P1451'5 Security

1
P1451.5 Security

• Survey and Recommendations
• By
• Ryon Coleman
• (rcoleman_at_3eti.com)
• October 16, 2003

2
Agenda Analyze Security Techniques Of Candidate
Stacks Present Conclusions

• 802.11 / 802.11i
• Key Management
• Encryption
• Authentication
• Bluetooth
• Profile Approach
• Layered Framework
• ZigBee / 802.15.4
• Government Considerations
• Areas for Convergence
• Backup Slides

3
802.11 Security802.11i Specification for
Enhanced Security

• IEEE 802.1X-based authentication mechanisms are
  used, with AES in CCMP mode, to establish an
  802.11 Robust Security Network (RSN).
• IEEE 802.1X-2001 defines a framework based on the
  Extensible Authentication Protocol (EAP) over
  LANs, also known as EAPoL.
• EAPoL is used to exchange EAP messages. EAP
  messages perform authentication and are used for
  key derivation between a STA and an EAP entity
  known as the Authentication Server (AS).
• 802.11i defines a 4-way handshake using EAPoL for
  key management / key derivation.

4
802.11i Authentication Key Management Overview
5
802.11 EAP Encapsulation

• EAPoL frames are normal IEEE 802.11 data frames,
  thus they follow the format of IEEE 802.11 MSDUs
  and MPDUs.

6
EAPoL for Key Exchange

• Packet Type 0x03 in the 802.1X header indicates
  EAPoL-Key message.
• Used by the Authenticator and Supplicant to
  derive or exchange cryptographic keying
  information.
• After the association first forms, only IEEE
  802.1X protocol messages (i.e., EAP and its
  associated authentication method) flow across the
  link until authentication completes
• The Supplicants IEEE 802.1X Port Access Entity
  (PAE) filters all non-EAP traffic during this
  period. Until authentication completes with the
  distribution of a Pairwise Master Key (PMK), the
  PAE ensures that only EAP packets are sent or
  received between this STA and the wireless
  medium.

7
802.11 RSN Information Element
8
Successful 802.1X Authentication Exchange
9
4-Way Handshake to DeriveEncryption
Authentication Keys
10
4-Way Handshake to DeriveEncryption
Authentication Keys
11
Pairwise Key HierarchyDerivation Process For
Unicast
12
Group Key HierarchyDerivation Process For
Multicast
13
AES Counter CBC-MAC(CCMP) Provides Encryption
Authentication

• The CCMP protocol is based on AES using the CCM
  mode of operation.
• The CCM mode combines Counter (CTR) mode privacy
  and Cipher Block Chaining Message Authentication
  Code (CBC-MAC) authentication.
• These modes have been used and studied for a long
  time, have well-understood cryptographic
  properties, and no known patent encumbrances.
• They provide good security and performance in
  both hardware or software.

14
802.11 CCMP Encapsulation
15
802.11 CCMP Decapsulation
16
Bluetooth Security LAN Access Profile - A
Cross-Layered Approach
From Bluetooth Security Whitepaper Bluetooth
SIG Security Expert Group
17
Bluetooth Security Overview

• Bluetooth takes a cross-layered approach to
  implementing security
• SAFER algorithm used at the Baseband for
  encryption authentication.
• Link Manager specification covers link level
  procedures for configuring security.
• HCI specification details how a host controls
  security how security-related events are
  reported by a Bluetooth module to its host.
• Bluetooth SIG whitepaper exists for implementing
  security and provides examples of how services
  might use security.
• Drawback SAFER (Secure And Fast Encryption
  Routine) was beaten out by Rijndael for selection
  for AES in the U.S.
• Existing Bluetooth security does not satisfy U.S.
  DoD requirements.

18
ZigBee / 802.15.4 Security

• Like 802.11i, ZigBee relies on AES CCM as a
  mainstay for encryption authentication.
• CCM mode consists of CTR mode encryption combined
  with CBC-MAC authentication to produce an
  authenticate-and-encrypt block cipher using
  NIST-approved AES.
• AES CCM is intended to provide encryption, sender
  authentication, and message integrity.

19
ZigBee Key Management

• Currently ZigBee is establishing its key
  management / key distribution techniques.
• Elliptic Curve based techniques are supposedly in
  the works
• Need additional input on ZigBee security from a
  member representative

20
Government Considerations

• Currently, there exist four FIPS-approved
  symmetric key algorithms for encryption
• Advanced Encryption Standard (AES)
• Data Encryption Standard (DES)
• Triple-DES
• Skipjack
• AES is the FIPS-Approved symmetric encryption
  algorithm of choice.
• FIPS 197, Advanced Encryption Standard (AES),
  specifies the AES algorithm (http//csrc.nist.gov/
  cryptval/)
• 802.11i is compliant with NIST FIPS 197 and FIPS
  140-2 validation requirements.

21
Areas for Convergence

• AES CCM should be called out by 1451.5 at the MAC
  sublayer for authentication and encryption.
• Key Management is a crucial area for wireless
  security. 802.11i is good but may be too heavy
  for smart sensors.
• Access to ZigBee techniques would be useful in
  this area
• Bluetooth implements a layered approach, but is
  not in compliance with NIST or DoD requirements.
• A strong, layered approach for 1451.5 security
  would be AES CCM at the MAC plus 802.11i
  constructs including 802.1X EAPoL for mutual key
  derivation / key exchange.
• Any additional information from Axonn or ZigBee?
• Form Subgroup?

22
Backup Slides
23
Bluetooth Versus OSI Model