A Methodology for A Methodology for Evaluating Wireless Evaluating Wireless Network Security Network Security

Protocols Protocols

David RagerDavid Rager

Kandaraj PiamratKandaraj Piamrat

OutlineOutline

► IntroductionIntroduction►Explanation of TermsExplanation of Terms►Evaluation MethodologyEvaluation Methodology►Analysis of WEP, WPA, and RSNAnalysis of WEP, WPA, and RSN►Graphical ResultsGraphical Results►Conclusion Conclusion

IntroductionIntroduction

►Difference properties of wireless Difference properties of wireless network comparing to wired networknetwork comparing to wired network

►Two lines of defense in wireless Two lines of defense in wireless network securitynetwork security Preventive approachPreventive approach Intrusion Detection and Response Intrusion Detection and Response

approachapproach

►WEP WPA RSNWEP WPA RSN

Explanation of TermsExplanation of Terms

►WEP – Wired Equivalent Protocol WEP – Wired Equivalent Protocol

(attempt #1)(attempt #1)►WPA – Wi-Fi Protected Access (attempt #2)WPA – Wi-Fi Protected Access (attempt #2)►RSN – Robust Secure Network (attempt #3)RSN – Robust Secure Network (attempt #3)►EAP – Extensible Authentication Protocol►TKIP – Temporal Key Integrity Protocol ►AES – Advanced Encryption Standard

Explanation of Terms (cont.)Explanation of Terms (cont.)

►CCMP – Counter mode with Cipher block Chaining Message authentication code Protocol

►ICV – Integrity Check Value►MIC – Message Integrity Check ►RADIUS – Remote Authentication Dial

in User Service►IV – Initialization Vector

Evaluation MethodologyEvaluation Methodology

►Authentication CapabilityAuthentication Capability►Encryption StrengthEncryption Strength► Integrity GuaranteesIntegrity Guarantees►Prevention of AttacksPrevention of Attacks► Identity ProtectionIdentity Protection►Ease and Cost of ImplementationEase and Cost of Implementation►Power ConsumptionPower Consumption►Novel IdeasNovel Ideas

Authentication capabilityAuthentication capability

Consideration 0(bad) 1(fair) 2(good)

Type of authentication

Key with challenge response

Key with challenge

response and MAC address

Credentials based

Number of authentication

servers

One Three (# faults permitted) * 3

+ 1

Use of new authentication mechanisms

None - Use of EAP (802.11X)[tech-faq]

Known MITM attacks

One or more - None

Encryption StrengthEncryption Strength

Consideration 0(bad) 1(fair) 2(good)

Key type Static key - Dynamic key

Cipher key type RC4 - AES

Cipher key length 40 or 104 bit encryption

128 bit encryption 128 bit encryption + 64 bit

authentication

Key lifetime 24-bit IV - 48-bit IV

Time used to crack Few hours Few days Centuries

Encrypted packet needed to crack

Few millions - Few trillions

Can be recovered by cryptanalysis

Yes - No

Key management used

None Static EAP

Integrity GuaranteesIntegrity Guarantees

Consideration 0(bad) 1(fair) 2(good)

Integrity of message header

None Michael CCM

Integrity of the data

CRC-32 Michael CCM

Prevention of AttacksPrevention of Attacks

Consideration 0(bad) 1(fair) 2(good)

Replay attack prevention

None - IV sequence , Per-packet key

mixing

DoS cookie No - Yes

Number of known attacks prevented

None Some of them All of them

Minimizes damage No - Yes

Identity ProtectionIdentity Protection

Consideration 0(bad) 1(fair) 2(good)

Group identity revealed to

Entire network All parties Specific parties

Specific identity revealed to

Entire network All parties Specific parties

Ease and Cost of Ease and Cost of ImplementationImplementation

Consideration 0(bad) 1(fair) 2(good)

Computation cost High Medium Low

Incremental installation No - Yes

Number of messages exchanged

300 30 3

Number of actors involved

Many actors - Few actors

Packet key Mixing function Concatenated No need

Additional server hardware

Yes - No

Additional network infrastructure

Yes - No

Number of gates in client device

High - Low

Lines of Code High - Low

Power ConsumptionPower Consumption

Consideration 0(bad) 1(fair) 2(good)

Clients use low power

No - Yes

Client can detect attacks and enter low-

power mode

No - Yes

Novel IdeasNovel Ideas

Consideration 0(bad) 1(fair) 2(good)

Determines physical location

No - Yes

Analysis of WEPAnalysis of WEP

Authentication capabilityAuthentication capability

Consideration 0(bad) 1(fair) 2(good)

Type of authentication

Key with challenge response

Key with challenge

response and MAC address

Credentials based

Number of authentication

servers

One Three (# faults permitted) * 3 + 1

Use of new authentication mechanisms

None - Use of EAP (802.11X)[tech-

faq]

