Doc.: IEEE 802.11-11/1145r1 Submission August 2011 802.11 WG Slide 1 Mutual Authentication Date: 2011-08-28 Authors: Slide 1.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Akshat Sharma Samarth Shah
Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Doc.: IEEE /0976r1 Submission July 2011 Hitoshi Morioka, ROOT INC.Slide 1 TGai Authentication Protocol Proposal Date: Authors: NameAffiliationsAddressPhone .
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Doc.: IEEE /0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: Notice: This.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Doc.: IEEE /1066r2 Submission July 2011 Robert Moskowitz, VerizonSlide 1 Link Setup Flow Date: Authors: NameCompanyAddressPhone .
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
WIRELESS LAN SECURITY Using
Wireless and Security CSCI 5857: Encoding and Encryption.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Doc.: IEEE /0056r0 Submission January 2010 Dan Harkins, Aruba NetworksSlide 1 Security Review of WAI Date: Authors:
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Lecture 24 Wireless Network Security
Doc.: IEEE /1062r0 Submission September 2004 F. Bersani, France Telecom R&DSlide 1 Dominos, bonds and watches: discussion of some security requirements.
EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.
Doc: IEEE xxx Submission March 2015 Jeongseok Yu et al., Chung-Ang University Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE /0315r4 Submission July 2009 Dan Harkins, Aruba NetworksSlide 1 Enhanced Security Date: Authors:
Doc.: IEEE /0310r0 Submission Sept 2007 Srinivas Sreemanthula Slide 1 IEEE MEDIA INDEPENDENT HANDOVER DCN: MIH-Security-Options.ppt.
Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Omniran CF00 1 Key Concepts of Authentication and Trust Establishment Date: Authors: NameAffiliationPhone Max RiegelNokia Networks+49.
Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0448r0 Submission March, 2007 Srinivas SreemanthulaSlide 1 Joiint TGU : Emergency Identifiers Notice: This document has been.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
Doc.: IEEE /1212r0 Submission September 2011 IEEE Slide 1 The Purpose and Justification of WAPI Comparing Apples to Apples, not Apples to.
Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Port Based Network Access Control
Richard EAP-WAI Authentication Protocol Stockholm, IETF 75th draft-richard-emu-wai-00.
Robust Security Network (RSN) Service of IEEE
Web Applications Security Cryptography 1
Enhanced Security Date: Authors: May 2009 May 2009
Enhanced Security Features for
CS259: Security Analysis of Network Protocols, Winter 2008
Teleconference Agenda
Discussions on FILS Authentication
Enhanced Security Features for
Security of a Local Area Network
Mesh Security Proposal
Mutual Authentication
TGr Architectural Entities
Mutual Authentication
Security Properties Straw Polls
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Link Setup Flow July 2011 Date: Authors: Name Company
CID#89-Directed Multicast Service (DMS)
Overview of Improvements to Key Holder Protocols
Overview of Improvements to Key Holder Protocols
Link Setup Flow July 2011 Date: Authors: Name Company
Presentation transcript:

doc.: IEEE /1145r1 Submission August WG Slide 1 Mutual Authentication Date: Authors: Slide 1

doc.: IEEE /1145r1 Submission August WG This document provides a statement from the IEEE Working Group on the topic of mutual authentication Abstract Slide 2

doc.: IEEE /1145r1 Submission August WG What is “Mutual Authentication” Process where each side is assured of the other side’s identity – Each side possesses a credential (an uniquely identifying piece of information plus an identity) that is trusted, or can be trusted by the other – Does not require that each side use the same credential as the other – Authentication is accomplished by verification that the side claiming some identity possesses the unique information for that identity Thwarts man-in-the-middle attacks Typical (but not required) properties of mutual authentication protocols – Non-repudiation – Key generation Slide 3

doc.: IEEE /1145r1 Submission August WG RSN Networks The common view of an RSN network involves 3 parties: a client, an AP, and a AAA server that speaks EAP Client authenticates to network via AAA server using EAP method AAA server sends resulting PMK to AP, AP does 4wayHS AP protects bulk data using CCMP Properties of EAP and 4wayHS ensure mutual authentication CCMP EAP 802.1x PMK disclosure bulk data protection PTK Client AP AAA 4wayHS RADIUS/ Diameter 4wayHS PMK “the network” Slide 4

