security of wlan
DESCRIPTION
Security of WLAN. 無線網路架構. WLANs - 802.11. WPANs - 802.15 ( 藍芽 , 紅外線 ) Wireless Personal Area Networks WLANs - 802.11 ( a/b/g ) Wireless Local Area Networks WMANs – 802.16 Wireless Metropolitan Area Networks WWANs Wireless Wide Area Networks. IEEE 無線標準 —802.11 家族 定義了無線網路實體層的標準. - PowerPoint PPT PresentationTRANSCRIPT
Security of WLAN
無線網路架構• WPANs - 802.15 ( 藍芽 , 紅外線 )
– Wireless Personal Area Networks
• WLANs - 802.11 ( a/b/g )– Wireless Local Area Networks
• WMANs – 802.16 – Wireless Metropolitan Area Networks
• WWANs– Wireless Wide Area Networks
• WLANs - 802.11
IEEE 無線標準— 802.11 家族定義了無線網路實體層的標準
• 802.11b (Wi-Fi) – 2.4G– 11Mbps
• 802.11g ( 提供與 802.11b 相容模式 )– 2.4GHz– 54 Mbps
• 802.11a– 5 GHz – 54Mbps 的頻寬
• 802.11e – 提供具備服務品質保證 (QoS , Quality of Service) 的無
線網路環境
Wireless Concept
Local AreaNetwork
802.11b/802.11g/802.11a
Wide AreaNetwork3G/GPRS
Wireless PersonalConnectivity
Bluetooth
0 - 10m 0 - 100m 0 - 10 km
Range
WLAN 的運作方式• IEEE802.11b 標準協定,無線網路共定義
為下列二種模式 :1. Ad-hoc Mode:
– 即是一群使用無線網路卡的電腦,可以直接相互連接,資源共享,無需透過基地台 (Access Point) ,此一模式則無法連接 Internet 。
2. Infrastructure Mode– 此種架構模式讓無線網路卡的電腦透過基地台
(Access Point) 來達成網路資源的共享。
802.11 Wireless Local Area Network•Infrastructure network
•Ad Hoc network
WLAN 無線區域網路• Independent Basic Service Set (IBSS) Ad-hoc • Basic Service Set (BSS)• Distribution System (DS)• Extended Service Set (ESS) • Station (STA)
– 無線用戶端• Access Point (AP)
– 無線存取點
802.11 涵蓋的範圍
` ` `
802.11802.11區域的安全性區域的安全性
無線網路無線網路
用戶端用戶端
Access PointAccess Point
有線網路有線網路
Wireless LAN (WLAN)
是延伸有線網路
Seamless Roaming• Infrastructure Network v.s. Ad Hoc Network
• Arranged in a cell structure, similar to cell phone network
• Cells need to overlap to enable seamless roaming
SSID=AAA SSID=AAA SSID=AAA
SSID=AAA SSID=AAA
Account Roaming across different WISPs
WLAN WLAN
Internet
EZon NCS
( Radius/POP3/LDAP )
Cipherium NCS
NAM NAM
( Radius/POP3/LDAP )
Home registerVisiting site
Trust & Policy
Roaming account authentication request
Travel tousername :[email protected]
General WLAN Security Mechanism
• User Authentication– ESSID
– MAC address filter
– RADIUS external interface
• User Authorization– Full access or none
• Data Security– Static key based
• WEP
– Dynamic key based• LEAP
• 802.1X
802.11b 的安全機制• 身分驗證 Authentication
– 開放式系統 Open System– 封閉式系統 Closed System– 分享密鑰認證 Shared-Key
( Challenge-Response )
• 資料保密 Confidentiality– WEP (Wired Equivalent Privacy)
• 資料的完整性 Integrity– CRC – CRC + WEP
802.11b 認證模式身份驗證
Authentication
SSID
(Service Set ID)WEP 資料加密
開放式系統Open System
接受 SSID 值為空白
不使用 不支援
封閉式系統Closed System
需輸入有效的 SSID
不使用 不支援
分享密鑰認證 Shared Key
( Challenge-Response )
需輸入有效的 SSID
利用 WEP 與RC4 演算法進
行身分確認
利用 WEP 產生的金要進行資料加密
分享密鑰認證 Shared-Key ( Challenge-Response )
無線網路使用者無線網路使用者無線網路使用者無線網路使用者 Access PointAccess PointAccess PointAccess Point
認證請求認證請求
挑戰字串挑戰字串
回應回應
確認身分成功確認身分成功
隨機產生隨機產生 128bit128bit
挑戰字串挑戰字串使用使用 WEPWEP 進行進行 RRC4C4 加密運算加密運算
利用利用 WEPWEP 及及 RC4RC4進行解密後進行比進行解密後進行比對對
開始進行連線開始進行連線
Dept. ServersDept. Servers
WEP ChallengesWeak Security
– 大多數 WLAN AP’s 未做安全性設定– 靜態 WEP 易被解– WLAN AP 很難去防止攻擊
mailto:[email protected]:[email protected]..
