Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply



Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • IEEE 802.11b 的標準裡包括一項加密技術,稱為 WEP ( Wired Equivalent Privacy )。依據無線設備廠商對於所屬不同的無線設備產品規格, WEP 的加密程度大略可分為 40-bit 長度的加密金鑰與 24-bit 長度的初始向量(簡稱 64-bit WEP 加密)以及 104-bit 長度的加密金鑰與 24-bit 長度的初始向量(簡稱 128-bit WEP 加密)這兩種。過去幾個月以來,已經有許許多多的研究顯示, WEP 鎖定的加密方式並不夠安全,像是 Scott Fluhrer 、 Istak Mantin 、 AdiShamir 三人所提出的『 Weakness in th eKey Scheduling Algorithmof RC4 』,在這篇研究報告中便提出了一個方法,可以截聽無線電波,從中找出 WEP 用來加密的金鑰,並進而可以假造任一無線網路的封包。 目前,包括 3Com 、朗訊、思科、 Cabletron 、諾基亞等在內的大約 15 家廠商正全力以赴研製無線局域網相關產品。這些公司中的大部分都表示或暗示將在今年推出基於 802.11a 標準的無線局域網解決方案。 802.11a 標準的數據傳輸率最高可達每秒 54M 。預計明年初市場上就能夠見到基於該標準的產品。另外,還有不少廠商正在研製基於 802.11g 標準的產品。預計這一類產品最遲在明年下半年也可問世。 802.11g 標準是 802.11b 標準的擴展,數據傳輸率為每秒 22M 。還有一種完全不同的無線局域網標準是歐洲電信標準協會製訂的 HiperLAN/2 。該標準的數據傳輸率最高也能達到每秒 54M 。有些專家認為,從技術角度看, HiperLAN/2 標準比 IEEE 標準更具優勢。
  • 同目前廣泛使用的 802.11b 無線局域網相比,未來的高速無線局域網不僅具有速率方面的優勢,在總體擁有成本上並不比前者高。以 802.11b 介面卡為例,目前的售價在 150 美元左右,預計年底可能降到 75 美元。而據專家們估計, 802.11a 介面卡問世時價格大致在 200 美元左右,很快就會降到 150 美元或者更低的水準。    Biportable 使用的是 NTT 開發的 AWA ( Advanced Wireless Access )技術。最大數據傳輸速度為 36Mbit/ 秒,在 100m 範圍內最大可支持 122 位用戶同時收發信息。 Biportable 是與歐洲 ETSI-BRAN 製訂的 HyperLAN2 幾乎相同的標準。在日本國內的名稱是 HiSWAN ( High Speed Wireless Access Networks )。通過在訪問控制標準中使用時分方式的 TDD ( time division duplexing )確保了充分的通信帶寬。調製方式使用的是能夠有效解決多通道干擾問題的 OFDM( 正交頻分多路復用, orthogonal frequency division multiplex) 調製方式。一次調製方式採用的是 16 值 QAM ,最大數據傳送速度為 36Mbit/ 秒。
  • 問老師問題
  • 遠端認證撥接使用者服務 ( RADIUS ) 為 Remote Authentication Dial-In User Service 的縮寫,是被許多網際網路服務供應商 (Internet Service Provider , ISP) 所使用的認證系統,當使用者撥至 ISP 時,使用者輸入的帳號和密碼將被傳送到 RADIUS 伺服器,查看資訊是否正確,並授權 ISP 系統的存取。事實上 RADIUS 並不侷限於撥接用戶的使用,只要是需要經過認證授權使用者的系統都可以使用 RADIUS 。 遠端認證撥接使用者服務 ( RADIUS ) 為 Remote Authentication Dial-In User Service 的縮寫,是被許多網際網路服務供應商 (Internet Service Provider , ISP) 所使用的認證系統,當使用者撥至 ISP 時,使用者輸入的帳號和密碼將被傳送到 RADIUS 伺服器,查看資訊是否正確,並授權 ISP 系統的存取。事實上 RADIUS 並不侷限於撥接用戶的使用,只要是需要經過認證授權使用者的系統都可以使用 RADIUS 。
  • Transcript

    • 1. Security Aspects of 3G-WLAN Interworking 組別: 2 組員: 陳俊文 691410048, 李奇勇 691410051, 黃弘光 691430045, 林柏均 489410080
    • 2. Why 3G-WLAN Interworking
      • WLAN systems offer bit rates surpassing those of 3G systems and are great for hot spot coverage , while 3G systems provide global coverage and the necessary network and management infrastructure to cater for security , roaming , and charging requirements.
    • 3. 3G-WLAN Interworking
      • We want the subscription management , roaming , and security facilities of a 3G system and the hot spot capacity and low investment cost of WLAN systems.
      • An important challenge is to reconcile and consolidate the security architecture of the systems.
    • 4. Wireless Local Area Network
      • IEEE 802.11b deploys confidentiality and integrity protection through a scheme called WEP. WEP suffers from manual key management and is also cryptographically broken. HYPERLAN/2 and HiSWAN have more advanced confidentiality and encryption mechanisms.
