Network Security

Essentials
Chapter 6
Fourth Edition
by William Stallings
 Chapter 6 – Wireless Network
Security
Investigators have published numerous reports of birds
taking turns vocalizing; the bird spoken to gave its full
attention to the speaker and never vocalized at the
same time, as if the two were holding a conversation
Researchers and scholars who have studied the data on
avian communication carefully write the (a) the
communication code of birds such has crows has not
been broken by any means; (b) probably all birds have
wider vocabularies than anyone realizes; and (c)
greater complexity and depth are recognized in avian
communication as research progresses.
—The Human Nature of Birds, Theodore Barber
 IEEE 802.11
 IEEE 802 committee for LAN standards
 IEEE 802.11 formed in 1990’s
 charter to develop a protocol & transmission
specifications for wireless LANs (WLANs)
 since then demand for WLANs, at different
frequencies and data rates, has exploded
 hence seen ever-expanding list of
standards issued
 IEEE 802 Terminology
Ac c e ss p oin t ( AP) Any en t i t y t h a t ha s s t a t io n f un c ti on a li t y an d p ro vi des
a c c e ss t o t he di s t r ib ut i on sy s t e m vi a t he wi r e l es s
me d i um f or a s s oc i a t ed s t at i on s
Ba s i c s e r vi c e se t A s e t of st a t i on s c on t r oll e d by a s i ngl e c oo r d i na t i on
( BSS) f un c ti on
Coo r di na t io n f un c t i on The lo gi c al f unc t i on t h a t det e r min e s whe n a s t a ti on
o pe r at i n g wi t hin a BSS i s per mi t te d t o t r a ns mi t a nd
ma y be a ble t o r e c e iv e P DUs
Di s t ri bu t io n s ys t e m A s yst e m us e d to i nte r c onn e ct a se t o f BSSs a n d
( DS) i nt e gr a t e d LANs t o cr e a t e a n ESS
Ext e nd e d se r v i ce s e t A s e t of on e o r mo r e i n t er c on ne c te d B SSs a nd
( ESS) i nt e gr a t e d LANs t h a t a p pea r a s a s i n gle BSS t o th e L LC
l a y e r a t an y s ta t i on a s s oc i at e d wi t h on e o f t h e se BSSs
MAC pr ot oco l d at a The un i t of d a ta e xch a n ged be t we en t wo pe e r MAC
u ni t ( MPDU) e nt i te s u si ng th e s er vi c es of t he ph ysi c a l l a y e r
MAC se r v i ce d a ta u nit I nf orm a t i on t hat i s d e l i ve r ed a s a u nit b e tw e e n MAC
( MSDU) us e r s
St a t io n Any de vi c e t h a t c o nta i n s a n I EEE 8 02 . 11 c onf or man t M AC
a nd ph ys i ca l l ay e r
 Wi-Fi Alliance
 802.11b first broadly accepted standard
 Wireless Ethernet Compatibility Alliance
(WECA) industry consortium formed 1999
 to assist interoperability of products
 renamed Wi-Fi (Wireless Fidelity) Alliance
 created a test suite to certify interoperability
 initially for 802.11b, later extended to 802.11g
 concerned with a range of WLANs markets,
including enterprise, home, and hot spots
IEEE 802 Protocol Architecture
Network Components &
Architecture
IEEE 802.11 Services
802.11 Wireless LAN Security
 wireless traffic can be monitored by any
radio in range, not physically connected
 original 802.11 spec had security features
 Wired Equivalent Privacy (WEP) algorithm
 but found this contained major weaknesses
 802.11i task group developed capabilities
to address WLAN security issues
 Wi-Fi Alliance Wi-Fi Protected Access (WPA)
 final 802.11i Robust Security Network (RSN)
802.11i RSN Services and
Protocols
802.11i RSN Cryptographic
Algorithms
802.11i Phases of Operation
 802.11i
Discovery
and
Authent-
ication
Phases
IEEE 802.1X Access Control
Approach
802.11i
Key
Manage-
ment
Phase
802.11i
Key
Manage-
ment
Phase
 802.11i Protected Data
Transfer Phase
 have two schemes for protecting data
 Temporal Key Integrity Protocol (TKIP)
 s/w changes only to older WEP
