Authentication and Security in IP based Multi Hop Networks

Size: px
Start display at page:

Download "Authentication and Security in IP based Multi Hop Networks"

Transcription

1 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security and authentication are very important for all kinds of communication networks to assure network stability and to avoid subscription fraud. In the last years even for wireless local area networks mechanisms have been found to support both in a cellular network. In multi hop networks based on IEEE802.11, security and authentication are still open issues. Mainly the low price of the network infrastructure makes this kind of networks vulnerable. Within the scope of this paper we describe the application of IEEE in combination with UMTS Authentication and Key Agreement (AKA) to enable authentication and security in multi hop networks. keywords: IP security,, multi hop, ad hoc, TLS, WEP, EAP, PEAP, EAPoL, UMTS AKA I. INTRODUCTION In all kinds of communication systems, authentication and security have always been an important issue. Especially for wireless communications with low infrastructure costs such as wireless local area networks (WLANs), where the signals are transmitted over a wide area (not knowing about frontiers or building borders) authentication and security is crucial. Authentication in WLANs based on IEEE can be done through an access control list. All MAC addresses that are allowed to access the network via an access point are stored in this list. The MAC addresses are hard coded on the RF cards. The problem of this approach is based on the fact that not the customer, but the MAC address on the RF card is authenticated. In this case, any other person may access the network if he is in possession of the card. This unauthorized access is available until the real owner knows about the stolen card and the MAC address is deleted from the access control list. Furthermore, this authentication mechanism entails a large administration complexity, which is not negligible for a closed user group such as an office, but will be dramatically in publicly accessable networks (even more if we focus on multi hop networks). Another possibility (and this is even more critical) to get access for an unauthorized person is to spoof MAC addresses. In a case where a hacker knows the MAC address, it is possible for him to make any card look like an authorized card. For this action, a good knowledge of programming is necessary, but in this case the unauthorized access is very hard to detect in comparison to a stolen card. Further technologies such as Wired Encryption Privacy (WEP) which is based on shared keys has also some shortcomings and is not considered as useful solution to the problem of security in wireless environments [7]. A. IEEE Therefore new mechanisms were found to support authentication and security. IEEE [9] is part of the IEEE802.1 standard family that defines management functionality for IEEE802 based networks. Designed for securing wired and also wireless networks like the IEEE802.11, the WLAN standard defines a generic framework that is able to use different authentication mechanisms without implementing these mechanisms outside the back-end authentication infrastructure and the client devices. Independence of individual authentication methods is achieved by utilizing the Extensible Authentication Protocol (EAP) [5] that defines a generic container to convey authentication method PDUs. EAP messages are exchanged on the air interface between the mobile device (known as supplicant in terminology) and base station (authenticator) by using an encapsulating protocol (EAP over LAN/EAPoL). On client side, is already available in the WindowsXP operating system. Additionally, acticom offers the client support for BSD style operating systems (including MacOS X, OpenBSD), Linux operating systems, Windows 98/2000/ME, and portability to any Un*x operating system. acticom GmbH mobile networks; R & D Group; Am Borsigturm 42; Berlin; Germany [fitzek koepsel

