1 / 24

An Empirical Analysis of the 4-way Hand-shake 1

An Empirical Analysis of the 4-way Hand-shake 1. Nick Petroni, Jr. npetroni@waa-assoc.com William A. Arbaugh waa@waa-assoc.com WAA Associates, LLC. 1. This work funded under a contract with the U.S. Defense Information Systems Agency (DISA). Experiment Equipment. Tested equipment

fonda
Download Presentation

An Empirical Analysis of the 4-way Hand-shake 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Empirical Analysis of the 4-way Hand-shake1 Nick Petroni, Jr. npetroni@waa-assoc.com William A. Arbaugh waa@waa-assoc.com WAA Associates, LLC. 1. This work funded under a contract with the U.S. Defense Information Systems Agency (DISA) Petroni,Arbaugh WAA Associates, LLC.

  2. Experiment Equipment • Tested equipment • Access Points from 3 vendors • Client cards from 4 vendors • 4 software clients (1 card-specific) • STA • 1.8GHz Pentium 4m Laptop • 256 MB RAM • Windows XP Professional Service Pack 1 • Measurement host • Identical hardware to client host • WildPackets AiroPeek NX 2.0 Petroni,Arbaugh WAA Associates, LLC.

  3. Test Procedure • Power up first AP on channel 1 in RF free environment. • STA associates to first AP • Power up second AP on channel 6 • Power down first AP to force reassociation with second AP • Timing host listens on channel 6. Petroni,Arbaugh WAA Associates, LLC.

  4. STA Measurement Host Layout AP1 5 feet 10 feet 10 feet AP2 7 feet 3 feet Petroni,Arbaugh WAA Associates, LLC.

  5. Interoperability Matrix Petroni,Arbaugh WAA Associates, LLC.

  6. Problems Encountered • Client Problems • Multiple clients sent EAPOL Start in response to first EAPOL Key Packet • One client occasionally sent EAPOL Key response (second message) to the previous AP, even after receiving first key message from new AP Petroni,Arbaugh WAA Associates, LLC.

  7. Problems Encountered • Card Problems • Multiple cards did full Association instead of Reassociation Petroni,Arbaugh WAA Associates, LLC.

  8. Problems Encountered • Interoperability Problems • One client could not successfully authenticate with one AP regardless of card used. • One client/card combination failed to interoperate • One combination of client/card/AP consistently resulted in • Reassociation • 4-way handshake • Deauthentication • Full Association • 4-way handshake • Two cards used (seemingly) proprietary means with the same AP, failing to ever do a 4-way HS Petroni,Arbaugh WAA Associates, LLC.

  9. Results- Client Comparison Petroni,Arbaugh WAA Associates, LLC.

  10. Results- Client1 Petroni,Arbaugh WAA Associates, LLC.

  11. Results- Client1 Petroni,Arbaugh WAA Associates, LLC.

  12. Results- Client2 Petroni,Arbaugh WAA Associates, LLC.

  13. Results- Client3 Petroni,Arbaugh WAA Associates, LLC.

  14. Results- Client3 Petroni,Arbaugh WAA Associates, LLC.

  15. Results- Client4 Petroni,Arbaugh WAA Associates, LLC.

  16. Results- Client4 Petroni,Arbaugh WAA Associates, LLC.

  17. Results- Effect of AP Petroni,Arbaugh WAA Associates, LLC.

  18. Results- Effect of AP Petroni,Arbaugh WAA Associates, LLC.

  19. Results- Effect of Card Petroni,Arbaugh WAA Associates, LLC.

  20. Results- Effect of Card Petroni,Arbaugh WAA Associates, LLC.

  21. Summary of Results • Interoperability problems were MUCH larger than expected. • An optimized client on a Pentium 4 (we didn’t have a client for a PDA to test) has a ~20ms latency for the 4-way. Petroni,Arbaugh WAA Associates, LLC.

  22. Conclusions • A 4-way latency of ~20ms in the best case (no RF contention, fast processor, no RADIUS delay as in PMK caching) creates a total layer 2 latency that will likely exceed 50ms when combined with the probe phase latency. • We’ve already dropped 2.5 VoIP packets and we haven’t added in the layer 3 latency yet. Petroni,Arbaugh WAA Associates, LLC.

  23. Recommendations • WECA should consider a “bake off” to quickly identify interoperability problems. • TGi should consider splitting the PAR into two working groups. The first would complete the current draft components, and the second would define a fast hand-off specification that utilizes the current key hierarchy. Petroni,Arbaugh WAA Associates, LLC.

  24. Thanks • Vendors for providing TKIP equipment. • Tim Moore and Nancy Cam-Winget for answering questions. • Wildpackets for providing Airopeek NX v2 for testing. • DISA for funding the work. Petroni,Arbaugh WAA Associates, LLC.

More Related