Post on 20-Dec-2015
transcript
DIMACS Nov 3 - 4, 2004
WIRELESS SECURITY AND WIRELESS SECURITY AND ROAMING OVERVIEWROAMING OVERVIEW
DIMACS DIMACS November 3-4, 2004 November 3-4, 2004
Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless Security
Nidal Aboudagga*, Jean-Jacques Quisquater
UCL Crypto Group UCL Crypto Group
BelgiumBelgium
DIMACS Nov 3 - 4, 2004 2
OutlineOutline
• Introduction
• WEP
• IEEE 802.1X
• WPA
• IEEE 802.11i
• Roaming
• Conclusion
DIMACS Nov 3 - 4, 2004 3
Why Wireless?Why Wireless?
• Mobility • Flexibility
– Rapid deployment – Easy administration
• Low cost • Simplicity of use • used in two modes:
– Ad-Hoc– Infrastructure mode
DIMACS Nov 3 - 4, 2004 4
Wired Equivalent Privacy (WEP) (1)Wired Equivalent Privacy (WEP) (1)
• Tried to ensure – Confidentiality– Integrity – Authenticity – Replaces the so-known MAC-address filtering
• Uses the RC4 encryption algorithm to generate a key stream
• Uses a shared key K (40bit/104bit)
DIMACS Nov 3 - 4, 2004 5
Wired Equivalent Privacy (WEP) (2)Wired Equivalent Privacy (WEP) (2)
DIMACS Nov 3 - 4, 2004 6
Wired Equivalent Privacy WEP (3)Wired Equivalent Privacy WEP (3)
• Uses standard challenge response• An initialization vector, IV/(24bit): per packet
number, sent in clear • WEP failed, because of many known attacks
– IV Collision – Message injection – Authentication spoofing – Brute Force Attack – Weaknesses in the Key Scheduling Algorithm of
RC4……)
DIMACS Nov 3 - 4, 2004 7
Network port authentication 802.1x (1)Network port authentication 802.1x (1)
• Adapted to wireless use by IEEE 802.11 group
• Based on Extensible Authentication Protocol (EAP)
• Three elements are in use with 802.1x– Supplicant (user) – Authenticator (access point)– Authentication server (usually RADIUS)
• Uses key distribution messages
DIMACS Nov 3 - 4, 2004 8
IEEE802.1x Access ControlIEEE802.1x Access Control
DIMACS Nov 3 - 4, 2004 9
IEEE 802.1x EAP authenticationIEEE 802.1x EAP authentication
DIMACS Nov 3 - 4, 2004 10
802.1X / EAP: Authentication methods802.1X / EAP: Authentication methods
• EAP-MD5: Vulnerable to a lot of attacks and did not support dynamic WEP keys
• EAP-TLS: Uses certificates for servers and users. The user’s identity is revealed
• EAP-TTLS: Uses server’s certificate. Protects user’s identity
• PEAP: Similar to EAP-TTLS, used by Cisco and Microsoft in their products
• LEAP: A Cisco proprietary vulnerable to dictionary attacks,
• EAP-SIM, EAP-SPEKE,…
DIMACS Nov 3 - 4, 2004 11
Wifi-Alliance Protected Access (1)Wifi-Alliance Protected Access (1)
• Built around IEEE 802.11i (draft 3) and compatible with existing material
• Address WEP vulnerability • Supports mixed environment • Uses Temporal Key Integrity Protocol (TKIP),
128 bit RC4 key • The use of AES is optional
DIMACS Nov 3 - 4, 2004 12
Wifi-Alliance Protected Access (2)Wifi-Alliance Protected Access (2)
• A suite of 4 algorithms composes TKIP
– A Message Integrity Code (MIC), called Michael to defeat forgeries
– A new Initial Vector sequencing discipline, to prevent replay attacks
– A key mixing function, to have a per-packet key
– A re-keying mechanism, to provide fresh keys to the key mixing function
DIMACS Nov 3 - 4, 2004 13
TKIP encapsulationTKIP encapsulation
DIMACS Nov 3 - 4, 2004 14
Wifi-Alliance Protected Access (3)Wifi-Alliance Protected Access (3)
• Solves the problems of integrity, authentication, forgery and replay attack in network with RADIUS server
• In small network, WPA uses shared secret pass-phrase. This mode is vulnerable to the dictionary attack and impersonation
• Preserves the RC4 algorithm with its known weakness to ensure compatibility
DIMACS Nov 3 - 4, 2004 15
802.11i / Robust Security Network (RSN)802.11i / Robust Security Network (RSN)
• Uses AES by default to replace RC4– Used in CCM mode: CTR + CBC-MAC
• CCMP fixes 2 values of CCM parameters • M=8, indicating that the MIC is 8 octets • L=2, indicating the lenght field is 2 octets
• Support Quality of Service • Support of preauthentication to enhance the
roaming in wireless network
DIMACS Nov 3 - 4, 2004 16
CCMP EncapsulationCCMP Encapsulation
DIMACS Nov 3 - 4, 2004 17
Roaming Roaming
• Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time)
• Roaming to AP with whish cached a shared PMK from previous SA– skip authentication steps – use 4-way handshake key management protocol to
negociate session key (PTK) and send (GTK)– useless when user roams to new AP
• Preauthentication: the STA authenticate without association to another AP before leaving the old one
DIMACS Nov 3 - 4, 2004 18
Full authenticationFull authentication
DIMACS Nov 3 - 4, 2004 19
Preauthentication Preauthentication
DIMACS Nov 3 - 4, 2004 20
Problems of preauthenticationProblems of preauthentication
• Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications
• Preauthentification can only be used in the same ESS (extended set of service)
• Preauthentication is an expensive computational load which may be useless
DIMACS Nov 3 - 4, 2004 21
Fast roaming Fast roaming
• IEEE 802.11r WG to enhance fast roaming performance
• It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake)
• Adopt roaming key hierarchy – to minimize computational load – time dependency of KMP and – precomputation of roaming key R-PTK
• Other works attempt to reduce probing latency IEEE802.11f
DIMACS Nov 3 - 4, 2004 22
Conclusion Conclusion • When IEEE 802.11k is ratified, will improve
roaming decisions with a site report sent to client STA
• Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming
• When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications
• The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,…)