2 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Client Network Access Server / NAS RADIUS Server supplicant authenticator backend auth server Ethernet EAPoL EAP EAP Payload CRC IP UDP RADIUS EAP EAP Payload Fig. 1 INTERACTION OF SUPPLICANT, AUTHENTICATOR AND BACKEND AUTHENTICATION SERVER AND BLOCKING DEVICE. B. Security protocols on top of IEEE Although defining an authentication framework, IEEE does not specify encryption, message integrity checking, or message authentication by itself, but sustains on an underlying secure communication channel. In wireless environments offering public access, an encryption of the air interface might not be available when processing the authentication exchange. This is true especially for WLAN systems where a shared key between client and base station is required to run Wired Equivalent Privacy (WEP). Care must be taken to secure the authentication phase in. A reasonable solution is the integration of Transport Layer Security (TLS) resulting in EAP TLS as specified in [2]. TLS [6] is the IETF successor to the Secure Socket Layer (SSL) technology and was defined to prevent eavesdropping, replay attack detection and message tampering offering protection to the authentication process. TLS uses public key cryptography to provide mutual authentication and secure data exchange. However, TLS demands special requirements on network operators when deploying certificates to customers and network access systems. To overcome these problems that arise from certificate management, an extension to EAP TLS was suggested: Protected EAP. PEAP uses the TLS handshake solely for identifying the network to a client device thus abandoning the need of assigning signed certificates to individual client devices. Client authentication is done inside the established TLS tunnel, profiting from the benefits of TLS communication. Any EAP based authentication method might be used inside the established secure channel. Figure 1 shows the interaction of supplicant, authenticator and back-end authentication server and blocking device with the various authentication and security protocols for a cellular approach. UMTS Authentication and Key Agreement (UMTS AKA) specified in [1] is mainly based on a challenge response mechanism, and in contrast to GSM AKA it enables mutual authentication. UMTS AKA works in the following manner: As given in Figure 2, the mobile terminal and the home environment agree on a secret key identifying the terminal. Whenever a Visitor Location Register (VLR) or Serving GPRS Support Node (SGSN) wants to authenticate the terminal, they convey a request of authentication data to the HLR. The HLR computes a set of authentication vectors and sent it back to the VLR/SGSN. After this exchange, the VLR/SGSN sends an authentication request to the terminal, including the Random Challenge (RAND) and the Authentication Token (AUTN). With this information and its private key (only now to this terminal and the home network), the terminal knows that this message was produced by the home network and retransmits the authentication response. By means of this information exchange the terminal is able to compute confidentiality key (CK) and integrity key (IK), while the VLR selects a CK and an IK. A specification of the EAP mechanism to distribute these authentication keys by the means of UMTS AKA is given in [4]. The authors of [4] write that the combination of AKA and EAP enables new applications such as (i) secure PPP authentication for devices with a User Services Identity Module (USIM), (ii) relaying on AKA and the network with any other device that use also EAP, and finally (iii) the usage of 3G authentication capabilities in wireless LANs with IEEE extensions [9]. The last application (iii) is used within the scope of this document. Interested readers are referred to the following documents for further informations [10], [12], [1], [4].

3 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Terminal NodeB RNC VLR/SGSN HLR authentication request authentication response user authentication request (RAND AUTH) user authentication response (RES) CK and IK computed CK and IK selected Fig. 2 UMTS AUTHENTICATION AND KEY AGREEMENT UMTS AKA. II. AUTHENTICATION AND SECURITY FOR MULTI HOP NETWORKS For our approach, we assume that we have an IEEE enabled access point with fixed connection to the Internet. This access point is under the control of the network provider and can be seen as the access to the home network. A subset of the wireless and mobile terminals can transmit directly to the access point. Other terminals may use the multi hop capability of terminals or virtual access points (VAP) [11], [8] which are already connected to the home network. Within the provider s network an AAA server exists. The main problem that arises in multi hop networks in terms of security is the authentication process. The authentication of nodes is not only important for the customer to avoid subscription fraud, but even for the network itself. The source of a packet has to be clearly identified to avoid the situation of hacked routing messages (hacker attack to destroy routing lists). This is even true for the DNS service, the DCHP service, and to avoid denial of service attacks. The question arises, how a client achieves a valid shared secret key and how long is this key valid. Furthermore, how can the key be transported over a multi hop network in a secure manner? For the following example, we assume that we have one access point with a wired connection and an already established and secure multi hop network as given in Figure 3. The wireless terminals in the multi hop network can either be virtual access points or other customers that are connected to the multi hop network. For illustration purpose, we assume that we have already a group of authenticated terminals or/and virtual access points. Now a new client comes to the network without direct connectivity to the access point with wired Internet connection. The -EAP framework described above is then used for the exchange of authentication data. Each supplicant of the multi hop network using the mechanism has to be able to deal with multiple server responses, because each authenticated client works as a virtual access point. On top of the EAP, we advocate to use UMTS AKA instead of PEAP or TLS/TTLS. Using UMTS AKA the authenticating client or virtual access point shall not know the secret user keys of the new arrived client. Simultaneously, the transportation of encapsulated frames over the multi hop network has to be avoided. Therefore the new non authenticated client (supplicant) passes its client ID to the authenticating client (authenticator). The authenticator (using his secure communication channel) connects to the AAA of the provider, asking a set of authentication data as described above for UMTS AKA. With this authentication data (auth-challenge/response), the authenticator is able to authenticate the supplicant using UMTS AKA-over-EAP without knowing the supplicant s ID or password. While the authentication is in process, the authenticator receives the Chal-Resp-Block. The Chal- Resp-Block allows to generate a shared secret key between provider network and supplicant. The shared secret key

