Wireless Security A Silver Lining Ahead - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Wireless Security A Silver Lining Ahead

Description:

Similar security properties as EAP-TLS, like mutual authentication and a shared ... WPA uses Temporal Key Integrity Protocol (TKIP) - stronger data encryption, ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 31
Provided by: psionte
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security A Silver Lining Ahead


1
Wireless Security A Silver Lining Ahead
  • www.psionteklogix.com
  • Rosario Macri
  • April 10, 2003

2
Agenda
  • IEEE 802.1X
  • Principles of Operation
  • Wi-Fi Protected Access (WPA)
  • Brief overview
  • Data Privacy
  • User Authentication
  • 802.1X
  • IEEE 802.11i
  • Brief Introduction
  • Data Privacy
  • User Authentication
  • 802.1X

3
IEEE 802.1X Port Based Network Access Control
  • IEEE 802.1X standard - intended to provide strong
    authentication, access control and key
    management.
  • Means of authenticating and authorizing devices -
    prevents access where authentication and
    authorization fails.
  • Wireless terminal is Supplicant and Access Point
    is Authenticator.
  • Authentication initiated by Supplicant or
    Authenticator - Occurs at System initialization
    time
  • Authentication - process of binding a name to
    something known, in IEEE 802.11 refers to the
    Media Access Control address (MAC address).

4
802.1X Principles of Operation, contd
  • Port Access Entity (PAE) operates algorithms and
    protocols associated with authentication
    mechanisms for device port.
  • Supplicant - responsible for responding to
    Authenticator for information that will establish
    its credentials.
  • Authenticator - responsible for communication
    with Supplicant, submits information received
    from Supplicant to Authentication Server -
    Supplicant credentials checked for correct
    authorization.
  • Authentication Server- provides authentication
    services to Authenticator to determine whether
    Supplicant is authorized to access services
    provided by the Authenticator.
  • Authentication Server function can be co-located
    with authenticator function within same entity,
    but is typically an external server (e.g. RADIUS
    Server).

5
802.1X - Principles of Operation
  • Figure 1. illustrates the IEEE 802.1X setup.
  • Supplicant authenticates via Authenticator to
    central Authentication Server.
  • Authentication Server confirms Supplicants
    credentials.
  • Authentication Server directs Authenticator to
    provide services after successful authentication.

PAE Access Point, Ethernet Switch, etc.
PAE Ethernet, Token Ring, Wireless, etc.
Supplicant
Authenticator
EAPOL (Ethernet, Token Ring, 802.11)
Encapsulated EAP messages, typically on Radius
AAA Server Any EAP Server, Typically RADIUS
Authentication Server
Figure 1. The IEEE 802.1X Setup
6
802.1X Principles of Operation, contd
  • Supplicant, Authenticator and Authentication
    Server are necessary to complete authentication
    exchange.
  • Figure 2. illustrates Port-based access control
    (Authenticator) Controlled Port and
    Uncontrolled Port are two logical entities, but
    are same physical connection to the LAN

Figure 2. Controlled and Uncontrolled ports
7
802.1X Principles of Operation, contd
  • Protocol exchanges between Authenticator and
    Authentication Server conducted via Controlled or
    Uncontrolled Port.
  • Controlled Port accepts packets from
    authenticated devices, Uncontrolled Port only
    accepts 802.1X packets.
  • Uncontrolled Port used for exchanging Extensible
    Authentication Protocol (EAP) over LAN packets,
    EAPOL, with Supplicant.
  • Uncontrolled Port and Controlled Port considered
    same point of attachment to the LAN.
  • Point of attachment is association between
    wireless terminal and Access Point.

8
802.1X Principles of Operation, contd
  • Authentication dialog between Supplicant and
    Authentication Server carried in EAP frames.
  • EAP over LAN (EAPOL), is used for all
    communication between Supplicant and
    Authenticator.
  • EAP
  • Authentication framework
  • Supports multiple authentication methods
  • Operates directly over Data-Link Layer
  • Does not require Internet Protocol (IP)
  • EAP authentication types include EAP-MD5,
    EAP-TLS, EAP-TTLS
  • Proprietary EAP types being developed by vendors,
    Ciscos Lightweight Extensible Authentication
    Protocol - LEAP

9
802.1X Principles of Operation, contd
  • Figure 3. illustrates Supplicant, Authenticator,
    Authentication Server relationship.
  • Authenticator accepts EAPOL packets from
    Supplicant, forwards EAP packets to
    Authentication Server over higher layer protocol
    like RADIUS.
  • Authenticator forwards Authentication Server EAP
    packets over EAPOL to Supplicant.

Figure 3. Authenticator, Supplicant, and
Authenticator Server roles
10
802.1X Principles of Operation, contd
  • Figure 4. illustrates complete 802.1X
    authentication session showing EAP and RADIUS
    messages.

Figure 4. A complete 802.1X authentication session
11
802.1X Principles of Operation, contd
  • MAC layer encryption keys generated as part of
    authentication process between Supplicant and
    Authentication Server - encryption keys will be
    used by chosen data encryption protocol.
  • 802.1X used to direct encryption keys down to MAC
    layer on both Authenticator and Supplicant.
  • Two sets of encryption keys are generated,
  • Pairwise Master Key (Session Key)
  • Groupwise Key (Group Key).

