1 J2ME based Authentication Approach for Wireless ISP Environments Christian Ploninger and Norbert Jordan Institute of Communication Networks Vienna University

1

J2ME based Authentication Approachfor Wireless ISP Environments

Christian Ploninger and Norbert JordanInstitute of Communication Networks

Vienna University of Technology

2

Overview

Motivation

Network Security Threats

Counter Measurements

Evaluation of existing Protocols

Cell Authentication Proposal

© 2003 Institute of Communication Networks - Ploninger

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

3

Motivation

Secure Authentication

Vulnerability of 802.11b (WEP)

Protection against Illicit Use

Support of Non-Repudiation

Device Authentication vs. User Authentication


[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

4

Network Security ThreatsAttack Concepts

Interception: An unauthorized party (a person, a program, or a computer) gains access to the communication. This is an attack on confidentiality.

Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability.

Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity.

Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.


[Stallings, 1995] Stallings, W. (1995). Network and Internetwork Security: Principals and Practice. Prentice Hall International, Englewood Cliffs, New Jersey, 07632. ISBN 0-13-180050-7.

Interruption

Interception

Modification

Fabrication

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

5

Network Security ThreatsAttack Categories


Generally attacks may be categorized in passive and active attacks. While passive attacks can be defined as read-only attacks, active attacks include data generation, modification, or destruction.

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

8

Network Security ThreatsStates of Attack


Aut

hent

icat

ion

Dat

a T

rans

fer

Est

abli

sh C

onne

ctio

n

Clo

se C

onne

ctio

n

Communication Process

Message TamperingMasquerade, Replay

Denial of Service

Eavesdropping

Active Attacks

Passive Attacks

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

9

Counter Measurements


Passive Threats Counter Measurements

Release of Message Contents (Eavesdropping)

Message Encryption

Traffic Analysis Traffic Padding

Active Threats Counter Measurements

Denial of Service

Message Tampering (Packet Alteration)

Key Derivation(Crypto. Binding)

Replay Attacks Key Freshness

Masquerading

(Spoofing)

Pre-Shared SecretChallenge-Response-Protocol

Key-Uniqueness

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

13© 2003 Institute of Communication Networks - Ploninger

Protocol Evaluation

Password Authentication Protocol (PAP)

Challenge Handshake Authentication Protocol (CHAP)

Microsoft Challenge Handshake Auth. Protocol v2

GPRS Authentication Procedure

[PAP]: RFC 1334, http://www.ietf.org/rfc/rfc1334.txt [CHAP]: RFC 1994, http://www.ietf.org/rfc/rfc1994.txt[MS-CHAPv2]: RFC 1994, http://www.ietf.org/rfc/rfc2759.txt

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

14

Protocol EvaluationGPRS Authentication

(1) Req. Auth (2) Req. Triplet

(3) (RAND, SRES, Kc )(5) SRES‘

(4) RAND

SRES := A3 (RAND, Ki )Kc := A8 (RAND, Ki )

mobilephone

Operator controlledUser controlled

HLR ........ Home Location RegisterSGSN ......Serving GPRS Support Node

Ki ‘ Ki

SRES‘ := A3 (RAND, Ki ‘ )Kc ‘ := A8 (RAND, Ki ‘ )

Grant/Deny Access


[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


Eavesdropping Protection

Encryption transfer

Tampering Protection

Crypt. Binding (Key Derivation) Replay Protection

Key Freshness

Spoofing Protection

Pre-shared Secret

Challenge-Response

Mutual Authentication

-

Secretbearer device

Key Uniqueness -

Protocol EvaluationGPRS Authentication Analysis

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


Protocol EvaluationComparison Chart

PAP CHAP MS-CHAPv2

GPRS


Encryption (Auth.)

Encryption (Trans.)

Spoofing Protection

Pre-Shared Secret

Device Authentication

User Authentication

Challenge-Response


Key Uniqueness


Key Derivation

Replay Protection

Key Freshness

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


Protocol EvaluationVPN Approach Nokia/Ericsson

ExtranetWLAN

Intranet

Point of Authentication

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

18

Illicit Use of Network Infrastructure


Protocol EvaluationVPN Approach Analysis

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

19

Cell Authenticaton

172.28.147.4

Hotspot

Hotspot

WISP

InternetPoint of Authentication

secured radio communication

Design Goals: illicit use protection user/device authentication mutual entity authentication non-repudiation key freshness mutual agreement of session keys

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


21

Cell Authentication Design Decisions

illicit use protection IEEE 802.1X: Port Based Network Access Control

user/device authentication use of knowledge/ownership combination

mutual entity authentication mutual challenge-response protocol

non-repudiation key uniqueness

key freshness use of session keys

mutual agreement of session keys mutual selection and confirmation of session keys


[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

22

Cell Authentication Basic Network Setup

AuthenticationServer

Hotspot802.1X

Hotspot802.1X

Secured Operator Domain

Laptop J2ME Cellular

Secured User Domain


secured with pre-sharedpublic or secret keys

secured with pre-sharedpublic or secret keys

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


Cell Authentication Protocol Overview

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

24

Auth. ServerHotspotLaptopJ2ME CellularUser

PIN

Decrypt EPIN(PrivUser)

PIN

Request PINRequest AuthRequest Auth

Init Auth

create session key pair

PubOp (IMSI, Pub‘User, PrivUser(h(...)) )

• IMSI• PubOp

• EPIN(PrivUser)

• IMSI• PrivOp

• PubUser

Pub‘User ( Pub‘Op, PrivOp(h(...)) )

verify msg & create session key pair

PubOp ( Pub‘Op, Priv‘User(h(...)) )verify msg

Grant Access/Transfer KeysTransfer Session Keys


Cell Authentication

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


Cell AuthenticationProtocol Comparison

PAP CHAP MS-CHAPv2

GPRS Cell Authenti.


Encryption (Auth.)

Encryption (Trans.)

Spoofing Protection

Pre-Shared Secret

Device Authentication

User Authentication

Challenge-Response


Key Uniqueness


Key Derivation

Replay Protection

Key Freshness

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]

27

Ongoing Work

In our ongoing work we will analyze all details of our proposed secure WISP authentication system. Main part will be the implementation of a J2ME based client-application that provides the PIN query and communicates with 802.1x protocol via client’s WLAN enabled mobile computer.

Papers submitted for:• Vehicular Technology Conference Fall 2003• High Speed Networks and Multimedia Communications 2003

[Overview

] [Mo

tivation

] [Th

reats] [Co

un

ter Measu

remen

ts] [Pro

toco

l Evalu

ation

] [Cell A

uth

enticatio

n]


28

Vielen Dank fuer Ihre Aufmerksamkeit

Christian Ploninger and Norbert JordanInstitute of Communication Networks, Vienna University of Technology


Documents

1 J2ME based Authentication Approach for Wireless ISP Environments Christian Ploninger and Norbert Jordan Institute of Communication Networks Vienna University