1 /24 May 2006 - 1 Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann 12.06.2007.

Slides:



Advertisements
Similar presentations
Chapter 07 Designing and Implementing Security for WLAN
Advertisements

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
IPsec Internet Headquarters Branch Office SA R1 R2
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Solutions for WEP Bracha Hod June 1, i Task Group  Addresses WEP issues –No forgery protection –No protection against replays –Attack through.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Security in Wireless Networks IEEE i Presented by Sean Goggin March 1, 2005.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Xiuzhen Cheng Xiuzhen Cheng Csci388 Wireless and Mobile Security – Temporal Key Integrity Protocol.
Lecture 24 Wireless Network Security
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Wireless security Wi–Fi (802.11) Security
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:
History and Implementation of the IEEE 802 Security Architecture
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
Module 48 (Wireless Hacking)
Robust Security Network (RSN) Service of IEEE
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Authentication and handoff protocols for wireless mesh networks
Wireless Protocols WEP, WPA & WPA2.
Lecture 29 Security in IEEE Dr. Ghalib A. Shah
WEP & WPA Mandy Kershishnik.
Chapter 24 Wireless Network Security
Wireless LAN Security 4.3 Wireless LAN Security.
IEEE i Dohwan Kim.
Wireless Network Security
Stefan Rommer, Mats Näslund, András Méhes (Ericsson)
Security Of Wireless Sensor Networks
TKIP.
Security of Wireless Sensor Networks
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Counter With Cipher Block Chaining-MAC
IT4833/6833 WiFi Security Building Blocks (I).
Presentation transcript:

1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann

2 /24 May Systems Architecture Introduction  WEP is not sufficient - Weak key management (use and distribution) - Weak cryptography (affecting integrity and confidentiality) - Weak authentication (if any)  Networks and Ressources are not adequately protected in WEP based Wireless LANs

3 /24 May Systems Architecture Introduction  RSN – defined in i – adresses those problems - Including changes for all of the above mentioned weaknesses - Important change regards the encryption algorithm, rising the need for new hardware  For backward compatibility TKIP (Temporal Key Integrity Protocol) was specified and became the base for WPA - Difference to RSN is keeping RC4 as cipher, but with altered utilization  WPA2 is based almost completely on RSN

4 /24 May Systems Architecture Similarities WPA / WPA2 - Overview  New Authentication Method - using EAP (Extensible Authentication Protocol) and - Four-Way Handshake  New Key Management - a Key Hierarchy is defined - Dynamic and Pre-Shared Keys are supported

5 /24 May Systems Architecture Similarities WPA / WPA2 - Authentication  Goals:  STA identity is confirmed, so only approved STAs gain access - How exactly User identities are checked is due to the chosen Method - Those could be Passwords, Smartcards, Tokens, so the Method has great impact on overall security  AP identity is confirmed, so «rogue» APs are avoided - Common method are Certificates  Session Key is installed in AP and STA to prevent later impersonation - Unlike in wired LANs, there is no physical connection

6 /24 May Systems Architecture Similarities WPA / WPA2 - Authentication  Method (based on modified 802.1X): - Three entities are defined - Supplicant wants access to the network, here the STA - Authenticator controls access by port based access control, here the AP - Authentication Server handles authorization, can be located outside the AP on a different machine  Security Policy is negotiated during Association with a Wireless LAN - Contains EAP Method Selection

7 /24 May Systems Architecture Steps 4. and 5. may be repeated according to EAP Method Similarities WPA / WPA2 - Authentication AS (Auth.server)AP (Authenticator)STA (Supplicant) 1. EAPOL-Start (opt.) 2. EAPOL Request 3. EAPOL Response 3. RADIUS Access Request 4. RADUIS Access Challenge 4. EAP Request 5. RADIUS Access Request 5. EAP Response 6. RADUIS Access Accept 6. EAP Success 7. EAPOL Logoff (opt.)

8 /24 May Systems Architecture Similarities WPA / WPA2 - Authentication  All Authentication Communication goes over the uncontrolled port of the AP  The AP only mediates EAP Messages without interpreting them  EAPOL (EAP over LAN) is used between AP and STA  EAP over RADIUS is commonly used between AP and AS - Not mandatory in i

9 /24 May Systems Architecture Similarities WPA / WPA2 - Authentication  On EAP Success Message the Four Way Handshake is initialized  Security of the Channel between AP and AS is not part of the Standard, but required for RSN to be secure  EAP Methods is not specified, but variants utilizing TLS are common - In that case, the TLS Handshake is encapsulated in EAP Messages  Mutual Authentication must be guaranteed by the EAP Methods selected

10 /24 May Systems Architecture Similarities WPA / WPA2 - Authentication  Port is still closed, until completion of Four Way Handshake  In this phase Keys are generated for the Communictaion between STA and AP, using a Master Key STAAP EAPOL Key (MIC, Seq Nr.) Computes PTK EAPOL Key (Random 2, MIC Computes PTK Verify MIC EAPOL Key (Random 1) Verify MIC EAPOL Key (Ack, MIC) Controlled Port is unblocked

