Doc.: IEEE 802.11-01/495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

IEEE Wireless LAN Standard

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.

Doc.: IEEE /0170r0 Submission March 2005 Jon Edney, Stefano Faccin, NokiaSlide 1 Session MAC Address For Anonymity Date: Notice: This.

Submission August 2001 Nancy Cam-Winget, Atheros Slide 1 Rapid Re-keying WEP a recommended practice to improve WLAN Security Nancy Cam-Winget, Atheros.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Mobile and Wireless Communication Security By Jason Gratto.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Wireless Network Security. What is a Wireless Network Wireless networks serve as the transport mechanism between devices and among devices and the traditional.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Doc.: IEEE /137r2 Submission June 2000 Tim Godfrey, IntersilSlide 1 TGe Requirements Version r2 8 June 2000.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Doc.: IEEE r Submission November 2004 Bob Beach, Symbol TechnologiesSlide 1 Fast Roaming Using Multiple Concurrent Associations Bob.

Lecture 24 Wireless Network Security

Doc.: IEEE /1062r0 Submission September 2004 F. Bersani, France Telecom R&DSlide 1 Dominos, bonds and watches: discussion of some security requirements.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Submission doc.: IEEE 11-12/535r1 May 2012 Jarkko Kneckt, NokiaSlide 1 Scanning and FILS requirements Date: Authors:

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

Wireless security Wi–Fi (802.11) Security

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Doc.: IEEE /0485r0 Submission May 2004 Jesse Walker and Emily Qi, Intel CorporationSlide 1 Management Protection Jesse Walker and Emily Qi Intel.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Doc.: IEEE /403r0 Submission July 2001 Albert Young, 3Com, et alSlide 1 Supplementary Functional Requirements for Tgi ESS Networks Submitted to.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Wireless Protocols WEP, WPA & WPA2.

doc.: IEEE /454r0 Bob Beach Symbol Technologies

Security in SDR & cognitive radio

Presentation transcript:

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged from 6 ~ 15 Extracted Doc245 requirements Four presentations were received Captured new requirements Categorized and summarized (here) for discussion

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 2 General Requirements(1) Security framework must be able to prevent unauthorized access by peers Security framework must protect wireless network traffic from eavesdropping Security framework must protect wireless network traffic from packet forgeries Any method must be resistant to all known active and passive attacks, including dictionary attacks, man-in-the- middle attacks, replay attacks, and interleaving attacks TGi must add at least one method to the authentication framework that meet the security requirements of this document.

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 3 General Requirements(2) A flexible mechanism for adding interoperable security algorithms must be incorporated, so that the standard does not need to be revised to use new algorithms in the future. The standard should specify one method as mandatory when security extensions are implemented. Key exchange & Packet security negotiation should be specified separately although they might be implemented as part of a single method. The standard shall include an informative annex with recommended practice for certain upper layer authentication methods

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 4 General Requirements(3) In the standard, security requirements are independent of QoS requirements. However, implementers should be aware of the potential interactions. {from original RQ} Security framework must strongly protect keys and passwords from recovery by eavesdropper Standards-based cryptographic algorithms must be favored over proprietary and non-standards based algorithms The Security capabilities of the method shall meet or exceed that the required to maintain integrity against both active and passive attacks of 2 80 work factor and probability of successful bogus authentication (in the absence of 2 80 work) of at most 2 -32

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 5 Authenticated Key Exchange Negotiation Negotiation of authentication (and privacy algorithms) must be incorporated. There must be a method for initiating party to advertise key exchange protocols

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 6 Authenticated Key Exchange(1) Security framework must allow for mutual authentication of STA (device and/or user) and network(ESS) or STA(IBSS). Method must provide one or more session master key(s) from which other session keys required by packet security methods can be derived. Security framework must allow key distribution or derivation of per-link or per-session keys Session keys used should be unique to two communicating parties and need to be bound to session identity authentication policy shall be the same for associate and re- associate operations

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 7 Authenticated Key Exchange(2) The same key must not be used for both peer authentication and for protecting the data on the data link. E.g.the peer authentication key must not be derived from the bulk data key or vice versa The bulk data protections must monitor the rate of key entropy decay and take action to maintain security The framework should support methods that allow deployment of authentication using existing RADIUS database(s) for wireless LAN, wire line LAN and remote network access.

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 8 Packet Security Negotiation Negotiation of authentication and privacy algorithms must be incorporated.

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 9 Packet Security (1) Security framework must provide authentication of the source of each packet. The bulk data protections must provide authenticity of message payload and immutable fields Each session should use unrelated keys for encryption There must be a exchange of random material to be used for key derivation and a synchronization method (to coordinate sequence spaces to be used to bulk data key entropy and to initialize replay protection state). The bulk data protections must provide replay protection

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 10 Packet Security (2) must be efficient in the use state that has to be maintained across different instances of the same secure channel must prevent reflection attacks must be designed and implemented so that a sequence number is “statistically never” reused with the same key, even across different instances of the same secure channel. It is necessary and sufficient that the bulk data privacy algorithm provide immunity from chosen plaintext attacks but desirable for it also to provide immunity from chosen ciphertext attacks.

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 11 Roaming Security framework should not preclude fast and frequent roaming must support explicit authentication on roaming

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 12 Implementation Related There must be a encryption method, better than WEP, meeting these requirements, which can be implemented on existing legacy hardware through software upgrade Implementable on limited capability clients (1-2 MIPS) must be suitable for implementation in access points and clients which have low or moderate computational resources. “Low or moderate” computational resources means a class of device for which the following example is indicative: On initial association, a 40MIPS access point or mobile terminal with limited RAM must be able to execute the method in 5 seconds or less. The bulk data protections must have efficient implementations in both hardware and software

doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 13 Others Support for “Anonymity” in the sense that a STA can obtain authentication to the network based on an ephemeral identity. Support for “Anonymity” in the sense that a 3 rd party wireless STA cannot discover the user identity of a supplicant. Method must allow STAs to be authenticated to more than one AP at a time