8. Security in WLAN
Main Point of Concern
Multiple Options exists in Wired Networks.
SSID / MAC based Authentication was
used, both of which were spoof-able.
Common Attacks Possible
Masquerading
Man in the middle
Dictionary Attacks
Requirement : Privacy Equivalent to that
in Wired Networks
9. Wired Equivalent Privacy (WEP)
Challenge Response Protocol
Random Nonce, C
Station Access
Point
Response, R
Initialization Vector, IV
R = C O KEYSTREAM(S, IV)
+
10. But…..!
WEP had the following security Issues
Monitor Challenge Response to compute
Keystream.
Obtain S, using Dictionary Attack
One side Authentication
Thus…..
A better protocol was required
WPA
11.
12. Post WEP security
WPA (TKIP) – Temporal Key Integrity
Protocol
WPA 2 (CCMP) – Counter mode CBC
MAC Protocol
The authentication in both schemes same
Authentication same as in 802.11i
Former uses RC4 key-stream encryption
Latter uses AES with cipher block chaining
13. AUTHENTICATION IN WPA
3 entities
Supplication (Station)
Authenticator (AP – Access Point)
Authentication Server (AS)
EAP (Extensible Authentication Protocol)
Authentication, Authorization &
Accounting
14. 802.11i Protocol
Authentication
Supplicant Authenticator Server
802.11
Association
EAP/802.1X/RADIUS
Authentication
MSK
4-Way
Handshake
Group Key
Handshake
Data
Communication
16. EAP – MD5
Basicform
Challenge is to send MD5 of password
Password not known to AP, AS
Drawbacks:
Replay attack possible with MD5(password)
AP is not verified to the supplicant
17. EAP-TLS
Uses SSL/TLS
All Entities have Certificates & Pvt. keys
Drawbacks:
Infeasible for all stations to have certificates
PKI required to communicate
18. EAP-TTLS
Requires AP to have certificates
AP can be verified by AS, supplicants
Forms a secure tunnel through which
password can be sent
EAP-PEAP
Similar
to EAP-TTLS
Forms a secure tunnel
Authentication of station to AS
independent
19. KEY AGREEMENT
Two types of keys:
TK (Temporal Key) [128]
GTK (Group Transient Key) [128]
PMK can be replaced by PSK (Pre Shared
Key) [256], but not secure
TK and other keys are derived from PMK
(Pairwise Master Key) [256] by 4-way
handshake protocol
20. KEY HIERARCHY
MSK [256] : AS & Station
PMK [256] : AP (derived
from MSK)
PTK = f(PMK) [512]
PTK -> TK [128]
PTK -> KCK [128]
PTK -> KEK [128]
23. EAP-SPEKE
Simple Password-Authenticated
Exponential Key Exchange
Diffie-Hellman based
Authentication with session key
negotiation
Mutual Authentication
Withstands Man in the middle attack
Withstands Replay attack
24. Supplicant Authenticator
A = gXa mod p A
g = f(pd) B = gXb mod p
Xa = secret key Xb = secret key
S(n1)
S= H(BXamod p) S = H(AXb mod p)
n1 = nonce n2 = nonce
S(n2)
Verify n1 Verify n2
25. EAP - SRP
EAP-Secure Remote Password
Borrows elements from other key
exchange protocol
User ID and password-based
authentication
26. Supplicant Authenticator
B = (V+gXb) mod p
A = gXa mod p A, ID Xb = secret key
g = f(pd) V = gx mod p
Xa = secret key
x = H(Salt, pd)
ID = identifier
x = H(Salt, pd)
u = H(A, B)
S = (B-gx)Xa+ux mod p
K = H(S)
u = H(A, B)
S = (AVu) Xbmod p
K = H(S)
Verify n1
27. Improved EAP-SRP
A = gXa mod p
Ma = H(H(Pd) Xor H(g), H(ID), A) A,ID,Ma
B = (v + gXb) mod p
U = H(A, B)
S = (A.Vu)Xb mod p
K = H(s)
Mb = H(A, B, Ma, k)
Salt, Mb, B
U = H(A,B)
S = (B-gx)(Xa+Ux) mod p
K = H(S)
Mc = H(B, Mb, K)
Mc
Session Key
Mutual Authentication
28. • Mutual Authentication • Computationally
Pros
Cons
• No Cleartext Password Intensive
Exchange (Comparitively)
• Works against • Narrow domain of
Dictionary choosing primes.
Attacks, Password
Sniffing and Network (eg. Reqd : Prime p,q
Traffic Analysis Attacks such that p = 2q+1)
• Easier to setup, than
Dig Cert based
Authentication.
29. References
1. An Efficient Password Authenticated Key Exchange Protocol for
WLAN and WIMAX, AK Rai, V Kumar, S Mishra, ICWETT
2011
2. Extensible authentication
protocol, Adoba, B., Blunk, L., Vollbrecht, J., Carlson
, J. & Levkowetz, E., RFC 3748 2004
3. The SRP Authentication and Key Exchange System, T. Wu, RFC
2945 2000
4. Cryptography and Network Security, Bernard
Menesez, Cengage Solutions