4 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER is not known to any of the authenticated clients, but only to the supplicant and the provider. At the same time, the supplicant needs shared secret keys to sign packets for Routing/DNS/DHCP known to all authenticated clients. After this procedure the new client is authenticated and he can use the classical DCHP service and authenticate packets belonging to the network in a secure manner. This approach is more suited as a simple distribution of pre shared TLS certificates. In case one virtual access point get stolen the ID and password are simply deleted in the centralized AAA server without using revocation lists. This helps to keep the administration complexity low. After having authenticated a user, privacy has to be assured. For communication between the provider network and the client, the shared secret key from the authentication process is used. By means of this procedure not even other authenticated wireless terminals can listen to the communication. For the communication between two wireless terminals within the same multi hop network, two possibilities exist. Obviously, the first is to communicate using the access point, but this would be not bandwidth efficient. For a direct communication (even over other multiple wireless terminals), a mechanism has to be found to generate a new secret key, because the keys for the communication with the access point are different. New Client Clients Clients Client UMTS AKA VAP AP AAA authenticated Fig. 3 MULTI HOP NETWORK WITH VAPS AND THE USED AUTHENTICATION AND SECURITY PROTOCOLS. III. CONCLUSION We advocate the use of IEEE EAP and UMTS AKA for authentication and security in multi hop networks. By means of an example we have shown a possible authentication process within a multi hop network. In our future work we will build up a test bed to show the feasibility of our approach using acticom s security stack [3]. REFERENCES [1] 3rd Generation Partnership Project. Security Architecture. 3GPP, June Release 5. 2 [2] B. Aboba and D. Simon. PPP EAP TLS Authentication Protocol. IETF RFC 2716, October [3] acticom. IEEE Wireless Authentication Module, [4] J. Arkko and H. Haverinen. EAP AKA Authentication. IETF, December [5] L. Blunk and J. Vollbrecht. PPP Extensible Authentication Protocol (EAP). IETF RFC 2284, March [6] T. Dierks and C. Allen. The TLS Protocol Version 1.0. IETF RFC 2246, January [7] Ericsson. Introduction of IEEE Security. 3GPP TSG SA WG3 Security, July

5 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER [8] F.H.P. Fitzek, P. Seeling, and M. Reisslein. Reference Models and Related Business Cases for Ad-Hoc Networks. In In Proceedings of Wireless World Research Forum 6 (WWRF6) Section WG4 Section WG4, June London. 3 [9] IEEE802. Standards for Local and Metropolitan Area Networks: Port-Based Network Access Control. IEEE 802.1X-2001, March , 2 [10] G. M. Koien. An evolved UMTS Network Domain Security Architecture. Technical Report N28/2002, Telenor, September [11] S. Krco, B. Hunt, and F.H.P. Fitzek. WhitePaper on Ad Hoc networks. In In Proceedings of Wireless World Research Forum 6 WG4, June [12] Nokia. UMTS AKA in SIP. 3GPP TSG WG3 Security - S3 14, August

Security and Authentication Concepts

Security and Authentication Concepts Security and Authentication Concepts for UMTS/WLAN Convergence F. Fitzek M. Munari V. Pastesini S. Rossi L. Badia Dipartimento di Ingegneria, Università di Ferrara, via Saragat 1, 44100 Ferrara, Italy

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Interworking Security in Heterogeneous Wireless IP Networks

Interworking Security in Heterogeneous Wireless IP Networks Interworking Security in Heterogeneous Wireless IP Networks Wenhui Zhang University of Stuttgart, Institute of Communication Networks and Computer Engineering IKR, Pfaffenwaldring 47, D-70569 Stuttgart,

More information

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 1 Dept of CSE, P.A.College of Engineering 2 Dept of CSE, Srnivas institute

More information

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

How to secure an LTE-network: Just applying the 3GPP security standards and that's it? How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro

More information

Network A. Network. Network C. Network B

Network A. Network. Network C. Network B Post-IP technologies virtualization and security Guy Pujolle 1 Virtualization for a post-ip network 2 Geni Intel would like to propose a generic router Intel proposes to have a generic hardware with virtual

