Understanding the Impact of Encryption on Certified Wireless USB Testing. Introduction. Association vs. Security



Similar documents
Logitech Advanced 2.4 GHz Technology

Logitech Advanced 2.4 GHz Technology With Unifying Technology

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Chapter 6 CDMA/802.11i

Getting Through Production Test. Jeff Chang Staccato Communications

WBAN Beaconing for Efficient Resource Sharing. in Wireless Wearable Computer Networks

Lab VI Capturing and monitoring the network traffic

MAC Layer Key Hierarchies and Establishment Procedures

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Lab Exercise Objective. Requirements. Step 1: Fetch a Trace

Chapter 2 Wireless Settings and Security

ZigBee Technology Overview

ZigBee Security. Introduction. Objectives

Intrusion Detection, Packet Sniffing

Chapter 17. Transport-Level Security

Wireless USB Adapter Set

Savitribai Phule Pune University

Layer 2 Network Encryption where safety is not an optical illusion Marko Bobinac SafeNet PreSales Engineer

Wireless Pre-Shared Key Cracking (WPA, WPA2)

Chapter 2 Configuring Your Wireless Network and Security Settings

Chapter 5. Data Communication And Internet Technology

A Research Study on Packet Sniffing Tool TCPDUMP

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

ESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Basic processes in IEEE networks

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Use of the ZENA MiWi and P2P Packet Sniffer

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

CS 356 Lecture 29 Wireless Security. Spring 2013

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Network Simulation Traffic, Paths and Impairment

Implementation of a Wimedia UWB Media Access Controller

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

FIBRE CHANNEL PROTOCOL SOLUTIONS FOR TESTING AND VERIFICATION. FCTracer TM 4G Analyzer FCTracer TM 2G Analyzer

Alarms of Stream MultiScreen monitoring system

Demystifying Wireless for Real-World Measurement Applications

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

AirStation One-Touch Secure System (AOSS ) A Description of WLAN Security Challenges and Potential Solutions

Security in IEEE WLANs

Thingsquare Technology

Chapter 7 Low-Speed Wireless Local Area Networks

Understanding OpenFlow

An Overview of ZigBee Networks

chap18.wireless Network Security

Chapter 3 Safeguarding Your Network

The Security Behind Sticky Password

Sync Security and Privacy Brief

Wireless LANs vs. Wireless WANs

Bluetooth Health Device Profile and the IEEE Medical Device Frame Work

Chapter 9. IP Secure

PCI Express Overview. And, by the way, they need to do it in less time.

Chapter 7 Transport-Level Security

Written examination in Computer Networks

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

NETWORK SECURITY (W/LAB) Course Syllabus

Configuring Security Solutions

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Wireless Encryption Protection

Internet of #allthethings

White Paper. Security: Cortado Corporate Server for BlackBerry. Information on the Cortado infrastructure and Bluetooth printing

Wireless USB Adapter Set

Application Note: Onsight Device VPN Configuration V1.1

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

The Wireless LAN (Local Area Network) USB adapter can be operated in one of the two following networking configurations :

Web Security Considerations

Security vulnerabilities in the Internet and possible solutions

As enterprises conduct more and more

920MHz Band Multi-hop Wireless Network System

Universal Flash Storage: Mobilize Your Data

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

GSM and UMTS security

Microchip Technology. February 2008 Valerio Moretto Slide 1

Architecture of distributed network processors: specifics of application in information security systems

Avalanche Enabler 5.3 User Guide

Bluetooth in Automotive Applications Lars-Berno Fredriksson, KVASER AB

The OSI and TCP/IP Models. Lesson 2

WAN Data Link Protocols

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Wireless LAN Security Mechanisms

Overview of Computer Networks

Lecture 3. WPA and i

Recommended Wireless Local Area Network Architecture

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

Authentication in WLAN

Chapter 4 Connecting to the Internet through an ISP

WiFi. Is for Wireless Fidelity Or IEEE Standard By Greg Goldman. WiFi 1

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

ZIGBEE ECGR-6185 Advanced Embedded Systems. Charlotte. University of North Carolina-Charlotte. Chaitanya Misal Vamsee Krishna

Testing a Wireless LAN

APPLICATION NOTE. AVR2130: Lightweight Mesh Developer Guide. Atmel MCU Wireless. Features. Description

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Securing your Online Data Transfer with SSL