HackerHackerHackerHacker
mmaa
iill
ttoo
::tt
hhee
bb
X7!g%k0jX7!g%k0j37**54bf(jv37**54bf(jv&8gB)£F..&8gB)£F..
X7!g%k0j37**54bf(jv&8gB)£F..X7!g%k0j37**54bf(jv&8gB)£F..
XX77
!!gg
%%kk
00jj
3377
X7!g%
k0j37**
X7!g%
k0j37**WLAN AccessWLAN AccessPointPoint
WLAN WLAN 使用者使用者
不安全的網路不安全的網路
X7!g%k0j37**
X7!g%k0j37**
意外連接到非法駭客
1. User Station 首先探測是否有 AP
建築物 A 鄰近建築物 B
ACCESS POINT
ACCESS POINT
停車場
ATTACKER
(Soft AP)
探測
探測
探測
2. AP 送回指示訊號
3. User Station 根據訊號 , 干擾…等等各式各樣因素 , 連接到最適當的 AP
Ad Hoc
Network
4. User Station 的 Ad Hoc 網路連接到 Hacker
無法控制所要連接的點 ..
WEP
•WEP (Wired Equivalent Privacy) protocol
•A key shared between all the members of the BSS
•Using RC4 stream cipher encryption algorithm
•24-bit initialization vector
•Append a CRC-32 checksum of the frame payload plaintext in
its encapsulation
802.11 Header Host (layer 3) data
CRC-32
Host (layer 3) data Integrity check value
IV Secret RC4 stream cipher
802.11 Header IV Cipher-text
key
WEP
明文明文
WEP 加密流程
WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)
IVIV
Access PointAccess PointAccess PointAccess Point無線網路用戶端無線網路用戶端無線網路用戶端無線網路用戶端
IV + WEPIV + WEPIV + WEPIV + WEP IV + WEPIV + WEPIV + WEPIV + WEP
PayloadPayloadPayloadPayload
CRCCRCCRCCRC
CRC + PayloadCRC + PayloadCRC + PayloadCRC + Payload
RC4RC4RC4RC4
XORXOR明文明文
XORXOR密文密文
RC4RC4RC4RC4
CRC + PayloadCRC + PayloadCRC + PayloadCRC + Payload
IV (Initial Vector)IV (Initial Vector)IV (Initial Vector)IV (Initial Vector)
WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)
WEP 的資料格式
RC4RC4
實際所傳送的資料實際所傳送的資料
64/128 bit 64/128 bit 加密金鑰加密金鑰
40/104 bit 40/104 bit 金鑰金鑰 24 bit IV24 bit IV
資料資料 CRCCRC
XORXOR
24 bit IV24 bit IV加密資料加密資料
輸入輸入
輸出輸出
WEP 的弱點• Initialization vector (IV)
– 24-bit 欄位 , 利用明碼進行傳送– 廠商設計不良
• 每次重新建立連線就將 IV 歸 0 • 傳送資料時將每個封包的 IV 值加 1
– IV 長度不足及重複使用機率過大• AP 以 每封包 1500-byte 在 11mbps 進行傳送 , 金
鑰約 5 小時即有可能重複 , 如果封包更小時間更短
• Integrity check (IC) 欄位– 用 CRC-32 進行錯誤判斷 , 且被放入封包中進行加密 – 無法做資料完整性確認依據Integrity protection for source and destination addresses is not provided
常見的威脅• 網路掃瞄工具
– SSID– Channel
• 窮舉攻擊法• 字典攻擊法• 緩衝區溢位攻擊• MITM (Man-In-The-Middle) 攻擊
如何強化 WLAN 的安全性• 目前的 認證解決方案
– 802.1x 身份認證機制• EAP 金鑰交換
– PEAP ( 使用者密碼 )
– TLS ( 數位憑證驗證 )
• AP 需支援– RADIUS 提供身份驗證服務– CA 進行憑證發放– Active Directory 進行身份驗證
目前的解決方案 : 802.1x
• Port-based 存取控制方式– 可以用在無線或有線網路環境– Access point 必須支援 802.1x– 不需要大幅改變現有硬體架構
