View
212
Download
0
Tags:
Embed Size (px)
Citation preview
1
J2ME based Authentication Approachfor Wireless ISP Environments
Christian Ploninger and Norbert JordanInstitute of Communication Networks
Vienna University of Technology
2
Overview
Motivation
Network Security Threats
Counter Measurements
Evaluation of existing Protocols
Cell Authentication Proposal
© 2003 Institute of Communication Networks - Ploninger
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
3
Motivation
Secure Authentication
Vulnerability of 802.11b (WEP)
Protection against Illicit Use
Support of Non-Repudiation
Device Authentication vs. User Authentication
© 2003 Institute of Communication Networks - Ploninger
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
4
Network Security ThreatsAttack Concepts
Interception: An unauthorized party (a person, a program, or a computer) gains access to the communication. This is an attack on confidentiality.
Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability.
Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity.
Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity.
© 2003 Institute of Communication Networks - Ploninger
[Stallings, 1995] Stallings, W. (1995). Network and Internetwork Security: Principals and Practice. Prentice Hall International, Englewood Cliffs, New Jersey, 07632. ISBN 0-13-180050-7.
Interruption
Interception
Modification
Fabrication
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
5
Network Security ThreatsAttack Categories
© 2003 Institute of Communication Networks - Ploninger
Generally attacks may be categorized in passive and active attacks. While passive attacks can be defined as read-only attacks, active attacks include data generation, modification, or destruction.
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
8
Network Security ThreatsStates of Attack
© 2003 Institute of Communication Networks - Ploninger
Aut
hent
icat
ion
Dat
a T
rans
fer
Est
abli
sh C
onne
ctio
n
Clo
se C
onne
ctio
n
Communication Process
Message TamperingMasquerade, Replay
Denial of Service
Eavesdropping
Active Attacks
Passive Attacks
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
9
Counter Measurements
© 2003 Institute of Communication Networks - Ploninger
Passive Threats Counter Measurements
Release of Message Contents (Eavesdropping)
Message Encryption
Traffic Analysis Traffic Padding
Active Threats Counter Measurements
Denial of Service
Message Tampering (Packet Alteration)
Key Derivation(Crypto. Binding)
Replay Attacks Key Freshness
Masquerading
(Spoofing)
Pre-Shared SecretChallenge-Response-Protocol
Key-Uniqueness
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
13© 2003 Institute of Communication Networks - Ploninger
Protocol Evaluation
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Microsoft Challenge Handshake Auth. Protocol v2
GPRS Authentication Procedure
[PAP]: RFC 1334, http://www.ietf.org/rfc/rfc1334.txt [CHAP]: RFC 1994, http://www.ietf.org/rfc/rfc1994.txt[MS-CHAPv2]: RFC 1994, http://www.ietf.org/rfc/rfc2759.txt
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
14
Protocol EvaluationGPRS Authentication
(1) Req. Auth (2) Req. Triplet
(3) (RAND, SRES, Kc )(5) SRES‘
(4) RAND
SRES := A3 (RAND, Ki )Kc := A8 (RAND, Ki )
mobilephone
Operator controlledUser controlled
HLR ........ Home Location RegisterSGSN ......Serving GPRS Support Node
Ki ‘ Ki
SRES‘ := A3 (RAND, Ki ‘ )Kc ‘ := A8 (RAND, Ki ‘ )
Grant/Deny Access
© 2003 Institute of Communication Networks - Ploninger
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
15© 2003 Institute of Communication Networks - Ploninger
Eavesdropping Protection
Encryption transfer
Tampering Protection
Crypt. Binding (Key Derivation) Replay Protection
Key Freshness
Spoofing Protection
Pre-shared Secret
Challenge-Response
Mutual Authentication
-
Secretbearer device
Key Uniqueness -
Protocol EvaluationGPRS Authentication Analysis
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
16© 2003 Institute of Communication Networks - Ploninger
Protocol EvaluationComparison Chart
PAP CHAP MS-CHAPv2
GPRS
Eavesdropping Protection
Encryption (Auth.)