Known MITM attacks

One or more - None

Encryption StrengthEncryption Strength

Consideration 0(bad) 1(fair) 2(good)

Key type Static key - Dynamic key

Cipher key type RC4 - AES

Cipher key length 40 or 104 bit encryption

128 bit encryption 128 bit encryption + 64 bit authentication

Key lifetime 24-bit IV - 48-bit IV

Time used to crack Few hours Few days Centuries

Encrypted packet needed to crack

Few millions - Few trillions

Can be recovered by cryptanalysis

Yes - No

Key management used

None Static EAP

Integrity GuaranteesIntegrity Guarantees

Consideration 0(bad) 1(fair) 2(good)

Integrity of message header

None Michael CCM

Integrity of the data

CRC-32 Michael CCM

Prevention of AttacksPrevention of Attacks

Consideration 0(bad) 1(fair) 2(good)

Replay attack prevention

None - IV sequence , Per-packet key mixing

DoS cookie No - Yes

Number of known attacks prevented

None Some of them All of them

Identity ProtectionIdentity Protection

Consideration 0(bad) 1(fair) 2(good)

Group identity revealed to

Entire network All parties Specific parties

Specific identity revealed to

Entire network All parties Specific parties

Ease and Cost of Ease and Cost of ImplementationImplementation

Consideration 0(bad) 1(fair) 2(good)

Computation cost High Medium Low

Incremental installation No - Yes

Number of messages exchanged

300 30 3

Number of actors involved

Many actors - Few actors

Packet key Mixing function Concatenated No need

Additional server hardware

Yes - No

Additional network infrastructure

Yes - No

Number of gates in client device

High - Low

Lines of Code High - Low

Power ConsumptionPower Consumption

Consideration 0(bad) 1(fair) 2(good)

Clients use low power

No - Yes

Client can detect attacks and enter low-power mode

No - Yes

Novel IdeasNovel Ideas

Consideration 0(bad) 1(fair) 2(good)

Determines physical location

No - Yes

Scores of WEPScores of WEP

► Authentication Capability (0/8)Authentication Capability (0/8)► Encryption Strength (0/16)Encryption Strength (0/16)► Integrity Guarantees (0/4)Integrity Guarantees (0/4)► Prevention of Attacks (0/6)Prevention of Attacks (0/6)► Identity Protection (4/4)Identity Protection (4/4)► Ease and Cost of Implementation (17/18)Ease and Cost of Implementation (17/18)► Power Consumption (2/4)Power Consumption (2/4)► Novel Ideas (0/2)Novel Ideas (0/2)

Total Score = 2.44/8 = Total Score = 2.44/8 = 30.56 30.56 %%

Analysis of WPAAnalysis of WPA

Authentication capabilityAuthentication capability

Consideration 0(bad) 1(fair) 2(good)

Type of authentication

Key with challenge response

Key with challenge

response and MAC address

Credentials based

Number of authentication

servers

One Three (# faults permitted) * 3 + 1

Use of new authentication mechanisms

None - Use of EAP (802.11X)[tech-

faq]

Known MITM attacks

One or more - None

Encryption StrengthEncryption Strength

Consideration 0(bad) 1(fair) 2(good)

Key type Static key - Dynamic key

Cipher key type RC4 - AES

Cipher key length 40 or 104 bit encryption

128 bit encryption 128 bit encryption + 64 bit authentication

Key lifetime 24-bit IV - 48-bit IV

Time used to crack Few hours Few days Centuries

Encrypted packet needed to crack

Few millions - Few trillions

Can be recovered by cryptanalysis

Yes - No

Key management used

None Static EAP

Integrity GuaranteesIntegrity Guarantees

Consideration 0(bad) 1(fair) 2(good)

Integrity of message header

None Michael CCM

Integrity of the data

CRC-32 Michael CCM

Prevention of AttacksPrevention of Attacks

Consideration 0(bad) 1(fair) 2(good)

Replay attack prevention

None - IV sequence , Per-packet key mixing

DoS cookie No - Yes

Number of known attacks prevented

None Some of them All of them

Identity ProtectionIdentity Protection

Consideration 0(bad) 1(fair) 2(good)

Group identity revealed to

Entire network All parties Specific parties

Specific identity revealed to

Entire network All parties Specific parties

Ease and Cost of Ease and Cost of ImplementationImplementation

Consideration 0(bad) 1(fair) 2(good)

Computation cost High Medium Low

Incremental installation No - Yes

Number of messages exchanged

300 30 3

Number of actors involved

Many actors - Few actors

Packet key Mixing function Concatenated No need

Additional server hardware

Yes - No

Additional network infrastructure

Yes - No

Number of gates in client device

High - Low

Lines of Code High - Low

Power ConsumptionPower Consumption

Consideration 0(bad) 1(fair) 2(good)

Clients use low power

No - Yes

Client can detect attacks and enter low-power mode

No - Yes

Novel IdeasNovel Ideas

Consideration 0(bad) 1(fair) 2(good)

