220 likes | 385 Views
Wireless Network Security and Interworking. MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University of California, San Diego, La Jolla THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006 Mong Nam Han m0ng01@an.kaist.ac.kr
E N D
Wireless Network Security and Interworking MINHO SHIN, JUSTIN MA, ARUNESH MISHRA, AND WILLIAM A. ARBAUGH University of Maryland, College Park, University of California, San Diego, La Jolla THE IEEE, VOL. 94, NO. 2, FEBRUARY 2006 Mong Nam Han m0ng01@an.kaist.ac.kr AN Lab, CS dept. KAIST, Korea
Overview • Challenge to the interworking • Security in cellular system • Security in 802.11 WLAN • 3G / WLAN interworking • Conclusion, Q & A
Challenge to the interworking • Variety of wireless have • Different coverage and bandwidth • Vastly different security architecture • Security issue • Contradictory security assumption • The authentication process • Long authentication delay during handover
Security in cellular system: ~2G • 1G (analog) • Cloning • Channel hijacking • Eavesdropping • 2G • Short authentication signature: 18bit • Broken encryption algorithm: CMEA in ‘97, ORYX in ’98 • GSM • Security through obscurity: go through or around • Disclosed master key of SIM card • Reverse engineered function A5
Security in 3G • Security challenges • New revenue-related fraud • The full range of threats similar on Internet • Vulnerability to malicious access
Security in 3G: UMTS • Enhancements • Mutual authentication, encryption with 128 bit key lengths • Features • Network access security • access control of users and MS, data confidentiality/integrity, and user identity privacy • Network domain security • security within provider domain • User domain security • User-USIM-terminal • Application domain security • Visibility, Configurability, Temporary identity
Security in 3G: UMTS • AKA (Authentication and Key Agreement) protocol • Mutual authentication • Three entities • User (MS or USIM) • Serving node (VLR/SGSN) • Home environment (HLR/AuC) • Three stages • Initiation • Transfer of credentials • Challenge-response exchange
Security in 3G: UMTS • AKA process
Security in 3G: CDMA 2000 • AKA with an optional extension • New cryptographic function f11 • generate a UIM Authentication Key (UAK) • UMAC • message authentication function on UAK • Advanced Encryption Standard (AES)
Security in 3G • Security issues in AKA • Trust relationship between roaming partners • One-pass challenge-response mechanism not full mutual authentication • User only verifies a MAC • Permanent identity (IMSI) in plain text • when registering at first time
Security in 802.11 WLAN • Authentication • Open system authentication • Shared key authentication: standard challenge and response • Challenge text: WEP PRNG with the shared secret and IV • Response: 32bit CRC integrity check (ICV) • Access Control • Closed network access control: SSID • Access control lists: MAC address • Security problems • published in countless papers
Security in 802.11 WLAN: WPA • WiFi Protected Access • Security framework • Three entities • Supplicant: user • Authenticator: switch, access point • Authentication server
Security in 802.11 WLAN: EAP • Extensible Authentication Protocol : Authentication mechanism built around challenge-response • Four types of message • EAP request: a challenge to supplicant • EAP response: response • EAP success: outcome • EAP failure : outcome • Features • Extensible: encapsulation within EAP • Flexible: operated at the network layer • Dual-port model
Security in 802.11 WLAN: Problems • Denial of service attack • Management frame are not protected nor authenticated • Session hijacking • When not encrypted • Trust relationship • implicit trust
3G / WLAN interworking • Roaming model and three typical authentication scenarios • Case1: NY-WLAN operates independently, and Bill already have an account with NY-WLAN • Case 2: IL-3G, Bill’s home network, has a roaming agreement with NY-WLAN • Case 3: IL-3G and NY-WLAN do not have a roaming agreement, but NY-3G and NY-WLAN do
Case 2: Centralized internetworking Authentication • EAP-SIM • Lack of mutual authentication • Weak 64 bit cipher key • EAP-AKA • Require synchronized sequence number • Weakness of EAP • Lacks for identity protection, protected method negotiation, protected termination • possible man-in-the-middle attack • Authentication latency: O(N2) • Interdomain proactive key distribution • Fast handoff scheme: reduce authentication latency • Use neighbor graph • Require reasonably accurate handoff prediction system • AAA-broker • Reduce total number of association: O(N) • Be close, trustworthy, require strong security association between broker and home network
Case 3: Context transfer • Security context: current state • Authentication state: identifier • Authorization state: services and functions • Communication security parameter: encryption algorithm, session keys • Reactive context transfer: after visit • Context transfer protocol (CTP): at L3 • Inter access point protocol (IAPP): at L2 • Inter domain key exchange (IDKE): for seamless handover • Proactive context transfer: before visit • Soft handoff • Prediction • Ticket forwarding: issue ticket (context) to the client • Kerberos
Case 3: Context transfer • Discussion • Benefit: performance, flexible trust relationships • Issue • Accounting and billing • Post hoc authentication • Full authentication or reauthentication
Conclusion, Q & A • Good security will be developed in an open environment with the collaboration