Security Techniques For Wireless Protocols - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Security Techniques For Wireless Protocols

Description:

For wireless traffic, security at layer 2 and above is advisable. ... They have a shared secret. Security Server. Wireless Access Point. Wireless Client ... – PowerPoint PPT presentation

Number of Views:163
Avg rating:3.0/5.0
Slides: 17
Provided by: JHB9
Category:

less

Transcript and Presenter's Notes

Title: Security Techniques For Wireless Protocols


1
Security Techniques For Wireless Protocols
  • Protecting an Inherently Insecure Medium
  • R. K. Coleman
  • 3e Technologies International, Inc.

2
The 3eTI Total Security Solution
Whether on Navy Ships, Army Tanks or in the
Enterprise Wireless Security is Essential
3
The Wireless Security Landscape
  • For wireless security, symmetric-key encryption
    using U.S. Government-approved AES encryption is
    an accepted methodology.
  • IEEE 802.11i, IEEE 802.15.4, and Bluetooth all
    employ a cross-layered approach to security.
  • All three wireless protocols rely on private
    encryption keys therefore, key management over
    the insecure wireless channel has emerged as a
    problem of chief concern.
  • 802.11i uses Extensible Authentication Protocol
    (EAP) over LAN to perform authentication and
    mutual key derivation.
  • ZigBee will employ Elliptic Curve Cryptographic
    (ECC) techniques to derive and manage encryption
    keys.
  • 3eTI provides an innovative Dynamic Key Exchange
    (DKE) technique that leverages Diffie-Hellman and
    RSA to securely exchange keys between a wireless
    Access Point and Client Device.
  • 3eTI wireless products have been rigorously
    tested and validated against NIST / NSA
    standards, ensuring top-tier security solutions
    for the discerning wireless consumer.

4
Background AES
  • In Federal Information Processing Standards
    Publication 197 (FIPS PUB 197), the U.S. National
    Institute of Standards and Technology (NIST)
    officially endorses the Rijndael algorithm to be
    used as the Advanced Encryption Standard (AES) in
    cryptographic systems throughout Federal
    Agencies.
  • Where Rijndael stood out was in its compact
    number of rounds required to produce a
    significant level of entropy.

Streamlined for HW or SW
Comparison of AES Contending Algorithm Rounds /
Stages
5
Rijndael Qualities
  • Rijndael advantages
  • Fast (for a block cipher) on general purpose
    processors.
  • Can be compactly implemented on Smart Cards.
  • Its round transformation is parallel by design.
  • Rijndael does not rely on arithmetic operators
    as such it contains no bias
  • in favor of big or little-endian architectures.
  • The cipher does not base its security in full or
    in part on obscure or not
  • mathematically well-understood operations.
  • For completeness, a disadvantage of Rijndael is
    that the inverse cipher required for decryption
    is more processing-intensive and less optimal
    than the forward cipher it takes more code and
    consumes more clock cycles.
  • Also, the Rijndael cipher and its inverse make
    use of different code and tables, so in hardware,
    the inverse cipher can only partially re-use the
    circuitry that implements the forward cipher.
  • Regardless of these disadvantages, Rijndael has
    stood up to much scrutiny in its 3-year selection
    process, has solid overall encryption qualities,
    and has been projected to have a useful lifetime
    similar to 3DES, or on the order of 20 years.

6
Simplicity of AES ECB Mode
  • Electronic codebook mode (ECB) is the simplest
    and most obvious way to use the AES block cipher.
    In this mode, no chaining or feedback is
    employed, and the same block of plaintext always
    encrypts to the same block of ciphertext.
  • AES ECB is straightforward, easy to implement and
    well-suited to streamlined, high-performance
    processing.
  • However, the fact that the same block of
    plaintext always encrypts to the same block of
    ciphertext with ECB mode is a weakness.
  • The constant data in the plaintext will produce
    constant data in the ciphertext, allowing a
    cryptanalyst to glean information about the
    plaintext and to mount statistical attacks,
    irrespective of the strength of the AES block
    cipher.
  • A cryptanalyst who has the plaintext and
    ciphertext for several messages can start to
    compile a codebook without knowledge of the
    actual encryption key.

