1 / 20

Wireless Network Security and Interworking

Wireless Network Security and Interworking. MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University of California, San Diego, La Jolla THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006 Mong Nam Han m0ng01@an.kaist.ac.kr

essien
Download Presentation

Wireless Network Security and Interworking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University of California, San Diego, La Jolla THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006 Mong Nam Han m0ng01@an.kaist.ac.kr AN Lab, CS dept. KAIST, Korea

  2. Overview • Challenge to the interworking • Security in cellular system • Security in 802.11 WLAN • 3G / WLAN interworking • Conclusion, Q & A

  3. Challenge to the interworking • Variety of wireless have • Different coverage and bandwidth • Vastly different security architecture • Security issue • Contradictory security assumption • The authentication process • Long authentication delay during handover

  4. Security in cellular system: ~2G • 1G (analog) • Cloning • Channel hijacking • Eavesdropping • 2G • Short authentication signature: 18bit • Broken encryption algorithm: CMEA in ‘97, ORYX in ’98 • GSM • Security through obscurity: go through or around • Disclosed master key of SIM card • Reverse engineered function A5

  5. Security in 3G • Security challenges • New revenue-related fraud • The full range of threats similar on Internet • Vulnerability to malicious access

  6. Security in 3G: UMTS • Enhancements • Mutual authentication, encryption with 128 bit key lengths • Features • Network access security • access control of users and MS, data confidentiality/integrity, and user identity privacy • Network domain security • security within provider domain • User domain security • User-USIM-terminal • Application domain security • Visibility, Configurability, Temporary identity

  7. Security in 3G: UMTS • AKA (Authentication and Key Agreement) protocol • Mutual authentication • Three entities • User (MS or USIM) • Serving node (VLR/SGSN) • Home environment (HLR/AuC) • Three stages • Initiation • Transfer of credentials • Challenge-response exchange

  8. Security in 3G: UMTS • AKA process

  9. Security in 3G: CDMA 2000 • AKA with an optional extension • New cryptographic function f11 • generate a UIM Authentication Key (UAK) • UMAC • message authentication function on UAK • Advanced Encryption Standard (AES)

  10. Security in 3G • Security issues in AKA • Trust relationship between roaming partners • One-pass challenge-response mechanism not full mutual authentication • User only verifies a MAC • Permanent identity (IMSI) in plain text • when registering at first time

  11. Security in 802.11 WLAN • Authentication • Open system authentication • Shared key authentication: standard challenge and response • Challenge text: WEP PRNG with the shared secret and IV • Response: 32bit CRC integrity check (ICV) • Access Control • Closed network access control: SSID • Access control lists: MAC address • Security problems • published in countless papers

  12. Security in 802.11 WLAN: WPA • WiFi Protected Access • Security framework • Three entities • Supplicant: user • Authenticator: switch, access point • Authentication server

  13. Security in 802.11 WLAN: EAP • Extensible Authentication Protocol : Authentication mechanism built around challenge-response • Four types of message • EAP request: a challenge to supplicant • EAP response: response • EAP success: outcome • EAP failure : outcome • Features • Extensible: encapsulation within EAP • Flexible: operated at the network layer • Dual-port model

  14. Security in 802.11 WLAN: Problems • Denial of service attack • Management frame are not protected nor authenticated • Session hijacking • When not encrypted • Trust relationship • implicit trust

  15. 3G / WLAN interworking • Roaming model and three typical authentication scenarios • Case1: NY-WLAN operates independently, and Bill already have an account with NY-WLAN • Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN • Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do

  16. Case 2: Centralized internetworking Authentication • EAP-SIM • Lack of mutual authentication • Weak 64 bit cipher key • EAP-AKA • Require synchronized sequence number • Weakness of EAP • Lacks for identity protection, protected method negotiation, protected termination • possible man-in-the-middle attack • Authentication latency: O(N2) • Interdomain proactive key distribution • Fast handoff scheme: reduce authentication latency • Use neighbor graph • Require reasonably accurate handoff prediction system • AAA-broker • Reduce total number of association: O(N) • Be close, trustworthy, require strong security association between broker and home network

  17. Case 3: Context transfer • Security context: current state • Authentication state: identifier • Authorization state: services and functions • Communication security parameter: encryption algorithm, session keys • Reactive context transfer: after visit • Context transfer protocol (CTP): at L3 • Inter access point protocol (IAPP): at L2 • Inter domain key exchange (IDKE): for seamless handover • Proactive context transfer: before visit • Soft handoff • Prediction • Ticket forwarding: issue ticket (context) to the client • Kerberos

  18. Case 3: Context transfer • Discussion • Benefit: performance, flexible trust relationships • Issue • Accounting and billing • Post hoc authentication • Full authentication or reauthentication

  19. Conclusion, Q & A • Good security will be developed in an open environment with the collaboration

  20. Q & A

More Related