MAC Layer Key Hierarchies and Establishment Procedures

Similar documents

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

CS 356 Lecture 29 Wireless Security. Spring 2013

Chapter 6 CDMA/802.11i

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

WLAN w Technology

Wireless communications systems security. Alexey Fomin, SUAI

1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.

chap18.wireless Network Security

Security Policy. Trapeze Networks

Wireless Pre-Shared Key Cracking (WPA, WPA2)

WLAN Security. Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University

Understanding the Impact of Encryption on Certified Wireless USB Testing. Introduction. Association vs. Security

Robust Security Network (RSN) Fast BSS Transition (FT)

Advanced Security Issues in Wireless Networks

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

Authentication in WLAN

XIV. Title. 2.1 Schematics of the WEP Encryption in WEP technique Decryption in WEP technique Process of TKIP 25

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

IEEE Wireless LAN Security Overview

How To Understand The Latest Wireless Networking Technology

Network security, TKK, Nov

Lecture 2 Secure Wireless LAN

Lecture 3. WPA and i

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

ANALYSIS OF SECURITY PROTOCOLS FOR WIRELESS NETWORKS

CCMP known-plain-text attack

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones

Wireless security. Any station within range of the RF receives data Two security mechanism

Security Sensor Network. Biswajit panja

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Certified Wireless Security Professional (CWSP) Course Overview

WLAN Authentication and Data Privacy

Wired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA)

Wireless LAN Security Mechanisms

Wi-Fi in Healthcare:

WiFi Security: WEP, WPA, and WPA2

Bit Chat: A Peer-to-Peer Instant Messenger

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

How To Secure A Wireless Network With A Wireless Device (Mb8000)

With its promise of a target transmission. Responding to Security Issues in WiMAX Networks. Section Title

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Wi-Fi Alliance Voice-Enterprise Certification: Standardized Fast Secure Roaming. Whitepaper

Chapter 10: Designing and Implementing Security for Wireless LANs Overview

Key Management (Distribution and Certification) (1)

Netzwerksicherheit: Anwendungen

Keeping SCADA Networks Open and Secure DNP3 Security

Hole196 Vulnerability in WPA2

Web Security Considerations

, ) I Transport Layer Security

Security design for a new local area Network AULWLAN

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Quantum Cryptography for Secure Communication in IEEE Wireless Networks

Wireless Network Security Challenges

Security in Current Commercial Wireless Networks: A Survey

Wireless Technology Seminar

Kvaser BlackBird Getting Started Guide

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

WIRELESS SECURITY IN (WI-FI ) NETWORKS

The Secure Sockets Layer (SSL)

Chapter 17. Transport-Level Security

Lightweight Security using Identity-Based Encryption Guido Appenzeller

WiFi Security Assessments

IP Security. Ola Flygt Växjö University, Sweden

Internetwork Security

Key Management and Distribution

Authentication and Identity Privacy in the Wireless Domain

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

EAP-WAI Authentication Protocol

9 Simple steps to secure your Wi-Fi Network.

Security in IEEE WLANs

Message authentication and. digital signatures

FIPS Level 1 Security Policy for Cisco Secure ACS FIPS Module

Network Security Protocols

Aerohive Private PSK. solution brief

Wireless Local Area Network Security Obscurity Through Security

EFFECT OF SECURITY MECHANISMS ON THE PERFORMANCE OF WIRELESS LOCAL AREA NETWORK NAME: EVANS M. OTIENO FIT /047556/06

Configuration Notes Trapeze Networks Infrastructure in Ascom VoWiFi System

Savitribai Phule Pune University

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

MSC-131. Design and Deploy AirDefense Solutions Exam.

