a history of 802 11 security
play

A History of 802.11 Security Jesse Walker Communications Technology - PowerPoint PPT Presentation

Apr 03, 2023 •953 likes •1.23k views

A History of 802.11 Security Jesse Walker Communications Technology Lab Intel Corporation jesse.walker@intel.com Jesse Walker, A History of 802.11 1 Security Goal and Agenda Goal: What is 802.11i, and where did it come from?

  1. A History of 802.11 Security Jesse Walker Communications Technology Lab Intel Corporation jesse.walker@intel.com Jesse Walker, A History of 802.11 1 Security

  2. Goal and Agenda • Goal: – What is 802.11i, and where did it come from? • Agenda – In the beginning … – Constraints and requirements – Architecture – Data protection – Discovery, authentication, and keying – Evaluation Jesse Walker, A History of 802.11 2 Security

  3. Today’s Countermeasures In the beginning … Chronology of Events 2004 1997 2003 2001 WPA = pre- 802.11i Original 802.11 WEP issues standard subset • 802.1x Security: documented of 802.11i authentication • Native 802.11 October 2000- • 802.1X • enhanced 802.1X authentication August 2001 authentication key management • WEP encryption 802.1X with WEP • 802.1X key • AES-based data • 802.1X management protection authentication • TKIP data • enhanced support • 802.1X key protection infrastructure rotation • Ratified June 23 • WEP data protection Jesse Walker, A History of 802.11 3 Security

  4. In the beginning … WEP: What is it? • IEEE Std 802.11-1997 (802.11a) defined Wired Equivalent Privacy (WEP) – Unchanged in ISO/IEC 8802-11:1999 • WEP’s Goals: – Create the privacy achieved by a wired network – Simulate physical access control by denying access to unauthenticated stations Jesse Walker, A History of 802.11 4 Security

  5. In the beginning … WEP Description WEP Key 802.11 Hdr Data Per-Frame Key || RC4 Encryption CRC-32 PN 802.11 Hdr IV Data ICV ICV Jesse Walker, A History of 802.11 5 Security

  6. In the beginning … WEP Analysis • Attacks against WEP published before the ink was dry – Walker, “Unsafe at any Key Size” , IEEE 802.11 doc. 00-362, October 2000 – Arbaugh, “An inductive Chosen Plaintext Attack against WEP”, IEEE 802.11 doc. 01-230, May 2001 – Borisov, Goldberg, Wagner, “The insecurity of 802.11”, Proceedings of International Conference on Mobile Computing and Networking, July 2001 – Fluhrer, Mantin, Shamir, “Weaknesses in the key schedule algorithm of RC4”, Proceedings of 4 th Annual Workshop of Selected Areas of Cryptography, August 2001 • 802.11 instituted remediation in November 2000 – Specification of a replacement for WEP became a TGe work item Jesse Walker, A History of 802.11 6 Security

  7. Constraints and Requirements Protection Requirements • Migration path or compatibility with WEP-only equipment • Never send or receive unprotected data frames • Message origin authenticity — prevent forgeries • Sequence frames — prevent replays • Don’t reuse keys – a key establishment protocol needed • Avoid complexity: avoid rekeying — 48 bit frame sequence space • Protect source and destination addresses – prevent header forgeries • Use one cryptographic primitive for both confidentiality and integrity – minimize implementation cost • Interoperate with proposed quality of service (QoS) enhancements (IEEE 802.11 TGe) – don’t compromise performance Jesse Walker, A History of 802.11 7 Security

  8. Constraints and Requirements Design Constraints Constraint 3: Multicast integral to modern networking (ARP, UPnP, Active Directory, SLP, …) and cannot be ignored Access Point Wired Server Station 1 Station 2 Ethernet Constratint 1: All messages Constraint 2: WLAN uses short flow through access point; 1st range radios, so APs must be generation AP MIP budget = 4 ubiquitous, so low cost Million instructions/sec Jesse Walker, A History of 802.11 8 Security

  9. Architecture 802.11i Architecture Data Station Management MAC_SAP Entity 802.1X 802.1X 802.1X Authenticator/Supplicant Controlled Uncontrolle Data Link Port d Port TK 802.11i Key WEP/TKIP/CCMP Management State Machines MAC PTK ← PRF(PMK) (PTK = KCK | KEK | TK) Physical PHY PMD Jesse Walker, A History of 802.11 9 Security

