IEEE 802.11 Wireless Local Area Networks (WLAN’s).
-
date post
21-Dec-2015 -
Category
Documents
-
view
224 -
download
2
Transcript of IEEE 802.11 Wireless Local Area Networks (WLAN’s).
IEEE 802.11
Wireless Local Area Networks(WLAN’s)
Two modes of operation:
2. Infrastructure ModeClients and stations. Stations – Computers with NIC (Network Interface Cards) and Access Points (APs)
1. Ad-Hoc ModeThe clients communicate directly with each other. No mediation is needed.
Communication With APs
3 stages:
1 .Unauthenticated and Unassociated.
2 .Authenticated and Unassociated.
3 .Authenticated and Associated.
IEEE 802.11WEP for securityChallenge/Response with symmetric key
for authentication
Wireless Protocols
IEEE 802.1XWEP for securityEAP for authentication
WEP- Wired Equivalent Privacy
Link layer security protocol.
Secures IEEE 802.11 communications.
Based upon RC4 stream cipher encryption system, with symmetric key.
RC4SharedSecret key
Original text
CRC32Encrypted text
IV clear
IVInitialization
vector
RC4 Original text
Shared Secret key
IVInitialization
vector
Encrypted text
IV clear
CRC
40 bits 64 bits
24 bits
IV used
IV used
40 bits 64 bits
WEP protocol
Security problems in WEP
During the years, a lot of security problems have been discovered in WEP.
We will discuss the most important of those problems, which is known as the “IV Collisions” problem.
IV Collisions
Every once in a while, an IV gets reused.
C1 = P1 RC4(v,k) C2 = P2 RC4(v,k)
IV Collisions (2)
We get the following equation: C1C2 = (P1RC4(v,k))(P2RC4(v,k))
XOR is associative, and therefore: C1 C2 = P1 P2
WEP security is better than no security at all, but not
by much
The Bottom line
The Problem
EAP assumes a secured connection to work with
Problems over an unsecured connection
Snooping the user IDForging / changing EAP packetsDenial of serviceOffline dictionary attackMan-in-the-middleAuthentication method downgrading attackBreaking a weak key
Man-in-the-middle
A B E
MD5 EAP Request <R>
MD5 EAP Request <R>
H(ID || KEY || R)
EAP Failure
H(ID || KEY || R)
EAP Success
Possible Solutions
Mutual authenticationCryptographic connection between
authentication methods Using a limited number of unsecured
authentication methodsPreferring one strong method over a large
number of weak ones.
Possible Solutions (2)
Using authentication method that derives a symmetric key, prevents replay attack and promises message integrity
The authentication method should be safe against dictionary attack
One method has all the above advantages:
Quick summary of TLS
CCS
Application
Handshake protocol Alert
Record Protocol
TCP
Quick summary of TLS (2)
Client Server TCP three-way handshake
Client Hello <Client Random, Proposed algorithms >
Server Hello
<Server random, Selected algorithm>
CA Certificate
Server done
Client Key Exchange
Enc (Pub(s),>Pre-Master secret<)
Both sides perform a known calculation to derive the Master Key
Quick summary of TLS (3)
Client Server
CCS (ID)
FIN
MAC authentication of all former messages
CCS (ID)
FIN
MAC authentication of all former messages
Data transfer (encrypted by the Master Key)
EAP - TLS
Code Identifier Length
Type Flags TLS message length
TLS message length
TLS Data
EAP –TLS (2)Peer Authenticator
EAP Request
<Identity >
EAP Response
<Identity (MyID)>
EAP Request, type = EAP-TLS
<TLS Start>
EAP Response, type = EAP-TLS
<TLS Client Hello>
EAP Request, type = EAP-TLS
<TLS Server Hello, TLS Certificate, TLS Certificate Request, TLS Server Done>
EAP-TLS (3)
Peer Authenticator
EAP Response, type = EAP-TLS
<TLS Certificate, TLS Client Key Exchange, TLS CCS, Certificate verify, TLS FIN>
EAP Request, type = EAP-TLS
<TLS CCS, TLS FIN>
EAP Response, type = EAP-TLS
EAP Success / EAP Failure
Session resumption
The SessionID field in the TLS Client Hello Message should be the same as the ID of the session to return to.
The authenticator sends EAP request with TLS Server Hello, TLS CCS (using the former session CCS ID), and TLS FIN.
The peer sends EAP response with TLS CCS using the same ID, and TLS FIN.
The protocol continues as in the standard EAP-TLS.
Session resumption (2)
Advantages of session resumption:
Quick renewal of connections.
Handling roaming in WLAN.
Key Derivation
PRF1 = PRF (Master Secret, "Client EAP Encryption",
Random)PRF2 = PRF ("", "Client EAP Encryption", Random)
PRF1 is 128 bytes long.
PRF2 is 64 bytes long.
Key Derivation (2)
PRF1
Client’s ENC Key Server’s ENC Key Client’s Auth Key Server’s Auth Key
0 32 64 96 128
PRF2
Client’s IV Server’s IV
0 32 64
Fragmentation
The first fragment raises the L, M and S flags. The total TLS message length is also included.
All other fragments, except the last, raise the M flag. The identification field in the EAP header increases by 1 with each fragment.
Every EAP with a TLS fragment is responded by an EAP packet with no data as an Ack.