Presentation is loading. Please wait.

Presentation is loading. Please wait.

History and Implementation of the IEEE 802 Security Architecture

Published byRandell Byrd Modified over 6 years ago

Similar presentations

Presentation on theme: "History and Implementation of the IEEE 802 Security Architecture"— Presentation transcript:

1 History and Implementation of the IEEE 802 Security Architecture
Month Year doc.: IEEE yy/xxxxr0 July 2016 History and Implementation of the IEEE 802 Security Architecture Date: Authors: Meareg Abreha (Addis Ababa University) John Doe, Some Company

2 History and Implementation of the IEEE 802 Security Architecture
July 2016 History and Implementation of the IEEE 802 Security Architecture Meareg Abreha San Diego, CA July 2016 Meareg Abreha (Addis Ababa University)

3 Outline Background Parameter as security gauges
July 2016 Outline Background Parameter as security gauges IEEE 802 security protocols in terms of the chosen parameters Challenges and Conclusion Meareg Abreha (Addis Ababa University)

4 Background Early security on IEEE 802:
July 2016 Background Early security on IEEE 802: Gained attention in the wireless world Barely proof of concept for Number theory's application Security protocols evolved due to: Thorough analysis Attacks Meareg Abreha (Addis Ababa University)

5 Parameters as Security Gauges
July 2016 Parameters as Security Gauges Parameters that provide the means to control clients and resources in a given network: Data Access Control and Authentication Resource access and controls clients Data Confidentiality and Integrity: Privacy and authenticity of data Meareg Abreha (Addis Ababa University)

6 Data Access Control and Authentication
July 2016 Data Access Control and Authentication Started out with 802.1x standard for port-based network Access control in uses the PPP based EAP as its authentication mechanism. Authenticator PAE enforces authentication via the uncontrolled port before opening the controlled port to allow supplicants access to resources. access to the resource is only upon a successful authentication Meareg Abreha (Addis Ababa University) 6

7 July 2016 A little more on 802.1x 802.1x was initially developed for IEEE since 2003, extended to It defines EAP-Over-LAN (EAPOL), a standard encapsulation method to adapt EAP messages sent over Ethernet or WLANs. Meareg Abreha (Addis Ababa University) 7

8 Data Access Control and Authentication on IEEE 802 standards currently
July 2016 Data Access Control and Authentication on IEEE 802 standards currently The IEEE i Enterprise mode implements the 802.1x with authentication servers such as RADIUS In Zigbee (Upper layer extension on top of the ) a trust center/coordinator requests a node for a valid shared network key before it can join the network. In IEEE , MIH SA is established either using TLS handshake, (D)TLS or EAP execution over the MIH protocol. 802.3 (Ethernet) (Wi-Fi) Meareg Abreha (Addis Ababa University) 8

9 Data Access Control and Authentication on IEEE 802 standards currently
July 2016 Data Access Control and Authentication on IEEE 802 standards currently The IEEE (WiMAX) (MBWA) implements RSA based authentication function using x.509 certificates or EAP based authentication. IEEE (MBWA – Vehicular Mobility support)– has Basic EAP Support Protocol IEEE (MIH) – uses target network's authentication mechanism before MIH frames exchange. IEEE (TVWS) – uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Meareg Abreha (Addis Ababa University)

10 Data Confidentiality and Integrity
July 2016 IEEE (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Meareg Abreha (Addis Ababa University)

11 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Meareg Abreha (Addis Ababa University)

12 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as i (security protocol - WPA2)–included on the 2007 amendment of the Meareg Abreha (Addis Ababa University)

13 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity ...WLANs security Wi-Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka “Michael”) for data integrity Meareg Abreha (Addis Ababa University)

14 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity ...WLANs security Wi-Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity Both WPA and WPA2 include 802.1x (in enterprise mode) CCMP (CBC-MAC protocol) Meareg Abreha (Addis Ababa University) 14

15 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: - GTK vulnerability (Hole 196) - Dictionary based attacks on weak PTK etc. Meareg Abreha (Addis Ababa University)

16 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity ...WLANs security IEEE 802.1w Is a 2009 amendment to the i for protecting management frames Aims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Meareg Abreha (Addis Ababa University)

17 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption – unicast Point-to-point and broadcast encryption - both Meareg Abreha (Addis Ababa University)

18 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. Meareg Abreha (Addis Ababa University)

19 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (WiMAX) security Has two component protocols: Encapsulation Protocol – secures data across the fixed Broadband Wireless Access Network Key Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Meareg Abreha (Addis Ababa University)

20 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (MBWA - Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Meareg Abreha (Addis Ababa University)

21 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Meareg Abreha (Addis Ababa University)

22 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity IEEE (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH between heterogeneous IEEE 802 as well as other systems. Meareg Abreha (Addis Ababa University)

23 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity WRANs (IEEE ) security Two security sub-layers: Sublayer 1 – targets non-cognitive functionalities Sublayer 2 – targets cognitive functionalities Meareg Abreha (Addis Ababa University)

24 Data Confidentiality and Integrity
July 2016 Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the systems against DoS attack types targeted at that layer. Meareg Abreha (Addis Ababa University)

25 Challenges and Conclusion
July 2016 Challenges and Conclusion Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Meareg Abreha (Addis Ababa University)

26 Questions and comments are welcome :-)
July 2016 Thank You! Questions and comments are welcome :-) Meareg Abreha (Addis Ababa University)

Download ppt "History and Implementation of the IEEE 802 Security Architecture"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
P1451.5 Security Survey and Recommendations By: Ryon Coleman October 16, 2003.

P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the 802.15.4 Network.

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
Michal Rapco 05, 2005 Security issues in Wireless LANs.

Michal Rapco 05, 2005 Security issues in Wireless LANs.
Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Similar presentations

Ads by Google