12
802.1X Principles of Operation, contd
  • Pairwise Master Key (PMK) is unique to
    association between individual Supplicant and
    Authenticator.
  • Groupwise Key shared among all Supplicants
    connected to same Authenticator.
  • PMK used to generate additional encryption keys
    used by the chosen data encryption protocol.

13
802.1X EAP Authentication Types
  • EAP-MD5 Challenge
  • Earliest authentication type, duplicates CHAP
    password protection on a WLAN.
  • Base-level EAP support among 802.1X devices,
    one-way authentication, MD5 not generally used
    anymore.
  • EAP-TLS (Transport Layer Security)
  • Certificate-based, mutual authentication of
    client and network.
  • Client-side and server-side certificates to
    perform authentication.
  • Dynamically generated user and session based WEP
    keys distributed to secure connection.
  • EAP-LEAP (Lightweight Extensible Authentication
    Protocol)
  • Ciscos proprietary EAP authentication type,
    supports mutual authentication.
  • Provides security during credential exchange,
    credentials include username and password.
  • Encrypts data transmission using dynamically
    generated WEP keys.

14
802.1X EAP Authentication Types, contd
  • EAP-TTLS (Tunneled TLS)
  • Extension to EAP-TLS, uses certificates to
    authenticate server side and legacy or
    token-based methods to authenticate client side.
  • Network manager has option of using simple
    authentication protocols - clear text passwords,
    challenge-response passwords or token-based
    authentication. Client certificates not needed.
  • TTLS packs this authentication protocol inside
    of TLS tunnel when it comes time to authenticate
    user, hence the term Tunneled.
  • Similar security properties as EAP-TLS, like
    mutual authentication and a shared secret for
    session WEP key.

15
Wi-Fi Protected Access (WPA)
  • Flaws in WEP known since January 2001 - flaws
    include weak encryption, (keys no longer than 40
    bits), static encryption keys, lack of key
    distribution method.
  • IEEE developing 802.11i standard for enhanced
    wireless security - Addresses weak data
    encryption and user authentication within
    existing 802.11 standard.
  • 802.11i standard will not be ratified until late
    2003, possibly early 2004 - outstanding issues.
  • WPA standard joint effort between Wi-Fi Alliance
    and IEEE - WPA a subset of IEEE 802.11i standard
    (Draft 3.0).
  • WPA provides stronger data encryption (weak in
    WEP) and user authentication (largely missing in
    WEP).

16
WPA Data Encryption
  • WPA uses Temporal Key Integrity Protocol (TKIP) -
    stronger data encryption, addresses known
    vulnerabilities in WEP.
  • TKIP chosen as primary encryption cipher suite -
    Easily deployed and supported in legacy 802.11b
    hardware compared to other available cipher
    suites.
  • TKIP based on RC4 stream cipher algorithm,
    surrounds WEP cipher engine with 4 new
    algorithms,
  • Extended 48-bit Initialization Vector (IV) and IV
    sequencing rules (compared to the shorter 24-bit
    WEP RC4 key).
  • New per-packet key mixing function.
  • Derivation and distribution method - a.k.a.
    re-keying.
  • A message integrity check (MIC) - a.k.a.
    Michael, ensures messages havent been tampered
    with during transmission.

17
WPA Data Encryption, contd
  • Figure 5. illustrates Temporal Key Integrity
    Protocol.
  • DA Destination Address TKIP Temporal Key
    Integrity Protocol
  • ICV Integrity Check Value TSC TKIP
    Sequence Counter
  • MPDU Message Protocol Data Unit TTAK result
    of phase 1 key mixing of Temporal Key
  • MSDU MAC Service Data Unit and
    Transmitter Address
  • RSN Robust Security Network WEP Wired
    Equivalent Privacy
  • SA Source Address WEP IV Wired Equivalent
    Privacy Initialization Vector
  • TA Transmitter Address

Figure 5. Temporal Key Integrity Protocol
18
WPA Data Encryption, contd
  • TKIP Sequence Counter (TSC) - Combination of
    extended 48-bit IV and IV sequence counter,
    extends life of Temporal Key, eliminates need to
    re-key Temporal Key during single association.
  • Temporal and MIC Keys derived from Pairwise
    Master Key (PMK) - PMK derived as part of 802.1X
    exchange.
  • Message Integrity Check (MIC) - Cryptographic
    checksum designed to make it much more difficult
    for an attacker to successfully intercept and
    alter data.

19
WPA Data Encryption, contd
  • TKIP implements countermeasures - reduces rate
    which attacker can make message forgery attempts
    down to two packets every 60 seconds.
  • After 60 second timeout new PMK or Groupwise Key
    generated, depending on which attacked ensures
    attacker cannot obtain information from attacked
    key.
  • Countermeasures bound probability of successful
    forgery and amount of information attacker can
    learn about a key.
  • TKIP is made available as firmware or software
    upgrade to existing legacy hardware.
  • TKIP eliminates having to replace existing
    hardware or having to purchase new hardware.

