Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Internet Protocol Security (IP Sec)

Block Cipher Modes of Operation and Stream Ciphers

Authentication Applications

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Chapter 5 Network Security Protocols in Practice Part I

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

802.1x EAP Authentication Protocols

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

IEEE Wireless Local Area Networks (WLAN’s).

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

WIRELESS LAN SECURITY Using

Wireless and Security CSCI 5857: Encoding and Encryption.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

IP Security Lawrence Taub IPSEC IP security — security built into the IP layer Provides host-to-host (or router-to-router) encryption and.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

CSCE 715: Network Systems Security

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Karlstad University IP security Ge Zhang

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPSEC : KEY MANAGEMENT PRESENTATION BY: SNEHA A MITTAL(121427)

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.

IPSec VPN: How does it really work? Yasushi Kono (ComputerLinks Frankfurt)

Lecture 24 Wireless Network Security

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Network Layer Security Network Systems Security Mort Anvari.

K. Salah1 Security Protocols in the Internet IPSec.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

IPSec Detailed Description and VPN

Chapter 5 Network Security Protocols in Practice Part I

Network Security (contd.)

Presentation transcript:

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group E July 2000 meeting Prasad, Anand Raji, Alex

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 2 Objectives Improve network security capabilities –Critical for business, home and Internet applications Assure alignment with IETF Improve Encryption scheme Assure backward compatibility with the current standard

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 3 Overview of Security Vulnerabilities* Compromise of encryption key Theft of hardware is equivalent to theft of key Packet spoofing, disassociation attack Rogue AP Known plain-text attack Brute force attack Passive monitoring Replay attack * Derived from Microsoft paper: IEEE /034r1

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 4 Proposed Security Solutions Flexible/extensible security architecture with backward compatibility Hardware as well as user authentication Key management with support for per station/per session encryption key Mutual authentication (defense against rogue AP) Option to use other/better encryption algorithms Per packet authentication (defense against replay attack and packet spoofing)

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 5 Security Proposal Highlights Enhanced encryption key exchange –Support public key exchange (Diffie-Hellman) –Improve WEP key distribution/management Enhanced authentication –Support user as well as machine authentication options –Support extensible authentication protocol (EAP) over wireless with multi-protocol support akin to 802.1x –Support for certificate authentication of hardware Enhanced privacy algorithms –Choice of packet authentication and/or encryption (AH, ESP) –Add anti-replay measures (sequence #) –Support multiple encryption algorithms

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide e Dynamic Key Exchange

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 7 Key Exchange Parameters Support both shared key (WEP) and public key Support infrastructure as well as ad-hoc modes Backward compatibility with b Address rogue AP vulnerability Flexibility to negotiate a variety of security schemes Adhere to known and trusted security industry practices Assume a short key life Negotiate a single encrypted tunnel per station

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 8 Proposed Methodology for Key Exchange Use internet key exchange (IKE, RFC 2409) standard as a model Exchange keys ASAP to establish a secure tunnel (prior to association) Overload KE messages over authentication frames Link key exchange phase to the subsequent phases to prevent session hijacking Provide a mechanism for protocol negotiation for later phases (Authentication and Privacy protocols)

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 9 Advantages Public Key Exchange Addresses the following vulnerabilities –Compromise of the encryption key (each session has a new key) –Rogue AP (via X.509 certificate authentication of the AP) –Password cracking (allows encrypted session to be established before authentication) Diffie-Hellman public key algorithm –Well defined negotiation of a secret key between the end points –Eliminates shared key requirement, simplifies management Supports X.509 certificates –Integrated one-way or two-way certificate authentication

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 10 Public Key Exchange Requirements Need a good pseudo random number generator –Use MD5(x,y) or SHA(x,y) one-way hashing function Ability to calculate exponential modulus of large numbers –G x MOD p where p is 768 or 1024 bits long –Similar to m e MOD n for RSA calculations Ability to verify certificate digital signatures –Digital signature standard verification (NIST FIP-186) Requires SHA(x,y), g -1 MOD p, and g x MOD p calculation –RSA signature verification Requires SHA(x,y), and m e MOD n calculation

