Comparative studies on authentication and keyexchange methods for 802.11 wireless LAN

Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong TanSrc: Computers & Security, Vol. 26, 2007, pp. 401-409

Outline Introduction 3 Levels AKE Requirements for IEEE 802.11

WLANs AKE Methods overview

Legacy AKE Methods Layered AKE Methods Access control-based layered AKE method

Comparison results Multi-layer AKE framework Conclusion

Introduction Two key security aspects in 802.11

Authentication of the wireless user/device Data confidentiality between the wireless device

and the network Three major issues with today’s authentication

mechanisms for wireless networks Lack of mutual authentication between the user

and the network Shared communication channel could be

monitored by any malicious user Attacker might figure out the password by

observing the pair of challenge and response messages

3 Levels AKE Requirements for IEEE 802.11 WLANs Mandatory requirements

Mutual authentication Credential security. Resistance to dictionary attack Man-in-the-middle attack protection Immune to forgery attacks Anti-replay Strong session key

Recommended requirements Management message authentication Authenticate users Key integrity check Weak key protection

Additional Operational requirements No computational burden Ease implementation Fast reconnection

AKE Methods overview Legacy AKE methods Layered AKE methods

TLS embedded protocol Layered method with cryptographic design

Access control-based layered AKE method Transitional solution Long-term scheme

Legacy AKE Methods Open System Authentication (OSA)

CAP: Request & ID AP C: Accept/Reject=> Simplest & Default

Share Key Authentication (SKA) Challenge/Response=> Mutual authentication

Wired Equivalent Privacy (WEP) Pre-shared Key (PSK): Mutually exchange at both endpoints Weak for the propose of authentication

No protection to forgery attacks No replay protection. Misusing RC4 algorithm for the encryption so that the protocol is

extremely weak to key attacks Has the security hole that attacker without the encryption key

but reusing IV can decrypt the encrypted code

Layered AKE Methods (1/2) TLS embedded protocol

EAP-TTLS, EAP-FAST Prevent dictionary attack

& replay attack EAP-TLS

Widely deployed Well-formed and reliable mechanism

PEAP Concern credential security & anti-replay protect

ion All tunneled authentication protocols are po

tentially venerable to the man-in-the-middle attack

Layered AKE Methods (2/2) Layered method with cryptographic design

EAP-PSK Alleviate computational burden WiMAX for device authentication

EAP-PSEKE Simple password authentication Prevent man-in-the-middle and off-line dictionary attacks

Advantage High efficient & easily deployable authentication framewo

rk Disadvantage

No identity protection; no protected ciphersuite negotiation; and no fast reconnection capability

Access control-based layered AKE method IEEE 802.1X (2004)

Port-based network access control Transitional solution

WPA Authentication: 802.1X & EAP Traffic encryption: Temporal key integrity protocol (TKIP) Variable

T=Temporal Key I=Intermediate Key K=Per-packet Key A=802 MAC address of the local Wireless interface

Steps I=TA K=BI Streamkey =RC4(IV, K)

Long-term scheme 3 components of 802.11

802.1X for authentication Robust Security Network (RSN)

for keeping the track of associations Advanced Encryption Standard-based Counter

Mode CBC-MAC Protocol (AES-CCMP) to provide integrity, replay protection and confidentiality

802.11i : 4 way handshake authentication Security enhancements to 802.11 Complete protection of the Layer 2 packet Unavoidable weaknesses & Complicated to

implement

Comparison results

Multi-layer AKE framework 3 components

Access control 802.1X

Mutual authentication & Key distribution EAP+TLS

New functionalities Based on TLS-EAP in higher layer

Conclusion EAP-based layered AKE methods

More promising since provide the strong security by EAP-TLS as well as some complementary features

Multi-layered AKE framework Future works

New functionalities provided by other high-layer protocols

Extensions to the proposed framework for the purpose of efficiency

Support sufficiently fast handovers among access points

How to handle fast-roaming users by these AKE methods