g^x+g^y+Nonce i +Nonce r ) Hash i = Hash(g^xy+ID r +ID i +g^y + g^x +Nonce r +Nonce i ) g^xy = (g^y)^x MOD p Skey = Hash(Nonce i +Nonce r +g^xy)

12 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 12 Example Key Exchange + Certificate Authentication Initiator Responder Proposal, Key (g^x), ID i, Certificate Req, Nonce i Proposal, Certificate[BSSID,g^y,Signature], ID r, Nonce r, Hash r Hash i Skey = Hash(Nonce i +Nonce r +g^xy) Verify certificate signature

13 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 13 Example Key Distribution (WEP) Initiator Responder Proposal, Key (g^x), ID i, Nonce i Proposal, Key (g^y), ID r, Nonce r, Hash r Hash i [Session key] Skey Skey = Hash(Nonce i +Nonce r +g^xy) RC4(Session key, Skey)

14 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 14 802.11e Enhanced Authentication

15 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 15 Enhanced Authentication Parameters Support User and Machine level authentication Support emerging 802.1x standard Flexibility to support multiple authentication protocols (PAP, CHAP, etc.) Compatible with popular AAA systems such as RADIUS Compatibility with PKI and Certificate authentication Authentication process itself must be secure

16 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 16 802.1x draft standard (EAPOL) Extensible Authentication Protocol (EAP; RFC 2284) is a general protocol for PPP authentication –EAPOL is adopted by IEEE 802.1x as an authentication mechanism for network port access control. –EAPOL supports multiple authentication mechanisms. The IEEE draft P802.1X/D5 describes the use of EAPOL in Port based Network Access Control in IEEE 802.11 wireless LAN infrastructures. EAPOL communication occurs in an unsecured shared environment, so it is vulnerable to attack.

17 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 17 Proposed Authentication Methodology Negotiate a secret key prior to station authentication step to create a secure encrypted tunnel. Negotiate a single authentication methodology (PAP, CHAP, etc.) during the key exchange process. Use EAPOL as defined in IEEE 802.1x, only after the secure tunnel is established. Authentication Number Field of Authentication Frame is used to identify the EAPOL protocol vs the legacy Shared Key or Open System.

18 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 18 EAP Over Wireless LAN (EAPOWL) Addresses the following vulnerabilities –Theft of hardware enables unauthorized access –Access control (enables user based authentication and filtering) –Password cracking (provides the ability to limit the number of failures) Provides additional benefits –Enables tracking of lost/stolen hardware by logging the card MAC address while authenticating

19 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 19 802.11e Enhanced Privacy

20 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 20 Enhanced Privacy Protocol Parameters Support multiple encryption algorithms (DES, 3DES, etc.) Support key per session Backward compatibility with WEP/RC4 Support frame Authentication as well as Encryption Include defense against replay attacks Include defense against packet spoofing

21 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 21 Proposed Enhanced Privacy Use IPSec standard as a model (RFC 1826, 1827) Negotiate a single packet security and privacy protocol for each station MAC address during the key exchange process. Packet layout is the same as WEP except –IV field could also become a 4 byte sequence number –ICV field could also become the payload hash value Optionally add authentication field to 802.11 control and management packets Support WEP, as well as other encryption algorithms.

22 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 22 Enhanced Privacy Packet Format WEP encryption format Enhanced privacy encryption format

23 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 23 Enhanced Privacy Protocol Advantages Addresses the following vulnerabilities –Packet spoofing via frame authentication field –Known plaintext attack via block cipher algorithms –Brute force attack via longer keys / better encryption algorithms –Passive monitoring via packet encapsulation –Disassociation attack via control frame authentication field –Replay attack via integrated sequence number field

24 doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 24 Comparing WEP to Enhanced Security Proposal * Longer RC4 keys

Download ppt "Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group."

Similar presentations

Authentication.

Authentication.
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
Authentication Applications

Authentication Applications
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
L8. Reviews Rocky K. C. Chang, May 2011. Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Similar presentations

Ads by Google