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 11 Example Key Exchange Initiator Responder Proposal values, Key (g^x), ID i, Nonce i Selected proposal, Key (g^y), ID r, Nonce r, Hash r Hash i Skey = Hash(Nonce i +Nonce r +g^xy) g^xy = (g^x)^y MOD p Hash r = Hash(g^xy+ID i +ID r +g^x+g^y+Nonce i +Nonce r ) Hash i = Hash(g^xy+ID r +ID i +g^y + g^x +Nonce r +Nonce i ) g^xy = (g^y)^x MOD p Skey = Hash(Nonce i +Nonce r +g^xy)

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 12 Example Key Exchange + Certificate Authentication Initiator Responder Proposal, Key (g^x), ID i, Certificate Req, Nonce i Proposal, Certificate[BSSID,g^y,Signature], ID r, Nonce r, Hash r Hash i Skey = Hash(Nonce i +Nonce r +g^xy) Verify certificate signature

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 13 Example Key Distribution (WEP) Initiator Responder Proposal, Key (g^x), ID i, Nonce i Proposal, Key (g^y), ID r, Nonce r, Hash r Hash i [Session key] Skey Skey = Hash(Nonce i +Nonce r +g^xy) RC4(Session key, Skey)

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide e Enhanced Authentication

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 15 Enhanced Authentication Parameters Support User and Machine level authentication Support emerging 802.1x standard Flexibility to support multiple authentication protocols (PAP, CHAP, etc.) Compatible with popular AAA systems such as RADIUS Compatibility with PKI and Certificate authentication Authentication process itself must be secure

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide x draft standard (EAPOL) Extensible Authentication Protocol (EAP; RFC 2284) is a general protocol for PPP authentication –EAPOL is adopted by IEEE 802.1x as an authentication mechanism for network port access control. –EAPOL supports multiple authentication mechanisms. The IEEE draft P802.1X/D5 describes the use of EAPOL in Port based Network Access Control in IEEE wireless LAN infrastructures. EAPOL communication occurs in an unsecured shared environment, so it is vulnerable to attack.

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 17 Proposed Authentication Methodology Negotiate a secret key prior to station authentication step to create a secure encrypted tunnel. Negotiate a single authentication methodology (PAP, CHAP, etc.) during the key exchange process. Use EAPOL as defined in IEEE 802.1x, only after the secure tunnel is established. Authentication Number Field of Authentication Frame is used to identify the EAPOL protocol vs the legacy Shared Key or Open System.

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 18 EAP Over Wireless LAN (EAPOWL) Addresses the following vulnerabilities –Theft of hardware enables unauthorized access –Access control (enables user based authentication and filtering) –Password cracking (provides the ability to limit the number of failures) Provides additional benefits –Enables tracking of lost/stolen hardware by logging the card MAC address while authenticating

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide e Enhanced Privacy

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 20 Enhanced Privacy Protocol Parameters Support multiple encryption algorithms (DES, 3DES, etc.) Support key per session Backward compatibility with WEP/RC4 Support frame Authentication as well as Encryption Include defense against replay attacks Include defense against packet spoofing

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 21 Proposed Enhanced Privacy Use IPSec standard as a model (RFC 1826, 1827) Negotiate a single packet security and privacy protocol for each station MAC address during the key exchange process. Packet layout is the same as WEP except –IV field could also become a 4 byte sequence number –ICV field could also become the payload hash value Optionally add authentication field to control and management packets Support WEP, as well as other encryption algorithms.

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 22 Enhanced Privacy Packet Format WEP encryption format Enhanced privacy encryption format

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 23 Enhanced Privacy Protocol Advantages Addresses the following vulnerabilities –Packet spoofing via frame authentication field –Known plaintext attack via block cipher algorithms –Brute force attack via longer keys / better encryption algorithms –Passive monitoring via packet encapsulation –Disassociation attack via control frame authentication field –Replay attack via integrated sequence number field

doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 24 Comparing WEP to Enhanced Security Proposal * Longer RC4 keys