  10. Architecture 802.11i Phases Station Authentication Access Server Point Security capabilities discovery Security negotiation 802.1X authentication RADIUS-based key 802.11i key management distribution Data protection: TKIP and Jesse Walker, A History of 802.11 10 CCMP Security

  11. Data protection TKIP Overview • Legacy hardware addressed second – I never believed it was feasible • TKIP: T emporal K ey I ntegrity P rotocol – Conform to 1 st generation access point MIP budget: 4 Million Instructions/sec o Must reuse existing WEP hardware – Special purpose Message Integrity Code – costs 5 instructions/byte ≈ 3.5 M instructions/sec, and protects source, destination addresses (Ferguson, “A MAC- implementable MIC for 802.11”, November 2001) – Prevent Replay: WEP IV extended to 48 bits, used as a packet sequence space (Stanley, 802.11 doc. 02-006) – New Per-frame key constructed using a cryptographic hash (Whiting/Rivest, 802.11 doc 02-282, May 2002) – costs 200 instructions/frame ≈ 300K instructions/sec • Designed to permit migration to new hardware Jesse Walker, A History of 802.11 11 Security

  12. Data protection TKIP Overview 802.11 Hdr Data MIC Integrity Key Compute Message Integrity Code PN Mix per-frame WEP key Temporal Key Per-Frame Key Jesse Walker, A History of 802.11 12 Security

  13. Data protection AES CCMP • Long term problem addressed first – Backward compatibility always hard(er) • All new protocol with few concessions to WEP • First attempt: protocol based on AES-OCB (Walker, 802.11 doc. 01-018) – OCB = Rogaway’s Offset Code Book mode – Costs about 20 instruction/byte in software ≈ 15 M instr/sec – Removed in July 2003 due to IPR issues • Second attempt: similar protocol based on AES-CCM (Ferguson- Housley-Whiting, 802.11 doc. 02-001) – Prevent replay – Frame sequence number enforcement – Provide confidentiality – AES in Counter mode – Provide forgery protection through CBC-MAC – Costs about 40 instructions/byte in software ≈ 30 M instr/sec – Replaced AES-OCB in July 2003 • Requires new AP hardware – CPU Budget of 1 st generation AP: 4 M Instructions/sec – RC4 off-load hardware doesn’t do AES or CCMP Jesse Walker, A History of 802.11 13 Security

  14. Data protection Frame Format IV used as frame sequence space to defeat replay Key IV ID Cryptographic Message Integrity Code to defeat forgeries encryption used to provide data confidentiality Encrypted 802.11 802.11i Data MIC FCS Hdr Hdr Authenticated by MIC Jesse Walker, A History of 802.11 14 Security

  15. Discovery, authentication, and keying Authentication Overview • Authentication, not WEP flaws, led to new security work in 802.11 – Original authentication was 802.11 specific – Enterprise market refused to deploy WLANs if legacy RADIUS authentication could not be reused • Candidate solutions considered – 802.1X (Aboba, Halasz, Zorn, 2000) – Kerberos/GSSAPI (Beach, Walker 802.11 doc. 00- 292) • 802.1X adopted in November 2000 – Business, not technical decision, drove selection Jesse Walker, A History of 802.11 15 Security

  16. Discovery, authentication, and keying IEEE 802.1X Layering Wireless Authentication Access Station Server Point Concrete EAP Method, e.g., EAP-TLS EAP RADIUS 802.1X (EAPOL) 802.11 UDP/IP Jesse Walker, A History of 802.11 16 Security

  17. Discovery, authentication, and keying Authentication Overview STA AP AS STA 802.1X blocks AP 802.1X blocks controlled port controlled port 802.1X/EAP-Request Identity 802.1X/EAP-Response Identity (EAP type specific) RADIUS Access Request/Identity EAP type specific mutual authentication Derive Master Key (MK), Pairwise Derive Master Key (MK), Pairwise Master Key (PMK) Master Key (PMK) RADIUS Accept (with PMK) 802.1X/EAP-SUCCESS Jesse Walker, A History of 802.11 17 802.1X RADIUS Security

