WirelessLAN
Security
Ajay K MathiasGovind MJohnes Jose
M120445CSM120432CSM120088CS
Introduction
WEP
EAP
Authenticated KEP
Conclusion
Overview
Wireless Networks Extension of Wired networks, without using
wires. IEEE 802.11 (1997)
802.11b (1999), 802.11g (2003), 802.11n (2009)
802.11i (2004) 2 Types : Adhoc & Infrastructural WLAN
Ad Hoc WLAN
• Connect with whichever station• Hop Hop.. Hop Hop..• No device in the middle.
Infrastructure WLAN
Parties Involved Wireless Station Access Point (AP) Ground Station
Terms BSS / ESS SSID Beacon Probe Request,
Response Associate Frame
Request, Response
Security in WLAN Main Point of Concern Multiple Options exists in Wired
Networks. SSID / MAC based Authentication was
used, both of which were spoof-able. Common Attacks Possible
Masquerading Man in the middle Dictionary Attacks
Requirement : Privacy Equivalent to that in Wired Networks
Wired Equivalent Privacy (WEP)
Challenge Response Protocol
Access Point
Station
Random Nonce, C
Response, RInitialization Vector, IV
R = C + KEYSTREAM(S, IV)O
But…..! WEP had the following security Issues
Monitor Challenge Response to compute Keystream.
Obtain S, using Dictionary Attack One side Authentication
Thus….. A better protocol was required WPA
Post WEP security WPA (TKIP) – Temporal Key Integrity
Protocol WPA 2 (CCMP) – Counter mode CBC MAC
Protocol The authentication in both schemes same Authentication same as in 802.11i Former uses RC4 key-stream encryption Latter uses AES with cipher block chaining
AUTHENTICATION IN WPA 3 entities
Supplication (Station) Authenticator (AP – Access Point) Authentication Server (AS)
EAP (Extensible Authentication Protocol) Authentication, Authorization &
Accounting
802.11 Association
EAP/802.1X/RADIUS Authentication
MSK
Authenticator
4-Way Handshake
Group Key Handshake
802.11i Protocol
Data Communication
Supplicant
Authentication Server
AUTHENTICATION METHODS EAP – MD5 EAP – TLS EAP – TTLS EAP – PEAP
EAP – MD5 Basic form Challenge is to send MD5 of password Password not known to AP, AS Drawbacks:
Replay attack possible with MD5(password)
AP is not verified to the supplicant
EAP-TLS Uses SSL/TLS All Entities have Certificates & Pvt. keys Drawbacks:
Infeasible for all stations to have certificates
PKI required to communicate
EAP-TTLS Requires AP to have certificates AP can be verified by AS, supplicants Forms a secure tunnel through which
password can be sent
EAP-PEAP Similar to EAP-TTLS Forms a secure tunnel Authentication of station to AS
independent
KEY AGREEMENT Two types of keys:
TK (Temporal Key) [128] GTK (Group Transient Key) [128]
PMK can be replaced by PSK (Pre Shared Key) [256], but not secure
TK and other keys are derived from PMK (Pairwise Master Key) [256] by 4-way handshake protocol
KEY HIERARCHY
MSK [256] : AS & StationPMK [256] : AP (derived from MSK)PTK = f(PMK) [512]PTK -> TK [128]PTK -> KCK [128]PTK -> KEK [128]
FOUR WAY HANDSHAKE
PTK = prf (PMK,NA,NB,MACA,MACS) PTK = (TK, KCK, KEK)
Calculate PTK
Calculate PTK
EAP-SPEKE
Simple Password-Authenticated Exponential Key Exchange
Diffie-Hellman based Authentication with session key
negotiation Mutual Authentication Withstands Man in the middle attack Withstands Replay attack
Supplicant Authenticator
A = gXa mod pg = f(pd) Xa = secret key
AB = gXb mod pXb = secret key
B
S = H(BXa mod p)n1 = nonce
S(n1)S = H(AXb mod p)n2 = nonce
S(n1, n2)
Verify n1 Verify n2S(n2)
EAP - SRP
EAP-Secure Remote Password Borrows elements from other key
exchange protocol User ID and password-based
authentication
Supplicant Authenticator
A = gXa mod pg = f(pd) Xa = secret key
ID = identifier
A, IDB = (V+gXb) mod pXb = secret key
V = gx mod p x = H(Salt, pd)
Salt,B
x = H(Salt, pd) u = H(A, B) S = (B-gx)Xa+ux mod p K = H(S)
Ma=H(H(pd) + H(g),
H(ID), Salt, A, B, K) u = H(A, B)S = (AVu) Xbmod pK = H(S)Mb=H( Ma, A, K)
Verify n1
Improved EAP-SRP
A = gXa mod p
Ma = H(H(Pd) Xor H(g), H(ID), A) B = (v + gXb) mod
pU = H(A, B)S = (A.Vu)Xb mod pK = H(s)Mb = H(A, B, Ma, k)
A,ID,Ma
Salt, Mb, BU = H(A,B)
S = (B-gx)(Xa+Ux) mod p K = H(S)Mc = H(B, Mb, K) Mc
Session KeyMutual Authentication
Pro
s • Mutual Authentication• No Cleartext
Password Exchange• Works against
Dictionary Attacks, Password Sniffing and Network Traffic Analysis Attacks
• Easier to setup, than Dig Cert based Authentication.
Con
s • Computationally Intensive (Comparitively)
• Narrow domain of choosing primes.
(eg. Reqd : Prime p,q such that p = 2q+1)
References
1. An Efficient Password Authenticated Key Exchange Protocol for WLAN and WIMAX, AK Rai, V Kumar, S Mishra, ICWETT 2011
2. Extensible authentication protocol, Adoba, B., Blunk, L., Vollbrecht, J., Carlson, J. & Levkowetz, E., RFC 3748 2004
3. The SRP Authentication and Key Exchange System, T. Wu, RFC 2945 2000
4. Cryptography and Network Security, Bernard Menesez, Cengage Solutions
Thank You…!
Top Related