Beyond Traditional IEEE 802.11 Security
1 / 36

Beyond Traditional IEEE 802.11 Security Marie Waldrick May 5, 2003 - PowerPoint PPT Presentation

  • Uploaded on

Beyond Traditional IEEE 802.11 Security Marie Waldrick May 5, 2003. Outline. Characterizing Wireless Networks Wireless technology, 802.11 currently 802.1X EAP Architecture 802.1X/EAP Future Trends-802.1X/EAP/TKIP Conclusion-802.11i. Characterizing Wireless Networks.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Beyond Traditional IEEE 802.11 Security Marie Waldrick May 5, 2003' - cyma

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Outline l.jpg

  • Characterizing Wireless Networks

  • Wireless technology, 802.11 currently

  • 802.1X

  • EAP Architecture

  • 802.1X/EAP

  • Future Trends-802.1X/EAP/TKIP

  • Conclusion-802.11i

Characterizing wireless networks l.jpg
Characterizing Wireless Networks

  • Adhoc only requires wireless devices on each computer.

  • Infrastructure requires wireless devices on each computer AND a base station (with built in DHCP server and firewall)

Slide4 l.jpg

  • Peer-to-Peer (Adhoc)

    • Wireless devices have no access point connection and each device communicates with each other directly

Slide5 l.jpg

Advantages to infrastructure mode l.jpg
Advantages to Infrastructure Mode

  • Automatic use of Network Address Translation (NAT) firewall –blocks all outside port requests

  • Local reserved IP addresses only used by clients. Those IP addresses will not show up on the internet.

  • The DCHP server (gateway) that is built into this NAT firewall does not require that any one computer be on (and functioning) in order to use the connection.

Wireless networks l.jpg
Wireless Networks

  • By nature, wireless networks need to advertise their beacons to show their existence

Slide8 l.jpg

The IEEE 802.11 standard

  • Service set identifier (SSID)

  • Beacons frames broadcast network parameters are sent unencrypted

  • Media Access Control (MAC) address filtering

  • 802.11 uses 48 bit station identifiers in the frame headers

  • -check mac address to insure station has access

  • not part of 802.11 standard but used anyway to identify

  • Wired Equivalent Privacy (WEP)

  • Was supposed to provide authentication and privacy

  • Secret 40 bit keys, but unsafe at any length

  • Static-manually-configured keys

  • Weakness due to long life of keys and they are shared among many users

Slide9 l.jpg

802.1X Standard

-Solves user authentication problem

-Standard for passing EAP over a wired or wireless LAN

-EAP messages are packaged in Ethernet frames and don’t use PPP.

-It is only authentication

-Provides a security framework for port-based access control

-Resides in the upper layers to enable new authentication and key management methods without changing current network devices.

-The latest security technology should still work with your existing infrastructure

802 1x architecture overview l.jpg
802.1X architecture overview





Authentication Server

Concrete Authentication Protocol

EAP carries concrete authentication protocol between Supplicant and Authentication Server

RADIUS/UDP/IP: carries EAP between Authenticator and Authentication Server

802.1: carries EAP over 802 LAN between Supplicant and Authenticator

802 1x connection l.jpg
802.1x connection

  • A client device connects to a port on an 802.1x switch and AP

  • The switch port can determine the authenticity of the devices

  • The services offered by the switch can be made available on that port

  • Only EAPOL frames can be sent and received on that port until authentication is complete.

  • When the device is properly authenticated, the port switches traffic as through it were a regular port.

