Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A....

20
Wireless Network Securi ty and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University of California, Sa n Diego, La Jolla THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006 Mong Nam Han [email protected] AN Lab, CS dept. KAIST, Korea

Transcript of Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A....

Page 1: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

Wireless Network Security and Interworking

MINHO SHIN, JUSTIN MA, ARUNESH MISHRA,AND WILLIAM A. ARBAUGH

University of Maryland, College Park, University of California, San Diego, La JollaTHE IEEE, VOL. 94, NO. 2, FEBRUARY 2006

Mong Nam [email protected]

AN Lab, CS dept. KAIST, Korea

Page 2: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

2

Overview

Challenge to the interworking

Security in cellular system

Security in 802.11 WLAN

3G / WLAN interworking

Conclusion, Q & A

Page 3: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

3

Challenge to the interworking

Variety of wireless have Different coverage and bandwidth Vastly different security

architecture Security issue

Contradictory security assumption The authentication process Long authentication delay during

handover

Page 4: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

4

Security in cellular system: ~2G 1G (analog)

Cloning Channel hijacking Eavesdropping

2G Short authentication signature: 18bit Broken encryption algorithm: CMEA in ‘97,

ORYX in ’98 GSM

Security through obscurity: go through or around

Disclosed master key of SIM card Reverse engineered function A5

Page 5: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

5

Security in 3G

Security challenges New revenue-related fraud The full range of threats similar on

Internet Vulnerability to malicious access

Page 6: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

6

Security in 3G: UMTS Enhancements

Mutual authentication, encryption with 128 bit key lengths

Features Network access security

access control of users and MS, data confidentiality/integrity, and user identity privacy

Network domain security security within provider domain

User domain security User-USIM-terminal

Application domain security Visibility, Configurability, Temporary identity

Page 7: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

7

Security in 3G: UMTS

AKA (Authentication and Key Agreement) protocol Mutual authentication Three entities

User (MS or USIM) Serving node (VLR/SGSN) Home environment (HLR/AuC)

Three stages Initiation Transfer of credentials Challenge-response exchange

Page 8: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

8

Security in 3G: UMTS

AKA process

Page 9: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

9

Security in 3G: CDMA 2000

AKA with an optional extension New cryptographic function f11

generate a UIM Authentication Key (UAK)

UMAC message authentication function on

UAK

Advanced Encryption Standard (AES)

Page 10: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

10

Security in 3G

Security issues in AKA Trust relationship between roaming

partners One-pass challenge-response

mechanism not full mutual authentication User only verifies a MAC

Permanent identity (IMSI) in plain text when registering at first time

Page 11: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

11

Security in 802.11 WLAN

Authentication Open system authentication Shared key authentication: standard

challenge and response Challenge text: WEP PRNG with the shared secret

and IV Response: 32bit CRC integrity check (ICV)

Access Control Closed network access control: SSID Access control lists: MAC address

Security problems published in countless papers

Page 12: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

12

Security in 802.11 WLAN: WPA

WiFi Protected Access Security framework

Three entities Supplicant: user Authenticator: switch, access point Authentication server

Page 13: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

13

Security in 802.11 WLAN: EAP

Extensible Authentication Protocol: Authentication mechanism built around

challenge-response Four types of message

EAP request: a challenge to supplicant EAP response: response EAP success: outcome EAP failure : outcome

Features Extensible: encapsulation within EAP Flexible: operated at the network layer Dual-port model

Page 14: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

14

Security in 802.11 WLAN: Problems

Denial of service attack Management frame are not

protected nor authenticated Session hijacking

When not encrypted Trust relationship

implicit trust

Page 15: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

15

3G / WLAN interworking

Roaming model and three typical authentication scenarios Case1: NY-WLAN operates

independently, and Bill already have an account with NY-WLAN

Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN

Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do

Page 16: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

16

Case 2: Centralized internetworking Authentication

EAP-SIM Lack of mutual authentication Weak 64 bit cipher key

EAP-AKA Require synchronized sequence number

Weakness of EAP Lacks for identity protection, protected method negotiation, prot

ected termination possible man-in-the-middle attack

Authentication latency: O(N2) Interdomain proactive key distribution

Fast handoff scheme: reduce authentication latency Use neighbor graph Require reasonably accurate handoff prediction system

AAA-broker Reduce total number of association: O(N) Be close, trustworthy, require strong security association between

broker and home network

Page 17: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

17

Case 3: Context transfer

Security context: current state Authentication state: identifier Authorization state: services and functions Communication security parameter: encryption

algorithm, session keys Reactive context transfer: after visit

Context transfer protocol (CTP): at L3 Inter access point protocol (IAPP): at L2 Inter domain key exchange (IDKE): for seamless

handover Proactive context transfer: before visit

Soft handoff Prediction

Ticket forwarding: issue ticket (context) to the client Kerberos

Page 18: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

18

Case 3: Context transfer

Discussion Benefit: performance, flexible trust relat

ionships Issue

Accounting and billing Post hoc authentication Full authentication or reauthentication

Page 19: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

19

Conclusion, Q & A

Good security

will be developed

in an open environment

with the collaboration

Page 20: Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University.

20

Q & A