sachit
Banned
REad the contents below.
Contents
Preface xv
Acknowledgments xvii
Chapter 1 Introduction 1
I Authentication and Authorization in WLANs 7
Chapter 2 Authentication in WLANs: An Overview 9
2.1 Introduction 9
2.2 Basic Entities and Requirements in WLANs 10
2.2.1 Entities and Functions in a LAN and WLAN 10
2.2.2 General Requirements in WLAN Security 13
2.3 Authentication Models for WLANs 14
2.4 The Universal Access Method 16
2.5 The 802.1X Authentication Framework 18
2.5.1 The 802.1X Entities 20
2.5.2 The Notion of a Port 20
2.5.3 EAP, EAP over LAN, and EAP over Wireless 21
2.5.4 Supplicant to AS Authentication Protocols 22
2.6 The RADIUS Protocol 23
2.6.1 RADIUS Packets Overview 25
2.6.2 RADIUS Authentication Approaches 25
2.6.3 RADIUS Vulnerabilities 26
2.7 Device Authentication for Network Elements 27
2.7.1 The Rogue Cable Modem Case: A Precedent 28
2.7.2 802.1X and Device Certificates 30
vii
viii Security in Wireless LANs and MANs
2.7.3 Toward a Solution to the Rogue AP Problem 31
2.7.4 Toward a Solution for Rogue Network Devices 32
2.7.5 Policy-Based Device Authentication in 802.1X 33
2.7.6 Further Afield: 802.1X and Trusted Computing 34
2.8 Summary 35
References 35
Chapter 3 EAP, TLS, and Certificates 37
3.1 Introduction 37
3.2 The Extensible Authentication Protocol 38
3.2.1 Overview of EAP Packet Format 39
3.2.2 Basic EAP Exchange 39
3.2.3 EAP Peers, Layers, Multiplexing, and Pass-Through 40
3.2.4 Summary of EAP 43
3.3 Overview of TLS 43
3.3.1 The SSL Stack 44
3.3.2 The Basic SSL Handshake 45
3.3.3 Certificates in SSL 46
3.3.4 The SSL Record Layer 48
3.3.5 Summary of SSL and TLS 49
3.4 An Overview of Certificates and PKI 49
3.4.1 Concept of Public-Key Cryptosystems 50
3.4.2 Digital Certificates and PKI 50
3.4.3 Role of Certification Authority (CA) 51
3.4.4 Private and Public CAs 52
3.4.5 The X.509 Format 53
3.4.6 Summary of Certificates and PKI 54
3.5 Summary 54
References 55
Chapter 4 EAP Methods 57
4.1 Introduction 57
4.2 The EAP-TLS Method 57
4.2.1 SSL Records over EAP 58
4.2.2 The EAP-TLS Exchange 59
4.2.3 Summary of EAP-TLS 61
4.3 PEAP: EAP-over-TLS-over-EAP 62
4.3.1 Overview of PEAPv2 62
4.3.2 EAP Methods over TLS: EAP-TLV 63
4.3.3 The Two Phases of PEAP 65
4.3.4 Summary of PEAP 70
4.4 Tunneled TLS (EAP-TTLS) 70
Contents ix
4.4.1 Overview of TTLS 71
4.4.2 Example of a TTLS Session 72
4.4.3 Comparison of TTLS and PEAP 76
4.5 EAP-SIM 76
4.5.1 Background: The SIM Triplet 77
4.5.2 EAP-SIM Overview 77
4.5.3 Example of an EAP-SIM Session 79
4.5.4 Security Issues with SIM over 802.11 WLANs 80
4.6 EAP-AKA 82
4.7 EAP-FAST 84
4.8 RADIUS Support for EAP 86
4.9 Summary 87
References 88
II Data Protection inWireless LANs 91
Chapter 5 WEP 93
5.1 Introduction 93
5.2 Threat Model 94
5.2.1 Threat Model Addressed by the WEP Design 95
5.3 Entity Authentication 95
5.3.1 Open-System Authentication 96
5.3.2 Shared-Key Authentication 96
5.4 WEP Encapsulation and Decapsulation 98
5.4.1 WEP Design Requirements 98
5.4.2 WEP Shared Secret Keys 99
5.4.3 WEP Cipher: RC4 99
5.4.4 WEP Integrity Algorithm: CRC-32 100
5.4.5 WEP Encapsulation 100
5.4.6 WEP Decapsulation 103
5.5 Design Flaws in WEP 103
5.5.1 Lack of Proper Integrity Protection 104
5.5.2 Improper Use of RC4 104
5.5.3 Lack of Replay Protection 105
5.5.4 Lack of Mutual Authentication and
Key Management 106
5.6 Summary 106
References 106
Chapter 6 802.11i Security: RSNA 109
6.1 Introduction 109
x Security in Wireless LANs and MANs
6.2 802.11i Security Goals 110
