Authentication and Security in IP based Multi Hop Networks
|
|
- Cornelia Hicks
- 8 years ago
- Views:
Transcription
1 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security and authentication are very important for all kinds of communication networks to assure network stability and to avoid subscription fraud. In the last years even for wireless local area networks mechanisms have been found to support both in a cellular network. In multi hop networks based on IEEE802.11, security and authentication are still open issues. Mainly the low price of the network infrastructure makes this kind of networks vulnerable. Within the scope of this paper we describe the application of IEEE in combination with UMTS Authentication and Key Agreement (AKA) to enable authentication and security in multi hop networks. keywords: IP security,, multi hop, ad hoc, TLS, WEP, EAP, PEAP, EAPoL, UMTS AKA I. INTRODUCTION In all kinds of communication systems, authentication and security have always been an important issue. Especially for wireless communications with low infrastructure costs such as wireless local area networks (WLANs), where the signals are transmitted over a wide area (not knowing about frontiers or building borders) authentication and security is crucial. Authentication in WLANs based on IEEE can be done through an access control list. All MAC addresses that are allowed to access the network via an access point are stored in this list. The MAC addresses are hard coded on the RF cards. The problem of this approach is based on the fact that not the customer, but the MAC address on the RF card is authenticated. In this case, any other person may access the network if he is in possession of the card. This unauthorized access is available until the real owner knows about the stolen card and the MAC address is deleted from the access control list. Furthermore, this authentication mechanism entails a large administration complexity, which is not negligible for a closed user group such as an office, but will be dramatically in publicly accessable networks (even more if we focus on multi hop networks). Another possibility (and this is even more critical) to get access for an unauthorized person is to spoof MAC addresses. In a case where a hacker knows the MAC address, it is possible for him to make any card look like an authorized card. For this action, a good knowledge of programming is necessary, but in this case the unauthorized access is very hard to detect in comparison to a stolen card. Further technologies such as Wired Encryption Privacy (WEP) which is based on shared keys has also some shortcomings and is not considered as useful solution to the problem of security in wireless environments [7]. A. IEEE Therefore new mechanisms were found to support authentication and security. IEEE [9] is part of the IEEE802.1 standard family that defines management functionality for IEEE802 based networks. Designed for securing wired and also wireless networks like the IEEE802.11, the WLAN standard defines a generic framework that is able to use different authentication mechanisms without implementing these mechanisms outside the back-end authentication infrastructure and the client devices. Independence of individual authentication methods is achieved by utilizing the Extensible Authentication Protocol (EAP) [5] that defines a generic container to convey authentication method PDUs. EAP messages are exchanged on the air interface between the mobile device (known as supplicant in terminology) and base station (authenticator) by using an encapsulating protocol (EAP over LAN/EAPoL). On client side, is already available in the WindowsXP operating system. Additionally, acticom offers the client support for BSD style operating systems (including MacOS X, OpenBSD), Linux operating systems, Windows 98/2000/ME, and portability to any Un*x operating system. acticom GmbH mobile networks; R & D Group; Am Borsigturm 42; Berlin; Germany [fitzek koepsel seeling]@acticom.de
2 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Client Network Access Server / NAS RADIUS Server supplicant authenticator backend auth server Ethernet EAPoL EAP EAP Payload CRC IP UDP RADIUS EAP EAP Payload Fig. 1 INTERACTION OF SUPPLICANT, AUTHENTICATOR AND BACKEND AUTHENTICATION SERVER AND BLOCKING DEVICE. B. Security protocols on top of IEEE Although defining an authentication framework, IEEE does not specify encryption, message integrity checking, or message authentication by itself, but sustains on an underlying secure communication channel. In wireless environments offering public access, an encryption of the air interface might not be available when processing the authentication exchange. This is true especially for WLAN systems where a shared key between client and base station is required to run Wired Equivalent Privacy (WEP). Care must be taken to secure the authentication phase in. A reasonable solution is the integration of Transport Layer Security (TLS) resulting in EAP TLS as specified in [2]. TLS [6] is the IETF successor to