WEP-WAP - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

WEP-WAP

Description:

WEP-WAP * * * * Goals Biometric protocols suitable for a wireless networked environment Secure system/network access via biometric authentication Secure wireless ... – PowerPoint PPT presentation

Number of Views:272
Avg rating:3.0/5.0
Slides: 24
Provided by: helpline4
Category:
Tags: wap | wep

less

Transcript and Presenter's Notes

Title: WEP-WAP


1
WEP-WAP
2
Goals
  • Biometric protocols suitable for a wireless
    networked environment
  • Secure system/network access via biometric
    authentication
  • Secure wireless transmission of biometric data

3
Why Wireless Biometrics?
  • Combination of two rapidly growing technologies
  • Biometric systems for verification and
    identification
  • Homeland Security
  • Wireless systems for mobility
  • Over 1 trillion wireless phone min. in US, 2004
  • Common advantage is convenience

4
Human authentication
  • Types of human authentication
  • What you know (secret)
  • Password, PIN, mothers maiden name
  • What you have (token)
  • ATM card, smart card
  • What you are (biometric)
  • Stable fingerprint, face, iris
  • Alterable voice, keystroke
  • Where you are (authorization?)
  • Wireless

5
Biometric Advantages
  • Convenience
  • Cant be lost (in general)
  • Cant be forgotten
  • Cant be loaned
  • Mostly unique (matching may not be)
  • Perceived strong non-repudiation
  • Does not change significantly (in general)
    (Ident.)
  • Both verification and identification applications

6
Biometric Authentication System
Source Podio, NIST
7
Wireless Biometric System Security
  • Security issues
  • Biometric authentication to ensure secure access
    to the system/network
  • In other words, wireless system access security
  • Wireless message authentication to ensure secure
    transmission of biometric data
  • In other words, personal information security and
    privacy across the wireless network
  • Physical security
  • Devices, computers, transmitters/receivers, etc.

8
Biometric Authentication Threats
9
Biometric Cryptography
  • Use of biometric data for encryption decryption
  • fuzzy commitment, vault Ari Juels, RSA Labs

10
Biometric Cryptography (example)
00000 11111
01010 10101
01010 01010
Enroll (Encrypt)
Password (hashed)
Template (key)
E(h(Pwd))
stored
compare
Within Threshold?
Template (key)
10000 10111
live
Hamming Distance 2
11010 11101
Verify (Decrypt)
11
Biometrics Standards
  • Common Biometric Exchange File Format (CBEFF)
  • ANSI-NIST-ITL-2000
  • Data exchange quality
  • Criminal identification
  • American Association for Motor Vehicle
    Administration (AAMVA) DL/ID 2000
  • FBI
  • Wavelet Scalar Quantization (WSQ) fingerprint
    image (de)compression
  • Electronic Fingerprint Transmission Standard
    (EFTS)
  • Intel Common Data Security Architecture (CDSA)
  • ANSI X9.84 Biometric data security (life cycle)
  • Originally developed for financial industry uses
    CBEFF
  • APIs
  • Open BioAPI, Java Card Biometric API uses CBEFF
  • Proprietary BAPI what is Microsoft planning?
  • XCBF
  • XML Common Biometric Format from OASIS uses
    CBEFF
  • Mechanisms for secure transmission, storage,
    integrity, privacy of biometrics

12
Biometric Standards
  • Recently from NIST
  • Biometric Data Specification for Personal
    Identity Verification (PIV)
  • January 24, 2005 (Draft)
  • New standards governing interoperable use of
    identity credentials to allow physical and
    logical access to federal government locations
    and systems
  • Technical and formatting requirements for
    biometric credentials
  • Restricts values and practices for fingerprints
    and facial images
  • Geared toward FBI background checks and
    formatting data for a PIV card
  • CBEFF and BioAPI compliant

13
Wireless Advantages
  • Mobility
  • Flexibility
  • Easier to relocate and configure
  • More scalable
  • Cost
  • No cost due to physical barriers, private
    property.
  • Productivity
  • More opportunity to connect
  • Aesthetics
  • No clutter from wires
  • Robustness
  • Less physical infrastructure to damage and repair

14
Wireless Disadvantages
  • Lower channel capacity
  • Limited spectrum available
  • Power restrictions
  • Noise levels
  • Noise and interference
  • Frequency allocation
  • U.S. FCC
  • Greater security concern
  • Information traveling in free space

