KAIST

Wireless Network Wireless Network Security and Security and InterworkingInterworking

Minho Shin, et al.Proceedings of the IEEE, Vol. 94, No. 2, Feb. 2006

Hyeongseop ShimNS Lab, Div. of CS

September 11, 2007

22 / / Chapter 14. Multicast Security and Copyright Protection I

ContentsContents

IntroductionSecurity in 3GOverview of 802.11Wi-Fi Protected Access (WPA)3G/WLAN InterworkingConclusion

33 / / Chapter 14. Multicast Security and Copyright Protection I

IntroductionIntroduction

Why wireless internetworking?Various wireless technologies

From WPANs to 3G cellular networks

No single technology considered bestDifferent coverage and bandwidth limitations

For ubiquitous and high-performance wireless services

Security and performance in wireless internetworkingComposition of secure architectures

May produce an insecure result

High bandwidth with mobilityDemands efficient authentication during handover

44 / / Chapter 14. Multicast Security and Copyright Protection I

Security in 3G (1/3)Security in 3G (1/3)

AKA Protocol in UMTS

MSHome

NetworkServingNetwork

Registration Request

Auth Request

AV = (RAND, XRES, CK, IK, AUTN)

Challenge = (RAND, AUTN)Verify AUTNCompute RES

Retrieve user-specific Kfrom its subscriber DBGenerate RANDGenerate AV

Response = RESVerify RES

Channel Established

55 / / Chapter 14. Multicast Security and Copyright Protection I

Security in 3G (2/3)Security in 3G (2/3)

Access security in CDMA2000Adopted the AKA protocol with an optional extension

New cryptographic functionsf11 generates a UAK (UIM Authentication Key) to include in the AV

UMAC is the message authentication function on UAK

UAK protects a rogue shell attack

66 / / Chapter 14. Multicast Security and Copyright Protection I

Security in 3G (3/3)Security in 3G (3/3)

Security issues in AKASeparation of the AV generation and authentication

Facilitates faster roaming

But requires a trust relationship roaming partners

Not a full mutual authenticationNetwork authenticates the user by challenge-response

User only authenticates the network by verifying a MAC

77 / / Chapter 14. Multicast Security and Copyright Protection I

Overview of 802.11 (1/2)Overview of 802.11 (1/2)

AuthenticationOpen system authentication

Shared key authenticationUses challenge-response with a shared key

Initiator Responder

Challenge Tex t =WEP PRNG(K, IV)

Auth Request

Challenge Text

Verify CRC ICV andChallenge Text

eK(Challenge Text||new IV)

88 / / Chapter 14. Multicast Security and Copyright Protection I

Overview of 802.11 (2/2)Overview of 802.11 (2/2)

Access ControlClosed network access control

Clients with knowledge of the network name or SSID can join

Access control listsEach AP limits client to those using a listed MAC address

Security problems

99 / / Chapter 14. Multicast Security and Copyright Protection I

Wi-Fi Protected Access (1/3)Wi-Fi Protected Access (1/3)

Wi-Fi Protected Access (WPA)New security architecture for 802.11 by Wi-Fi AllianceWPA I

Interim solutionRequired only firmware and driver updates

WPA 2Complete redesignNew algorithms and, unfortunately, new hardware as well

1010 / / Chapter 14. Multicast Security and Copyright Protection I

Wi-Fi Protected Access (2/3)Wi-Fi Protected Access (2/3)

Authentication and access controlRestricts network connectivity to authorized users via 802.1XIEEE 802.1X standard

Provides a framework where various authentication methods can be usedEmploys the EAP (Extensible Authentication Protocol)Any auth mechanism can be encapsulated in the EAP req/res msgsEAP can route message to a centralized server

1111 / / Chapter 14. Multicast Security and Copyright Protection I

Wi-Fi Protected Access (3/3)Wi-Fi Protected Access (3/3)

Known security problemsVenerable to DoS attacks

Management frame are not protected nor authenticated

Possible hijack of sessions without encryptionTrust relationships with the WPA

Trust in the AP

1212 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (1/9)3G/WLAN Interworking (1/9)

Roaming scenarioIL-3G, NY-3G, NY-WLAN

Case 1NY-WLAN operates independently

Bill already has an account with NY-WLAN

Case 2IL-3G has a roaming agreement with WLAN

Case 3IL-3G and NY-WLAN do not have a roaming agreement

But NY-3G and NY-WLAN do

1313 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (2/9)3G/WLAN Interworking (2/9)

Independent internetwork authenticationMakes no effort at integration

In Case 1Bill already has a security association with NY-WLAN

Solution to authenticate by the new network protocol

DiscussionDoes not require a trust relationship between networks

Roaming agreement, secure channel

Accounting billing of each network should be independent

1414 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (3/9)3G/WLAN Interworking (3/9)

Centralized internetwork authenticationIn Case 2

Bill can use NY-WLAN’s service without registrationNY-WLAN authenticates Bill’s account from IL-3G

Centralized authentication methodsForeign network ensures that the client is legitimate user of the home network

1515 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (4/9)3G/WLAN Interworking (4/9)

Centralized internetwork authentication (Cont.)Proactive key distribution

1. oAS detects MS’s visit2. oAS requests H-AAA for context distribution3. H-AAA calculates potential nASs4. H-AAA predistributes context to nASs

1616 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (5/9)3G/WLAN Interworking (5/9)

Centralized internetwork authentication (Cont.)Discussion

Foreign and home networks should have roaming agreement

With N networks, overhead of roaming agreement is O(N2)

Introduction of dedicated third party, an AAA-broker

Centralized authentication methodsHigh authentication latency

Proactive key distribution schemes

Require accurate handoff prediction system

1717 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (6/9)3G/WLAN Interworking (6/9)

Context TransferIn Case 3

Suppose NY-3G and NY-WLAN trust each other enough to share Bill’s infoNY-3G can provide Bill’s security context to NY-WLAN to allow to access

Reactive context transferContext is delivered from the old network to the new network after handoff

1. MS visits new network2. nAS obtains the address of oAS3. nAS requests context transfer to oAS4. oAS transfers context of MS to nAS5. After verifying the context,

nAS allows MS to access6. H-AAA may optionally verify

MS’s authenticity after handoff

1818 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (7/9)3G/WLAN Interworking (7/9)

Context Transfer (Cont.)Proactive context transfer

Context transfer occurs before MS visits the new networkSoft handoff and prediction

1. oAS detects MS’s visit2. oAS calculates potential nASs3. oAS predistributes context to nASs

1919 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (8/9)3G/WLAN Interworking (8/9)

Context Transfer (Cont.)Ticket forwarding

oAS can issue a ticket containing context to the client 1. Client provide n AS with the ticket upon visit2. oAS detects MS’s visit3. oAS calculates potential nASs4. oAS issues tickets for each potential nAS, and sends to MS5. MS provides nAS with corresponding ticket after handoff6. nAS verifies the ticket and accepts MS

2020 / / Chapter 14. Multicast Security and Copyright Protection I

3G/WLAN Interworking (9/9)3G/WLAN Interworking (9/9)

Context Transfer (Cont.)Discussion

Allows a network verify authenticity of MS not from scratchAccounting and billing is an open issueSecurity based on the strong assumption

nAS believes that the association between MS and oAS is secure

2121 / / Chapter 14. Multicast Security and Copyright Protection I

ConclusionConclusion

Access security in 3GAKA Protocol in UMTS and CDMA200

Overview of 802.11Wi-Fi Protected Access (WPA)3G/WLAN Interworking

Centralized internetwork authenticationContext transfer