160 likes | 249 Views
Comparative studies on authentication and key exchange methods for 802.11 wireless LAN. Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers & Security (2007) 2007/09/11 CS Div. NS Lab. Young joo Shin. Contents. Introduction
E N D
Comparative studies on authenticationand key exchange methods for802.11 wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers & Security (2007) 2007/09/11 CS Div. NS Lab. Young joo Shin
Contents • Introduction • Authentication & Key Exchange(AKE) method requirements for IEEE 802.11 WLANs • AKE methods overview • Comparison results • Multi-layer AKE framework and its design guidelines • Conclusion
Introduction • IEEE 802.11 • A set of wireless LAN (WLAN) standards (802.11, 802.11b, 802.11a, etc) • Designed to offer reliable data transmission under diverse environments • Provides higher data transmission rate and lower cost • Two key security aspects of IEEE 802.11 • Authentication of wireless user/device • Data confidentiality between the wireless device and the network
Introduction • Authentication and Key Exchange (AKE) mechanism • An important building block for authentication & confidentiality • Many AKE methods for WLANs • EAP-TLS, PEAP, 802.1X, WPA, 802.11i, etc • In this paper • The general requirements for WLAN AKE methods are identified • WLAN AKE methods are reviewed and compared against the requirements • A multi-layer AKE framework is proposed based on the analysis
AKE method requirements for IEEE 802.11 WLANs • AKE method requirements • Mandatory • Recommended/desired • Additional operational • Mandatory requirements • Mutual authentication • Credential security • Resistance to dictionary attack • Man-in-the-middle attack protection • Immune to forgery attacks • Anti-replay (packet forgery) protection • Strong session key
AKE method requirements for IEEE 802.11 WLANs • Recommended/desired requirements • Management message authentication • Authenticate users • Key integrity check • Weak key protection • Additional operational requirements • No computational burden • Ease implementation • Fast reconnection
AKE methods overview • Proposed WLAN AKE methods are classified into • Legacy AKE method • Layered AKE method • Access control-based layered AKE method • Legacy AKE method • The simplest and default method for legacy 802.11 • Wired Equivalent Privacy (WEP) protocol (1997) • Pre-shared key, challenge/response • No protection to forgery attacks • No replay protection • Extremely weak to key attacks (due to misusing RC4 algorithm) • One key is used for authentication and traffic encryption
AKE methods overview • Layered AKE methods • The security mechanisms in a single layer would not be sufficient • Some deployments of 802.11 WLANs use layered AKE methods • EAP-TLS, EAP-TTLS, PEAP, EAP-SPEKE, EAP-FAST, EAP-PSK • EAP (Extensible Authentication Protocol) • Framework offering a basis for carrying other authentication methods • High extensibility due to independence from any particular authentication algorithm • Two of layered AKE methods • TLS embedded protocol • Layered method with cryptographic design
AKE methods overview • TLS embedded protocol • TLS (Transport Layer Security) is a certificate-based method • EAP-TLS • Provides mutual authentication • EAP-TTLS, PEAP • Address the weakness of insecure authentication channel during the authentication phase • Credential security, anti-replay TLS embedded protocol layered model EAP-TTLS protocol
AKE methods overview • Layered method with cryptographic design • Incorporates with cryptographic algorithms during authentication phase • Password-based authentication • Gains the security of public key encryption without the costs of certificates • EAP-FAST(Flexible Authentication via Secure Tunneling) • EAP-PSK (Pre-Shared Key) • EAP-SPEKE (Simple Password Exponential Key Exchange) • Layered AKE methods • Provide a highly efficient, easily deployable authentication framework • Secure than WEP • Contain certain disadvantages such as • No identity protection • No protected ciphersuite negotiation • No fast reconnection capability
AKE methods overview • Access control-based layered AKE method • IEEE 802.1X provides a port-based network access control • Layered AKE methods based on 802.1X • Transitional solution, long-term scheme • Transitional solution • WPA (Wi-Fi Protected Access) • WEP + 802.1X with EAP + TKIP(Temporal Key Integrity Protocol) • Compatible with legacy 802.11 hardware • e.g., RC4
AKE methods overview • Long-term scheme • WPA2 (IEEE 802.11i) • 802.1X access control + EAP authentication + AES-CCMP traffic encryption • Four-way handshake • Crucial security enhancements to legacy 802.11 • Not deployable and complicated to implement 4-way handshake
Comparison Results Legacy Layered Access control-based Layered
Multi-layer AKE framework and its design guidelines • Multi-layer AKE framework • The protected ciphersuite negotiation, mutual authentication and key management • Flexible framework for various user authentication and key distribution (password, certificate, smart card, etc) • New functionalities could be easily incorporated into the framework • The framework can address threats caused new security concerns or development challenges of wireless technologies A multi-layered AKE framework for 802.11 WLANs
Multi-layer AKE framework and its design guidelines • Multi-layer AKE framework design guidelines • Conduct a risk analysis to determine the required protection level and then find the most cost-effective protection against attacks • Consider preventing from some types of DoS attacks • Make decision on how to find the tradeoff between easy implementation and strong security • Consider combination of existing mechanisms to overcome existing problems
Conclusion • The AKE requirements for 802.11 WLAN have been identified • The proposed AKE methods are reviewed and compared against the requirements • Legacy AKE methods • Layered AKE methods • Access control-based layered AKE methods • A new framework for 802.11 AKE method is proposed • Fairy strong security, flexibility and extensiblity