Title: P1451'5 Security
1P1451.5 Security
- Survey and Recommendations
- By
- Ryon Coleman
- (rcoleman_at_3eti.com)
- October 16, 2003
2Agenda Analyze Security Techniques Of Candidate
Stacks Present Conclusions
- 802.11 / 802.11i
- Key Management
- Encryption
- Authentication
- Bluetooth
- Profile Approach
- Layered Framework
- ZigBee / 802.15.4
- Government Considerations
- Areas for Convergence
- Backup Slides
3802.11 Security802.11i Specification for
Enhanced Security
- IEEE 802.1X-based authentication mechanisms are
used, with AES in CCMP mode, to establish an
802.11 Robust Security Network (RSN). - IEEE 802.1X-2001 defines a framework based on the
Extensible Authentication Protocol (EAP) over
LANs, also known as EAPoL. - EAPoL is used to exchange EAP messages. EAP
messages perform authentication and are used for
key derivation between a STA and an EAP entity
known as the Authentication Server (AS). - 802.11i defines a 4-way handshake using EAPoL for
key management / key derivation.
4802.11i Authentication Key Management Overview
5802.11 EAP Encapsulation
- EAPoL frames are normal IEEE 802.11 data frames,
thus they follow the format of IEEE 802.11 MSDUs
and MPDUs.
6EAPoL for Key Exchange
- Packet Type 0x03 in the 802.1X header indicates
EAPoL-Key message. - Used by the Authenticator and Supplicant to
derive or exchange cryptographic keying
information. - After the association first forms, only IEEE
802.1X protocol messages (i.e., EAP and its
associated authentication method) flow across the
link until authentication completes - The Supplicants IEEE 802.1X Port Access Entity
(PAE) filters all non-EAP traffic during this
period. Until authentication completes with the
distribution of a Pairwise Master Key (PMK), the
PAE ensures that only EAP packets are sent or
received between this STA and the wireless
medium.
7802.11 RSN Information Element
8Successful 802.1X Authentication Exchange
94-Way Handshake to DeriveEncryption
Authentication Keys
104-Way Handshake to DeriveEncryption
Authentication Keys
11Pairwise Key HierarchyDerivation Process For
Unicast
12Group Key HierarchyDerivation Process For
Multicast
13AES Counter CBC-MAC(CCMP) Provides Encryption
Authentication
- The CCMP protocol is based on AES using the CCM
mode of operation. - The CCM mode combines Counter (CTR) mode privacy
and Cipher Block Chaining Message Authentication
Code (CBC-MAC) authentication. - These modes have been used and studied for a long
time, have well-understood cryptographic
properties, and no known patent encumbrances. - They provide good security and performance in
both hardware or software.
14802.11 CCMP Encapsulation
15802.11 CCMP Decapsulation
16Bluetooth Security LAN Access Profile - A
Cross-Layered Approach
From Bluetooth Security Whitepaper Bluetooth
SIG Security Expert Group
17Bluetooth Security Overview
- Bluetooth takes a cross-layered approach to
implementing security - SAFER algorithm used at the Baseband for
encryption authentication. - Link Manager specification covers link level
procedures for configuring security. - HCI specification details how a host controls
security how security-related events are
reported by a Bluetooth module to its host. - Bluetooth SIG whitepaper exists for implementing
security and provides examples of how services
might use security. - Drawback SAFER (Secure And Fast Encryption
Routine) was beaten out by Rijndael for selection
for AES in the U.S. - Existing Bluetooth security does not satisfy U.S.
DoD requirements.
18ZigBee / 802.15.4 Security
- Like 802.11i, ZigBee relies on AES CCM as a
mainstay for encryption authentication. - CCM mode consists of CTR mode encryption combined
with CBC-MAC authentication to produce an
authenticate-and-encrypt block cipher using
NIST-approved AES. - AES CCM is intended to provide encryption, sender
authentication, and message integrity.
19ZigBee Key Management
- Currently ZigBee is establishing its key
management / key distribution techniques. - Elliptic Curve based techniques are supposedly in
the works - Need additional input on ZigBee security from a
member representative
20Government Considerations
- Currently, there exist four FIPS-approved
symmetric key algorithms for encryption - Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- Triple-DES
- Skipjack
- AES is the FIPS-Approved symmetric encryption
algorithm of choice. - FIPS 197, Advanced Encryption Standard (AES),
specifies the AES algorithm (http//csrc.nist.gov/
cryptval/) - 802.11i is compliant with NIST FIPS 197 and FIPS
140-2 validation requirements.
21Areas for Convergence
- AES CCM should be called out by 1451.5 at the MAC
sublayer for authentication and encryption. - Key Management is a crucial area for wireless
security. 802.11i is good but may be too heavy
for smart sensors. - Access to ZigBee techniques would be useful in
this area - Bluetooth implements a layered approach, but is
not in compliance with NIST or DoD requirements. - A strong, layered approach for 1451.5 security
would be AES CCM at the MAC plus 802.11i
constructs including 802.1X EAPoL for mutual key
derivation / key exchange. - Any additional information from Axonn or ZigBee?
- Form Subgroup?
22 Backup Slides
23Bluetooth Versus OSI Model