Temporal Key Integrity Protocol - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Temporal Key Integrity Protocol

Description:

Algorithm is used throughout the world in some of the most secure ... Poor key generation (cracked encryption key) Poor duplicate checking (replay attacks) ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 22
Provided by: kellym5
Category:

less

Transcript and Presenter's Notes

Title: Temporal Key Integrity Protocol


1
Welcome!
  • Temporal Key Integrity Protocol
  • by Jim Weikert, Product Manager, Locus
    Incorporated
  • ISA Wireless Security Technical Conference
  • Tuesday, February 10, 2004

2
Using a Good Tool Improperly
3
Concepts to Understand
  • Authentication
  • Verifying only authorized users are allowed to
    communicate
  • Encryption
  • Scrambling the data so that it cannot be
    deciphered by outsiders

4
The Good Tool Used Properly
  • 802.11 WEP encryption is based on a very strong
    and time-proven algorithm
  • Algorithm is used throughout the world in some of
    the most secure applications
  • SSL (Secure Socket Layer) Protocol is used for
    communications to and from secure websites
  • Oracle SQL

5
The Good Tool Used Improperly
  • WEP is an example of using a good tool improperly
  • Poor authentication (rogue access point)
  • Poor key generation (cracked encryption key)
  • Poor duplicate checking (replay attacks)

6
802.11 Industry Improvements
  • IEEE 802.11i
  • New IEEE standard for 802.11 security
  • WPA (Wi-Fi Protected Access)
  • The 802.11 industrys acronym for the improved
    security

7
The Good Tool Used Properly
  • Better authentication
  • Better encryption

8
Security Better Authentication
  • WEP (only client authenticated itself to AP)
  • Rogue AP could cause client to authenticate to
    it falsely and gain access to clients
    information
  • Dual authentication
  • Client and AP authenticate each other, verifying
    the link is appropriate

9
WPA Better Authentication
WEP
WPA
Dual Authentication Two-way Handshake
Shared
10
Key Generation
Ethernet
  • WEP System-wide Key
  • common for every radio

Key
  • TKIP Session Key
  • different for every pair
  • different for every station
  • generated for each session
  • derived from a seed called the passphrase

Access Point
Session Key A
Session Key B
Key
Key
Client
Client
Network-wide Key
Entered once or updated by user if they feel like
it.
11
Per-Packet Keying
  • Each packet is generated using a unique key
  • Much more difficult to get from repetitive data
    back to the key
  • Packet sequence number rollover
  • 24-bit sequence number with WEP would rollover
    leading to key re-use
  • 48-bit sequence number with TKIP leads to new
    session key generation

12
Per Packet Keying (cont.)
Phase One Mixer
Intermediate Key
128-bit Temporal Key
Source MAC Address 00-01-50-F1-CD-73
Phase Two Mixer
Per-Packet Key
4 Bytes
48-bit Packet Sequence Number (24-bit with WEP)
2 Bytes
Encryption Algorithm
Data
Encrypted Data
13
Integrity Check
  • If the message integrity check does not pass, the
    message is seen as a forgery
  • If two forgeries are detected in one second, the
    radio assumes it is under attack. It deletes its
    session key, disassociates itself, then forces
    re-association.

14
Integrity Check (cont.)
48-Bit Sequence Number
Message Integrity Check
MAC Address
Data Load
15
Replay Prevention
  • Replay
  • WEP could overload an AP by replaying the
    previous packet
  • TKIP each packet has a 48-bit counter value that
    must increment or packet is discarded

Bad Guy
Bad Guy
Replays
Network
Network
User
User
16
RADIUS Server
  • Authenticates clients before they are given
    access to the network
  • Negotiates keys

Network
Access Point
Client
Radius Server
17
Need for a RADIUS Server
  • Single point of key management
  • Centralized administration
  • Mix WEP/WPA amongst clients
  • Seamless roaming without re-authentication
  • Session time limits/time of day (user access
    policies)

18
Security is Widely Adopted
  • Company 1 logo
  • Company 2 logo
  • Company 3 logo

19
More Security to Come
  • 802.11i addresses immediate improvements as well
    as long-term improvements
  • Immediate improvements seen in WPA (TKIP
    Encryption) can run on current hardware
  • Long-term improvements include new encryption
    algorithm AES (Advanced Encryption Standard)
    which is more computationally intensive and
    requires new hardware

20
Having the Best Security is Useless if...
  • It isnt turned on
  • like having locks on your doors but not using
    them
  • It is too complicated to understand
  • like having a security system for your house, but
    not knowing how to change the code

21
Questions?
  • Thank you!
  • Jim Weikert, Product Manager
  • (608) 270-0500 ext. 219
  • weikert_at_locusinc.com
  • Locus Industrial Radios
  • Madison, WI
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Temporal Key Integrity Protocol" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!