the Secure Socket Layer (SSL) technology and was defined to prevent eavesdropping, replay attack detection and message tampering offering protection to the authentication process. TLS uses public key cryptography to provide mutual authentication and secure data exchange. However, TLS demands special requirements on network operators when deploying certificates to customers and network access systems. To overcome these problems that arise from certificate management, an extension to EAP TLS was suggested: Protected EAP. PEAP uses the TLS handshake solely for identifying the network to a client device thus abandoning the need of assigning signed certificates to individual client devices. Client authentication is done inside the established TLS tunnel, profiting from the benefits of TLS communication. Any EAP based authentication method might be used inside the established secure channel. Figure 1 shows the interaction of supplicant, authenticator and back-end authentication server and blocking device with the various authentication and security protocols for a cellular approach. UMTS Authentication and Key Agreement (UMTS AKA) specified in [1] is mainly based on a challenge response mechanism, and in contrast to GSM AKA it enables mutual authentication. UMTS AKA works in the following manner: As given in Figure 2, the mobile terminal and the home environment agree on a secret key identifying the terminal. Whenever a Visitor Location Register (VLR) or Serving GPRS Support Node (SGSN) wants to authenticate the terminal, they convey a request of authentication data to the HLR. The HLR computes a set of authentication vectors and sent it back to the VLR/SGSN. After this exchange, the VLR/SGSN sends an authentication request to the terminal, including the Random Challenge (RAND) and the Authentication Token (AUTN). With this information and its private key (only now to this terminal and the home network), the terminal knows that this message was produced by the home network and retransmits the authentication response. By means of this information exchange the terminal is able to compute confidentiality key (CK) and integrity key (IK), while the VLR selects a CK and an IK. A specification of the EAP mechanism to distribute these authentication keys by the means of UMTS AKA is given in [4]. The authors of [4] write that the combination of AKA and EAP enables new applications such as (i) secure PPP authentication for devices with a User Services Identity Module (USIM), (ii) relaying on AKA and the network with any other device that use also EAP, and finally (iii) the usage of 3G authentication capabilities in wireless LANs with IEEE extensions [9]. The last application (iii) is used within the scope of this document. Interested readers are referred to the following documents for further informations [10], [12], [1], [4].
3 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER Terminal NodeB RNC VLR/SGSN HLR authentication request authentication response user authentication request (RAND AUTH) user authentication response (RES) CK and IK computed CK and IK selected Fig. 2 UMTS AUTHENTICATION AND KEY AGREEMENT UMTS AKA. II. AUTHENTICATION AND SECURITY FOR MULTI HOP NETWORKS For our approach, we assume that we have an IEEE enabled access point with fixed connection to the Internet. This access point is under the control of the network provider and can be seen as the access to the home network. A subset of the wireless and mobile terminals can transmit directly to the access point. Other terminals may use the multi hop capability of terminals or virtual access points (VAP) [11], [8] which are already connected to the home network. Within the provider s network an AAA server exists. The main problem that arises in multi hop networks in terms of security is the authentication process. The authentication of nodes is not only important for the customer to avoid subscription fraud, but even for the network itself. The source of a packet has to be clearly identified to avoid the situation of hacked routing messages (hacker attack to destroy routing lists). This is even true for the DNS service, the DCHP service, and to avoid denial of service attacks. The question arises, how a client achieves a valid shared secret key and how long is this key valid. Furthermore, how can the key be transported over a multi hop network in a secure manner? For the following example, we assume that we have one access point with a wired connection and an already established and secure multi hop network as given in Figure 3. The wireless terminals in the multi hop network can either be virtual access points or other customers that are connected to the multi hop network. For illustration purpose, we assume that we have already a group of authenticated terminals or/and virtual access points. Now a new client comes to the network without direct connectivity to the access point with wired Internet connection. The -EAP framework described above is then used for the exchange of authentication data. Each supplicant of the multi hop