• 可以使用 EAP 使用更高安全性的驗證方式– 讓用戶端選擇使用的驗證方式– Access point 不需要提供 EAP 的驗證方式
• 金鑰自動管理– 不須重新改寫無線網卡的晶片設計
加密用金鑰• 用戶端及 RADIUS 伺服器對每位使用者重新產
生 連線用 WEP 金鑰– 未在無線網路中傳送– RADIUS 伺服器 將金鑰送到 AP ( 利用共享金鑰加密
)
• Access point 使用通用 WEP 金鑰– 用來作為 AP 與用戶端初始連線驗證– 透過 EAPOW-key 訊息進行傳遞– 使用連線加密金鑰加密資料
• 連線用加密金鑰將重新產生…– 金鑰到期 ( 預設 60 分鐘 )
– 用戶端移到新的 AP
TKIP : IEEE 802.11i short-term solutionA message integrity code (MIC), called Michael,to defeat forgeries;
A packet sequencing discipline, to defeat replay attacks
A per-packet key mixing function, to prevent attack並對 source and destination address 做保護引進 IEEE 802.1X 的 key management
Long-term solutionCCMP(Counter-Mode-CBC-MAC Protocol)
選用 AES
並採取新的模式運作 protocol ,稱為 CCMP ,利用計數模式 (packet sequence) 加密,並利用 CBC-MAC 對資料完整性做保證
目前的 加密解決方案
加解密實作標準 TKIP
Authentication server
認證實作標準 IEEE802.1X
Upper layer frame
Data link layer frame
802.1x vs TKIP
WEP TKIP
Cipher Key Size(s) RC4 40 or 104-bit encryption
RC4 128-bit encryption 64-bit authentication
Key Lifetime Per-packet-key
25-bit wrapping IV Concatenate IV to base key
48-bit IV TKIP mixing function
Packet Data Replay detection
CRC-32
None
Michael
Enforcing IV sequencing
Key Management None IEEE802.1X
What’s 802.1X
• Standard for Port-based network access control.
• A basic authentication mechanism is Extensible Authentication Protocol (EAP).
802.1X Port-based Authentication
•Defines a client-server-based access control and
authentication protocol
•Restricts unauthorized clients from connecting to a LAN
(or a WLAN)
•Based on EAP (Extensible Authentication Protocol)
•Setup a RADIUS (Remote Authentication Dial-In User
Service) security system
802.1X Ports
LAN
Controlled Port Uncontrolled Port Controlled Port Uncontrolled Port
Port Unauthorized Port Authorized
Security Claims of 802.1x
Mutual Authentication
Integrity Protection
Replay Protection
Confidentiality
Key Derivation
Dictionary Attack Resistance
Fast Reconnect
Man-in-the-middle Resistance
What’s EAP
• Offers a basic framework for authentication.
• Many different authentication protocols can be used over it.
• New authentication protocols can be easily added.
Background for EAP
• EAP is originally a Point-to-Point Protocol (PPP) authentication scheme
• EAP supports multiple authentication schemes such as smart cards, Kerberos, Public Key, TLS, One Time Passwords, etc.