6.2.1 Enforcing Authorized Access to a Wired Network 110
6.2.2 Protection Against Downgrade Attacks 111
6.2.3 Data Protection 112
6.3 Components of an RSNA 113
6.3.1 Security Associations Within an RSNA 113
6.3.2 RSN IE 114
6.4 Steps in Establishing an RSN Association 115
6.5 Mutual Authentication in RSNAs 117
6.5.1 802.1X and EAP-Based Authentication 117
6.5.2 PMK Caching 118
6.5.3 PSK-Based Authentication 118
6.5.4 Preauthentication in RSNs 119
6.6 SA and Key Management in RSNs 119
6.6.1 4-Way Handshake 121
6.6.2 Summary of the Security Properties of the 4-Way
Exchange 124
6.6.3 Security Assumptions Inherent to the 4-Way
Exchange 126
6.6.4 PTK Derivation 127
6.7 Key Download Protocols in 802.11i 128
6.7.1 Group Key Exchange 128
6.7.2 STAkey Exchange 129
6.8 Summary 129
References 130
Chapter 7 CCMP 131
7.1 Introduction 131
7.2 AES CCM Mode 132
7.2.1 CCM Parameters 132
7.2.2 MIC Computation Using AES-CBC-MAC 133
7.2.3 AES-CTR Mode Encryption in CCM 134
7.2.4 CCM Decapsulation 135
7.3 Security Analysis of the CCM Mode 135
7.3.1 Vulnerability to Precomputation Attacks 136
7.4 802.11i CCMP 137
7.4.1 Key Derivation for CCMP 137
7.4.2 Additional Authentication Data in CCMP 138
7.4.3 Nonce Construction in CCMP 139
7.4.4 Replay Protection 140
7.4.5 MPDU Encapsulation and Decapsulation 140
Contents xi
7.5 Summary 141
References 141
Chapter 8 TKIP 143
8.1 Introduction 143
8.2 TKIP Design 144
8.2.1 TKIP Design Goals and Constraints 144
8.2.2 TKIP Design Components 146
8.3 Message Integrity Protection Using Michael 147
8.3.1 Michael Protocol Limitations 147
8.4 Confidentiality 148
8.4.1 TKIP Key Mixing 148
8.4.2 Security Limitations of TKIP Key Mixing 149
8.5 Replay Protection 150
8.6 TKIP Encapsulation and Decapsulation 151
8.6.1 TKIP Countermeasures 153
8.7 Summary 154
References 154
III Wireless Roaming Security 155
Chapter 9 Security in WiFi Roaming 157
9.1 Introduction 157
9.2 Roaming in Dial-Up IP Services: Background 158
9.2.1 The Dial-Up Access Model 159
9.2.2 Authentication in Dial-Up IP Services 160
9.2.3 The Network Access Identifier (NAI) 160
9.2.4 The NAI for Dial-Up Remote Access 161
9.3 WiFi Roaming: Entities and Models 162
9.3.1 WiFi Roaming Entities 163
9.3.2 Roaming Models 164
9.3.3 WiFi Roaming Security Requirements:
A Classification 165
9.4 WISPr: The Wireless ISP Roaming Architecture 167
9.4.1 Hotspot Operational Aspects 168
9.4.2 AAA Sessions in WISPr 169
9.4.3 Alternative Authentication Methods in WISPr 171
9.5 Summary 171
References 172
xii Security in Wireless LANs and MANs
Chapter 10 3G-WLAN Roaming 173
10.1 Introduction 173
10.2 A Brief History of GSM and 3G 173
10.3 3G-WLAN Interworking: The 3GPP Perspective 174
10.4 The 3GPP-WLAN Interworking Architecture 177
10.4.1 3GPP-WLAN Interworking: Entities 178
10.4.2 3G-WLAN Roaming: The NAI 182
10.4.3 3G-WLAN Roaming: Security Issues
and Requirements 183
10.5 Summary 185
References 185
IV WMAN Security 187
Chapter 11 An Overview of 802.16 WMANs 189
11.1 Introduction 189
11.2 Background on 802.16 WMANs 190
11.2.1 The Basic 802.16 Network Arrangement 190
11.2.2 Frequency Bands in 802.16 192
11.2.3 The 802.16 Protocol Layers 192
11.2.4 The MAC Security Sublayer 193
11.3 Network Entry and Initialization 194
11.4 The Privacy Key Management (PKM) Protocol 197
11.4.1 Background to the PKM Protocol 197
11.4.2 Authorization Key Establishment 199
11.4.3 The TEK Exchanges Phase 201
11.4.4 Key Transitions and Synchronizations 202