network using the mechanism has to be able to deal with multiple server responses, because each authenticated client works as a virtual access point. On top of the EAP, we advocate to use UMTS AKA instead of PEAP or TLS/TTLS. Using UMTS AKA the authenticating client or virtual access point shall not know the secret user keys of the new arrived client. Simultaneously, the transportation of encapsulated frames over the multi hop network has to be avoided. Therefore the new non authenticated client (supplicant) passes its client ID to the authenticating client (authenticator). The authenticator (using his secure communication channel) connects to the AAA of the provider, asking a set of authentication data as described above for UMTS AKA. With this authentication data (auth-challenge/response), the authenticator is able to authenticate the supplicant using UMTS AKA-over-EAP without knowing the supplicant s ID or password. While the authentication is in process, the authenticator receives the Chal-Resp-Block. The Chal- Resp-Block allows to generate a shared secret key between provider network and supplicant. The shared secret key
4 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER is not known to any of the authenticated clients, but only to the supplicant and the provider. At the same time, the supplicant needs shared secret keys to sign packets for Routing/DNS/DHCP known to all authenticated clients. After this procedure the new client is authenticated and he can use the classical DCHP service and authenticate packets belonging to the network in a secure manner. This approach is more suited as a simple distribution of pre shared TLS certificates. In case one virtual access point get stolen the ID and password are simply deleted in the centralized AAA server without using revocation lists. This helps to keep the administration complexity low. After having authenticated a user, privacy has to be assured. For communication between the provider network and the client, the shared secret key from the authentication process is used. By means of this procedure not even other authenticated wireless terminals can listen to the communication. For the communication between two wireless terminals within the same multi hop network, two possibilities exist. Obviously, the first is to communicate using the access point, but this would be not bandwidth efficient. For a direct communication (even over other multiple wireless terminals), a mechanism has to be found to generate a new secret key, because the keys for the communication with the access point are different. New Client Clients Clients Client UMTS AKA VAP AP AAA authenticated Fig. 3 MULTI HOP NETWORK WITH VAPS AND THE USED AUTHENTICATION AND SECURITY PROTOCOLS. III. CONCLUSION We advocate the use of IEEE EAP and UMTS AKA for authentication and security in multi hop networks. By means of an example we have shown a possible authentication process within a multi hop network. In our future work we will build up a test bed to show the feasibility of our approach using acticom s security stack [3]. REFERENCES [1] 3rd Generation Partnership Project. Security Architecture. 3GPP, June Release 5. 2 [2] B. Aboba and D. Simon. PPP EAP TLS Authentication Protocol. IETF RFC 2716, October [3] acticom. IEEE Wireless Authentication Module, [4] J. Arkko and H. Haverinen. EAP AKA Authentication. IETF, December [5] L. Blunk and J. Vollbrecht. PPP Extensible Authentication Protocol (EAP). IETF RFC 2284, March [6] T. Dierks and C. Allen. The TLS Protocol Version 1.0. IETF RFC 2246, January [7] Ericsson. Introduction of IEEE Security. 3GPP TSG SA WG3 Security, July
5 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER [8] F.H.P. Fitzek, P. Seeling, and M. Reisslein. Reference Models and Related Business Cases for Ad-Hoc Networks. In In Proceedings of Wireless World Research Forum 6 (WWRF6) Section WG4 Section WG4, June London. 3 [9] IEEE802. Standards for Local and Metropolitan Area Networks: Port-Based Network Access Control. IEEE 802.1X-2001, March , 2 [10] G. M. Koien. An evolved UMTS Network Domain Security Architecture. Technical Report N28/2002, Telenor, September [11] S. Krco, B. Hunt, and F.H.P. Fitzek. WhitePaper on Ad Hoc networks. In In Proceedings of Wireless World Research Forum 6 WG4, June [12] Nokia. UMTS AKA in SIP. 3GPP TSG WG3 Security - S3 14, August
Security and Authentication Concepts
Security and Authentication Concepts for UMTS/WLAN Convergence F. Fitzek M. Munari V. Pastesini S. Rossi L. Badia Dipartimento di Ingegneria, Università di Ferrara, via Saragat 1, 44100 Ferrara, Italy
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationInterworking Security in Heterogeneous Wireless IP Networks
Interworking Security in Heterogeneous Wireless IP Networks Wenhui Zhang University of Stuttgart, Institute of Communication Networks and Computer Engineering IKR, Pfaffenwaldring 47, D-70569 Stuttgart,
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationHow to secure an LTE-network: Just applying the 3GPP security standards and that's it?