doc.: IEEE /1145r1 Submission August WG RSN Networks A different deployment – Client authenticates to network via AP using EAP method – AP does 4wayHS – AP protects bulk data using CCMP – Properties of EAP and 4wayHS ensure mutual authentication ClientAP CCMP EAP PTK 4wayHS PMK CCMP EAP PTK 4wayHS PMK 802.1x bulk data protection “the network” Slide 5

doc.: IEEE /1145r1 Submission August WG Different Deployments Represent Network Optimization Deployment of RSN scales better when using a stand-alone EAP server Network credentials in one place instead of many Expanding coverage and adding users is simpler AAA server represents multi-homed network The RSN protocol remains the same regardless of deployment Client is completely unaware of network deployment Both deployments provide “mutual authentication” Threat model for network access is unchanged Slide 6

doc.: IEEE /1145r1 Submission August WG WAPI = WAI + WPI The players: ASUE is a client device, performs ECDH and ECDSA The AE is an access point, performs ECDH and ECDSA The ASE is a clearing house for the ASUE’s and AE’s certificates ASUE and AE do authenticated Diffie-Hellman (WAI) using ASE for certificate validation followed by Unicast Key Exchange ASUE and AE do WPI for bulk data protection using USK WPI WAI DH+DSA + UKE certificate validation bulk data protection USK Client/ASUEAP/AEASE Slide 7

doc.: IEEE /1145r1 Submission August WG A “Split MAC” Architecture for WAPI The “real time” aspects of the MAC remain in each AP, the “non real time” aspects of all APs are aggregated into a single controller For WAPI, that means moving WAI to controller, leaving WPI in AP WPI WAI Client/ASUE AE ASE WAI WPI DH+DSA + UKE bulk data protection USK certificate validation Slide 8

doc.: IEEE /1145r1 Submission August WG “Split MAC” WAPI How does it work? – Controller/AE and ASUE have certificates, AP does not – The AP passes all traffic with ethertype 0x88b4 to the controller/AE, all other ASUE traffic is blocked – Controller/AE performs ECDH and ECDSA, talks to ASE – Controller/AE authenticates ASUE, and derives BK – Controller/AE performs UKE and derives USK – Controller sends USK to AP – AP unblocks ASUE traffic filter – AP performs WPI using the USK An alternate form involves splitting WAI functionality, leaving part of it in the AP – Controller/AE sends BK to AP – AP performs Unicast Key Exchange and derives USK Slide 9

doc.: IEEE /1145r1 Submission August WG A “Split MAC” Architecture A “split MAC” deployment scales better – Less devices to provision – APs do not contain long-term secrets for network access – Increasing coverage is as easy as adding new “thin” APs 100% WAPI compliant! – The WAPI protocol is not changed – ASUE does not know that there is a “split MAC” architecture Authentication is still between ASUE and AE but… – AP does not derive BK and is not a party to the WAI exchange – USK (or BK) needs to be transferred from AE/controller to AP What about “mutual authentication”? Slide 10

doc.: IEEE /1145r1 Submission August WG “Mutual Authentication”? Two Views A “split MAC” architecture is merely a deployment optimization – The location in which the components of the MAC layer protocol are spoken change, but the MAC layer protocol does not change – WAPI still performs “mutual authentication” Or is it? – WAPI is insecure because AP is not authenticated – WAPI lacks “mutual authentication” – Secret key (USK/BK) is disclosed to AP by AE! Slide 11

doc.: IEEE /1145r1 Submission August WG The Conclusion… This logic leads us to conclude that: – Either both WAPI and RSN provide “mutual authentication”; or, – Neither WAPI nor RSN provide “mutual authentication”. Slide 12

doc.: IEEE /1145r1 Submission August WG Slide 13 References s-p802-11s-sponsor-ballot-4 th -recirc-comments.xls Slide 13

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.