 adds 64-bit Michael message integrity code (MIC)
 encrypts MPDU plus MIC value using RC4
 Counter Mode-CBC MAC Protocol (CCMP)
 uses the cipher block chaining message
authentication code (CBC-MAC) for integrity
 uses the CRT block cipher mode of operation
 IEEE 802.11i
Pseudorandom
Function
Wireless Application Protocol
(WAP)
 a universal, open standard developed to
provide mobile wireless users access to
telephony and information services
 have significant limitations of devices,
networks, displays with wide variations
 WAP specification includes:
 programming model, markup language, small
browser, lightweight communications protocol
stack, applications framework
WAP Programming Model
 WAP
Infra-
structure
 Wireless Markup Language
 describes content and format for data
display on devices with limited bandwidth,
screen size, and user input capability
 features include:
 text / image formatting and layout commands
 deck/card organizational metaphor
 support for navigation among cards and decks
 a card is one or more units of interaction
 a deck is similar to an HTML page
WAP Architecture
WTP Gateway
 WAP Protocols
 Wireless Session Protocol (WSP)
 provides applications two session services
 connection-oriented and connectionless
 based on HTTP with optimizations
 Wireless Transaction Protocol (WTP)
 manages transactions of requests / responses
between a user agent & an application server
 provides an efficient reliable transport service
 Wireless Datagram Protocol (WDP)
 adapts higher-layer WAP protocol to comms
 Wireless Transport Layer
Security (WTLS)
 provides security services between mobile
device (client) and WAP gateway
 provides data integrity, privacy,
authentication, denial-of-service protection
 based on TLS
 more efficient with fewer message exchanges
 use WTLS between the client and gateway
 use TLS between gateway and target server
 WAP gateway translates WTLS / TLS
 WTLS Sessions and
Connections
 secure connection
 a transport providing a suitable type of service
 connections are transient
 every connection is associated with 1 session
 secure session
 an association between a client and a server
 created by Handshake Protocol
 define set of cryptographic security parameters
 shared among multiple connections
WTLS Protocol Architecture
WTLS Record Protocol
WTLS Higher-Layer Protocols
 Change Cipher Spec Protocol
 simplest, to make pending state current
 Alert Protocol
 used to convey WTLS-related alerts to peer
 has severity: warning, critical, or fatal
 and specific alert type
 Handshake Protocol
 allow server & client to mutually authenticate
 negotiate encryption & MAC algs & keys
Handshake
Protocol
 Cryptographic Algorithms
 WTLS authentication
 uses certificates
• X.509v3, X9.68 and WTLS (optimized for size)
 can occur between client and server or client
may only authenticates server
 WTLS key exchange
 generates a mutually shared pre-master key
 optional use server_key_exchange message
• for DH_anon, ECDH_anon, RSA_anon
• not needed for ECDH_ECDSA or RSA
Cryptographic Algorithms cont
 Pseudorandom Function (PRF)
 HMAC based, used for a number of purposes
 only one hash alg, agreed during handshake
 Master Key Generation
 of shared master secret
 master_secret = PRF( pre_master_secret, "master secret”,
ClientHello.random || ServerHello.random )
 then derive MAC and encryption keys
 Encryption with RC5, DES, 3DES, IDEA
 WAP End-to-End Security
 have security gap end-to-end
 at gateway between WTLS & TLS domains
WAP2 End-
to-End
Security
 WAP2
End-to-
End
Security
 Summary
 have considered:
 IEEE 802.11 Wireless LANs
• protocol overview and security
 Wireless Application Protocol (WAP)
• protocol overview
 Wireless Transport Layer Security (WTLS)