An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

研究生：蔡憲邦指導教授：柯開維博士 Design of Efficient and Secure Multiple Wireless Mesh Network 具安全性及自我組織能力的無線網狀網路.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

802.1x EAP Authentication Protocols

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

WLAN What is WLAN? Physical vs. Wireless LAN

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

WIRELESS LAN SECURITY Using

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Lecture 24 Wireless Network Security

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Wireless security Wi–Fi (802.11) Security

Dependability in Wireless Networks By Mohammed Al-Ghamdi.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Wireless Network Security CSIS 5857: Encoding and Encryption.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.

Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.

Port Based Network Access Control

Wired Equivalent Privacy. INTRODUCTION Wired Equivalent Privacy (WEP) is a security algorithm for IEEE wireless networks. Introduced as part of.

History and Implementation of the IEEE 802 Security Architecture

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

History and Implementation of the IEEE 802 Security Architecture

Wireless Protocols WEP, WPA & WPA2.

Lecture 29 Security in IEEE Dr. Ghalib A. Shah

– Chapter 5 (B) – Using IEEE 802.1x

Wireless LAN Security 4.3 Wireless LAN Security.

SECURING WIRELESS LANS WITH CERTIFICATE SERVICES

IEEE i Dohwan Kim.

Wireless Network Security

Presentation transcript:

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4

2004/11/42 Outline ► Introduction ► IEEE 802.1x Standard ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion ► Reference

2004/11/ Security ► A wireless network is broadcast by nature, and the media is reachably-broadcast. ► Authentication and data encryption. ► The standard for WLAN communications introduced the Wired Equivalent Privacy (WEP) protocol.

2004/11/44 Basic Security Mechanisms ► Two Model: ad-hoc and infrastructure mode. ► A wireless client establish a relation with an AP, called an association.  Unauthenticated and unassociated  Authenticated and unassociated  Authenticated and associated

2004/11/ State Machine ► STA and AP exchange authentication Management frames between state 1 and 2. ► Open system,share key and Mac-address based control list. ► WEP was designed to provide confidentiality.

2004/11/46 WEP Protocol ► The WEP protocol is used in networks to protect link level data during wireless transmission. ► It relies on a secret key k shared between the communicating parties to protected the body of a transmitted frame of data. ► Encryption of a frame proceeds: checksumming and encryption.

2004/11/47 WEP Protocol (2)

2004/11/48 The Drawback of WEP ► Keystream Reuse  The IV field used by WEP is only 24 bits wide, nearly guaranteeing that the same IV will be reused for multiple message.

2004/11/49 The Drawback of WEP (2) ► Message Modification  The WEP checksum is a linear function of the message.

2004/11/410 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion

2004/11/411 IEEE 802.1x and RSN ► IEEE 802.1x is a security framework must provide network access authentication. ► RSN (Robust Security Network) provides mechanisms to restrict network connectivity to authorized entities only via 802.1x.

2004/11/412 IEEE 802.1x Setup ► Supplicant: An entity use a service via a port on the Authenticator. ► Authenticator: A service provider. ► AAA Server: A central authentication server which directs the Authenticator to provide the service after successful authentication.

2004/11/ Association

2004/11/414 A Typical Authentication Session using EAP EAPOLRADIUS EAPOL Start

2004/11/415 Extensible Authentication Protocol (EAP) ► EAP is built around the challenge-response communication paradigm. ► Four type messages: EAP Request, EAP Response, EAP Success, EAP Failure.

2004/11/416 EAPOL ► The EAP Over Lan (EAPOL) protocol carries the EAP packets between authenticator and supplicant. ► An EAPOL key message provides a way of communicating a higher-layer negotiated session key.

2004/11/417 RADIUS ► Remote Authentication Dial-In User Service (RADIUS) Protocol. ► The Authentication server and the authenticator communicate using the RADIUS.

2004/11/418 Dual Port Model ► The AP (Authenticator) must permit the EAP traffic before the authentication succeeds.

2004/11/ /1x State Machine

2004/11/420 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion

2004/11/421 Attack ► MIM (Man-in-Middle) attack. ► Session Hijacking. ► Denial of Service (DoS).

2004/11/422 Man-in-Middle ► An attacker forge this packet on behalf of the authenticator and potentially start a simple Man-in-Middle attack.

2004/11/423 Session Hijacking ► The session hijack by spoofing a MAC disassociate message.

2004/11/424 Denial of Service (DoS) ► EAPOL Logoff, EAPOL Start message spoofing. ► EAP failure message spoofing. ► Spoofing of management frames. ► Large number of associate request.

2004/11/425 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion

2004/11/426 Per-packet Authenticity and Integrity ► Lack of per-packet authenticity and integrity in IEEE frames has been a key contributor in many of the protocol ’ s security problems. ► There are currently no plans by the IEEE to add integrity protection to management frame. ► The session hijack attack primarily exploited.

2004/11/427 Authenticity and Integrity of EAPOL messages ► Addition of an EAP authenticator attribute.

2004/11/428 Outline ► Introduction ► IEEE 802.1x Std and RSN ► Man-in-Middle, Session Hijack attack ► Proposed solution ► Conclusion

2004/11/429 Conclusion ► Because the transport medium is shared, permits attackers easy and unconstrained access. ► Our attacks demonstrate that the current RSN architecture does not provide strong access control and authentication.

2004/11/430 Reference Arunesh Mishra, William A. Arbaugh, “ An Initial security analysis of the IEEE 802.1x Standard ” N.Borisov, L.Goldberg, D.Wagner, “ Intercepting Mobile Communications: The Insecurity of ”. Proc., Seventh Annual International Conference on Mobile Computing and Networking, July, 2001, pages IEEE, Lan man standard of the ieee computer society. Wireless lan media access control and physical layer specification. IEEE standard , 1997.