7
Strengths of AES CCMP
  • The CCMP protocol combines Counter (CTR) mode
    encryption for data privacy or confidentiality,
    and Cipher Block Chaining Message Authentication
    Code (CBC-MAC) authentication, for an
    authenticate-and-encrypt process.
  • CCMP has two prominent advantages for IEEE 802.11
    security
  • First, it is particularly useful because it
    computes the CBC-MAC over the
  • IEEE 802.11 header length, selected parts of the
    IEEE 802.11 MAC
  • Payload Data Unit (MPDU) header, and the
    plaintext MPDU data
  • whereas the old IEEE 802.11 WEP mechanism
    provided no protection to
  • the MPDU header.
  • Secondly, both CCMP encryption and decryption
    employ only the forward
  • AES block cipher function. In this way CCMP
    avoids use of the inverse
  • AES cipher which is more costly and processing
    intensive.
  • The CCMP implementation does not have to complete
    calculation of the message authentication code
    before CTR encryption can begin, allowing
    parallel implementation of both modes.
  • The benefits of performing authentication and
    encryption on each data packet are clear, as
    opposed to encryption alone.

8
Benefits of Elliptic Curve Cryptography
  • The elliptic curve discrete logarithm problem
    rests on mathematics that make it possible to
    define the addition of two points on the elliptic
    curve
  • The problem can be defined as follows Fix an
    elliptic curve such
  • that P and Q are both points on the curve, and
    xP represents the
  • point P added to itself x times. Q is a multiple
    of P, so that Q xP
  • for some x. The elliptic curve discrete
    logarithm problem is to
  • determine x given P and Q.
  • The elliptic curve discrete logarithm problems
    best general-purpose solution requires
    fully-exponential time.
  • Due to the complexity of the elliptic curve
    discrete logarithm problem that Elliptic Curve
    Cryptography poses versus the relative ease of
    implementing the algorithm, ECC provides a very
    high level of security strength-per-key-bit when
    compared with other public-key cryptographic
    systems including RSA, ElGamal, and DSA.
  • The strength, as well as the computational
    efficiency and relative compactness make
    ECC/ECDSA very attractive for use in handheld
    devices and other low-power, miniaturized devices
    where space and power are at a premium exactly
    the applications ZigBee will target.

9
Bluetooth Security LAN Access Profile A
Cross-Layered Approach
10
IEEE 802.11i and Key Management
  • For wireless systems using a noisy, inherently
    insecure channel, key management and mutual key
    derivation are at least as critical as the actual
    encryption cipher that is chosen and employed.
  • IEEE 802.11i includes specifications on
    encryption, authentication and key management in
    a multi-layered approach to security.
  • IEEE 802.1X-based authentication mechanisms are
    used, with AES in CCMP mode, to establish an
    802.11 Robust Security Network (RSN).
  • IEEE 802.1X-2001 defines a framework based on the
    Extensible Authentication Protocol (EAP) over
    LANs (EAPoL). EAPoL is used to exchange EAP
    messages. These EAP messages execute an
    authentication sequence and are used for key
    derivation between a Station (STA) and an EAP
    entity known as the Authentication Server.
  • EAP is not tied to any particular authentication
    algorithm and is therefore highly extensible. It
    defines a small number of messages used to
    communicate between the Authentication Server and
    the EAP Client.
  • The Authenticator and Supplicant use the 802.11i
    four-way handshake to mutually authenticate and
    to mutually derive the necessary encryption and
    authentication keys.