• EAP hides the details of the authentication scheme from those network elements that need not know
•For example in PPP, the client and the AAA (authentication, authorization, and accounting) server only need to know the EAP type, and the Network Access Server does not
• EAP is currently being used for PPP, wireless LAN and Virtual Private Network (VPN) authentication
The EAP Protocol
• A request-response protocol
• Four kinds of messages1.EAP request
2.EAP response
3.EAP success
4.EAP failure
Security claims terminology for EAP Mutual authentication The authenticator authenticates the peer and the peer
authenticates the authenticator
Integrity protection Providing data origin authentication and protection against unauthorized modification of information for EAP packets
Replay protection Against replay of an EAP method or its messages
Confidentiality The encryption of EAP messages, including EAP Requests and Responses, and method-specific success and failure indications.
Key derivation The ability of the EAP method to derive exportable keying material
Dictionary attack resistance
When there is a weak password in the secret, the method does’nt allow an attack more efficient than brute force
MIC A keyed hash function used for authentication and integrity protection of data
Cryptographic binding
A single entity has acted as the EAP peer for all methods executed within a sequence or tunnel.
RADIUS •Authentication server - Performs the actual authentication of the client
LAN architecture
WLAN architecture
IEEE 802.1x provide both authentication and key management
EAP RADIUS
WIRELESS ACCESS POINT
WLAN Bridge
Authentication & KeyManagement Module
CryptoModule
802.1X WLAN 架構WIRELESS CLIENT
WLANClient
WLAN Adapter
NetworkApplication
CertificateClient
CryptoModule
WLANDriver
NETWORK AUTHENTICATION &AUTHORIZATION SERVICE
Directory
CertificationAuthority
RADIUS(Network
Authentication andAccess Control)
Internal Network
NetworkResources
Certificate Enrollment
Certificate
Certificate
User
1
AccessPolicy
3
Key Exchange 45
WEP/WPA Encryption
Client Identification2
2
Figure of Port-based Network Access Control
802.1X Over 802.11SupplicantSupplicantSupplicantSupplicant AuthenticatorAuthenticatorAuthenticatorAuthenticator AuthenticationAuthentication
ServerServerAuthenticationAuthentication
ServerServer
802.11 802.11 associationassociation
EAPOL-startEAPOL-start
EAP-request/EAP-request/identityidentity
EAP-response/EAP-response/identityidentity
RADIUS-access-RADIUS-access-requestrequest
EAP-requestEAP-request RADIUS-access-RADIUS-access-challengechallenge
EAP-response EAP-response (credentials)(credentials)
RADIUS-access-RADIUS-access-requestrequest
EAP-successEAP-success RADIUS-access-acceptRADIUS-access-accept
EAPOW-key EAPOW-key (WEP)(WEP)
Access blockedAccess blocked
Access allowedAccess allowed
Figure of EAPOW
EAP Message Flow
802.11 association
EAPOL-Start
EAP-request/identity
EAP-response/identity
RADIUS-access-request
RADIUS-access-challengeEAP-request
EAP-response RADIUS-access-response
RADIUS-access-acceptEAP-success
EAPOW-key(WEP)
Access Blocked
Access allowed Access allowed
Supplicant Authenticator AuthenticationServer
◎EAP Architecture
802.11
EAP
TLS,SPEKE, SRP MD5, TTLS, PEAP…
802.1X
Figure of EAP network Layers
EAP-MD5 Message Flow
EAP-request/identity
EAP-response/Username
RADIUS-access-request
RADIUS-access-challengeEAP-challenge-request
EAP-challenge-response RADIUS-access-response
RADIUS-access-acceptEAP-success
Client Access Point RADIUS Server
MD5 of EAP-Message ID+Challenge + Password
Drawbacks of EAP-MD5
• No mutual Authentication.
• No Protection against offline brute-force/Dictionary based attacks on user passwords.