  18. Discovery, authentication, and keying Keying Overview • Requirements: – Prevent WEP’s key reuse (guarantee fresh keys) – Synchronize key usage – Verify liveness and proof of possesion – Bind key to STA and AP • Candidate solutions considered – Authenticated Key Exchange (Cam-Winget, Housley, Walker, 802.11 doc. 01-573, November 2001) – 802.1X keying (Moore, November 2001) • 802.1X adopted in November 2001 • Definciencies of each redesign noted in January, February, March, May of 2001 • “Final” design completed in May 2002 (Moore, 02-298) Jesse Walker, A History of 802.11 18 Security

  19. Discovery, authentication, and keying 802.11i Key Hierarchy Master Key (MK) Pairwise Master Key (PMK) = kdf(MK, AP information | STA information) Pairwise Transient Key (PTK) = PRF(PMK, AP Nonce | STA Nonce | AP MAC Addr | STA MAC Addr) Analog of the WEP key Key Key Encryption Temporal Key – PTK bits 256– n – can Confirmation Key (KEK) – PTK have cipher suite specific structure Key (KCK) – PTK bits 128–255 bits 0–127 Jesse Walker, A History of 802.11 19 Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

350 views • 21 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses & worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Analyzing security Security

1.41k views • 107 slides
Social Security www.socialsecurity.gov History of Social Security Programs 1935

Social Security www.socialsecurity.gov History of Social Security Programs 1935

Social Security www.socialsecurity.gov History of Social Security Programs 1935 Retirement Insurance 1939 Survivors Insurance 1956 Disability Insurance 2 1 Other Programs 1965 Medicare Program 1972

723 views • 24 slides
Buffer Software Security overflows and other memory safety vulnerabilities History

Buffer Software Security overflows and other memory safety vulnerabilities History

This time We will begin By investigating our 1st section: Buffer Software Security overflows and other memory safety vulnerabilities History Memory layouts Buffer overflow fundamentals Software security Security is a form

2.11k views • 190 slides
DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @

DevOps A History in Configuration Management About me Senior Information Security Architect @ Epigen Technology Security nerd & avid lock picker Auditor, Analyst, Engineer Organizer / Volunteer various conferences Tech policy & tech

352 views • 24 slides
SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell Incident Response BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995)

949 views • 58 slides
SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell

SUMMARY History End of life CLI Services Security Considerations PowerShell Incident Response BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995)

810 views • 46 slides
History of Energy Security: A Geopolitical Perspective (Part 1) John A. Paravantis May 2019 1

History of Energy Security: A Geopolitical Perspective (Part 1) John A. Paravantis May 2019 1

History of Energy Security: A Geopolitical Perspective (Part 1) John A. Paravantis May 2019 1 1. Preamble History is just one damn thing after another H. A. L. Fisher Energy is an economic, ill-distributed and expensive good, subject to

971 views • 85 slides
SUMMARY History End of life CLI Services Security Considerations Powershell

SUMMARY History End of life CLI Services Security Considerations Powershell

SUMMARY History End of life CLI Services Security Considerations Powershell Server Setup BRIEF HISTORY (WINDOWS CLIENT) MSDOS (1980) WINDOWS (1985) WINDOWS 3.1 (1992) Windows 95 (1995) Windows ME

725 views • 43 slides
DevSecBioLawOps and the current State of Information Security Ren Lynx Pfeifger, DeepSec

DevSecBioLawOps and the current State of Information Security Ren Lynx Pfeifger, DeepSec

DevSecBioLawOps and the current State of Information Security Ren Lynx Pfeifger, DeepSec In-Depth Security Conference 2020 Background Background First a bit of History History continued 1960s : Organisation use passwords 1970s :

364 views • 22 slides
! ! ! A!BRIEF!HISTORY!OF!MULTILATERAL!PROPOSALS!ON!NEGATIVE! SECURITY!ASSURANCES!

! ! ! A!BRIEF!HISTORY!OF!MULTILATERAL!PROPOSALS!ON!NEGATIVE! SECURITY!ASSURANCES!

Palais!des!Nations! Phone! +41!(0)22!917!34!28! CH;1211!Geneva!10! Fax! +41!(0)22!917!0176! www.unidir.org!! @unidir ! Switzerland! ! ! ! ! ! A!BRIEF!HISTORY!OF!MULTILATERAL!PROPOSALS!ON!NEGATIVE! SECURITY!ASSURANCES!

