Mobility Flexibility Rapid deployment Easy administration Low cost Simplicity of use used in two modes: Ad-Hoc Infrastructure mode DIMACS Nov 3 - 4, 2004 4 Wired Equivalent Privacy (WEP) (1) Tried to ensure Confidentiality Integrity Authenticity Replaces the so-known MAC-address filtering Uses the RC4 encryption algorithm to generate a key stream Uses a shared key K (40bit/104bit)
DIMACS Nov 3 - 4, 2004 5 Wired Equivalent Privacy (WEP) (2) DIMACS Nov 3 - 4, 2004 6 Wired Equivalent Privacy WEP (3) Uses standard challenge response An initialization vector, IV/(24bit): per packet number, sent in clear WEP failed, because of many known attacks IV Collision Message injection Authentication spoofing Brute Force Attack Weaknesses in the Key Scheduling Algorithm of RC4)
DIMACS Nov 3 - 4, 2004 7 Network port authentication 802.1x (1) Adapted to wireless use by IEEE 802.11 group Based on Extensible Authentication Protocol (EAP) Three elements are in use with 802.1x Supplicant (user) Authenticator (access point) Authentication server (usually RADIUS) Uses key distribution messages DIMACS Nov 3 - 4, 2004 8 IEEE802.1x Access Control DIMACS Nov 3 - 4, 2004 9 IEEE 802.1x EAP authentication DIMACS Nov 3 - 4, 2004 10 802.1X / EAP: Authentication methods EAP-MD5: Vulnerable to a lot of attacks and did not support dynamic WEP keys EAP-TLS: Uses certificates for servers and users. The users identity is revealed EAP-TTLS: Uses servers certificate. Protects users identity PEAP: Similar to EAP-TTLS, used by Cisco and Microsoft in their products LEAP: A Cisco proprietary vulnerable to dictionary attacks, EAP-SIM, EAP-SPEKE, DIMACS Nov 3 - 4, 2004 11 Wifi-Alliance Protected Access (1) Built around IEEE 802.11i (draft 3) and compatible with existing material Address WEP vulnerability Supports mixed environment Uses Temporal Key Integrity Protocol (TKIP), 128 bit RC4 key The use of AES is optional
DIMACS Nov 3 - 4, 2004 12 Wifi-Alliance Protected Access (2) A suite of 4 algorithms composes TKIP
A Message Integrity Code (MIC), called Michael to defeat forgeries A new Initial Vector sequencing discipline, to prevent replay attacks A key mixing function, to have a per-packet key A re-keying mechanism, to provide fresh keys to the key mixing function DIMACS Nov 3 - 4, 2004 13 TKIP encapsulation DIMACS Nov 3 - 4, 2004 14 Wifi-Alliance Protected Access (3) Solves the problems of integrity, authentication, forgery and replay attack in network with RADIUS server In small network, WPA uses shared secret pass-phrase. This mode is vulnerable to the dictionary attack and impersonation Preserves the RC4 algorithm with its known weakness to ensure compatibility DIMACS Nov 3 - 4, 2004 15 802.11i / Robust Security Network (RSN) Uses AES by default to replace RC4 Used in CCM mode: CTR + CBC-MAC CCMP fixes 2 values of CCM parameters M=8, indicating that the MIC is 8 octets L=2, indicating the lenght field is 2 octets Support Quality of Service Support of preauthentication to enhance the roaming in wireless network DIMACS Nov 3 - 4, 2004 16 CCMP Encapsulation DIMACS Nov 3 - 4, 2004 17 Roaming Roaming with full authentication IEEE 802.1x/EAP or PSK (very big latency time) Roaming to AP with whish cached a shared PMK from previous SA skip authentication steps use 4-way handshake key management protocol to negociate session key (PTK) and send (GTK) useless when user roams to new AP Preauthentication: the STA authenticate without association to another AP before leaving the old one DIMACS Nov 3 - 4, 2004 18
Full authentication DIMACS Nov 3 - 4, 2004 19 Preauthentication DIMACS Nov 3 - 4, 2004 20 Problems of preauthentication Preauthentication enhances the performance of roaming but the handoff latency limits the performance for multimedia applications
Preauthentification can only be used in the same ESS (extended set of service)
Preauthentication is an expensive computational load which may be useless
DIMACS Nov 3 - 4, 2004 21 Fast roaming IEEE 802.11r WG to enhance fast roaming performance It reduces the hand-off latency of the 4-way handshake protocol (creating alternative optional 3-way handshake) Adopt roaming key hierarchy to minimize computational load time dependency of KMP and precomputation of roaming key R-PTK Other works attempt to reduce probing latency IEEE802.11f DIMACS Nov 3 - 4, 2004 22 Conclusion When IEEE 802.11k is ratified, will improve roaming decisions with a site report sent to client STA Until now no efficient agreed solution to the inter-LAN and inter-WAN roaming When the work of IEEE 802.11r group is finished, the wireless network will be more convenient to mobile users with multimedia applications The IEEE 802.11i is new and will need time to reach maturity. It solves many problems of security. Many others are not under its responsibility (DoS, RF jamming,)