210 likes | 226 Views
This workshop, led by William Arbaugh from University of Maryland College Park, aims to discuss hard research problems and bureaucratic issues in wireless technology. The session covers technical trends, interworking threats, and goals in tying networks securely. Workshop participants will explore how to deal with legacy and future networks, roaming issues, and potential standardization obstacles. The technical overview includes discussions on IEEE standards, EAP methods, roaming challenges, and authentication procedures. Join the interactive session to engage in lively discussions and brainstorm innovative solutions to pressing issues in wireless unification theory.
E N D
Wireless Unification Theory William Arbaugh University of Maryland College Park
Bureaucracy • Speakers please introduce yourself to me and provide a copy of your slides to the note taker • Workshop should be interactive- ask questions, answer questions
Welcome! • Program consists of talks and discussions • Want to focus on discussions (more to follow) • Goal is to identify hard research problems and potential bureaucratic and standardization stumbling blocks
Technical Trends • Wireless access is becoming ubiquitous and broadband in nature • Users are become more mobile • Mobility for data access is changing from “discrete mobility” to “continous mobility” • Base stations are cheaper with less physical security • All of the wireless technologies have differing authentication and access control frameworks! • Interworking
Threat • Interworking allows attackers to find the “path of least resistance” and establish “man in the middle attacks” • The network with the weakest security will be the entry point • Providers will either not allow networks with weak security to join (limit Interworking growth) or allow it which introduces security problems.
Workshop Goals • How do we tie these networks together in a secure fashion? • Deal with legacy networks? • Deal with future networks? • Vertical/Horizontal roaming?
Technical • Patch work of technology CHAP EAP TLS A5 VLR HLR PEAP AES-CCM AKA CAVE
Standardize it? IEEE IETF IRTF ISO 3GPP WWRF
How do we do it? • I have no idea! • One of the main motivations for this workshop!
Things to think about • What are the research questions? • What are the problems? • Standardization problems • Technical problems • Policy problems
Technical Overview • IEEE 802.1x • EAP • Roaming
IEEE 802.1x • Provides access control and key distribution method to AP/base station • Centralized authentication • Uses EAP
Dual Port Model LAN Authenticator System Access Server Port unauthorized Controlled Port Uncontrolled Port Access Point Client / Supplicant
Trust Relationships EAP method Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.
Trust Relationships EAP method Transitively derived Possibly via RADIUS shared secret Note: I am using trust here loosely since only a security association is established.
Trust Relationships • Note that the client and the AP/Base station have no direct trust relationship • It is derived transitively if and only if the infrastructure establishes a trust relation between the AP and the RADIUS server
Supplicant Authenticator EAP REQUEST/IDENTITY EAP RESPONSE/IDENTITY (MyID) EAP REQUEST/OTP, OTP Challenge EAP RESPONSE/OTP, OTP PW EAP Success Port authorized EAP Session Authentication Server
EAP Authentication • Authentication may not be mutual • Loss of anonymity due to identity request • What are you authenticating? • User? • Device? • Do we need both?
Roaming Challenges • What is equivalent security? • Hand-off’s between differing physical and MAC layers in under 30ms? • Soft hand-over easy at layers 2 and below but more difficult at layer 3 and above • Hard hand-over just plain hard • Some authentication methods are complex, compute intensive, and take too long