346 views • 9 slides
The future of Broadmoor Hospitals sirens John Hourihan, Director of Security History of

The future of Broadmoor Hospitals sirens John Hourihan, Director of Security History of

The future of Broadmoor Hospitals sirens John Hourihan, Director of Security History of security at Broadmoor Hospital Broadmoor Hospital built in 1863 New buildings added in the 1980s and 2006 In 1952 John Straffen escaped, by

276 views • 11 slides
Social Security Administration Kenny Oguejiofor Public Affairs Specialist History of Social

Social Security Administration Kenny Oguejiofor Public Affairs Specialist History of Social

Social Security Administration Kenny Oguejiofor Public Affairs Specialist History of Social Security Programs 1935 Retirement Insurance 1939 Survivors Insurance 1956 Disability Insurance Other Programs 1965

517 views • 39 slides
SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE A brief history NCR Confidential - Use

SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE A brief history NCR Confidential - Use

SECURITY AND CUSTOMER EXPERIENCE IN SELF SERVICE A brief history NCR Confidential - Use and Disclose Solely Pursuant to Company Instructions NCR Confidential NCR Confidential friction Experience = + confusion NCR Confidential NCR

967 views • 60 slides
An introduction to gravitational lensing and a possible combined analysis with rotation curves

An introduction to gravitational lensing and a possible combined analysis with rotation curves

An introduction to gravitational lensing and a possible combined analysis with rotation curves Matteo Trudu Universit` a degli Studi di Cagliari High Energy Physics Colloquia December 5, 2017 Matteo Trudu (UniCa) High Energy Physics

884 views • 28 slides
S p e c t r a l Me t h o d s i n o u r S P i C e 1 6 S u b mi s

S p e c t r a l Me t h o d s i n o u r S P i C e 1 6 S u b mi s

The UKs European university S p e c t r a l Me t h o d s i n o u r S P i C e 1 6 S u b mi s s i o n F a r h a n a F e r d o u s i L i z a a n d Ma r e k G r z e s S c h o

399 views • 18 slides
Sources of High Frequency Gravitational Waves Angelo Ricciardone INFN - Padova 16 October 2019

Sources of High Frequency Gravitational Waves Angelo Ricciardone INFN - Padova 16 October 2019

Sources of High Frequency Gravitational Waves Angelo Ricciardone INFN - Padova 16 October 2019 Sources 1) Astrophysical 2) Cosmological 3) Laboratory (?) 4) BSM sources <latexit

226 views • 10 slides
News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19,

News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19,

News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19, 2016 1 / 45 Outline Data 1 Cuts 2 Procedure 3 Fits 4 Parameters 5 Spectra 6 Comparison with Emil 7 Comparison with EPOS 8

1.36k views • 45 slides
Online Quantitative Timed Pattern Matching with Semiring-Valued Weighted Automata Masaki Waga

Online Quantitative Timed Pattern Matching with Semiring-Valued Weighted Automata Masaki Waga

Online Quantitative Timed Pattern Matching with Semiring-Valued Weighted Automata Masaki Waga 1,2,3 National Institute of Informatics 1 , SOKENDAI 2 , JSPS Research Fellow 3 27 August 2019, FORMATS 2019 This work is partially supported by

1.34k views • 74 slides
FACET: A Facility for Advanced FACET: A Facility for Advanced Accelerator Research at SLAC

FACET: A Facility for Advanced FACET: A Facility for Advanced Accelerator Research at SLAC

FACET: A Facility for Advanced FACET: A Facility for Advanced Accelerator Research at SLAC Accelerator Research at SLAC U. Wienands, SLAC U. Wienands, SLAC presently at CERN on a LARP-sponsored presently at CERN on a LARP-sponsored Long Term

419 views • 39 slides
Clustering in DR A primary step in DR implementation is the detailed knowledge of customer

Clustering in DR A primary step in DR implementation is the detailed knowledge of customer

Clustering in DR A primary step in DR implementation is the detailed knowledge of customer potential through customer aggregation and characterization of demand clusters. Customers whose demand follow the day-ahead or real-time prices are the

1.33k views • 91 slides
Lecture 14: UML State Machines 2016-06-30 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Lecture 14: UML State Machines 2016-06-30 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Softwaretechnik / Software-Engineering Lecture 14: UML State Machines 2016-06-30 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universitt Freiburg, Germany 14 2016-06-30 main Topic Area Architecture &

402 views • 23 slides

More recommend