Presentation is loading. Please wait.

Presentation is loading. Please wait.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30.

Published byAmbrose Johnson Modified over 8 years ago

Similar presentations

Presentation on theme: "PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30."— Presentation transcript:

1 PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG IETF#84 @Vancouver 2012.07.30

2 Motivations White space spectrum is a valuable resource, ◦ Business chances ◦ Attract attention from regulatory bodies in different countries ◦ A great number of potential users ◦ Security and Privacy need to be carefully taken care of… Refer to PAWS WG charter, further

3 Security threats Various security threats can be summarized as follows from a security point of view: ◦ Impersonation of a master device ◦ Impersonation of a database ◦ Man in the middle node on the interface between master device and database ◦ Attacks on the link of interface between master device and database ◦ Attacks on the master device itself Page 3

4 Security features To thwart the above security threats, the security mechanism shall be able to provide the following security features: ◦ Mutual entity authentication and both of them shall be authorized ◦ Data confidentiality ◦ Data integrity ◦ Anti-Replay ◦ Trusted environment or something equivalent The security mechanism TLS is recommended to be used in PAWS. Page 4

5 This proposal An informational draft, ◦ Design and implement PAWS security ◦ Check security and privacy (ongoing) requ. ◦ Provide Autho. & Authe. models.  RBWS models  TLS mutual authentication (rather than unilateral) ◦ Protection in different layers by distinct use cases. ◦ Agility of Crypto and Security Protocols (ongoing) ◦ … A WG draft on security, as a starting point to discuss?

6 Appendix

7 Authentication model For business reasons or ease of management, databases may be deployed by different third- party that is authorized by regulatory body of white space. There are two possible deployment cases: 1.one is that the databases deployed by the third-party which are authorized by regulatory body of white space; 2.the other is that the databases are directly deployed by regulatory body of white space The requirements on authentication should be considered respectively Page 7

8 Database deployed by third-party Authentication model 1 ◦ the security channel will be established between master device and database, only the database can establish connection with RBWS. ◦ In this model,the master device needs to obtain IP connectivity with database, which require an access authentication, which is independent of authentication run in authorized procedure in RBWS(Regulatory Body of White Space ). It means that the mutual authentication shall be implemented in TLS establishment procedure before the authorized procedure of RBWS. ◦ Two suites credentials are needed: one is provided by trusted authority of third-party, the other is provided by authority of RBWS Page 8

9 Database deployed by third-party Authentication model 2 ◦ the security channel will be established between master device and database, both of master device and database can connect to RBWS. ◦ The differences from model 1 is master device can directly connect to RBWS to get the authorized information. Page 9

10 Databases deployed by regulatory body of white space Authentication model 3 ◦ Only one suite credential is needed which is provided by authority of RBWS ◦ the secure channel shall be established to protect the communication between the master device and the database. Page 10

11 TLS establishment procedure Page 11

12 TLS establishment procedure The first stage: security capabilities including protocol version, session ID, cipher suite, compression method, and initial random numbers are established. The second stage: certificate, key exchange, and request certificate may be sent by database. The third phase: master device sends certificate if requested. Key exchange and certificate verification may be sent by master device. The last phase: change cipher suite and finish handshake protocol. Page 12

13 A bad example - Mutual authentication in mixed layers Authentication of both parties in TLS establishment procedure TLS for database authentication, and master device authentication over TLS by running other authentication protocol. This method is not recommended because such a mixed mode usage opens up the possibility to run a man-in-the-middle attack for impersonating the legitimate client. ◦ RFC4196 ◦ Asokan et al’s attack since 2002

14 Thank you!

Download ppt "PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30."

Similar presentations

Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
© 2013 Marcin Nagy & N. Asokan & Jörg Ott 1 PeerShare: A System for Secure Distribution of Sensitive Data among Social Contacts Marcin Nagy, N. Asokan,

© 2013 Marcin Nagy & N. Asokan & Jörg Ott 1 PeerShare: A System for Secure Distribution of Sensitive Data among Social Contacts Marcin Nagy, N. Asokan,
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google