How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro
More informationChapter 10 Security Protocols of the Data Link Layer
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2006/2007 10.1 Scope of Link Layer Security Protocols
More informationA Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2
A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 1 Dept of CSE, P.A.College of Engineering 2 Dept of CSE, Srnivas institute
More informationHow To Create A Virtual Network With A Router And Network Operating System (Ip) For A Network (Ipv) (Ip V2) (Netv) And A Virtualization) (Network) (Wired) (Virtual) (Wire)
Post-IP technologies virtualization and security Guy Pujolle 1 Virtualization for a post-ip network 2 Geni Intel would like to propose a generic router Intel proposes to have a generic hardware with virtual
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationUNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU
UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationAn Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks
An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks Avesh K. Agarwal Wenye Wang Department of Electrical and Computer Engineering North Carolina State University,
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationEAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server
Application Note EAP-SIM Authentication using Interlink Networks RAD-Series RADIUS Server Introduction The demand for wireless LAN (WLAN) access to the public IP network is growing rapidly. It is only
More informationSECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)
SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS) Neha Maurya, ASM S IBMR ABSTRACT: Mobile Ad hoc networks (MANETs) are a new paradigm of wireless network, offering unrestricted mobility without any underlying
More informationBSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2
BSc (Hons.) Computer Science with Network Security BCNS/09/FT Examinations for 2011/2012 - Semester 2 MODULE: WIRELESS NETWORK SECURITY MODULE CODE: SECU 3105 Duration: 2 Hours 15 Minutes Reading time:
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationAuthentication, Authorization and Accounting (AAA) Protocols
Authentication, Authorization and Accounting (AAA) Protocols Agententechnologien in der Telekommunikation Sommersemester 2009 Babak Shafieian babak.shafieian@dai-labor.de 10.06.2009 Agententechnologien
More informationEbonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science
Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer
More informationSecurity Evaluation of CDMA2000
Security Evaluation of CDMA2000 L. Ertaul 1, S. Natte 2, and G. Saldamli 3 1 Mathematics and Computer Science, CSU East Bay, Hayward, CA, USA 2 Mathematics and Computer Science, CSU East Bay, Hayward,
More informationDeploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.
Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted
More informationA NEW SIGNALLING PROTOCOL FOR SEAMLESS ROAMING IN HETEROGENEOUS WIRELESS SYSTEMS
A NEW SIGNALLING PROTOCOL FOR SEAMLESS ROAMING IN HETEROGENEOUS WIRELESS SYSTEMS Azita Laily Yusof, Mahamod Ismail, Norbahiah Misran Dept of Electrical, Electronic & System Engineering, Universiti Kebangsaan
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationExtensible Authentication Protocol (EAP) Security Issues
Sotillo ECU 1 Extensible Authentication Protocol (EAP) Security Issues Samuel Sotillo, Dept. of Technology Systems, East Carolina University Abstract This document describes the Extensible Authentication
More informationU.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD
U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD [0001] The disclosure relates to mobile networks and, more specifically, to wireless
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationA Call Conference Room Interception Attack and its Detection
A Call Conference Room Interception Attack and its Detection Nikos Vrakas 1, Dimitris Geneiatakis 2 and Costas Lambrinoudakis 1 1 Department of Digital Systems, University of Piraeus 150 Androutsou St,
More informationCisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.
Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationFMC (Fixed Mobile Convergence)
FMC (Fixed Mobile Convergence) What About Security? Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com Agenda Introduction - FMC? WIFI-SIP overview UMA overview
More information3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany
3GPP TSG SA WG3 Security S3#25 S3-020572 8-11 October 2002 Munich, Germany Title: Response to: Source: To: Cc: Liaison on HTTP Security investigation within IMS LS S3-020475 (S2-022609) on Liaison on Security
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationCertficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz
Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions
More informationUMTS security. Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003
UMTS security Helsinki University of Technology S-38.153 Security of Communication Protocols k-p.perttula@hut.fi 15.4.2003 Contents UMTS Security objectives Problems with GSM security UMTS security mechanisms
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationEnterprise VoIP Services over Mobile Ad-Hoc Technologies
Enterprise VoIP Services over Mobile Ad-Hoc Technologies 1 System Architecture Figure 1 illustrates the system architecture. We can divide it into 2 parts. One is the Mobile VoIP Box (MVB) node and the
More informationComputer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol
More informationDesign of a Network Security Testing Environment
Design of a Network Security Testing Environment T. Andrew Yang (yang@cl.uh.edu) 1 Overview The primary objective of designing a high-speed networking environment is to build a set of interconnected networks
More informationHuawei WLAN Authentication and Encryption
Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions
More information802.1x in the Enterprise Network
802.1x in the Enterprise Network Harrison Forest ICTN 6823 Abstract: This paper aims to provide a general over view of 802.1x authentication and its growing importance on enterprise networks today. It