Encryption (Trans.)
Spoofing Protection
Pre-Shared Secret
Device Authentication
User Authentication
Challenge-Response
Mutual Authentication
Key Uniqueness
Tampering Protection
Key Derivation
Replay Protection
Key Freshness
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
17© 2003 Institute of Communication Networks - Ploninger
Protocol EvaluationVPN Approach Nokia/Ericsson
ExtranetWLAN
Intranet
Point of Authentication
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
18
Illicit Use of Network Infrastructure
© 2003 Institute of Communication Networks - Ploninger
Protocol EvaluationVPN Approach Analysis
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
19
Cell Authenticaton
172.28.147.4
Hotspot
Hotspot
WISP
InternetPoint of Authentication
secured radio communication
Design Goals: illicit use protection user/device authentication mutual entity authentication non-repudiation key freshness mutual agreement of session keys
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
© 2003 Institute of Communication Networks - Ploninger
21
Cell Authentication Design Decisions
illicit use protection IEEE 802.1X: Port Based Network Access Control
user/device authentication use of knowledge/ownership combination
mutual entity authentication mutual challenge-response protocol
non-repudiation key uniqueness
key freshness use of session keys
mutual agreement of session keys mutual selection and confirmation of session keys
© 2003 Institute of Communication Networks - Ploninger
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
22
Cell Authentication Basic Network Setup
AuthenticationServer
Hotspot802.1X
Hotspot802.1X
Secured Operator Domain
Laptop J2ME Cellular
Secured User Domain
© 2003 Institute of Communication Networks - Ploninger
secured with pre-sharedpublic or secret keys
secured with pre-sharedpublic or secret keys
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
23© 2003 Institute of Communication Networks - Ploninger
Cell Authentication Protocol Overview
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
24
Auth. ServerHotspotLaptopJ2ME CellularUser
PIN
Decrypt EPIN(PrivUser)
PIN
Request PINRequest AuthRequest Auth
Init Auth
create session key pair
PubOp (IMSI, Pub‘User, PrivUser(h(...)) )
• IMSI• PubOp
• EPIN(PrivUser)
• IMSI• PrivOp
• PubUser
Pub‘User ( Pub‘Op, PrivOp(h(...)) )
verify msg & create session key pair
PubOp ( Pub‘Op, Priv‘User(h(...)) )verify msg
Grant Access/Transfer KeysTransfer Session Keys
© 2003 Institute of Communication Networks - Ploninger
Cell Authentication
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
26© 2003 Institute of Communication Networks - Ploninger
Cell AuthenticationProtocol Comparison
PAP CHAP MS-CHAPv2
GPRS Cell Authenti.
Eavesdropping Protection
Encryption (Auth.)
Encryption (Trans.)
Spoofing Protection
Pre-Shared Secret
Device Authentication
User Authentication
Challenge-Response
Mutual Authentication
Key Uniqueness
Tampering Protection
Key Derivation
Replay Protection
Key Freshness
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
27
Ongoing Work
In our ongoing work we will analyze all details of our proposed secure WISP authentication system. Main part will be the implementation of a J2ME based client-application that provides the PIN query and communicates with 802.1x protocol via client’s WLAN enabled mobile computer.
Papers submitted for:• Vehicular Technology Conference Fall 2003• High Speed Networks and Multimedia Communications 2003
[Overview
] [Mo
tivation
] [Th
reats] [Co
un
ter Measu
remen
ts] [Pro
toco
l Evalu
ation
] [Cell A
uth
enticatio
n]
© 2003 Institute of Communication Networks - Ploninger
28
Vielen Dank fuer Ihre Aufmerksamkeit
Christian Ploninger and Norbert JordanInstitute of Communication Networks, Vienna University of Technology
© 2003 Institute of Communication Networks - Ploninger