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Transcription:

on Certified Wireless USB Testing Mike Micheletti Wireless USB Product Manager LeCroy Protocol Solutions Group Introduction Certified Wireless USB (WUSB) is a new shortrange, high-bandwidth wireless extension to the USB standard, designed to combine the speed and security of wired technology with the ease-of-use of wireless communications. WUSB is based on Ultra-WideBand (UWB) wireless transport defined by the WiMedia Alliance, and is designed to provide 480 Mb/s throughput at distances up to 3 meters (10 feet). The developers of Wireless USB have strived to maintain the same usage and architecture as wired USB with a high-speed host-to-device connection. But unlike its wired predecessor, Wireless USB mandates more stringent attention to security to prevent snooping of wireless data traffic. These requirements are defined in Figure 2: Wireless USB requires a one-time association to occur between host and device to establish the connection context. All subsequent communications automatically derive a session key from the shared communication context and use this key for encrypted communication. Figure 1: In Wireless USB, the payload portion of the frame will be encrypted, which will prevent radio-based analyzers from decoding the scrambled USB traffic. the Certified Wireless USB Association Model Specification v1.0 and govern how devices will discover and establish secure connections. The Certified Wireless USB specification requires encryption of user data prior to transferring it between devices. While this security feature is largely transparent to the end user, it has significant impact on test and validation of new wireless devices. What few engineers initially realize is that it is necessary to crack the security in order to test the Wireless USB protocol. Association vs. Security The terms association and security are separate but related concepts in wireless USB. Association is the process of establishing a trusted relationship between two wireless devices. This is a one-time event that requires user involvement to ensure devices are authorized to communicate, and is designed to prevent unauthorized or accidental connections between two unrelated devices. Security refers to the encryption mechanism used for protection of data in transit (AES 128). Complete security encryption keys are a combination of a predetermined connection key established dur- On Certified Wireless USB Testing Page 1 of 1

CABLE ASSOCIATION PROCESS What happens over the USB cable during the association sequence? Host sends its host name (CHID) to device using SET_ASSOCIATION_RESPONSE (RetrieveHostInfo) Host then asks device if it already has a connection context for the host s CHID using GET_ASSOCIATION_REQUEST (AssociateWUSB) Device returns DEVICE_INFO data structure If device has a connection context, it returns its CDID to the host; Else it returns zero Host creates Connection Context (CHID, CDID, CK) and sends it to device using SET_ASSOCIATION_RESPONSE: The connection context is 384-bit value which includes a globally-unique host ID, a host-unique device ID and a 128-bit symmetric connection key that only changes if devices re-associate. With cable association, the connection context is always generated on the host and downloaded to the device. The purpose of device association is to get the connection context from the host to the device. This can be a challenge, as it must use a secure transmission channel. Cable (out of band) and Numeric Association are two approaches for transferring this data. Figure 3: The Cable Association Process is the most secure way to establish the connection context between two devices, but requires the temporary connection of a wired USB cable between the two devices. ing the association process and a second temporary session key which is generated between devices using a 4-way handshake that occurs every time two devices establish a connection. The Association Process In an environment where there may be many Wireless USB hosts and many Wireless USB devices belonging to multiple users, there is a need to identify which devices are allowed to communicate with each other. When two Wireless USB devices are brought together for the first time, they must identify themselves and the user must verify they are authorized to communicate. If there is no record that they have previously been authorized, they must perform a first-time association. The Certified Wireless USB spec defines two methods of establishing this trusted relationship: cable association and numeric association. Cable Association With the cable association model, users must associate a host to a device by physically con- Figure 4: In the cable association model, the UWBTracer Analyzer captures the connection context and then transfers this information to the radio module, where it is used to capture and decrypt radio traffic between host and device. On Certified Wireless USB Testing Page 2 of 2