More information

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless security. Any station within range of the RF receives data Two security mechanism 802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Chapter 10 Security Protocols of the Data Link Layer

Chapter 10 Security Protocols of the Data Link Layer Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols

More information

WIRELESS NETWORK SECURITY

WIRELESS NETWORK SECURITY WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a

More information

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description

More information

Lecture 3. WPA and 802.11i

Lecture 3. WPA and 802.11i Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture

More information

WLAN security. Contents

WLAN security. Contents Contents WEP (Wired Equivalent Privacy) No key management Authentication methods Encryption and integrity checking WPA (WiFi Protected Access) IEEE 802.1X authentication framework Practical example using

More information

Mobile Office Security Requirements for the Mobile Office

Mobile Office Security Requirements for the Mobile Office Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used

More information

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné

More information

Wireless LAN Security Mechanisms

Wireless LAN Security Mechanisms Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Study on VLAN in Wireless Networks

Study on VLAN in Wireless Networks Study on VLAN in Wireless Networks Rajul Chokshi and Dr. Chansu Yu Department of Electrical and Computer Engineering Cleveland State University Cleveland, Ohio 44115 April 30, 2007 Abstract This technical

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights

More information

1. Scope and objectives. 2 Introduction IEEE GPP TSG SA WG3 Security S July 9 July 12, 2002 Helsinki, Finland

1. Scope and objectives. 2 Introduction IEEE GPP TSG SA WG3 Security S July 9 July 12, 2002 Helsinki, Finland TSG SA WG3 Security S3-020341 July 9 July 12, 2002 Helsinki, Finland Agenda Item: 7.9 Source: Ericsson Title: Introduction of IEEE 802.11 Security Document for: Discussion 1. Scope and objectives This

More information

Authentication, Authorization and Accounting (AAA) Protocols

Authentication, Authorization and Accounting (AAA) Protocols Authentication, Authorization and Accounting (AAA) Protocols Agententechnologien in der Telekommunikation Sommersemester 2009 Babak Shafieian babak.shafieian@dai-labor.de 10.06.2009 Agententechnologien

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key

More information

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server

EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server Application Note EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server Introduction The demand for wireless LAN (WLAN) access to the public IP network is growing rapidly. It is only

More information

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks Avesh K. Agarwal Wenye Wang Department of Electrical and Computer Engineering North Carolina State University,

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

7.1. Remote Access Connection

7.1. Remote Access Connection 7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to

More information

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD [0001] The disclosure relates to mobile networks and, more specifically, to wireless

More information

Security Evaluation of CDMA2000

Security Evaluation of CDMA2000 Security Evaluation of CDMA2000 L. Ertaul 1, S. Natte 2, and G. Saldamli 3 1 Mathematics and Computer Science, CSU East Bay, Hayward, CA, USA 2 Mathematics and Computer Science, CSU East Bay, Hayward,

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved. Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and

More information

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2 BSc (Hons.) Computer Science with Network Security BCNS/09/FT Examinations for 2011/2012 - Semester 2 MODULE: WIRELESS NETWORK SECURITY MODULE CODE: SECU 3105 Duration: 2 Hours 15 Minutes Reading time:

More information

3GPP TS v6.4.0 ( ) CR page 1. 3GPP TSG SA WG3 Security SA3#35 S October 5-8, 2004, St Paul's Bay, Malta CHANGE REQUEST

3GPP TS v6.4.0 ( ) CR page 1. 3GPP TSG SA WG3 Security SA3#35 S October 5-8, 2004, St Paul's Bay, Malta CHANGE REQUEST 3GPP TS 33.203v6.4.0 (2004-09) CR page 1 3GPP TSG SA WG3 Security SA3#35 S3-040721 October 5-8, 2004, St Paul's Bay, Malta CHANGE REQUEST 33.203 CR 073 rev - Current version: 6.4.0 CR-Form-v7.1 For HELP

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

A Call Conference Room Interception Attack and its Detection

A Call Conference Room Interception Attack and its Detection A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany

3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany 3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany Title: Response to: Source: To: Cc: Liaison on HTTP Security investigation within IMS LS S3-020475 (S2-022609) on Liaison on Security