LEAP (EAP-Cisco Wireless)
• Username and Password based• Support for Windows platforms, Macintosh and Linux• Cisco PROPRIETARY (based on 802.1X)• Username 以明碼傳送• Password challenge and response 以明碼傳送 :會被字典攻
擊法入侵 (MSCHAP v1 hash - * ftp://ftp.isi.edu/in-notes/rfc2433.txt)
• No support for One Time Password (OTP)• 只支援 Cisco 之 Access Point, 且不 Support Token Card
EAP-TLS
• Developed by Microsoft.• Provides mutual authentication, credential security
and dynamic keys.• Requires distribution of digital certificates to all
users and RADIUS servers.• A certificate management infrastructure is required
(PKI).
STA AP
EAPoW start
EAP request, Identity
EAP response, Identity (username)
EAP response, EAP-Type(EAP/TLS)(TLS:client Hello)
RADIUS Access Request (username)
EAP request, EAP-Type(EAP/TLS)
RADIUS Access ChallengeTLS:server Hello, (TLS certificate[TLS server_key_exchange,TLS certificate_request])
RADIUS Access Challenge
RADIUS Access request(TLS:client Hello)
Random Session ID(明文,且沒有 MAC)CipherSuite list : To define a key exchange algorithm, a bulk encryption algorithm, MAC algorithm
Random number
Generally is an X.509v3 certificate
Certificate key type : encryption、 signing、 encryption+ signing
Key exchange algorithm : RSA (encryption / signing)、 Diffie-Hellman (encryption / signing) 、 DSS (signing)
[Sever Key Exchange] : extension of TLS certificate
p , g , A = gx mod p , H(ra, rb, p, g, A, S)
RADIUS Access ChallengeTLS:server Hello, TLS certificateTLS client_key_exchange,([TLS certificate_verify],TLS change_cipher_spec), TLS finished
RADIUS Access ChallengeTLS change_cipher_spec,TLS finished
Done ACK
EAP-TLS Message Flow (1/2)
Client AP
EAP-Request/Identity
EAP-Response/Identity (My ID)
EAP-Request/EAP-Type = EAP-TLS (TLS Start)
EAP-Response/EAP-Type = EAP-TLS (TLS client_hello)
EAP-Request/EAP-Type = EAP-TLS
(TLS server_hello, TLS certificate, [TLS server_key_exchange], [TLS certificate_request], TLS server_hello_done) EAP-Response/EAP-Type = EAP-TLS
(TLS certificate, TLS client_key_exchange, TLS [certificate_verify], TLS change_cipher_spec, TLS finished)
EAP-TLS Message Flow (2/2)
Supplicant Authenticator
EAP-Response/EAP-Type = EAP-TLS
(TLS change_cipher_spec, TLS finished)
EAP-Response/EAP-Type = EAP-TLS
EAP-Success or EAP-Failure
Drawbacks of EAP-TLS
• Lack of user identity protection.
• Needs client certificate in order to authenticate client.
EAP-TTLS
• Allows users to authenticate by username and password, with no loss of security
• Developed by Funk Software and Certicom
• Provides strong mutual authentication, credential security, and dynamic keys
• Requires that certificates be distributed to the RADIUS servers only, not to users
• Compatible with existing user security databases, including Windows Active Directory, token systems, SQL, LDAP, etc.( 不用改變任何環境 )
EAP-TTLS
• Requires that certificates be distributed to the authentication servers only, not to users.
• Two phases:1.Establish TLS Channel, authenticate
server (Optionally authenticate user too).
2.If the user wasn’t authenticated, use the TLS channel to authenticate user using an authentication protocol (PAP/CHAP/EAP).
