kais t wireless network security and interworking minho shin, et al. proceedings of the ieee, vol....
TRANSCRIPT
KAIST
Wireless Network Wireless Network Security and Security and InterworkingInterworking
Minho Shin, et al.Proceedings of the IEEE, Vol. 94, No. 2, Feb. 2006
Hyeongseop ShimNS Lab, Div. of CS
September 11, 2007
22 / / Chapter 14. Multicast Security and Copyright Protection I
ContentsContents
IntroductionSecurity in 3GOverview of 802.11Wi-Fi Protected Access (WPA)3G/WLAN InterworkingConclusion
33 / / Chapter 14. Multicast Security and Copyright Protection I
IntroductionIntroduction
Why wireless internetworking?Various wireless technologies
From WPANs to 3G cellular networks
No single technology considered bestDifferent coverage and bandwidth limitations
For ubiquitous and high-performance wireless services
Security and performance in wireless internetworkingComposition of secure architectures
May produce an insecure result
High bandwidth with mobilityDemands efficient authentication during handover
44 / / Chapter 14. Multicast Security and Copyright Protection I
Security in 3G (1/3)Security in 3G (1/3)
AKA Protocol in UMTS
MSHome
NetworkServingNetwork
Registration Request
Auth Request
AV = (RAND, XRES, CK, IK, AUTN)
Challenge = (RAND, AUTN)Verify AUTNCompute RES
Retrieve user-specific Kfrom its subscriber DBGenerate RANDGenerate AV
Response = RESVerify RES
Channel Established
55 / / Chapter 14. Multicast Security and Copyright Protection I
Security in 3G (2/3)Security in 3G (2/3)
Access security in CDMA2000Adopted the AKA protocol with an optional extension
New cryptographic functionsf11 generates a UAK (UIM Authentication Key) to include in the AV
UMAC is the message authentication function on UAK
UAK protects a rogue shell attack
66 / / Chapter 14. Multicast Security and Copyright Protection I
Security in 3G (3/3)Security in 3G (3/3)
Security issues in AKASeparation of the AV generation and authentication
Facilitates faster roaming
But requires a trust relationship roaming partners
Not a full mutual authenticationNetwork authenticates the user by challenge-response
User only authenticates the network by verifying a MAC
77 / / Chapter 14. Multicast Security and Copyright Protection I
Overview of 802.11 (1/2)Overview of 802.11 (1/2)
AuthenticationOpen system authentication
Shared key authenticationUses challenge-response with a shared key
Initiator Responder
Challenge Tex t =WEP PRNG(K, IV)
Auth Request
Challenge Text
Verify CRC ICV andChallenge Text
eK(Challenge Text||new IV)
88 / / Chapter 14. Multicast Security and Copyright Protection I
Overview of 802.11 (2/2)Overview of 802.11 (2/2)
Access ControlClosed network access control
Clients with knowledge of the network name or SSID can join
Access control listsEach AP limits client to those using a listed MAC address
Security problems
99 / / Chapter 14. Multicast Security and Copyright Protection I
Wi-Fi Protected Access (1/3)Wi-Fi Protected Access (1/3)
Wi-Fi Protected Access (WPA)New security architecture for 802.11 by Wi-Fi AllianceWPA I
Interim solutionRequired only firmware and driver updates
WPA 2Complete redesignNew algorithms and, unfortunately, new hardware as well
1010 / / Chapter 14. Multicast Security and Copyright Protection I
Wi-Fi Protected Access (2/3)Wi-Fi Protected Access (2/3)
Authentication and access controlRestricts network connectivity to authorized users via 802.1XIEEE 802.1X standard
Provides a framework where various authentication methods can be usedEmploys the EAP (Extensible Authentication Protocol)Any auth mechanism can be encapsulated in the EAP req/res msgsEAP can route message to a centralized server
1111 / / Chapter 14. Multicast Security and Copyright Protection I
Wi-Fi Protected Access (3/3)Wi-Fi Protected Access (3/3)
Known security problemsVenerable to DoS attacks
Management frame are not protected nor authenticated
Possible hijack of sessions without encryptionTrust relationships with the WPA
Trust in the AP
1212 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (1/9)3G/WLAN Interworking (1/9)
Roaming scenarioIL-3G, NY-3G, NY-WLAN
Case 1NY-WLAN operates independently
Bill already has an account with NY-WLAN
Case 2IL-3G has a roaming agreement with WLAN
Case 3IL-3G and NY-WLAN do not have a roaming agreement
But NY-3G and NY-WLAN do
1313 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (2/9)3G/WLAN Interworking (2/9)
Independent internetwork authenticationMakes no effort at integration
In Case 1Bill already has a security association with NY-WLAN
Solution to authenticate by the new network protocol
DiscussionDoes not require a trust relationship between networks
Roaming agreement, secure channel
Accounting billing of each network should be independent
1414 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (3/9)3G/WLAN Interworking (3/9)
Centralized internetwork authenticationIn Case 2
Bill can use NY-WLAN’s service without registrationNY-WLAN authenticates Bill’s account from IL-3G
Centralized authentication methodsForeign network ensures that the client is legitimate user of the home network
1515 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (4/9)3G/WLAN Interworking (4/9)
Centralized internetwork authentication (Cont.)Proactive key distribution
1. oAS detects MS’s visit2. oAS requests H-AAA for context distribution3. H-AAA calculates potential nASs4. H-AAA predistributes context to nASs
1616 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (5/9)3G/WLAN Interworking (5/9)
Centralized internetwork authentication (Cont.)Discussion
Foreign and home networks should have roaming agreement
With N networks, overhead of roaming agreement is O(N2)
Introduction of dedicated third party, an AAA-broker
Centralized authentication methodsHigh authentication latency
Proactive key distribution schemes
Require accurate handoff prediction system
1717 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (6/9)3G/WLAN Interworking (6/9)
Context TransferIn Case 3
Suppose NY-3G and NY-WLAN trust each other enough to share Bill’s infoNY-3G can provide Bill’s security context to NY-WLAN to allow to access
Reactive context transferContext is delivered from the old network to the new network after handoff
1. MS visits new network2. nAS obtains the address of oAS3. nAS requests context transfer to oAS4. oAS transfers context of MS to nAS5. After verifying the context,
nAS allows MS to access6. H-AAA may optionally verify
MS’s authenticity after handoff
1818 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (7/9)3G/WLAN Interworking (7/9)
Context Transfer (Cont.)Proactive context transfer
Context transfer occurs before MS visits the new networkSoft handoff and prediction
1. oAS detects MS’s visit2. oAS calculates potential nASs3. oAS predistributes context to nASs
1919 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (8/9)3G/WLAN Interworking (8/9)
Context Transfer (Cont.)Ticket forwarding
oAS can issue a ticket containing context to the client 1. Client provide n AS with the ticket upon visit2. oAS detects MS’s visit3. oAS calculates potential nASs4. oAS issues tickets for each potential nAS, and sends to MS5. MS provides nAS with corresponding ticket after handoff6. nAS verifies the ticket and accepts MS
2020 / / Chapter 14. Multicast Security and Copyright Protection I
3G/WLAN Interworking (9/9)3G/WLAN Interworking (9/9)
Context Transfer (Cont.)Discussion
Allows a network verify authenticity of MS not from scratchAccounting and billing is an open issueSecurity based on the strong assumption
nAS believes that the association between MS and oAS is secure