Presentation is loading. Please wait.

Presentation is loading. Please wait.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless."— Presentation transcript:

1 DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless Security Nidal Aboudagga*, Jean-Jacques Quisquater UCL Crypto Group UCL Crypto GroupBelgium

2 DIMACS Nov 3 - 4, 2004 2Outline Introduction WEP IEEE 802.1X WPA IEEE 802.11i Roaming Conclusion

3 DIMACS Nov 3 - 4, 2004 3 Why Wireless? Mobility Flexibility –Rapid deployment –Easy administration Low cost Simplicity of use used in two modes: –Ad-Hoc –Infrastructure mode

4 DIMACS Nov 3 - 4, 2004 4 Wired Equivalent Privacy (WEP) (1) Tried to ensure –Confidentiality –Integrity –Authenticity –Replaces the so-known MAC-address filtering Uses the RC4 encryption algorithm to generate a key stream Uses a shared key K (40bit/104bit)

5 DIMACS Nov 3 - 4, 2004 5 Wired Equivalent Privacy (WEP) (2)

6 DIMACS Nov 3 - 4, 2004 6 Wired Equivalent Privacy WEP (3) Uses standard challenge response An initialization vector, IV/(24bit): per packet number, sent in clear WEP failed, because of many known attacks –IV Collision –Message injection –Authentication spoofing –Brute Force Attack –Weaknesses in the Key Scheduling Algorithm of RC4……)

7 DIMACS Nov 3 - 4, 2004 7 Network port authentication 802.1x (1) Adapted to wireless use by IEEE 802.11 group Based on Extensible Authentication Protocol (EAP) Three elements are in use with 802.1x –Supplicant (user) –Authenticator (access point) –Authentication server (usually RADIUS) Uses key distribution messages

8 DIMACS Nov 3 - 4, 2004 8 IEEE802.1x Access Control

9 DIMACS Nov 3 - 4, 2004 9 IEEE 802.1x EAP authentication

10 DIMACS Nov 3 - 4, 2004 10 802.1X / EAP: Authentication methods EAP-MD5: Vulnerable to a lot of attacks and did not support dynamic WEP keys EAP-TLS: Uses certificates for servers and users. The user’s identity is revealed EAP-TTLS: Uses server’s certificate. Protects user’s identity PEAP: Similar to EAP-TTLS, used by Cisco and Microsoft in their products LEAP: A Cisco proprietary vulnerable to dictionary attacks, EAP-SIM, EAP-SPEKE,…

11 DIMACS Nov 3 - 4, 2004 11 Wifi-Alliance Protected Access (1) Built around IEEE 802.11i (draft 3) and compatible with existing material Address WEP vulnerability Supports mixed environment Uses Temporal Key Integrity Protocol (TKIP), 128 bit RC4 key The use of AES is optional

12 DIMACS Nov 3 - 4, 2004 12 Wifi-Alliance Protected Access (2) A suite of 4 algorithms composes TKIP –A Message Integrity Code (MIC), called Michael to defeat forgeries –A new Initial Vector sequencing discipline, to prevent replay attacks –A key mixing function, to have a per-packet key –A re-keying mechanism, to provide fresh keys to the key mixing function

13 DIMACS Nov 3 - 4, 2004 13 TKIP encapsulation

14 DIMACS Nov 3 - 4, 2004 14 Wifi-Alliance Protected Access (3) Solves the problems of integrity, authentication, forgery and replay attack in network with RADIUS server In small network, WPA uses shared secret pass-phrase. This mode is vulnerable to the dictionary attack and impersonation Preserves the RC4 algorithm with its known weakness to ensure compatibility

15 DIMACS Nov 3 - 4, 2004 15 802.11i / Robust Security Network (RSN) Uses AES by default to replace RC4 –Used in CCM mode: CTR + CBC-MAC CCMP fixes 2 values of CCM parameters M=8, indicating that the MIC is 8 octets L=2, indicating the lenght field is 2 octets Support Quality of Service Support of preauthentication to enhance the roaming in wireless network

16 DIMACS Nov 3 - 4, 2004 16 CCMP Encapsulation

17 DIMACS Nov 3 - 4, 2004 17Roaming Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time) Roaming to AP with whish cached a shared PMK from previous SA –skip authentication steps –use 4-way handshake key management protocol to negociate session key (PTK) and send (GTK) –useless when user roams to new AP Preauthentication: the STA authenticate without association to another AP before leaving the old one

18 DIMACS Nov 3 - 4, 2004 18 Full authentication

19 DIMACS Nov 3 - 4, 2004 19Preauthentication

20 DIMACS Nov 3 - 4, 2004 20 Problems of preauthentication Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications Preauthentification can only be used in the same ESS (extended set of service) Preauthentication is an expensive computational load which may be useless

21 DIMACS Nov 3 - 4, 2004 21 Fast roaming IEEE 802.11r WG to enhance fast roaming performance It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake) Adopt roaming key hierarchy –to minimize computational load –time dependency of KMP and –precomputation of roaming key R-PTK Other works attempt to reduce probing latency IEEE802.11f

22 DIMACS Nov 3 - 4, 2004 22Conclusion When IEEE 802.11k is ratified, will improve roaming decisions with a site report sent to client STA Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,…)

Download ppt "DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless."

Similar presentations

CN8816: Network Security 1 Security in Wireless LAN 802.11i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
WLAN SECURITY TEAM NAME : Crypto_5 TEAM MEMBERS: Rajini Ananthoj Srimani Reddy Gatla Ishleen Kour Pallavi Murudkar Deepagandhi Vadivelu.

WLAN SECURITY TEAM NAME : Crypto_5 TEAM MEMBERS: Rajini Ananthoj Srimani Reddy Gatla Ishleen Kour Pallavi Murudkar Deepagandhi Vadivelu.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).

Similar presentations

Ads by Google