EAP-TTLS Layers (1/2)
User Authentication-PAP/CHAP/EAP
TLS
EAP-TTLS
EAP
Link Layer/AAA – PPP, Radius, etc
EAP-TTLS Message Flow (1/5)
Client AP TTLS Server AAA/H Server
EAP-request/identity
EAP-response/username@realm
RADIUS-access-request:EAP-Response pass throughRADIUS-access-Challenge: EAP-Request/TTLS-StartEAP-request pass
throughEAP-Response/TTLS: Client Hello
RADIUS Access-Request: EAP-Response pass through
EAP-TTLS Message Flow (2/5)
Client AP TTLS Server AAA/H Server
RADIUS Access-Challenge: EAP-Request/TTLS: Server Hello Certificate ServerKeyExchange ServerHelloDone
EAP-request pass through
EAP-Response/TTLS: ClientKeyExchange ChangeCipherSpec Finished
RADIUS-access-request:EAP-Response pass through
EAP-TTLS Message Flow (3/5)
Client AP TTLS Server AAA/H Server
RADIUS Access-Challenge: EAP-Request/TTLS: ChangeCipherSpec Finished
EAP-request pass through
EAP-Response/TTLS: {EAP-Response/Identity}
RADIUS-access-request:EAP-Response pass through
RADIUS-access-request:EAP-Response pass through
EAP-TTLS Message Flow (4/5)
Client AP TTLS Server AAA/H Server
RADIUS Access-Challenge EAP-Request/ MD5-Challenge
RADIUS Access-Challenge: EAP-Request/TTLS: {EAP-Request/MD5-Challenge}
EAP-request pass through
EAP-Response/TTLS: {EAP-Response/MD5-Challenge}
RADIUS-access-request:EAP-Response pass through
RADIUS Access-Challenge EAP-Response/ MD5-Challenge
EAP-TTLS Message Flow (5/5)
Client AP TTLS Server AAA/H Server
RADIUS Access-Accept
RADIUS Access-Accept: EAP-Success
EAP-Success pass through
Secure password authentication tunnel
Secure data tunnel
A Comparison of methods
EAP-MD5 EAP-TLS EAP-TTLS
TYPE Password
based
Certificate
based
Hybrid
Exchange
Dynamic key
No Yes Yes
Mutual
Authentication
No Yes Yes
Certificate
Server
Client
No Yes
Yes
Yes
Yes
Yes
Optional
PEAP(Palekar et al., 2004)
1. 同 EAP-TTLS 一樣,基於 TLS 提供一個加密及以認證的通道
在 TLS 通道內進行 EAP 認證方法的認證機制2. 達到解決傳統以密碼認證方式及 EAP-TLS 所產生的問題3. 並提供雙向認證及產生動態會議金鑰的安全性。
PEAP
PEAP
A likely alternative to TLS
Support UserID and password-based authentication
Easier to deploy than certificate-based authentication
It could build up a shared key
◎SRP – Secure Remote Password(RFC 2945)
EAP-MD-5• Username and Password based• Username 以明碼傳送• Password challenge and response 以明碼傳送• 會被字典攻擊法入侵• EAP-MD5 以靜態 WEP 方式處理• 只提供 Server 認證 Client ,不提供 Client 認證
Server ,對 Client 無保障
EAP-SRP
• Based on Secure Remote Password (SRP)
• Four Subtypes of messages– 1.Challenge / Client Key
– 2.Server Key / Client Validator
– 3.Server Validator
– 4.Lightweight Rechallenge
SRP• Two Phase
– Client and server calculate and exchange public keys
– Client and server authenticate hashes based on the DH key, verifier, group, salt, username, etc.
• Using the SHA1 hash function
• The server stores user password as triplets of the form:
– {<username>, <password verifier>, <salt>}
– <salt> = random()
– x = SHA(<salt> | SHA(<username> | ":" | <raw password>))
– <password verifier> = v = g ^ x % N
– N = prime modulus; g = generator
SRP Sequence
gb(a+ux) (gagxu)b
Authentication server
ID, A = ga , a random number chosen by useru = H(A, B)
S = (Avu)b
K=H(S)
s : user’s salt
x : shared key x = H(s, H(ID||pwd))
v : Password verifier v = gx
B = v + gb
s , B = v + gb
u = H(A, B)
x = H(s, H(ID||pwd))
S = (B – gx)(a+ux)
K = H(S)
H(H(p) ⊕ H(g), H(ID), s, A, B, K)
H(A, M, K)
EAP-SPEKESimple Password Exponential Key
Exchange Protocol
Password-authenticated Diffie-Hellman key exchange
1st stage : Uses a Diffie-Hellman exchange to establish a share key K, but instead of the commonly used fixed primitive base g, a function f converts the password S in to a base for exponentiation.
