DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004

WIRELESS SECURITY AND WIRELESS SECURITY AND ROAMING OVERVIEWROAMING OVERVIEW

DIMACS DIMACS November 3-4, 2004 November 3-4, 2004

Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless Security

Nidal Aboudagga*, Jean-Jacques Quisquater

UCL Crypto Group UCL Crypto Group

BelgiumBelgium

DIMACS Nov 3 - 4, 2004 2

OutlineOutline

• Introduction

• WEP

• IEEE 802.1X

• WPA

• IEEE 802.11i

• Roaming

• Conclusion

DIMACS Nov 3 - 4, 2004 3

Why Wireless?Why Wireless?

• Mobility • Flexibility

– Rapid deployment – Easy administration

• Low cost • Simplicity of use • used in two modes:

– Ad-Hoc– Infrastructure mode

DIMACS Nov 3 - 4, 2004 4

Wired Equivalent Privacy (WEP) (1)Wired Equivalent Privacy (WEP) (1)

• Tried to ensure – Confidentiality– Integrity – Authenticity – Replaces the so-known MAC-address filtering

• Uses the RC4 encryption algorithm to generate a key stream

• Uses a shared key K (40bit/104bit)

DIMACS Nov 3 - 4, 2004 5

Wired Equivalent Privacy (WEP) (2)Wired Equivalent Privacy (WEP) (2)

DIMACS Nov 3 - 4, 2004 6

Wired Equivalent Privacy WEP (3)Wired Equivalent Privacy WEP (3)

• Uses standard challenge response• An initialization vector, IV/(24bit): per packet

number, sent in clear • WEP failed, because of many known attacks

– IV Collision – Message injection – Authentication spoofing – Brute Force Attack – Weaknesses in the Key Scheduling Algorithm of

RC4……)

DIMACS Nov 3 - 4, 2004 7

Network port authentication 802.1x (1)Network port authentication 802.1x (1)

• Adapted to wireless use by IEEE 802.11 group

• Based on Extensible Authentication Protocol (EAP)

• Three elements are in use with 802.1x– Supplicant (user) – Authenticator (access point)– Authentication server (usually RADIUS)

• Uses key distribution messages

DIMACS Nov 3 - 4, 2004 8

IEEE802.1x Access ControlIEEE802.1x Access Control

DIMACS Nov 3 - 4, 2004 9

IEEE 802.1x EAP authenticationIEEE 802.1x EAP authentication

DIMACS Nov 3 - 4, 2004 10

802.1X / EAP: Authentication methods802.1X / EAP: Authentication methods

• EAP-MD5: Vulnerable to a lot of attacks and did not support dynamic WEP keys

• EAP-TLS: Uses certificates for servers and users. The user’s identity is revealed

• EAP-TTLS: Uses server’s certificate. Protects user’s identity

• PEAP: Similar to EAP-TTLS, used by Cisco and Microsoft in their products

• LEAP: A Cisco proprietary vulnerable to dictionary attacks,

• EAP-SIM, EAP-SPEKE,…

DIMACS Nov 3 - 4, 2004 11

Wifi-Alliance Protected Access (1)Wifi-Alliance Protected Access (1)

• Built around IEEE 802.11i (draft 3) and compatible with existing material

• Address WEP vulnerability • Supports mixed environment • Uses Temporal Key Integrity Protocol (TKIP),

128 bit RC4 key • The use of AES is optional

DIMACS Nov 3 - 4, 2004 12

Wifi-Alliance Protected Access (2)Wifi-Alliance Protected Access (2)

• A suite of 4 algorithms composes TKIP

– A Message Integrity Code (MIC), called Michael to defeat forgeries

– A new Initial Vector sequencing discipline, to prevent replay attacks

– A key mixing function, to have a per-packet key

– A re-keying mechanism, to provide fresh keys to the key mixing function

DIMACS Nov 3 - 4, 2004 13

TKIP encapsulationTKIP encapsulation

DIMACS Nov 3 - 4, 2004 14

Wifi-Alliance Protected Access (3)Wifi-Alliance Protected Access (3)

• Solves the problems of integrity, authentication, forgery and replay attack in network with RADIUS server

• In small network, WPA uses shared secret pass-phrase. This mode is vulnerable to the dictionary attack and impersonation

• Preserves the RC4 algorithm with its known weakness to ensure compatibility

DIMACS Nov 3 - 4, 2004 15

802.11i / Robust Security Network (RSN)802.11i / Robust Security Network (RSN)

• Uses AES by default to replace RC4– Used in CCM mode: CTR + CBC-MAC

• CCMP fixes 2 values of CCM parameters • M=8, indicating that the MIC is 8 octets • L=2, indicating the lenght field is 2 octets

• Support Quality of Service • Support of preauthentication to enhance the

roaming in wireless network

DIMACS Nov 3 - 4, 2004 16

CCMP EncapsulationCCMP Encapsulation

DIMACS Nov 3 - 4, 2004 17

Roaming Roaming

• Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time)

• Roaming to AP with whish cached a shared PMK from previous SA– skip authentication steps – use 4-way handshake key management protocol to

negociate session key (PTK) and send (GTK)– useless when user roams to new AP

• Preauthentication: the STA authenticate without association to another AP before leaving the old one

DIMACS Nov 3 - 4, 2004 18

Full authenticationFull authentication

DIMACS Nov 3 - 4, 2004 19

Preauthentication Preauthentication

DIMACS Nov 3 - 4, 2004 20

Problems of preauthenticationProblems of preauthentication

• Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications

• Preauthentification can only be used in the same ESS (extended set of service)

• Preauthentication is an expensive computational load which may be useless

DIMACS Nov 3 - 4, 2004 21

Fast roaming Fast roaming

• IEEE 802.11r WG to enhance fast roaming performance

• It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake)

• Adopt roaming key hierarchy – to minimize computational load – time dependency of KMP and – precomputation of roaming key R-PTK

• Other works attempt to reduce probing latency IEEE802.11f

DIMACS Nov 3 - 4, 2004 22

Conclusion Conclusion • When IEEE 802.11k is ratified, will improve

roaming decisions with a site report sent to client STA

• Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming

• When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications

• The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,…)