Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A....
-
Upload
anthony-webb -
Category
Documents
-
view
213 -
download
0
Transcript of Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A....
Wireless Network Security and Interworking
MINHO SHIN, JUSTIN MA, ARUNESH MISHRA,AND WILLIAM A. ARBAUGH
University of Maryland, College Park, University of California, San Diego, La JollaTHE IEEE, VOL. 94, NO. 2, FEBRUARY 2006
Mong Nam [email protected]
AN Lab, CS dept. KAIST, Korea
2
Overview
Challenge to the interworking
Security in cellular system
Security in 802.11 WLAN
3G / WLAN interworking
Conclusion, Q & A
3
Challenge to the interworking
Variety of wireless have Different coverage and bandwidth Vastly different security
architecture Security issue
Contradictory security assumption The authentication process Long authentication delay during
handover
4
Security in cellular system: ~2G 1G (analog)
Cloning Channel hijacking Eavesdropping
2G Short authentication signature: 18bit Broken encryption algorithm: CMEA in ‘97,
ORYX in ’98 GSM
Security through obscurity: go through or around
Disclosed master key of SIM card Reverse engineered function A5
5
Security in 3G
Security challenges New revenue-related fraud The full range of threats similar on
Internet Vulnerability to malicious access
6
Security in 3G: UMTS Enhancements
Mutual authentication, encryption with 128 bit key lengths
Features Network access security
access control of users and MS, data confidentiality/integrity, and user identity privacy
Network domain security security within provider domain
User domain security User-USIM-terminal
Application domain security Visibility, Configurability, Temporary identity
7
Security in 3G: UMTS
AKA (Authentication and Key Agreement) protocol Mutual authentication Three entities
User (MS or USIM) Serving node (VLR/SGSN) Home environment (HLR/AuC)
Three stages Initiation Transfer of credentials Challenge-response exchange
8
Security in 3G: UMTS
AKA process
9
Security in 3G: CDMA 2000
AKA with an optional extension New cryptographic function f11
generate a UIM Authentication Key (UAK)
UMAC message authentication function on
UAK
Advanced Encryption Standard (AES)
10
Security in 3G
Security issues in AKA Trust relationship between roaming
partners One-pass challenge-response
mechanism not full mutual authentication User only verifies a MAC
Permanent identity (IMSI) in plain text when registering at first time
11
Security in 802.11 WLAN
Authentication Open system authentication Shared key authentication: standard
challenge and response Challenge text: WEP PRNG with the shared secret
and IV Response: 32bit CRC integrity check (ICV)
Access Control Closed network access control: SSID Access control lists: MAC address
Security problems published in countless papers
12
Security in 802.11 WLAN: WPA
WiFi Protected Access Security framework
Three entities Supplicant: user Authenticator: switch, access point Authentication server
13
Security in 802.11 WLAN: EAP
Extensible Authentication Protocol: Authentication mechanism built around
challenge-response Four types of message
EAP request: a challenge to supplicant EAP response: response EAP success: outcome EAP failure : outcome
Features Extensible: encapsulation within EAP Flexible: operated at the network layer Dual-port model
14
Security in 802.11 WLAN: Problems
Denial of service attack Management frame are not
protected nor authenticated Session hijacking
When not encrypted Trust relationship
implicit trust
15
3G / WLAN interworking
Roaming model and three typical authentication scenarios Case1: NY-WLAN operates
independently, and Bill already have an account with NY-WLAN
Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN
Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do
16
Case 2: Centralized internetworking Authentication
EAP-SIM Lack of mutual authentication Weak 64 bit cipher key
EAP-AKA Require synchronized sequence number
Weakness of EAP Lacks for identity protection, protected method negotiation, prot
ected termination possible man-in-the-middle attack
Authentication latency: O(N2) Interdomain proactive key distribution
Fast handoff scheme: reduce authentication latency Use neighbor graph Require reasonably accurate handoff prediction system
AAA-broker Reduce total number of association: O(N) Be close, trustworthy, require strong security association between
broker and home network
17
Case 3: Context transfer
Security context: current state Authentication state: identifier Authorization state: services and functions Communication security parameter: encryption
algorithm, session keys Reactive context transfer: after visit
Context transfer protocol (CTP): at L3 Inter access point protocol (IAPP): at L2 Inter domain key exchange (IDKE): for seamless
handover Proactive context transfer: before visit
Soft handoff Prediction
Ticket forwarding: issue ticket (context) to the client Kerberos
18
Case 3: Context transfer
Discussion Benefit: performance, flexible trust relat
ionships Issue
Accounting and billing Post hoc authentication Full authentication or reauthentication
19
Conclusion, Q & A
Good security
will be developed
in an open environment
with the collaboration
20
Q & A