    • 5. The 3GPP System
      • Cellular systems such as UMTS and GSM have excellent characteristics in terms of coverage and roaming.
    • 6. Interworking Solution
      • In ETSI Project BRAN resulted in two fundamentally different solutions regarding the level of interworking.
      • Tight and Loose interworking according to the level of integration required between the systems.
    • 7. Tight interworking
      • The tight interworking solution was based on the idea of making use of the WLAN radio interface as a bearer for UMTS with all network control entities in the core network integrated.
      • A tight interworking solution would mandate the full 3GPP security architecture and require the 3GPP protocol stacks and interfaces to be present in the WLAN system.
    • 8. Loose interworking
      • There was little need to make changes to the WLAN standard.This solution has the benefit of not needing a convergence layer , which is an important factor in development time and so on.
      • The loose interworking options merely require the 3GPP authentication method to be implemented.
      • Loose interworking was therefore adopted as the preferred solution in both the WLAN and 3GPP communities.
    • 9. Loose interworking
      • To avoid link layer modifications , the authentication protocol is allowed to run at the link layer using Internet protocols ─ EAP and AAA ─ as transport mechanisms.
    • 10. 3GPP-WLAN Interworking Architecture
    • 11. Security concerns in 3G-WLAN Interworking
      • A fundamental requirement in 3GPP has been that 3GPP-WLAN interworking shall not compromise the UMTS security architecture.
      • Therefore , it is required that the authentication and key distribution be based on the UMTS AKA challenge-response procedure .
    • 12. UICC & USIM
      • The UMTS AKA procedure relies on the availability of a tamper-resistant smartcard at the terminal.
      • The smartcard , called a UICC , in UMTS , will run an application called USIM.
      • The USIM application that runs the cryptographic algotithms during the execution of the UMTS AKA.
    • 13. The Entities and Domains of 3GPP-WLAN architecture
      • HE
      • ‧ HSS
      • ‧ 3GPP AAA Server
      • SN
      • ‧ 3GPP AAA proxy
      • ‧ NAS
      • ‧ AP
      • UE
      • ‧ UICC/USIM
      • ‧ MS
      • ‧ Computing device
    • 14. Simplified 3GPP-WLAN architecture
    • 15. Trust Issues
      • Which entities do we trust ?
      • On what basis do we trust these domains/entities ?
      • What type of security features are needed to “enforce” the trust ?
      • What would be the goal of an adversary ?
    • 16. Trust relationship
      • User HE
      • HE UICC/USIM
      • HE SN
      • SN WLAN access network
      • User user equipment
    • 17. User Identity Privacy
      • Location Privacy is problematic since there is often a strong connection between the logical identity of the user and the routable address associated with the user device.
      • To mitigate this problem , one often turns to protected temporary identities.
    • 18. Lawful Interception
      • Lawful interception functionality is a mandatory requirement for most 3G operators.There is no reason to expect the 3GPP-WLAN interworking architecture to be exempt from lawful interception requirements.
    • 19. Authentication,Confidentiality,and Integrity
      • 3GPP-WLAN architecture shall use the UMTS AKA procedure , the issue of authentication and key distribution is already taken care of.
      • Confidentiality is targeted at protecting the system and user data against passive attacks.3GPP-WLAN confidentiality services are provided by symmetric key encryption .
      • Cryptographic integrity protection is a security service aimed at protecting data against active attacks.3GPP-WLAN integrity service is implemented by symmetric keyed cryptographic checksum functions .
    • 20. UMTS AKA sequence
    • 21. 3GPP-WLAN interworking AKA procedure
      • For the 3GPP-WLAN interworking scenario the AKA procedure is executed globally .
      • The drawback is that the signaling paths and thus the round-trip delay may increase .
      • The advantage is improved home control since there is no need to distribute AVs or authentication control to the SN .
    • 22. UMTS AKA challenge-response mechanism
    • 23. 3GPP-WLAN security architecture
      • The two key glue components of the interworking solution are the AAA and EAP technologies.These are used to execute the UMTS AKA protocol from the 3G system’s home domain toward the WLAN user equipment.
    • 24. A successful UMTS AKA procedure
    • 25. The Role of the EAP
      • EAP is a key element in the 3GPP-WLAN security architecture.
      • EAP provides a generic peer-to-peer based request-response transaction environment for authentication dialogs , and supports multiple authentication mechanisms .
    • 26. AAA
      • To manage roaming traffic , the AAA framework is chosen as the basis for the 3GPP-WLAN architecture.
      • Both Diameter and RADIUS are generic protocols and are intended to provide support for a diverse set of AAA applications , including network access , IP mobility , and interoperator roaming.
    • 27. Summary and Conclusion
      • The idea of interworking between mobile systems and WLANs holds great promise.Security-wise the interworking is mostly unproblematic , but there are areas identified that contain weaknesses.
      • Identity privacy is important and will probably become even more important in the future as technology advances.