More information

FMC (Fixed Mobile Convergence)

FMC (Fixed Mobile Convergence) FMC (Fixed Mobile Convergence) What About Security? Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com Agenda Introduction - FMC? WIFI-SIP overview UMA overview

More information

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer

More information

A NEW SIGNALLING PROTOCOL FOR SEAMLESS ROAMING IN HETEROGENEOUS WIRELESS SYSTEMS

A NEW SIGNALLING PROTOCOL FOR SEAMLESS ROAMING IN HETEROGENEOUS WIRELESS SYSTEMS A NEW SIGNALLING PROTOCOL FOR SEAMLESS ROAMING IN HETEROGENEOUS WIRELESS SYSTEMS Azita Laily Yusof, Mahamod Ismail, Norbahiah Misran Dept of Electrical, Electronic & System Engineering, Universiti Kebangsaan

More information

Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper

Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper Bosch Security Systems Video Systems Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper 4 July 2016 Secure the edge of the network Security devices are mostly located

More information

Extensible Authentication Protocol (EAP) Security Issues

Extensible Authentication Protocol (EAP) Security Issues Sotillo ECU 1 Extensible Authentication Protocol (EAP) Security Issues Samuel Sotillo, Dept. of Technology Systems, East Carolina University Abstract This document describes the Extensible Authentication

More information

UMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003

UMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms

More information

Security in Wireless Local Area Network

Security in Wireless Local Area Network Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June

More information

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:

More information

Your 802.11 Wireless Network has No Clothes

Your 802.11 Wireless Network has No Clothes Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract

More information

Chapter 6 CDMA/802.11i

Chapter 6 CDMA/802.11i Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Industrial Communication. Securing Industrial Wireless

Industrial Communication. Securing Industrial Wireless Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...

More information

Enterprise VoIP Services over Mobile Ad-Hoc Technologies

Enterprise VoIP Services over Mobile Ad-Hoc Technologies Enterprise VoIP Services over Mobile Ad-Hoc Technologies 1 System Architecture Figure 1 illustrates the system architecture. We can divide it into 2 parts. One is the Mobile VoIP Box (MVB) node and the

More information

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions

More information

Huawei WLAN Authentication and Encryption

Huawei WLAN Authentication and Encryption Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions

More information

Design of a Network Security Testing Environment

Design of a Network Security Testing Environment Design of a Network Security Testing Environment T. Andrew Yang (yang@cl.uh.edu) 1 Overview The primary objective of designing a high-speed networking environment is to build a set of interconnected networks

More information

Wireless Technology Seminar

Wireless Technology Seminar Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available

More information

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks

More information

GSM and UMTS security

GSM and UMTS security 2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

Computer Networks. Secure Systems

Computer Networks. Secure Systems Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to

More information

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com

Wireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract

More information

Chapter 2 Wireless Networking Basics

Chapter 2 Wireless Networking Basics Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Providing Security in 4G Systems: Unveiling the Challenges

Providing Security in 4G Systems: Unveiling the Challenges Providing Security in 4G Systems: Unveiling the Challenges Mahdi Aiash, Glenford Mapp and Aboubaker Lasebae School of Engineering and Information Science Middlesex University London, UK {M.Aiash, G.Mapp,

More information

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Mobile Devices Security: Evolving Threat Profile of Mobile Networks Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper

More information

Certified Wireless Security Professional (CWSP) Course Overview

Certified Wireless Security Professional (CWSP) Course Overview Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption

More information

802.1x in the Enterprise Network

802.1x in the Enterprise Network 802.1x in the Enterprise Network Harrison Forest ICTN 6823 Abstract: This paper aims to provide a general over view of 802.1x authentication and its growing importance on enterprise networks today. It

More information

Acceleration of Data through SSL Virtual Private Networks

Acceleration of Data through SSL Virtual Private Networks Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private

More information

Wireless LAN Security In a Campus Environment

Wireless LAN Security In a Campus Environment Wireless LAN Security In a Campus Environment Clark Gaylord and Steven Lee Virginia Tech Introduction With the September 1999 ratification of the 802.11b standard by the Institute of Electrical and Electronic