11 /24 May Systems Architecture Similarities WPA / WPA2 - Key Management  Top Level is the Pairwise Master Key - Can be pre-installed or delivered through EAP Authentication - Master Key means, it is used to derive actual Session Keys  Second Level is the Pairwise Transient Key - Consist of four Keys - Data encryption Key and Data integrity Key (identical in RSN) - Key encryption Key and Key integrity Key (used in 4-Way Handshake) - Input is PMK, MAC Address and Random Number of both participants

12 /24 May Systems Architecture Similarities WPA / WPA2 - Key Management  Another Level is the Group Transient Key - Consist of only two Keys - Group encryption Key and Group Integrity Key - Transmitted to STAs during Group Key Handshake, secured with Key encryption Key - GK Handshakes can occur any time (necessary)

13 /24 May Systems Architecture Differences WPA / WPA2 - Overview  TKIP with RC4 Cipher - Integrity protection by Michael MIC (Message Integrity Code) - Replay protection by enforcing sequenced Initialization Vectors - Confidentiality by different use of RC4 - Countermeasures when detecting attacks  RSN with AES-CCMP - Advanced Encryption Standard - Counter Mode Encryption (CTR) - Cipher Block Chaining Message Authentication Code (CBC-MAC) - Used for integrity, authentication and confidentiality - Replay protection by using sequence numbers during MAC computation

14 /24 May Systems Architecture Differences WPA / WPA2 - TKIP  Michael Integrity Protection - Solution without the need for hardware upgrades - Integrity protection by encryption with MIC key - MIC computed over user data, source and destination adresses and priority bits  Monotonically increasing TKIP Seqence Counter (TSC) (=IV) - IV length increased from 24bit to 48bit  Cryptographic key-mixing process for new key for every frame: create dynamic WEP key from TK and TSC - Avoid weak keys by TKIP Mix - User frame, 64bit-MIC, transmitter adress encrypted with per-frame key

15 /24 May Systems Architecture Differences WPA / WPA2 - TKIP  Different Key for every Message with 48 bit IV Image taken from SeCoWiNetV1.4.pdf [2]

16 /24 May Systems Architecture Differences WPA / WPA2 - TKIP  Combined with countermeasures, executed after a failure of the Integrity Check: - Logging Security Event - Second failure within 60s disables reception for another 60s, even not allowing new Associations with TKIP - Changing PTK and GTK through reinvoking authentication with 4-Way Handshake

17 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  AES is a block cipher  Insertion on block ciphers  Criteria: - Completeness, every bit of output block depends on each bit of input block and each bit of the key - Avalanche effect, change of 1 bit in input block leads to changing of each output bit with probability ½ (same for key) - Statistical independence, between output and input block  AES uses a number of simple operations two produce a complex output - This includes bit substitutions with lookup tables, permutations and «adding» the key which includes modulo operations - Sequence of those simple operations is repeated multiple times - Each sequence updates an internal state

18 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  AES Operational Modes (1) - Cipher Block Chaining (CBC) - Every Plaintext Block is XORed to the preceding Ciphertext Block before encryption, uses an IV for the 1st Block - Thus two identical Plaintext Blocks will generate different Ciphertext - Each Cipher Block is dependent on all preceding Plaintext Blocks - CBC can be used as MAC (CBC-MAC) Image taken from [4]

19 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  AES Operational Modes (2) - Counter Mode (CTR) - Converts a Block Cipher into a Stream Cipher - Generates Keystream Blocks by encrypting values of an internal state and a nonce - Internal state is a Counter, that is incremented in each iteration Image taken from [4]

20 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP CCM - Combines CBC-MAC (integrity and authentication) and CTR (confidentiality) – both encryption and MIC as result - Takes as input 128 bit TK, 48 bit Packet Number and some Data from the frame header - PN is used as counter (to prevent replay attacks) and with header information as nonce - Header forms additional input for CCM called AAD - => Nonce, AAD and plaintext data + key as input for CCM - Ensures confidentiality of data and integrity of data and header - Combines both to encrypt and produce a MIC simultaneously => same key for encryption and integrity protection - AES obviates the need for per-packet key - CCM header consist of identifier for TK and PN

21 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  AES CCMP Image taken from SP pdf [3]

22 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  Characteristics:

23 /24 May Systems Architecture Differences WPA / WPA2 - AES CCMP  Security Vulnerability: « Replay detection », « impersonation detection » and «weak keys » are most important for attacks against WEP.

24 /24 May Systems Architecture References [1] Breaking 104 bit WEP in less than 60 seconds (2007), Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin [2] Security and Cooperation in Wireless Networks, Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing, by Levente Buttyan (BME) and Jean-Pierre Hubaux (EPFL) [3] NIST Special Publication , Establishing Wireless Robust Security Networks: A Guide to IEEE i, Sheila Frankel, Bernard Eydt, Les Owens, Karen Scarfone [4] Wikipedia, 11. Juni 2007

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.