WIRELESS LAN SECURITY FUNDAMENTALS

RFB 5.0 Protocol Analysis Overview and the RA4 cipher suites

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

SPINS: Security Protocols for Sensor Networks

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Authentication and Security in IP based Multi Hop Networks

802.1x Networking. tommee pickles Moloch Industries. Moloch.org tommee.net

Transcription:

MAC Layer Key Hierarchies and Establishment Procedures Jukka Valkonen jukka.valkonen@tkk.fi 17.11.2006

1. Introduction and Background 2. Pair-wise associations 3. Group associations 4. Different layers 5. Conclusions Agenda 17.11.2006 Jukka Valkonen 2

Introduction Key negotiation methods and hierarchies based on standards WiMedia s UWB Short range radio platform Speeds up to 480 Mbit/s For example Wireless USB WLAN Set of standards Speeds up to 540 Mbit/s (802.11n) 17.11.2006 Jukka Valkonen 3

Key exchange in different layers MAC-layer For example the standards in the paper Upper layers For example MANAprotocols Keys need to be distributed between the levels Application Layer Presentation Layer Session Layer Transport Layer Network Layer MAC Layer Physical Layer 17.11.2006 Jukka Valkonen 4

Pair-wise keys Both standards use a pre-shared key (PSK) Also known as pair-wise master key (PMK) Devices exchange random nonces using a 4-way handshake Keys are derived from the PMK and random nonces Also information such as addresses are used 17.11.2006 Jukka Valkonen 5

UWB 4-way handshake (1/2) Initiator and Responder PMK is identified by master key identifier (MKID) PTK is identified by temporal key identifier (TKID) Unique at the moment Devices exchange fresh random nonces After the devices have exhanged the data, the derive the keys using pseudo-random function Pair-wise temporal key (PTK) Key confirmation key (KCK) 17.11.2006 Jukka Valkonen 6

UWB 4-way handshake (2/2) 17.11.2006 Jukka Valkonen 7

WLAN 4-way handshake (1/2) Authenticator and Supplicant Associations can be built between two stations or between a station and an access point Ad-hoc or infrastructure mode Devices share pair-wise master key security association (PMKSA) identified using PMKID From known and exchaned material devices derive three keys: Key confirmation key (KCK), key encryption key (KEK) and temporal key (TK) 17.11.2006 Jukka Valkonen 8

WLAN 4-way handshake (2/2) 17.11.2006 Jukka Valkonen 9

What about groups? Both standards provides means to negotiate multicast groups Groups are built using pair-wise associations Groups are unidirectional Same key is never used for encryption and decryption A device distributes the key it uses for encryption, the recipients save the key to use for decryption 17.11.2006 Jukka Valkonen 10

Distribution of group keys UWB Devices exchange group keys after the handshake is performed Possible to exchange keys using one association WLAN Devices send the group key in the third message of the handshake To exchange key to both directions, two associations must be built Also provides so called Group Key handshake 17.11.2006 Jukka Valkonen 11

Key hierarchies Pair-wise master key (long term) Pair-wise temporal key (short term) PTK KCK [KEK] [Group master key (short term)] Group temporal key (short term) 17.11.2006 Jukka Valkonen 12

Negotiation of PMKs The PSK can be negotiated using upper layer protocols 17.11.2006 Jukka Valkonen 13

Forming groups on upper layers WLAN in ad-hoc mode or UWB Make devices share same PSK Devices use the same PSK to derive the pair-wise keys The PSK identifies the group An attacker is not able to force devices to belong to a group without they knowing Each device possessing the key can take new members Only devices having the same key can join the group 17.11.2006 Jukka Valkonen 14

Distribution of the group PSK (1/5) 17.11.2006 Jukka Valkonen 15

Distribution of the group PSK (2/5) 17.11.2006 Jukka Valkonen 16

Distribution of the group PSK (3/5) 17.11.2006 Jukka Valkonen 17

Distribution of the group PSK (4/5) 17.11.2006 Jukka Valkonen 18

Distribution of the group PSK (5/5) 17.11.2006 Jukka Valkonen 19

Issues Revoking a device All devices (are able to) know all secrets New associations must be built in the upper levels What if we use pair-wise associations on the upper level? 17.11.2006 Jukka Valkonen 20

Group Keys using pair-wise associations 17.11.2006 Jukka Valkonen 21

Revoking a device 17.11.2006 Jukka Valkonen 22

Conclusions Group key negotiation has its problems The standards don t provide perfect forward secrecy The methods seem to be appriopriate for deriving session keys 17.11.2006 Jukka Valkonen 23

Thank You! Questions? 17.11.2006 Jukka Valkonen 24