Slide12 l.jpg

EAP Transport “Authentication” Protocol

Access point





Authentication Server



  • 1 -Client Associates with Blocked Access Point

  • 2 -User Provides Login Authentication Credentials

  • 3 a)-Server<->user authentication

  • b)-Server delivers Unicast WEP key to Access Point

  • -Access point delivers broadcast WEP key Encrypted with

  • Unicast WEP key to client

  • 5 -Client and Access Point activate WEP and Use Unicast and Broadcast WEP keys for transmission

Unicast communication single host single receiver l.jpg
Unicast-communication single host single receiver

packets sent to a unicast address are

delivered to the interface identified

by that address

Multicast is communication between a single host and multiple receivers l.jpg
Multicast is communication between a single host and multiple receivers

Multicast Sends Packets to a Subnet, and defined devices listen for Multicast Packets

What is eap l.jpg
What is EAP multiple receivers

  • Beyond simple user names and passwords

  • Easily encapsulated within any data link protocol

  • Provides a generalized framework for all sorts of authentication methods.

  • Simpler interoperability and compatibility across authentication methods

  • For example, when you dial a remote access server(RAS) and use EAP as part of your PPP connection, the RAS doesn’t need to know any of the details about your authentication system. Only you and the authentication server have to be coordinated.

  • The RAS server gets out of the business and just re-packages EAP packets to hand off to a RADIUS server to make the actual authentication decision.

Eapol packet structure l.jpg
EAPoL packet structure multiple receivers

EAP messages are packaged in ethernet frames and don’t use PPP

A typical eapol protocol run l.jpg
A typical EAPOL protocol run multiple receivers


EAPOL start

EAP request/identity

EAP response/identity

EAP request/MD5-challenge

EAP response/MD5-challenge

EAP success

Slide19 l.jpg

TKIP multiple receivers


Temporal key




MAC addr



S | D | body




Integrity key





Shared secret key

S | D | body

IV | ciphertext





Tkip temporal key integrity protocol l.jpg
TKIP multiple receivers(Temporal Key Integrity Protocol)

  • Addresses weak IVs, IV collisions

  • Firmware upgrade deployable to existing 802.11 hardware

  • Components

    -Cryptographic message integrity code

    -Packet sequencing

    -Per-packet key generation

    -Re-keying mechanism

Tkip mic l.jpg
TKIP-MIC multiple receivers

  • Sender and receiver share 64-bit secret integrity key

  • MIC = H(src MAC|dst MAC|frame body)K

  • If receivers computation matches the MIC sent, then message presumed authentic

  • If 2 forgeries in a second, then assume under attack

    -Delete keys, disassociate, and reassociate

Tkip packet sequencing l.jpg
TKIP-Packet Sequencing multiple receivers

  • Reuse 16-bits of WEP IV packet field for sequence number

  • Initialize sequence # to 0 for new encryption key

  • Increment sequences # by 1 on each packet

  • Discard any packet out of sequence

Tkip per packet key l.jpg
TKIP-Per-packet Key multiple receivers

  • Phase 1:

    • Key_mix(128-bit temporal key, 48-bit MAC)=128-bit result

      • Ensures unique key if clients share same temporal key

  • Phase 2:

    Key_mix(phase 1 result, seq #) = 128-bit per-packet key

    Incrementing seq# ensures unique key for each packet

  • Keystream=RC4(128-bit per-packet key)

Tkip rekeying l.jpg
TKIP-Rekeying multiple receivers

  • Key hierarchy

    • Master key

      • Established via 802.1x or manually

      • Used to securely communicate key encryption keys

        - Key encryption keys (2)

      • Secure messages containing keying material for deriving temporal keys

      • Key 1: encryption Key 2: integrity

    • Temporal keys(2)

      • Key 1: encrypting data Key 2: data integrity

Slide25 l.jpg
TKIP multiple receivers

  • If master key compromised, then TKIP is voided

  • The lack of PKI represents a huge issue on the AP side.

Standard eap with tkip wlan design attack mitigation roles for standard eap wlan design l.jpg
Standard EAP with TKIP WLAN Design multiple receiversAttack Mitigation Roles for Standard EAP WLAN Design

802 1x eap with tkip threats mitigated l.jpg
802.1X/EAP with TKIP multiple receiversThreats mitigated

  • Wireless packet sniffers

    -per packet keying

    -key rotation

  • Unauthenticated access

    -only authenticated users are able to access the wireless and wired network

    -optional access control on the Layer 3 switch limits wired network access

  • MITM

    -the mutual authentication nature of several EAP authentication types combined with the MIC can prevent hackers from inserting themselves in the path of wireless communications.

