Comparative studies on authentication and keyexchange methods for 802.11 wireless LAN
Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong TanSrc: Computers & Security, Vol. 26, 2007, pp. 401-409
Outline Introduction 3 Levels AKE Requirements for IEEE 802.11
WLANs AKE Methods overview
Legacy AKE Methods Layered AKE Methods Access control-based layered AKE method
Comparison results Multi-layer AKE framework Conclusion
Introduction Two key security aspects in 802.11
Authentication of the wireless user/device Data confidentiality between the wireless device
and the network Three major issues with today’s authentication
mechanisms for wireless networks Lack of mutual authentication between the user
and the network Shared communication channel could be
monitored by any malicious user Attacker might figure out the password by
observing the pair of challenge and response messages
3 Levels AKE Requirements for IEEE 802.11 WLANs Mandatory requirements
Mutual authentication Credential security. Resistance to dictionary attack Man-in-the-middle attack protection Immune to forgery attacks Anti-replay Strong session key
Recommended requirements Management message authentication Authenticate users Key integrity check Weak key protection
Additional Operational requirements No computational burden Ease implementation Fast reconnection
AKE Methods overview Legacy AKE methods Layered AKE methods
TLS embedded protocol Layered method with cryptographic design
Access control-based layered AKE method Transitional solution Long-term scheme
Legacy AKE Methods Open System Authentication (OSA)
CAP: Request & ID AP C: Accept/Reject=> Simplest & Default
Share Key Authentication (SKA) Challenge/Response=> Mutual authentication
Wired Equivalent Privacy (WEP) Pre-shared Key (PSK): Mutually exchange at both endpoints Weak for the propose of authentication
No protection to forgery attacks No replay protection. Misusing RC4 algorithm for the encryption so that the protocol is
extremely weak to key attacks Has the security hole that attacker without the encryption key
but reusing IV can decrypt the encrypted code
Layered AKE Methods (1/2) TLS embedded protocol
EAP-TTLS, EAP-FAST Prevent dictionary attack
& replay attack EAP-TLS
Widely deployed Well-formed and reliable mechanism
PEAP Concern credential security & anti-replay protect
ion All tunneled authentication protocols are po
tentially venerable to the man-in-the-middle attack
Layered AKE Methods (2/2) Layered method with cryptographic design
EAP-PSK Alleviate computational burden WiMAX for device authentication
EAP-PSEKE Simple password authentication Prevent man-in-the-middle and off-line dictionary attacks
Advantage High efficient & easily deployable authentication framewo
rk Disadvantage
No identity protection; no protected ciphersuite negotiation; and no fast reconnection capability
Access control-based layered AKE method IEEE 802.1X (2004)
Port-based network access control Transitional solution
WPA Authentication: 802.1X & EAP Traffic encryption: Temporal key integrity protocol (TKIP) Variable
T=Temporal Key I=Intermediate Key K=Per-packet Key A=802 MAC address of the local Wireless interface
Steps I=TA K=BI Streamkey =RC4(IV, K)
Long-term scheme 3 components of 802.11
802.1X for authentication Robust Security Network (RSN)
for keeping the track of associations Advanced Encryption Standard-based Counter
Mode CBC-MAC Protocol (AES-CCMP) to provide integrity, replay protection and confidentiality
802.11i : 4 way handshake authentication Security enhancements to 802.11 Complete protection of the Layer 2 packet Unavoidable weaknesses & Complicated to
implement
Comparison results
Multi-layer AKE framework 3 components
Access control 802.1X
Mutual authentication & Key distribution EAP+TLS
New functionalities Based on TLS-EAP in higher layer
Conclusion EAP-based layered AKE methods
More promising since provide the strong security by EAP-TLS as well as some complementary features
Multi-layered AKE framework Future works
New functionalities provided by other high-layer protocols
Extensions to the proposed framework for the purpose of efficiency
Support sufficiently fast handovers among access points
How to handle fast-roaming users by these AKE methods