necting the two devices together with a standard USB cable. The two devices then exchange a unique 384-bit identifier over the USB cable that is known as the connection context. After this initial association, the device and host will communicate wirelessly without the cable. Cable association is considered highly secure because the user must have physical control of the devices in order to attach the cable. In addition, the connection context is exchanged out-of-band (not over the air) making eavesdropping virtually impossible. Numeric Association In the numeric association model, devices associate without using a wired cable, but require the user to confirm the association by verifying a code number manually. After locating a nearby wireless USB host, the device may show a short code number on its display, which the user will then verify with the host. The specification also has provisions for devices that do not have input capabilities. In this case, the host simply displays the number and the user clicks "OK," if it matches. Alternately, hosts can require the user to enter a predefined code number supplied with the device, a method familiar to users of many existing wireless technologies today. Any of these methods establish a connection context similar to that obtained in the cable association model. Security and Encryption Once association is complete using either of these two methods, the devices are now authorized to communicate using the connection context that is established during the association process. During each session, the devices will initially derive a session key (also called a pair-wise temporal key or PTK) which is based on the pre-established connection context. Wireless traffic between devices is encrypted using the session key, and therefore any receiver, including any analysis tools, must have prior knowledge of the connection context in order to determine the session key and decrypt the wireless traffic. However if the connection key is known, the analysis tool can determine the session key by listening in to the wireless traffic as the devices begin to communicate. Analyzing Secure Traffic Figure 5: In the numeric association model, the user must manually enter the Connection Host ID (CHID) and the connection key (CK) for each device. The information must be predetermined by the device manufacturer. Protocol layer testing for wireless technologies generally involves a radio-based sniffer to eavesdrop on the exchange between devices. Analysis tools must perform this task with minimal impact on the realworld operating environment for the devices. WiMedia devices do not encrypt the PHY and MAC header information. This allows devices (and analysis tools) to identify framing and routing information for each packet. But all wireless USB logical transfers within the user payload are encrypted. The On Certified Wireless USB Testing Page 3 of 3

ability to trigger on protocol events requires that the analysis tools can decrypt the traffic in real-time to identify the logical USB parameters. Unless the analyzer has this secret key, it will be unable to trigger on protocol events! During early validation, for convenience developers of drivers, firmware and MAC silicon may perform testing with encryption disabled. However complete testing of prototype designs will require the ability to decrypt and view these transfers to verify security. LeCroy s UWBTracer Protocol Analyzer provides an innovative solution to this security problem. For devices that use the cable association model, LeCroy offers an integrated plug-in for capturing the cable association sequence. Similar to a USB analyzer, this module transparently taps the wired link between host and device. It automatically records and passes the connection context to the radiobased analysis engine contained within the UWBTracer. The analyzer radio channel can then automatically follow the 4-way handshake and use the connection context to derive the session key (or PTK). With this unique session key in the hardware recording engine, the analyzer can automatically decrypt the scrambled wireless traffic. In both the cable and numeric methods, the LeCroy analyzer has the ability to preserve this pairing information in non-volatile memory. The UWBTracer System will recognize when these devices establish future connections and automatically derive a new PTK whenever a new 4-way handshake protocol takes place between the devices. Important points: The session keys are regenerated every time the two devices power up. The analyzer must be powered on and record the 4 way handshake sequence at this stage to automatically derive the PTK and decrypt the scrambled traffic. In some cases, developers can use a diagnostic key (CK= 0) for debug environments. But most validation labs will require testing with commercial products using real CK values. In the Numeric model, the user must enter the Connection Host ID and the Connection Key in the analyzer software for a given device. The CK is generally a known value that is pre-programmed in firmware (but is never transmitted over the air). For devices that use the Numeric Association model, LeCroy s UWBTracer provides a software interface for tracking the connection context manually between devices. After manually entering the connection context, the software provides a mechanism to download the connection context to the analyzer hardware. The analyzer preserves this information for the host-device pair. Equipped with the same connection context, it can follow the 4-way handshake and derive the same session key (PTK) as the devices under test. If a host-device pair have already established a connection context using a cable association model prior to the introduction of the analyzer, it will be necessary to repeat the cable association while monitoring the USB traffic between the host and the device in order for the analyzer to capture the connection context. On Certified Wireless USB Testing Page 4 of 4

Testing of both the association process and the security process will be required to gain certification of wireless USB devices. This will be enforced through the USB-IF certification program, which will allow companies to test device and host compliance to all Certified Wireless USB specifications. Summary The association models in Certified Wireless USB are designed to deliver secure data transfers and ease-of-use to consumers. Efficient device-level validation requires that the analyzer have a mechanism to capture and recall the connection context. The ability significantly improves test workflow by allowing protocol testing to occur unencumbered by the security features. In addition to efficiently managing security keys, the analysis platform must have sufficient processing power to use these keys to decrypt and trigger on USB events in realtime. From security to evolving PHY specifications only LeCroy s Protocol Solutions Group could anticipate and deliver the innovative features needed to accelerate product testing in this emerging wireless market. On Certified Wireless USB Testing Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information