History and Implementation of the IEEE 802 Security Architecture

Slides:



Advertisements
Similar presentations
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless Networking.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
WEP Protocol Weaknesses and Vulnerabilities
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Wired Equivalent Privacy. INTRODUCTION Wired Equivalent Privacy (WEP) is a security algorithm for IEEE wireless networks. Introduced as part of.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Emerging Solutions in Network Time Synchronization Security
Robust Security Network (RSN) Service of IEEE
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Authentication and handoff protocols for wireless mesh networks
Wireless Protocols WEP, WPA & WPA2.
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
WEP & WPA Mandy Kershishnik.
CS259: Security Analysis of Network Protocols, Winter 2008
Some LB 62 Motions January 13, 2003 January 2004
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
On and Off Premise Secure Access
Secure Authentication System for Public WLAN Roaming
– Chapter 5 (B) – Using IEEE 802.1x
Wireless LAN Security 4.3 Wireless LAN Security.
IEEE i Dohwan Kim.
Wireless Network Security
The Secure Sockets Layer (SSL) Protocol
Authentication and handoff protocols for wireless mesh networks
Pre-Association Negotiation of Management Frame Protection (PANMFP)
Link Setup Flow July 2011 Date: Authors: Name Company
Overview of Improvements to Key Holder Protocols
Overview of Improvements to Key Holder Protocols
Link Setup Flow July 2011 Date: Authors: Name Company
Security in Wireless Metropolitan Area Networks (802.16)
Security in Wireless Metropolitan Area Networks (802.16)
Presentation transcript:

History and Implementation of the IEEE 802 Security Architecture Month Year doc.: IEEE 802.11-yy/xxxxr0 July 2016 History and Implementation of the IEEE 802 Security Architecture Date: 2016-07-26 Authors: Meareg Abreha (Addis Ababa University) John Doe, Some Company

History and Implementation of the IEEE 802 Security Architecture July 2016 History and Implementation of the IEEE 802 Security Architecture Meareg Abreha San Diego, CA July 2016 Meareg Abreha (Addis Ababa University)

Outline Background Parameter as security gauges July 2016 Outline Background Parameter as security gauges IEEE 802 security protocols in terms of the chosen parameters Challenges and Conclusion Meareg Abreha (Addis Ababa University)

Background Early security on IEEE 802: July 2016 Background Early security on IEEE 802: Gained attention in the wireless world Barely proof of concept for Number theory's application Security protocols evolved due to: Thorough analysis Attacks Meareg Abreha (Addis Ababa University)

Parameters as Security Gauges July 2016 Parameters as Security Gauges Parameters that provide the means to control clients and resources in a given network: Data Access Control and Authentication Resource access and controls clients Data Confidentiality and Integrity: Privacy and authenticity of data Meareg Abreha (Addis Ababa University)

Data Access Control and Authentication July 2016 Data Access Control and Authentication Started out with 802.1x standard for port-based network Access control in 2001 - uses the PPP based EAP as its authentication mechanism. 802.1x contains three components and two logical ports. Authenticator PAE enforces authentication via the uncontrolled port before opening the controlled port to allow supplicants access to resources. access to the resource is only upon a successful authentication Meareg Abreha (Addis Ababa University) 6

July 2016 A little more on 802.1x 802.1x was initially developed for IEEE 802.3 - since 2003, extended to 802.11. It defines EAP-Over-LAN (EAPOL), a standard encapsulation method to adapt EAP messages sent over Ethernet or WLANs. Meareg Abreha (Addis Ababa University) 7

Data Access Control and Authentication on IEEE 802 standards currently July 2016 Data Access Control and Authentication on IEEE 802 standards currently The IEEE 802.11i Enterprise mode implements the 802.1x with authentication servers such as RADIUS In IEEE 802.21, MIH SA is established either using TLS handshake, (D)TLS or EAP execution over the MIH protocol. 802.3 (Ethernet) 802.11 (Wi-Fi) Meareg Abreha (Addis Ababa University) 8

Data Access Control and Authentication on IEEE 802 standards currently January 2016 Data Access Control and Authentication on IEEE 802 standards currently IEEE 802.15.1 (Bluetooth) implements request- response based scheme where specific implementation is dependent on the application used. In Zigbee (Upper layer extension on top of the IEEE 802.15.4) a trust center/coordinator requests a node for a valid shared network key before it can join the network. The IEEE 802.16 (WiMAX) (MBWA) implements RSA based authentication function using x.509 certificates or EAP based authentication. Joseph Levy (InterDigital)

Data Access Control and Authentication on IEEE 802 standards currently July 2016 Data Access Control and Authentication on IEEE 802 standards currently IEEE 802.20 (MBWA – with Vehicular Mobility support) – has Basic EAP Support Protocol. IEEE 802.21 (MIH) – uses target network's authentication mechanism before MIH frames exchange. IEEE 802.22 (TVWS) – uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 IEEE 802.3 (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.11 (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE 802.11 standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as 802.11i (security protocol - WPA2)–included on the 2007 amendment of the 802.11. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity ...WLANs security Wi-Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka “Michael”) for data integrity Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity ...WLANs security Wi-Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity CCMP (CBC-MAC protocol) Meareg Abreha (Addis Ababa University) 15

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: - GTK vulnerability (Hole 196) - Dictionary based attacks on weak PTK etc. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity ...WLANs security IEEE 802.1w Is a 2009 amendment to the 802.11i for protecting management frames Aims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.15.1 (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption – unicast Point-to-point and broadcast encryption - both Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.15.4 (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.16 (WiMAX) security Has two component protocols: Encapsulation Protocol – secures data across the fixed Broadband Wireless Access Network Key Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.20 (MBWA - Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity WRANs (IEEE 802.22) security Two security sub-layers: Sublayer 1 – targets non-cognitive functionalities Sublayer 2 – targets cognitive functionalities Meareg Abreha (Addis Ababa University)

Data Confidentiality and Integrity July 2016 Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the 802.22 systems against DoS attack types targeted at that layer. Meareg Abreha (Addis Ababa University)

Challenges and Conclusion July 2016 Challenges and Conclusion Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Meareg Abreha (Addis Ababa University)

Questions and comments are welcome :-) July 2016 Thank You! Questions and comments are welcome :-) Meareg Abreha (Addis Ababa University)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.