Wireless Network Security and Interworking

MINHO SHIN, JUSTIN MA, ARUNESH MISHRA,AND WILLIAM A. ARBAUGH

University of Maryland, College Park, University of California, San Diego, La JollaTHE IEEE, VOL. 94, NO. 2, FEBRUARY 2006

Mong Nam Hanm0ng01@an.kaist.ac.kr

AN Lab, CS dept. KAIST, Korea

2

Overview

Challenge to the interworking

Security in cellular system

Security in 802.11 WLAN

3G / WLAN interworking

Conclusion, Q & A

3

Challenge to the interworking

Variety of wireless have Different coverage and bandwidth Vastly different security

architecture Security issue

Contradictory security assumption The authentication process Long authentication delay during

handover

4

Security in cellular system: ~2G 1G (analog)

Cloning Channel hijacking Eavesdropping

2G Short authentication signature: 18bit Broken encryption algorithm: CMEA in ‘97,

ORYX in ’98 GSM

Security through obscurity: go through or around

Disclosed master key of SIM card Reverse engineered function A5

5

Security in 3G

Security challenges New revenue-related fraud The full range of threats similar on

Internet Vulnerability to malicious access

6

Security in 3G: UMTS Enhancements

Mutual authentication, encryption with 128 bit key lengths

Features Network access security

access control of users and MS, data confidentiality/integrity, and user identity privacy

Network domain security security within provider domain

User domain security User-USIM-terminal

Application domain security Visibility, Configurability, Temporary identity

7

Security in 3G: UMTS

AKA (Authentication and Key Agreement) protocol Mutual authentication Three entities

User (MS or USIM) Serving node (VLR/SGSN) Home environment (HLR/AuC)

Three stages Initiation Transfer of credentials Challenge-response exchange

8

Security in 3G: UMTS

AKA process

9

Security in 3G: CDMA 2000

AKA with an optional extension New cryptographic function f11

generate a UIM Authentication Key (UAK)

UMAC message authentication function on

UAK

Advanced Encryption Standard (AES)

10

Security in 3G

Security issues in AKA Trust relationship between roaming

partners One-pass challenge-response

mechanism not full mutual authentication User only verifies a MAC

Permanent identity (IMSI) in plain text when registering at first time

11

Security in 802.11 WLAN

Authentication Open system authentication Shared key authentication: standard

challenge and response Challenge text: WEP PRNG with the shared secret

and IV Response: 32bit CRC integrity check (ICV)

Access Control Closed network access control: SSID Access control lists: MAC address

Security problems published in countless papers

12

Security in 802.11 WLAN: WPA

WiFi Protected Access Security framework

Three entities Supplicant: user Authenticator: switch, access point Authentication server

13

Security in 802.11 WLAN: EAP

Extensible Authentication Protocol: Authentication mechanism built around

challenge-response Four types of message

EAP request: a challenge to supplicant EAP response: response EAP success: outcome EAP failure : outcome

Features Extensible: encapsulation within EAP Flexible: operated at the network layer Dual-port model

14

Security in 802.11 WLAN: Problems

Denial of service attack Management frame are not

protected nor authenticated Session hijacking

When not encrypted Trust relationship

implicit trust

15

3G / WLAN interworking

Roaming model and three typical authentication scenarios Case1: NY-WLAN operates

independently, and Bill already have an account with NY-WLAN

Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN

Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do

16

Case 2: Centralized internetworking Authentication

EAP-SIM Lack of mutual authentication Weak 64 bit cipher key

EAP-AKA Require synchronized sequence number

Weakness of EAP Lacks for identity protection, protected method negotiation, prot

ected termination possible man-in-the-middle attack

Authentication latency: O(N2) Interdomain proactive key distribution

Fast handoff scheme: reduce authentication latency Use neighbor graph Require reasonably accurate handoff prediction system

AAA-broker Reduce total number of association: O(N) Be close, trustworthy, require strong security association between

broker and home network

17

Case 3: Context transfer

Security context: current state Authentication state: identifier Authorization state: services and functions Communication security parameter: encryption

algorithm, session keys Reactive context transfer: after visit

Context transfer protocol (CTP): at L3 Inter access point protocol (IAPP): at L2 Inter domain key exchange (IDKE): for seamless

handover Proactive context transfer: before visit

Soft handoff Prediction

Ticket forwarding: issue ticket (context) to the client Kerberos

18

Case 3: Context transfer

Discussion Benefit: performance, flexible trust relat

ionships Issue

Accounting and billing Post hoc authentication Full authentication or reauthentication

19

Conclusion, Q & A

Good security

will be developed

in an open environment

with the collaboration

20

Q & A