1. Wireless Network Security and Interworking
MINHO SHIN, JUSTIN MA, ARUNESH MISHRA,
AND WILLIAM A. ARBAUGH
University of Maryland, College Park, University of California, San Diego, La Jolla
THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006
Mong Nam Han
AN Lab, CS dept. KAIST, Korea
안녕하세요, 저는 AN연구실의 석사과정 한몽남입니다.

2. Overview Challenge to the interworking Security in cellular system
Security in WLAN
3G / WLAN interworking
Conclusion, Q & A

3. Challenge to the interworking
Variety of wireless have
Different coverage and bandwidth
Vastly different security architecture
Security issue
Contradictory security assumption
The authentication process
Long authentication delay during handover

4. Security in cellular system: ~2G
1G (analog)
Cloning
Channel hijacking
Eavesdropping 2G
Short authentication signature: 18bit
Broken encryption algorithm: CMEA in ‘97, ORYX in ’98
GSM
Security through obscurity: go through or around
Disclosed master key of SIM card
Reverse engineered function A5

5. Security in 3G Security challenges New revenue-related fraud
The full range of threats similar on Internet
Vulnerability to malicious access

6. Security in 3G: UMTS Enhancements Features
Mutual authentication, encryption with 128 bit key lengths
Features
Network access security
access control of users and MS, data confidentiality/integrity, and user identity privacy
Network domain security
security within provider domain
User domain security
User-USIM-terminal
Application domain security
Visibility, Configurability, Temporary identity

7. Security in 3G: UMTS AKA (Authentication and Key Agreement) protocol
Mutual authentication
Three entities
User (MS or USIM)
Serving node (VLR/SGSN)
Home environment (HLR/AuC)
Three stages
Initiation
Transfer of credentials
Challenge-response exchange

8. Security in 3G: UMTS
AKA process

9. Security in 3G: CDMA 2000 AKA with an optional extension
New cryptographic function f11
generate a UIM Authentication Key (UAK)
UMAC
message authentication function on UAK
Advanced Encryption Standard (AES)

10. Security in 3G Security issues in AKA
Trust relationship between roaming partners
One-pass challenge-response mechanism not full mutual authentication
User only verifies a MAC
Permanent identity (IMSI) in plain text
when registering at first time

11. Security in 802.11 WLAN Authentication Access Control
Open system authentication
Shared key authentication: standard challenge and response
Challenge text: WEP PRNG with the shared secret and IV
Response: 32bit CRC integrity check (ICV)
Access Control
Closed network access control: SSID
Access control lists: MAC address
Security problems
published in countless papers

12. Security in 802.11 WLAN: WPA WiFi Protected Access Three entities
Security framework
Three entities
Supplicant: user
Authenticator: switch, access point
Authentication server

13. Security in 802.11 WLAN: EAP Extensible Authentication Protocol
: Authentication mechanism built around challenge-response
Four types of message
EAP request: a challenge to supplicant
EAP response: response
EAP success: outcome
EAP failure : outcome
Features
Extensible: encapsulation within EAP
Flexible: operated at the network layer
Dual-port model

14. Security in 802.11 WLAN: Problems
Denial of service attack
Management frame are not protected nor authenticated
Session hijacking
When not encrypted
Trust relationship
implicit trust

15. 3G / WLAN interworking
Roaming model and three typical authentication scenarios
Case1: NY-WLAN operates independently, and Bill already have an account with NY-WLAN
Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN
Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do

16. Case 2: Centralized internetworking Authentication
EAP-SIM
Lack of mutual authentication
Weak 64 bit cipher key
EAP-AKA
Require synchronized sequence number
Weakness of EAP
Lacks for identity protection, protected method negotiation, protected termination
possible man-in-the-middle attack
Authentication latency: O(N2)
Interdomain proactive key distribution
Fast handoff scheme: reduce authentication latency
Use neighbor graph
Require reasonably accurate handoff prediction system
AAA-broker
Reduce total number of association: O(N)
Be close, trustworthy, require strong security association between broker and home network
man-in-the-middle attack: 공격자 자신이 대화에 끼어들거나 대화를 도청하거나, 아니면 그 내용을 변경해 버리는 것입니다. 예를 들어 공격자는 적절한 자격을 갖춘 클라이언트와 서버 간의 SMB 세션을 도청하여 패킷을 캡처한 다음 나중에 다시 재생하여 해당 서버에 연결합니다. SMB Reflection Attack은 공격자와 서버가 동일한 컴퓨터 상에 위치한, 특이한 유형의 man-in-the-middle 공격입니다

17. Case 3: Context transfer
Security context: current state
Authentication state: identifier
Authorization state: services and functions
Communication security parameter: encryption algorithm, session keys
Reactive context transfer: after visit
Context transfer protocol (CTP): at L3
Inter access point protocol (IAPP): at L2
Inter domain key exchange (IDKE): for seamless handover
Proactive context transfer: before visit
Soft handoff
Prediction
Ticket forwarding: issue ticket (context) to the client
Kerberos

18. Case 3: Context transfer
Discussion
Benefit: performance, flexible trust relationships
Issue
Accounting and billing
Post hoc authentication
Full authentication or reauthentication

19. Conclusion, Q & A Good security will be developed
in an open environment
with the collaboration

20. Q & A