Determines physical location

No - Yes

Scores of WPAScores of WPA

► Authentication Capability (6/8)Authentication Capability (6/8)► Encryption Strength (14/16)Encryption Strength (14/16)► Integrity Guarantees (2/4)Integrity Guarantees (2/4)► Prevention of Attacks (4/6)Prevention of Attacks (4/6)► Identity Protection (0/4)Identity Protection (0/4)► Ease and Cost of Implementation (5/18)Ease and Cost of Implementation (5/18)► Power Consumption (1/4)Power Consumption (1/4)► Novel Ideas (0/2)Novel Ideas (0/2)

Total Score = 3.32/8 = Total Score = 3.32/8 = 41.4941.49 % %

Analysis of RSNAnalysis of RSN

Authentication capabilityAuthentication capability

Consideration 0(bad) 1(fair) 2(good)

Type of authentication

Key with challenge response

Key with challenge response and MAC address

Credentials based

Number of authentication

servers

One Three (# faults permitted) * 3 + 1

Use of new authentication mechanisms

None - Use of EAP (802.11X)[tech-

faq]

Known MITM attacks

One or more - None

Encryption StrengthEncryption Strength

Consideration 0(bad) 1(fair) 2(good)

Key type Static key - Dynamic key

Cipher key type RC4 - AES

Cipher key length 40 or 104 bit encryption

128 bit encryption 128 bit encryption + 64 bit authentication

Key lifetime 24-bit IV - 48-bit IV

Time used to crack Few hours Few days Centuries

Encrypted packet needed to crack

Few millions - Few trillions

Can be recovered by cryptanalysis

Yes - No

Key management used

None Static EAP

Integrity GuaranteesIntegrity Guarantees

Consideration 0(bad) 1(fair) 2(good)

Integrity of message header

None Michael CCM

Integrity of the data

CRC-32 Michael CCM

Prevention of AttacksPrevention of Attacks

Consideration 0(bad) 1(fair) 2(good)

Replay attack prevention

None - IV sequence , Per-packet key mixing

DoS cookie No - Yes

Number of known attacks prevented

None Some of them All of them

Identity ProtectionIdentity Protection

Consideration 0(bad) 1(fair) 2(good)

Group identity revealed to

Entire network All parties Specific parties

Specific identity revealed to

Entire network All parties Specific parties

Ease and Cost of Ease and Cost of ImplementationImplementation

Consideration 0(bad) 1(fair) 2(good)

Computation cost High Medium Low

Incremental installation No - Yes

Number of messages exchanged

300 30 3

Number of actors involved

Many actors - Few actors

Packet key Mixing function Concatenated No need

Additional server hardware

Yes - No

Additional network infrastructure

Yes - No

Number of gates in client device

High - Low

Lines of Code High - Low

Power ConsumptionPower Consumption

Consideration 0(bad) 1(fair) 2(good)

Clients use low power

No - Yes

Client can detect attacks and enter low-power mode

No - Yes

Novel IdeasNovel Ideas

Consideration 0(bad) 1(fair) 2(good)

Determines physical location

No - Yes

Scores of RSNScores of RSN

► Authentication Capability (6/8)Authentication Capability (6/8)► Encryption Strength (15/16)Encryption Strength (15/16)► Integrity Guarantees (4/4)Integrity Guarantees (4/4)► Prevention of Attacks (4/6)Prevention of Attacks (4/6)► Identity Protection (0/4)Identity Protection (0/4)► Ease and Cost of Implementation (4/18)Ease and Cost of Implementation (4/18)► Power Consumption (2/4)Power Consumption (2/4)► Novel Ideas (0/2)Novel Ideas (0/2)

Total Score = 4.08/8 = Total Score = 4.08/8 = 50.9550.95 % %

Graphical ResultsGraphical Results

Comparison of categorical Comparison of categorical performanceperformance

Comparison of Categorical Performance

0% 20% 40% 60% 80% 100%

Authentication Capability

Encryption Strength

Integrity Guarantees

Prevention of Attacks

Identity Protection

Ease and Cost of Implementation

Power Consumption

Novel Ideas

Pe

rfo

rma

nc

e C

ate

go

ry

% of Points

WEP

WPA

RSN

Main contributors to each Main contributors to each protocol’s successprotocol’s success

Main Contributors to Each Protocol's Success

WEP WPA RSN

Protocol

% o

f P

oin

ts

Novel Ideas

Power Consumption

Ease and Cost ofImplementation

Identity Protection

Prevention of Attacks

Integrity Guarantees

Encryption Strength

Authentication Capability

ConclusionConclusion

►We have defined specific metrics for We have defined specific metrics for protocol evaluation.protocol evaluation.

►We evaluate different wireless security We evaluate different wireless security protocol based on these metrics.protocol based on these metrics.

►Questions ?Questions ?