DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND WIRELESS SECURITY AND ROAMING OVERVIEW ROAMING OVERVIEW DIMACS DIMACS November 3-4, 2004 November 3-4, 2004 Workshop: Mobile and Wireless Workshop: Mobile and Wireless Security Security Nidal Aboudagga*, Jean-Jacques Quisquater UCL Crypto Group UCL Crypto Group Belgium Belgium
22
Embed
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DIMACS Nov 3 - 4, 2004
WIRELESS SECURITY AND WIRELESS SECURITY AND ROAMING OVERVIEWROAMING OVERVIEW
DIMACS DIMACS November 3-4, 2004 November 3-4, 2004
Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless Security
Nidal Aboudagga*, Jean-Jacques Quisquater
UCL Crypto Group UCL Crypto Group
BelgiumBelgium
DIMACS Nov 3 - 4, 2004 2
OutlineOutline
• Introduction
• WEP
• IEEE 802.1X
• WPA
• IEEE 802.11i
• Roaming
• Conclusion
DIMACS Nov 3 - 4, 2004 3
Why Wireless?Why Wireless?
• Mobility • Flexibility
– Rapid deployment – Easy administration
• Low cost • Simplicity of use • used in two modes:
• Uses AES by default to replace RC4– Used in CCM mode: CTR + CBC-MAC
• CCMP fixes 2 values of CCM parameters • M=8, indicating that the MIC is 8 octets • L=2, indicating the lenght field is 2 octets
• Support Quality of Service • Support of preauthentication to enhance the
roaming in wireless network
DIMACS Nov 3 - 4, 2004 16
CCMP EncapsulationCCMP Encapsulation
DIMACS Nov 3 - 4, 2004 17
Roaming Roaming
• Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time)
• Roaming to AP with whish cached a shared PMK from previous SA– skip authentication steps – use 4-way handshake key management protocol to
negociate session key (PTK) and send (GTK)– useless when user roams to new AP
• Preauthentication: the STA authenticate without association to another AP before leaving the old one
DIMACS Nov 3 - 4, 2004 18
Full authenticationFull authentication
DIMACS Nov 3 - 4, 2004 19
Preauthentication Preauthentication
DIMACS Nov 3 - 4, 2004 20
Problems of preauthenticationProblems of preauthentication
• Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications
• Preauthentification can only be used in the same ESS (extended set of service)
• Preauthentication is an expensive computational load which may be useless
DIMACS Nov 3 - 4, 2004 21
Fast roaming Fast roaming
• IEEE 802.11r WG to enhance fast roaming performance
• It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake)
• Adopt roaming key hierarchy – to minimize computational load – time dependency of KMP and – precomputation of roaming key R-PTK
• Other works attempt to reduce probing latency IEEE802.11f
DIMACS Nov 3 - 4, 2004 22
Conclusion Conclusion • When IEEE 802.11k is ratified, will improve
roaming decisions with a site report sent to client STA
• Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming
• When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications
• The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,…)