11
EAP For Key Management Exchange
EAPoL carries EAP messages between the Supplicant
and the Authenticator, which acts as a relay for
EAP packets by extracting them from within the
EAPoL frames and sending those EAP packets to the
Authentication Server over the secure channel.
12
OSI Layer 2 Protection vs. IPSec Layer 3 VPNs
  • IPSec provides an Encapsulating Security Payload
    (ESP), which is a protocol header inserted into
    an Internet Protocol (IP) datagram at the (layer
    3) network layer.
  • IPSec is intended to provide confidentiality,
    data origin authentication, antireplay, and data
    integrity services to IP frames.
  • Virtual Private Networks (VPNs) typically rely on
    IPSec for implementing secure tunnels.
  • The drawback to this approach is that for
    wireless systems, the datalink (layer 2)
  • and physical (layer 1) frames are completely
    unprotected using IPSec alone.
  • Spoofing and replay attacks on the MPDU and
    physical layer packets are possible.
  • For wireless traffic, security at layer 2 and
    above is advisable.
  • 3eTI is developing AES for encryption and
    authentication at the datalink layer in
    accordance with IEEE 802.11i, providing secure
    protection of the wireless packet(s).
  • Combined with dynamic key exchange and careful
    key management, MAC-sublayer AES CCMP provides
    strong protection of the wireless frames.
  • IPSec can still be used in the network above AES
    CCMP, for multi-layer security to provide
    comprehensive protection.

13
Approach to Dynamic Key Exchange
Security Server
Wireless Access Point
Wireless Client
2. MAC Listening
3. Start WLAN client
1. Listening
4. Client sets up card SSID selected
Security Server asks client for Certificate and
Sends its own certificate to client for mutual
authentication
5. Pre-Authentication Connection
6. Client starts authentication
7. AP pass-through
8. Challenges client (EAP-TLS)
(EAP/TLS authentication process between
security server and wireless client)
10. Sends its DH public key to Security Server
Sends prime number
9. Sends auth-success
11. Sends its DH public key and AES-encrypted TLS
key
12. Calculates the DH session key decrypts the
TLS key
13. Sends success to client
15. Sets broadcast / unicast keys
14. Sends broadcast key to client
Key Exchange Ends Successfully
Summary All packets are authenticated using
HMAC-SHA-1 (per packet authentication) Between
Wireless Access Point and Security Server. They
have a shared secret.
Note DH Diffie Hellman, TLS Transport Layer
Security
14
FIPS 140-2 Validation and CC Certification
  • FIPS 140-2 is focused on Cryptography and the
    protection of Cryptographic Keys.
  • The main objective of the Common Criteria (CC)
    initiative was to create standard methods for the
    specification, design and evaluation of IT
    security products that would be widely accepted
    and established, yielding consistent levels of
    Information Assurance within the security
    community.
  • The determination of acceptable cryptographic
    algorithms is within the domain of FIPS 140-2 for
    cryptographic systems deployed in Federal
    agencies.
  • The scope of the CC involves specifying strength
    of function, proving that configuration
    management is specified and practiced in the TOE
    development, and that an assurance maintenance
    plan is specified and executed to maintain the
    information assurance level of the TOE when new
    product features are added.
  • In this way, FIPS 140-2 and CC are complementary
    in ensuring a correctly-constructed and
    strongly-secure wireless end-to-end system is
    developed and deployed, and that the appropriate
    level of security is maintained throughout the
    product life-cycle.

15
Common Criteria FIPS 140-2For IA-Enabled
Products
16
Future Directions
  • 3eTI sees a growing trend toward including active
    intrusion prevention to secure future networks.
  • This includes the use of directional antennas,
    with adaptive beamforming and null-steering, to
    effectively provide an invisible fence or
    RF-boundary (layer 1) around the deployed
    wireless LAN.
  • Smart antennas are coming down in cost and
    therefore becoming more practical for enterprise
    or company-wide 802.11 networks.
  • These smart antennas will be used to complete the
    multi-layered security approach by adding
    physical-layer security techniques to the
    existing datalink and higher-layer techniques.
  • 3eTI has used Small Business Innovation Research
    (SBIR) contract vehicles to actively pursue
    research in the area of 802.11 intrusion
    prevention and smart antenna development, which
    will in the future reinforce the wireless
    infrastructures.
  • Adaptive beamforming and beamsteering, coupled
    with 802.11i constructs and other higher-layer
    intrusion prevention techniques, provide a
    multi-layered approach to security that is
    necessary to ensure wireless LANs become a
    transparent and fully-utilized extension of
    traditional wired networks.
Write a Comment
User Comments (0)
About PowerShow.com