20
WPA User Authentication
  • Authentication and Key Management based on IEEE
    802.1X.
  • WPA supports two authenticated key management
    protocols,
  • EAP Authentication
  • Pre-Shared Key
  • 802.1x and EAP authentication - Enterprise
    environments through centralized authentication
    server, Mutual Authentication required to prevent
    user from joining rogue network.
  • Pre-Shared Key authentication (PSK) - Home or
    Office environment, no centralized authentication
    server or EAP framework available.
  • Pre-shared key authentication easily configured
    by home or office user.

21
WPA User Authentication, contd
  • Pre-shared key - Requires home or office user to
    manually enter password (Master Key) in Access
    Point or Wireless Gateway and same password in
    each P.C. allowed access to that wireless
    network.
  • Devices with matching password join the wireless
    network - prevents unauthorized access.
  • Manually configured WPA password automatically
    starts TKIP encryption process.
  • WPA requires APs announce supported ciphers
    (encryption types) and authentication types -
    Clients choose most secure encryption and
    authentication type.

22
WPA - Summary
  • Wi-Fi Protected Access effectively addresses WLAN
    security requirements and provides immediate and
    strong encryption and authentication solution.
  • WPA forward compatible with the full 802.11i
    standard.
  • WPA replaces WEP as standard Wi-Fi security
    mechansim.
  • Initial release of WPA addresses AP based 802.11
    networks, Ad-hoc (peer-to-peer) networks
    addressed in final WPA standard, WPA version 2.
  • Wi-Fi Alliance to adopt full 802.11i standard as
    version 2 of WPA.
  • WPA will be mandatory for Wi-Fi certification
    before the end of 2003

23
IEEE 802.11i (RSN) Enhanced Wireless Security
  • 802.11i enhanced wireless security standard -
    known as Robust Security Network (RSN), developed
    by IEEE Taskgroup i (Tgi).
  • 802.11i (RSN) addresses weaknesses of WEP based
    wireless security Replaces WEP.
  • 802.11i, security solution for legacy 802.11
    hardware and new hardware (already making its
    way into market).
  • 802.11i addresses AP based and ad-hoc
    (peer-to-peer) based 802.11 wireless security
    requirements.
  • 802.11i (RSN) specifies user authentication
    through IEEE 802.1X and data encryption through
    Temporal Key Integrity Protocol (TKIP) and
    Counter Mode with CBC-MAC Protocol (CCMP).

24
802.11i (RSN) Data Encryption
  • TKIP targeted at legacy 802.11 hardware, CCMP
    targeted at future 802.11 hardware.
  • RSN supporting simultaneous use of TKIP and CCMP
    referred as Transitional Network - AP and client
    use highest level of security both can mutually
    support.
  • 802.11i specifies both TKIP and CCMP, true RSN
    uses only CCMP - CCMP mandatory for 802.11i
    (RSN), TKIP optional.
  • Transitional Network, temporary solution for
    purpose of converting all hardware to CCMP-only
    based security solution.
  • Counter Mode with CBC-MAC Protocol (CCMP) based
    on Advanced Encryption Standard (AES) - FIPS-197
    certified algorithm approved by National
    Institute of Standards and Technology (NIST).

25
802.11i (RSN) Data Encryption, contd
  • AES one of latest and greatest in encryption
    technology, replaces Data Encryption Standard
    (DES) and Triple Data Encryption Standard (3DES)
    for all government transactions.
  • AES mode chosen for 802.11 is Counter Mode with
    CBC-MAC (CCM).
  • Counter Mode used for data privacy, CBC-MAC
    (Cipher Block Chaining Message Authentication
    Code) used for data integrity and authentication.
  • Message Authentication Code (MAC) same
    functionality as Message Integrity Check (MIC)
    used for TKIP.
  • AES uses fixed 128-bit encryption key length and
    uses same key for encryption and decryption For
    802.11.

26
802.11i (RSN) Data Encryption, contd
  • Figure 6. illustrates CCMP encapsulation process,
    de-capsulation process is essentially reverse of
    encapsulation process - Difference is one final
    step added that compares value of computed MIC to
    that received before decrypted frame is passed
    on by the MAC.

Figure 6. The CCMP Encapsulation Process
27
802.11i (RSN) Data Encryption, contd
  • Same AES temporal encryption key, AES(K), used in
    AES encryption blocks for both MIC calculation
    and packet encryption.
  • Like TKIP, AES temporal encryption key derived
    from Pairwise Master Key (PMK) - PMK derived as
    part of 802.1X exchange

28
802.11i (RSN) User Authentication
  • 802.11i (RSN) user authentication based on IEEE
    802.1x.
  • Same principles and functionality for WPA user
    authentication apply to 802.11i (RSN) user
    authentication.

29
802.11i (RSN) - Summary
  • 802.11i (RSN) addresses security concerns for
    legacy hardware and new hardware.
  • Security solution providing robust data
    encryption and user authentication.
  • Addresses AP based and ad-hoc (peer-to-peer)
    based 802.11 wireless security requirements.

30
  • Thank-You
Write a Comment
User Comments (0)
About PowerShow.com