Lecture 3. WPA and i

Transcription

1 Lecture 3 WPA and i Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1

2 Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication What is i? Working Group IEEE Task Group.11b.11 a.11 g.11i New generation of security 2

3 IEEE i and WPA Robust Security Network (RSN) WEP IEEE i and WPA Robust Security Network (RSN) Wi-Fi Protected Access (WPA) WEP 3

4 IEEE i and WPA Robust Security Network (RSN) Wi-Fi Protected Access (WPA) Wi-Fi Alliance WEP IEEE i and WPA (cont) Share a common architecture (RSN architecture) WPA focus on TKIP and RADIUS i more flexible AES and TKIP RADIUS as one option 4

5 Security Layers Authentication Client Authentication Layer Authentication Server Corprate Network Operating System Access Control Layer (Access Control) Supplicant Wireless LAN Access Point Wireless LAN Mobile Device Wireless LAN Layer RSN Architecture Authentication Client High layer authentication (TLS, Kerberos, etc.) RADIUS Authentication Layer Authentication Server Operating System Supplicant 802.1X (Access Control) Access Control Layer Wireless LAN Wireless LAN Wireless LAN Layer Mobile Device Access Point 5

6 Transport Layer Security (TLS) RFC2246 Based on Secure Socket Layer (SSL) which is widely used for protecting Web applications Public key based authentication Produce a 48-byte master key TLS Layers Application Application TLS Handshake protocol TLS Handshake protocol TLS Record Protocol TLS Record Protocol TCP/IP TCP/IP Network Hardware Network Hardware 6

7 TLS Message Exchange Client Hello!! Server Hello!!! Server Certificate Client Certificate Request Server Done Client Certificate Client Key Exchange Certificate Verify Change Connection State Finished Change Connection State Finished RSN Keys Pairwise key Key =DEF X Y Z Key = GHI Key = JKL Group key Key X = DEF Key Y = GHI Key Z = JKL X Y Z Key = ABC Key = ABC Key = ABC Key = ABC 7

8 Pairwise Key Hierarchy Pairwise Master Key (PMK) From upper-layer authentication or a pre-shared key Data Encryption key Data Integrity key Pairwise Transient Key (PTK) EAPOL-Key Encryption Key EAPOL-Key Integrity key Main Standards in an RSN Solution Based on TLS Mobile Device Access Point Authentication Server X EAPOL EAP RFC 2284 TLS Over EAP RFC 2716 TLS RFC 2246 EAP over RADIUS RCF 2869 RADIUS RFC 2865 TCP/IP (or other) 8

9 Organization of Dial-in Network Authentication Server RADIUS NAS Modem s PPP User User Point of Presence User Authentication of Dial-in Users PAP (Password Authentication Protocol) user name and password sent in cleartext CHAP (Challenge Handshake Authentication Protocol) challenge/response scheme 9

10 Authentication of Dial-in Users PAP (Password Authentication Protocol) user name and password sent in cleartext CHAP (Challenge Handshake Authentication Protocol) challenge/response scheme EAP (Extensible Authentication Protocol) allow different authentication methods Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 10

11 IEEE 802.1X Port Based Access Control Port: the point at which a device connects to the network - physical port (e.g. each connector of Ethernet switch) - logical port (e.g association) Authentication between device and network Access control based on authentication result Role of IEEE 802.1X Supplicant Ethernet Hub Input Port Requesting Device Supplicant Output Port Initial State of IEEE 802.1X Switched LAN Hub 11

12 Role of IEEE 802.1X Ethernet Hub Input Port 0 Supplicant Connected Device Output Port Role of Authentication Server Output Port Authentication Server Ethernet Hub Input Ports Supplicant Connected Device Supplicant Requesting Device 3 12

13 RADIO MAC IEEE 802.1X Model Supplicant System System Authentication System Server Supplicant PAE Service offered by 's System PAE port unauthorized EAP protocol exchanges carried in higher layer protocol Authentication Server LAN Logical IEEE 802.1X Ports in Access Point Wireless Device Network Access Wireless Device Access Point 13

14 Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication Extensible Authentication Protocol (EAP) RFC2284 Allow multiple authentication methods No security itself 14

15 EAP Message Format Code Identifier Length Data 01: Request 02: Response 03: Success 04: Failure EAP Request/Response Message Code Identifier Length Type Req/Rsp Data 1: Identity 2: Notificaiton 3: NAK 13: TLS 15

16 8 EPA Message Flow Start Request Identity Supplicant Response Identity Request 1 Response 1... Request n Response Identity Request 1 Response 1... Request n Authentication Server Response n Response n Success Success EAP TLS Handshake Client Server EPA Response Identity EAP TLS : Hello!! EAP TLS : (Client Certificate) Client Key Exchange (Certificate Verification) Change Cipher Finished EAP TLS (empty) EAP Request Identity EAP TLS (start) EAP TLS : Hello!! TLS Certificate Client Certificate Request Server Done EAP TLS : Change Cipher Finished 9 EPA - Success 16

17 EAP Over LAN (EAPOL) Ethernet MAC Header Protocol Version Packet Type Packet Body Length Packet Body EAPOL-Start EAPOL-Key EAPOL-Packet EAPOL-Logoff EAPOL-Encapsulated-ASF-Alert Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 17

18 Remote Access Dial-In User Service (RADIUS) RFC2865 Authentication, Authorization and Accounting (AAA) protocol RADIUS server and client share a secret key Basic Format of RADIUS Message Code Identifiers Length Attributes... 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge 18

19 PAP Operation RADIUS Server NAS Dial-up User Access Request (PAP) Access Accept User name / password OK CHAP Operation RADIUS Server NAS Dial-up User User name / password Challenge Access Request (CHAP) Access Accept Response OK 19

20 EAP over RADIUS RFC2869 EAP Request inside RADIUS Access-Challenge EAP Response inside RADIUS Access-Request Authentication Exchange using EAP over RADIUS Client Device Access Point (NAS) RADIUS Server EAPOL Start EAP Start (Req) Identity (Req) Identity Identity Identity -User name Request Request Success Success Encapsulated in EAPOL Encapsulated in RADIUS 20

21 Mobile device i Example Access point Authentication server TLS/EAP/EAPOL TLS/EAP/RADIUS Mobile device and Authentication Server authenticate each other generate Pairwise Master Key (PMK) Authentication server send PMK to Access Point EAPOL-Key Mobile device and Access Point authenticate each other Derive Pairwise Transient Keys (PTKs) from PMK User data protected with PTKs Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 21

22 Why handover authentication? Access Point Authorised mobile radio link Wired fixed network Impostor Handover authentication has to be efficient Frequent handover due to user movement Physical constraints of wireless device Lower bandwidth than wired counterparts Limited computational power Limited storage space User expectation of seamless mobility 22

23 Approaches to Efficient Handover Authentication Reuse of security association - No explicit authentication at handover Token based - Use token to convey trust Security context transfer Context Transfer Protocol Transfer security context, QoS and other state information between edge mobility devices Avoid repeated context establishment Facilitate seamless mobility 23

24 802.11f - Inter Access Point Protocol (IAPP) Specify necessary info to be exchanged between access points to support DS Achieve multi-vendor access point interoperability Facilitate fast handover Lecture 3 WPA and i 1. Basic principles of i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 24

25 Questions 25