Two random number RA and RB
◎SPEKE
1. The client computes : , A B :QA
2. The server computes : , B A :QB
3. The client computes :
4. The server computes :
◎SPEKE
)mod( pQhK ARB
)mod( pQhK BRA
ppwdfQ ARA mod)( 2
ppwdfQ BRB mod)( 2
2nd stage : both client and server confirm each other’s knowledge of K before proceeding to use it as a session key
◎SPEKE
Authentication server
)mod( pQhK BRA
)mod( pQhK ARB
EK(CA), CA: random number chosen by user
EK(CB ,CA), CB: random number chosen by server
EK(CB)
ID,
QB
ppwdfQ ARA mod)( 2
ppwdfQ BRB mod)( 2
Authentication server
QA, H(IDA , R2A)
QB, EK(R2A, R2B)
EK(R2B)
EAP-TYPE Re-keying Mutual authentication
UserID & Password
Attack methods
EAP-MD5 No No Yes Dictionary attackMan in middleSession hijack
EAP-TLS Yes Yes No X
EAP-SRP Yes Yes Yes ?
EAP-SPEKE Yes Yes Yes ?
EAP-TYPE Re-Keying
Mutual authentication
UserID & Password
Attack
EAP-MD5 No No Yes Dictionary attackMan-in-middle attack
Session hijacking attack
EAP-TLS Yes Yes No X
EAP-SRP Yes Yes Yes Dictionary attack ?
EAP-SPEKE Yes Yes Yes X
Improved EAP-SPEKE
Yes Yes Yes X
EAP-TYPE Round Encryptions Exponents Randoms
User Server User Server User Server
EAP-SRP 4 9 9 3 4 1 2
EAP-SPEKE 6 4 4 2 2 2 2
Improved EAP-SPEKE
4 4 4 2 2 2 2
Comparisons of EAP methods
Summary
• Practical Authentication methods of 802.1X are EAP-MD5,EAP-TLS,EAP-TTLS and PEAP.
• EAP-SIM or EAP-AKA is suitable for the Integration of Wireless LANs and Mobile Network.
802.11n is going on
• 802.11 Task Group n (TGn)• The next Wifi 802.11 Standard• Provide higher speed for new application & Market• Improve PHY & MAC Performance• Real Speed more than 108Mbps or beyond as 320Mbps• New Antenna Technology• Multiple In Multiple Out (MIMO)• To be complete at least 3 years until 2005/2006
What is MIMO?
• Multiple In Multiple Out (MIMO)• Reduce Multi-Path decline-抗多徑衰落• BLAST 演算法• 高頻譜利用率• MIMO+OFDM• 改善無線網路效能• 提高無線網路的容量及覆蓋率
Secure your wireless,802.11i• Uses the Advanced Encryption Standard
• Will be Standard in 2003/Q4~2004/Q1
• Hardware Upgrade
WEP WPA 802.11i
Cipher RC4 RC4 AES
Key Size 40bits128bits
encryption128bits
Key life 24-bits IV 48-bits IV 48-bits IV
Data Integrity CRC-32 Michael CCM
Header Integrity None Michael CCM
Key manage None EAP-based EAP-based
802.16 Wireless MAN• IEEE 802.16a (MAN)
• IEEE 802.16e(Highly Mobility)
• Broadband Wireless Access(BWA)
• 802.11=WiFi 802.16=WiMAX
• 2~11Ghz
• Speed up to 70 Mbps
• Range extend to 30miles(about 48km)
• Another Choice for “Last Mile”
WLAN + GPRS• PWLAN (Public WLAN)• GPRS 的優勢
– 涵蓋範圍廣– 安全性高
• WLAN 的優勢– 建置成本低– 免費的頻帶
• 雙網整合效益
Reference
• Wireless lan security and laboratory designs 2003 CCSC
• 無線企業網路 WLAN應用技術研討會講義 中華電信訓練所 2004 March
• WLAN security: current and future IEEE internet computing 2003 October
• 利用 Windows 的技術建置安全的無線區域網路環境 陳其元講師 資策會 教育訓練處 台北中心
• Reports from NCHU CS security lab• Reports from CYUT IM security lab