1 / 9

Proposal to use KPS to Enhance Security of MAC Layer

Proposal to use KPS to Enhance Security of MAC Layer. Shinichiro Watanabe, Kazuaki Naito, Masayuki Ikeda Seiko Epson Corporation November 2000. Reinforcing Security in the MAC Layer, and Problems with the Present IEEE802.11 WEP. The Need to Reinforce Security in the MAC Layer

graiden-scott
Download Presentation

Proposal to use KPS to Enhance Security of MAC Layer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proposal to use KPS to Enhance Security of MAC Layer Shinichiro Watanabe, Kazuaki Naito, Masayuki Ikeda Seiko Epson Corporation November 2000 S. Watanabe et al, Seiko Epson Corp.

  2. Reinforcing Security in the MAC Layer, and Problems with the Present IEEE802.11 WEP • The Need to Reinforce Security in the MAC Layer - Dumb terminals; printers, BCRs, mobile terminals with low capacity, etc. - Unmanned systems; - Point to point systems. • Problems with the Present IEEE802.11 WEP • Default-Key • The following problems exist because the key is shared by a number of people. • Authentication Allows unauthorized access to the network. • Key establishment algorithm All the members of the group are exposed to risks including eavesdropping. • Key expiration The key needs frequent changes, or it is easily broken. • Privacy algorithm • The privacy algorithm of the 40-bit RC4 is not very robust. S. Watanabe et al, Seiko Epson Corp.

  3. Default-Key0 Default-Key1 Default-Key2 Default-Key3 Data Encryption ICV Data(plain) Solution Solution Current Algorithm KPS Shared key Default-Key0 xor Default-Key1 Session key (Encrypted) Encryption Session key Nonce Default-Key2 Default-Key3 Data ICV Encryption Data(plain) Fig.1 Fig.2 S. Watanabe et al, Seiko Epson Corp.

  4. PC PC STA STA Generation of per-user keys with KPS Encryption with session key User authentication Effects of the Solution • Increases a security level of the communications between two STAs and between a STA and an AP. • Unable to analyze the session keys • Unable to decode the encrypted session keys • Suitable for systems with dumb terminals or unmanned systems • The security level of user authentication is increased. • Usable with other authentication protocols in parallel. • The authentication message is also encrypted. S. Watanabe et al, Seiko Epson Corp.

  5. PC PC STA STA KPS 802.1X, GSS-API PC PC STA STA KPS Default key User Authentications • Current user authentication + KPS PC PC STA STA KPS Fig.1 Current user authentication • 802.1X, GSS-API + KPS Fig.2 • Default key + KPS Fig.3 S. Watanabe et al, Seiko Epson Corp.

  6. Basic Flow of the KPS Communications • Setting a Private-ID KPSCenter NOTE: PA or PB = Private-ID:1024bit×40bit (Secret data / user) A or B = Public-ID:48bit (MAC Address) f1 = One-way Scheme 1 G = Sytem-ID: 1024bit×1024bit×40bit (symmetrical matrix ) MAC A PA = G× (f1(A))T PB = G× (f1(B))T MAC B (Procedure necessary only once) S. Watanabe et al, Seiko Epson Corp.

  7. Public-ID B (MAC Address B) Encryption Decryption Encryption Decryption Basic Flow of the KPS Communications • KPS Communications Receiver B (MAC Address B) Sender A (MAC Address A) Public-ID A (MAC Address A) NOTE: f2 = One-way Scheme 2 KPS Module KPS Module KAB = f2((f1(B))T ×PA KBA = f2((f1(A))T ×PB KAB KBA KAB = KBA Default key Default key Per-user keys Encrypted Session key Per-user keys Session key Session key EncryptedDATA DATA DATA S. Watanabe et al, Seiko Epson Corp.

  8. KPS v.s. Public key systems KPS does not requires; - The MAC address to be paired with a public key. - The public key transmission frame. S. Watanabe et al, Seiko Epson Corp.

  9. Conclusion • Necessary to enhance the MAC security algorithm. • Combining with the upper layer security algorithm systems can be much more robust against attacks. • We proposed; • To use session keys instead of default keys • To use per user keys. Per user key is made by XOR-ing a default key and a shared key generated by KPS • To encrypt the session keys with per user keys generated in the MAC layer. S. Watanabe et al, Seiko Epson Corp.

More Related