802 1x eap with tkip additional threats mitigated l.jpg
802.1X/EAP with TKIP multiple receiversAdditional Threats mitigated

  • IP spoofing

    -have to first authenticate to WLAN

    -layer 3 switch restricts any spoofing to the local subnet range

  • ARP spoofing

    -have to first authenticate to WLAN

  • Network topology discovery

    -have to first authenticator to WLAN

    -know network exist by SSID, but cannot access the network.

802 1x eap with tkip threats not mitigated l.jpg
802.1X/EAP with TKIP multiple receiversThreats not mitigated

Password attack

-passive monitoring 802.1X/EAP exchanges between client and the access point

-Protected EAP mitigates this by establishing a TLS tunnel from the client to the server before asking for user authentication credentials.

Slide30 l.jpg

Determines authentication encryption and MAC algorithms. Select by Server Default Cipher Suite





Back End (EAP)


Network Access Server





EAP Conversation (over PPP, 802.11, etc.)

Keys for Link Layer CipherSuites

EAP method

EAP Method

Ieee 802 11i l.jpg
IEEE 802.11i Select by Server Default Cipher Suite

Embraces 802.1x and TKIP

Replaces RC4 with AES for encryption and integrity

48-bit sequence counter, 128-bit key

Requires coprocessor, therefore new hardware deployment

Summary l.jpg
Summary Select by Server Default Cipher Suite

  • Mobile communication technology will continue to grow encouraged by switching to packet-switched 3G cellular phones

  • Results in natural progression to accessing the internet without wires

  • Results in requiring more privacy/security protection mechanisms

  • Standards/vendor products eventually evolve to meet customers’ needs

The alliance announced the first certified products with wpa april 29 2003 l.jpg
The Alliance announced the first certified products with WPA Select by Server Default Cipher Suite April 29, 2003

  • The Wi-Fi Alliance created Wi-Fi Protected Access (WPA) in October of 2002 as a stepping stone between the sullied Wired Equivalent Privacy (WEP) encryption that has long been part of the 802.11 specifications, and the upcoming 802.11i standard that will bring IEEE endorsed security to WLANs.

Slide34 l.jpg

References: Select by Server Default Cipher Suite

  • P. Nikander, Authorization and charging in public WLANs using FreeBSD and 802.1x, Ericsson Research NomadicLab, [email protected]

  • IEEE Draft P802.1X/D11: Standard for Portbased Network Access Control, LAN MAN StandardsCommittee of the IEEE Computer Society,March 27, 2001.

  • L. Blunk and J. Vollbrecht, RFC2284, PPP ExtensibleAuthentication Protocol (EAP), IETF,March 1998.

  • C. Rigney, S. Willens, A. Rubens, W. Simpson, RFC2865, Remote Authentication Dial In User Service (RADIUS), IETF, June 2000.


  • Cisco Networking Academy Program: Second-Year Companion Guide, Cisco Systems, Inc., Cisco Press 2001.

  • Glen Fleishman, “Key to Wi-Fi security”, /03/01/10/030113newifisec_1.html

  • H.Anderson,“Protected Extensible Authentication Protocol (PEAP),

  • Rob Flickenger, “Using SSH Tunneling”,




Thank you l.jpg
Thank You Select by Server Default Cipher Suite

Notes l.jpg
Notes: Select by Server Default Cipher Suite

  • If access is approved, the authenticator hands over a unique per-supplicant master key from which the supplicant's network adapter derives the TKIP key, the packet integrity key, and other cryptographic necessities. The user can then be authenticated

  • EAP is used to frequently refresh the master key, reducing the window of opportunity for intercepting packets for cracking.