January 2009

Dan Harkins, Aruba Networks

Slide 1

doc.: IEEE 802.11-09/0123r0

Submission

Secure 802.11 Authentication Using Only A Password

Date: 2009-01-19

Name Affiliations Address Phone email Dan Harkins Aruba Networks 1322 Crossman ave,

Sunnyvale, CA +1 408 227 4500

dharkins@arubanetworks.com

Authors:

January 2009

Dan Harkins, Aruba Networks

Slide 2

doc.: IEEE 802.11-09/0123r0

Submission

Abstract

Authentication using a password or pre-shared key has not been done properly in 802.11. As a result there is no way to use these credentials to secure a WLAN and the standard continues to get bad press.

January 2009

Dan Harkins, Aruba Networks

Slide 3

doc.: IEEE 802.11-09/0123r0

Submission

Password Authentication

• Passwords are the pre-eminent credential used for network access today.– The concept is simple to grasp for unsophisticated users.

• They are easy to configure and easy to manage

• They therefore tend to be:– Something easy to remember

– Something that can be entered repeatedly with a low probability of error.

• Passwords are used today and will continue to be used tomorrow.

January 2009

Dan Harkins, Aruba Networks

Slide 4

doc.: IEEE 802.11-09/0123r0

Submission

Problems with Passwords in 802.11

• Shared key authentication– Used a statically configured key in an authentication protocol.

– Uses 802.11 authentication frames, if you can’t get authenticated you can’t associate.

– Fundamentally flawed. Broken in a matter of seconds.

• (WPA) PSK authentication– Hashes a password with the SSID to create a key to use in a

cryptographic handshake for authentication.

– Uses data frames, first you do open authentication, then association, and then you exchange data frames.

– Susceptible to passive, guessing attack. Broken in a matter of minutes to a matter of hours depending on how “strong” the password is

January 2009

Dan Harkins, Aruba Networks

Slide 5

doc.: IEEE 802.11-09/0123r0

Submission

Problems with Passwords in 802.11

• These issues cause continued bad press for 802.11. A simple search turns up:– “Unsafe at any key length”

– “Wireless security’s broken skeleton in the closet”

– “Networks suffer from wireless insecurity”

– “Wireless connectivity can breed wireless insecurity”

• The ease of use of passwords means they will continue to be used.

• There is no way to securely use them in the standard today!

January 2009

Dan Harkins, Aruba Networks

Slide 6

doc.: IEEE 802.11-09/0123r0

Submission

Secure Password-based Authentication

• TGs has a peer-to-peer protocol for using a password to authenticate mesh points.– While designed for mesh, it is suitable for STA to AP

communication, IBSS, and any other peer-to-peer application.– Uses 802.11 authentication frames in a cryptographically secure

protocol. Can be used to protect subsequent authentication!– Provides security against passive attack, active attack, and

dictionary attack.– Resistance to attack obviates password management rules that

make passwords harder to use– passwords can be “weaker” and can be shared and still not be susceptible to attack.

• It fits nicely into the 802.11 state machine– authentication using authentication frames!

January 2009

Dan Harkins, Aruba Networks

Slide 7

doc.: IEEE 802.11-09/0123r0

Submission

Secure Password-based Authentication

• Each side exchanges two messages, a commitment (to a guess of the password), and a confirmation (of knowledge of the password).

• Uses a “zero knowledge proof”– The only information leaked by the exchange is whether you know

the password or not.– Unlike (WPA)PSK an attacker cannot learn anything about the

password by passively watching the exchange– An attacker gets one guess and one guess only per active attack.

Countermeasures deal with repeated active attacks.

• I have a proposal to add this to the base document but it needs vetting.

January 2009

Dan Harkins, Aruba Networks

Slide 8

doc.: IEEE 802.11-09/0123r0

Submission

Straw Poll

• “A secure password-based authentication protocol should become part of the base 802.11 standard”

Yes:

No:

Don’t know:

January 2009

Dan Harkins, Aruba Networks

Slide 9

doc.: IEEE 802.11-09/0123r0

Submission

References

• Simultaneous Authentication of Equals: A Secure, Password-Based Key Exchange for Mesh Networks, D. Harkins, sensorcomm, pp. 839-844, Proceedings of the 2008 Second International Conference on Sensor Technologies and Applications, 2008