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationEnabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches
print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More informationNetwork Authentication - 802.1X Secure the Edge of the Network - Technical White Paper
Bosch Security Systems Video Systems Network Authentication - 802.1X Secure the Edge of the Network - Technical White Paper 4 July 2016 Secure the edge of the network Security devices are mostly located
More informationMobile Devices Security: Evolving Threat Profile of Mobile Networks
Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationDESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com
DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring
More informationLink Layer and Network Layer Security for Wireless Networks
White Paper Link Layer and Network Layer Security for Wireless Networks Abstract Wireless networking presents a significant security challenge. There is an ongoing debate about where to address this challenge:
More informationGSM and UMTS security
2007 Levente Buttyán Why is security more of a concern in wireless? no inherent physical protection physical connections between devices are replaced by logical associations sending and receiving messages
More informationProviding Security in 4G Systems: Unveiling the Challenges
Providing Security in 4G Systems: Unveiling the Challenges Mahdi Aiash, Glenford Mapp and Aboubaker Lasebae School of Engineering and Information Science Middlesex University London, UK {M.Aiash, G.Mapp,
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationCertified Wireless Security Professional (CWSP) Course Overview
Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationAn Architectural Framework for Providing WLAN Roaming
An Architectural Framework for Providing WLAN Roaming D.Vassis, G.Kormentzas Dept. of Information and Communication Systems Engineering University of the Aegean GR-83200, Karlovassi, GREECE emails:{divas;
More informationIP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP
IP and Mobility Chapter 2 Technical Basics: Layer Methods for Medium Access: Layer 2 Chapter Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Telecommunication Networks: GSM, GPRS, UMTS
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationWiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise
Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi
More informationWireless LAN Security In a Campus Environment
Wireless LAN Security In a Campus Environment Clark Gaylord and Steven Lee Virginia Tech Introduction With the September 1999 ratification of the 802.11b standard by the Institute of Electrical and Electronic
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationOperator-based Over-the-air M2M Wireless Sensor Network Security
Operator-based Over-the-air M2M Wireless Sensor Network Security Sachin Agarwal Christoph Peylo Deutsche Telekom A.G., Laboratories Ernst-Reuter-Platz 7 10587 Berlin DE Email: {sachin.agarwal, christoph.peylo}@telekom.de
More informationEAP-WAI Authentication Protocol
EAP-WAI Authentication Protocol draft-richard-emu-wai-00 Richard 2009-07-26 Stockholm, IETF 75th Preface WAPI is a WLAN security protocol and brought forward By a Standard Group in China. It was invited
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationm-trilogix White Paper on Security in Wireless Networks
m-trilogix White Paper on Security in Wireless Networks Executive Summary Wireless local area networks (WLANs) based on IEEE 802.11b (Wi-Fi) will ship, according to a Cahners- Instat study, 23.6 million
More informationWLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles
WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking
More informationWhite paper. Wireless Security: It s Like Securing Your Home
White paper Wireless Security: It s Like Securing Your Home WLAN SECURITY IS JUST LIKE YOUR HOUSE Imagine your home, filled with the people you love and your prized possessions. You open all the windows
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationvwlan External RADIUS 802.1x Authentication
6ABSCG0002-29B July 2013 Configuration Guide vwlan External RADIUS 802.1x Authentication This configuration guide provides an in-depth look at external Remote Authentication Dial-In User Service (RADIUS)
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationData Integrity and Network Security in Wireless LAN/3G Integrated Networks
Data Integrity and Network Security in Wireless LAN/3G Integrated Networks International Workshop on Internet Security and Management 2004 Sendai, Japan, Jan. 29, 2004 Abbas Jamalipour a.jamalipour jamalipour@ieee.org
More information2. Archtiecture overview related to support for use of a reverse http proxy
3GPP TSG SA WG3#30 S3-030576 6-10 Okt 2003 Povoa de Varzim, Porugal Agenda Item: Source: Title: Document for: GBA Alcatel Comparison of different solutions for GBA and AP based AS: standard TLS versus
More informationfreeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011
freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011 freeradius is... Multiple protocoles : RADIUS, EAP... An Open-Source
More informationNetwork Access Control and Cloud Security
Network Access Control and Cloud Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationWireless Network Security and Interworking
Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH Invited Paper A variety of wireless technologies have been standardized and commercialized, but
More informationWireless Security: Secure and Public Networks Kory Kirk
Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer Science kory.kirk@villanova.edu www.korykirk.com/ Abstract Due to the increasing amount of wireless access points that
More informationAuthentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography
ISSN (Online): 1694-0784 ISSN (Print): 1694-0814 10 Authentication and Secure Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography Wilayat Khan 1 and Habib Ullah 2 1 Department of Electrical
More information