15
Wireless Protocols
  • Network domains
  • Broadband
  • IEEE 802.16, Worldwide Interoperability for
    Microwave Access (WiMAX) framework, not single
    system or class of service
  • Cellular networks
  • Global System for Mobile communication (GSM)
  • Universal Mobile Telecommunications System (UMTS
    WCDMA)
  • Cordless systems
  • Time Division Multiple Access (TDMA)
  • Time Division Duplex (TDD)
  • Mobile Internet Protocol (Mobile IP)
  • Wireless Local Area Network (WLAN)
  • IEEE 802.11 (Wi-Fi) a,b,g (n not yet ratified)
  • Wireless Personal Area Network (WPAN)
  • IrDA, Bluetooth, ultra wideband, wireless USB
  • Home Automation (narrow band)
  • Infineon, ZigBee, Z-Wave

16
Wireless Protocol Comparison
Source PC Magazine, March 22, 2004
17
Security and Protocols
  • Security domains
  • Application security
  • Wireless Application Protocol (WAP)
  • Uses Wireless Transport Layer Security (WTLS)
  • Current Class 2 devices based on IETF SSL/TLS
  • Future Class 3 devices will use a WAP Identity
    Module (WIM)
  • Web services
  • Simple Object Access Protocol (SOAP) toolkits
    available for Java .NET
  • Operating system security (Java run-time, Palm
    OS, Microsoft Windows CE)
  • Device security (PINs, pass-phrases, biometrics)
  • Security of wireless protocols
  • IEEE 802.11 (Wi-Fi)
  • Wireless Encryption Protocol (WEP) weak and
    flawed
  • Wi-Fi Protected Access (WPA). Uses Temporal Key
    Integrity Protocol (TKIP)
  • IEEE 802.11i Wireless Security spec. (WPA, AES,
    FIPS 140-2 compliant)
  • Authentication security
  • Remote Authentication Dial In User Service
    (RADIUS)
  • Kerberos
  • SSL

18
Network Encryption
  • Secure Shell (SSH)
  • Application Layer
  • Secure remote connection replacement for telnet,
    rlogin, rsh
  • Secure Socket Layer (SSL)
  • Transport Layer Security (TLS)
  • Uses TCP has specific port numbers
  • Main use is HTTPS (port 443)
  • Internet Protocol Security (IPSec)
  • Network Layer
  • Includes a key management protocol
  • Included in IPv6

19
Avenues of Attack
wireless
LAN- connected Computer
Local Computer
LAN
Remote Computer
Capture Device
WAN
20
Wireless Security Issues
  • Denial of Service (DoS)
  • JammingUse Spread Spectrum (DSSS, FHSS)
    technology
  • As a device battery attack, i.e., more processing
    more battery usage
  • Eavesdropping
  • Signal is in the open air (war dialing)
  • Theft or loss of device
  • Due to size, portability, and utility
  • Dependency on public-shared infrastructure
  • What security is in place?
  • Masquerading
  • Rogue clients pretend to be legitimate endpoint
  • Rogue access points trick clients to logging in
  • Malware
  • Worms (Cabir) and Viruses (Timfonica, Phage) on
    wireless devices
  • Use Antivirus software

21
Wireless Security Paradox
  • We use wireless devices for convenience
  • Security measures often decrease convenience and
    performance
  • Result Security features are often disabled or
    given lower priority

22
System Design Considerations
  • Verification
  • Are you who you claim to be (or are supposed to
    be)?
  • 11 matching
  • Usually consensual
  • Typically smaller template databases
  • Authorization (computer, network, building)
  • Identification
  • Who are you?
  • 1n matching
  • Often no explicit consent or awareness
  • Typically larger template databases
  • Surveillance (homeland and border security),
    forensics, criminal investigation (AFIS)
  • Why not both?
  • i.e. You are not who you say you are, so who are
    you?

23
Future Research
  • Pattern for fuzzy matching?
  • Biometrics, digital watermarks, IDS, search
    engines
  • Biometric cryptography
  • Biometric key generation
  • Fuzzy matching methodologies
  • Embedding biometric keys within wireless
    protocols
  • X.509 certificates
  • Protocol payload area
  • Protocol header (authentication) area
  • Use coefficients? (polynomial, elliptic curve)
Write a Comment
User Comments (0)
About PowerShow.com