More information

Operator-based Over-the-air M2M Wireless Sensor Network Security

Operator-based Over-the-air M2M Wireless Sensor Network Security Operator-based Over-the-air M2M Wireless Sensor Network Security Sachin Agarwal Christoph Peylo Deutsche Telekom A.G., Laboratories Ernst-Reuter-Platz 7 10587 Berlin DE Email: {sachin.agarwal, christoph.peylo}@telekom.de

More information

TLS and SRTP for Skype Connect. Technical Datasheet

TLS and SRTP for Skype Connect. Technical Datasheet TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security

More information

The Importance of Wireless Security

The Importance of Wireless Security The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be

More information

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius is... Multiple protocoles : RADIUS, EAP... An Open-Source

More information

m-trilogix White Paper on Security in Wireless Networks

m-trilogix White Paper on Security in Wireless Networks m-trilogix White Paper on Security in Wireless Networks Executive Summary Wireless local area networks (WLANs) based on IEEE 802.11b (Wi-Fi) will ship, according to a Cahners- Instat study, 23.6 million

More information

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

Data Integrity and Network Security in Wireless LAN/3G Integrated Networks

Data Integrity and Network Security in Wireless LAN/3G Integrated Networks Data Integrity and Network Security in Wireless LAN/3G Integrated Networks International Workshop on Internet Security and Management 2004 Sendai, Japan, Jan. 29, 2004 Abbas Jamalipour a.jamalipour jamalipour@ieee.org

More information

An Architectural Framework for Providing WLAN Roaming

An Architectural Framework for Providing WLAN Roaming An Architectural Framework for Providing WLAN Roaming D.Vassis, G.Kormentzas Dept. of Information and Communication Systems Engineering University of the Aegean GR-83200, Karlovassi, GREECE emails:{divas;

More information

Wireless Network Security and Interworking

Wireless Network Security and Interworking Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH Invited Paper A variety of wireless technologies have been standardized and commercialized, but

More information

Network Access Control and Cloud Security

Network Access Control and Cloud Security Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

vwlan External RADIUS 802.1x Authentication

vwlan External RADIUS 802.1x Authentication 6ABSCG0002-29B July 2013 Configuration Guide vwlan External RADIUS 802.1x Authentication This configuration guide provides an in-depth look at external Remote Authentication Dial-In User Service (RADIUS)

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved.

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved. White Paper Wireless LAN Security Copyright 2002-2003 Madge Limited. All rights reserved. 1 Introduction As wireless LANs become widely deployed, and the business benefits become clear, concern has grown

More information

2. Archtiecture overview related to support for use of a reverse http proxy

2. Archtiecture overview related to support for use of a reverse http proxy 3GPP TSG SA WG3#30 S3-030576 6-10 Okt 2003 Povoa de Varzim, Porugal Agenda Item: Source: Title: Document for: GBA Alcatel Comparison of different solutions for GBA and AP based AS: standard TLS versus

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

WLAN Security. Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir

WLAN Security. Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir WLAN Security Mustafa Hibic, Panteleimon Cheropoulos and Altan Koray Aydemir Chapters 1. Introductions 2. Modes of Unauthorized Access 3. Security Measures 4. Wired Equivalent Privacy (WEP) 5. Wi-Fi Protected

More information

Belnet Networking Conference 2013

Belnet Networking Conference 2013 Belnet Networking Conference 2013 Thursday 12 December 2013 @ http://events.belnet.be Workshop roaming services: eduroam / govroam Belnet Aris Adamantiadis, Nicolas Loriau Bruxelles 05 December 2013 Agenda

More information

CS 356 Lecture 29 Wireless Security. Spring 2013

CS 356 Lecture 29 Wireless Security. Spring 2013 CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

TLS/SSL in distributed systems. Eugen Babinciuc

TLS/SSL in distributed systems. Eugen Babinciuc TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History

More information

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS

More information

White paper. Wireless Security: It s Like Securing Your Home

White paper. Wireless Security: It s Like Securing Your Home White paper Wireless Security: It s Like Securing Your Home WLAN SECURITY IS JUST LIKE YOUR HOUSE Imagine your home, filled with the people you love and your prized possessions. You open all the windows

More information

Security Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra

Security Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra Security Architecture in UMTS Third Generation Cellular Networks Tomás Balderas-Contreras René A. Cumplido-Parra Reporte Técnico No. CCC-04-002 27 de febrero de 2004 Coordinación de Ciencias Computacionales

More information