11.5 Certificates in 802.16 204
11.5.1 The Need for Certificates in Subscriber Devices 204
11.5.2 The CableHome Certificate Hierarchy 205
11.5.3 A Certificate Hierarchy for the WMAN Industry 207
11.6 Summary 209
References 209
Chapter 12 Wireless MAN Security 211
12.1 Introduction 211
12.2 WMAN Threat Model and Security Requirements 212
12.2.1 Original Design of the 802.16 Security Sublayer 212
12.3 PKMv2 214
12.3.1 Mutual Authentication Between a BS and an MS 215
12.4 Authentication and Access Control in PKMv2 216
Contents xiii
12.4.1 Public-Key–Based Mutual Authentication
in PKMv2 216
12.4.2 EAP-Based Mutual Authorization in PKMv2 218
12.4.3 PKMv2 Key Hierarchy 220
12.4.4 TEK and GTEK Update 223
12.5 CCM Encapsulation of 802.16 MPDUs 224
12.5.1 Nonce Construction 226
12.6 Secure Encapsulation of Multicast and Broadcast MPDUs 227
12.6.1 802.16 Security Associations 228
12.7 Security Issues in the 802.16 Specification 228
12.8 Summary 229
References 229
Chapter 13 Conclusion and Outlook 231
About the Authors 235
Index 237
REGARDS
Contents
Preface xv
Acknowledgments xvii
Chapter 1 Introduction 1
I Authentication and Authorization in WLANs 7
Chapter 2 Authentication in WLANs: An Overview 9
2.1 Introduction 9
2.2 Basic Entities and Requirements in WLANs 10
2.2.1 Entities and Functions in a LAN and WLAN 10
2.2.2 General Requirements in WLAN Security 13
2.3 Authentication Models for WLANs 14
2.4 The Universal Access Method 16
2.5 The 802.1X Authentication Framework 18
2.5.1 The 802.1X Entities 20
2.5.2 The Notion of a Port 20
2.5.3 EAP, EAP over LAN, and EAP over Wireless 21
2.5.4 Supplicant to AS Authentication Protocols 22
2.6 The RADIUS Protocol 23
2.6.1 RADIUS Packets Overview 25
2.6.2 RADIUS Authentication Approaches 25
2.6.3 RADIUS Vulnerabilities 26
2.7 Device Authentication for Network Elements 27
2.7.1 The Rogue Cable Modem Case: A Precedent 28
2.7.2 802.1X and Device Certificates 30
vii
viii Security in Wireless LANs and MANs
2.7.3 Toward a Solution to the Rogue AP Problem 31
2.7.4 Toward a Solution for Rogue Network Devices 32
2.7.5 Policy-Based Device Authentication in 802.1X 33
2.7.6 Further Afield: 802.1X and Trusted Computing 34
2.8 Summary 35
References 35
Chapter 3 EAP, TLS, and Certificates 37
3.1 Introduction 37
3.2 The Extensible Authentication Protocol 38
3.2.1 Overview of EAP Packet Format 39
3.2.2 Basic EAP Exchange 39
3.2.3 EAP Peers, Layers, Multiplexing, and Pass-Through 40
3.2.4 Summary of EAP 43
3.3 Overview of TLS 43
3.3.1 The SSL Stack 44
3.3.2 The Basic SSL Handshake 45
3.3.3 Certificates in SSL 46
3.3.4 The SSL Record Layer 48
3.3.5 Summary of SSL and TLS 49
3.4 An Overview of Certificates and PKI 49
3.4.1 Concept of Public-Key Cryptosystems 50
3.4.2 Digital Certificates and PKI 50
3.4.3 Role of Certification Authority (CA) 51
3.4.4 Private and Public CAs 52
3.4.5 The X.509 Format 53
3.4.6 Summary of Certificates and PKI 54
3.5 Summary 54
References 55
Chapter 4 EAP Methods 57
4.1 Introduction 57
4.2 The EAP-TLS Method 57
4.2.1 SSL Records over EAP 58
4.2.2 The EAP-TLS Exchange 59
4.2.3 Summary of EAP-TLS 61
4.3 PEAP: EAP-over-TLS-over-EAP 62
4.3.1 Overview of PEAPv2 62
4.3.2 EAP Methods over TLS: EAP-TLV 63
4.3.3 The Two Phases of PEAP 65
4.3.4 Summary of PEAP 70
4.4 Tunneled TLS (EAP-TTLS) 70
Contents ix
4.4.1 Overview of TTLS 71
4.4.2 Example of a TTLS Session 72
4.4.3 Comparison of TTLS and PEAP 76
4.5 EAP-SIM 76
4.5.1 Background: The SIM Triplet 77
4.5.2 EAP-SIM Overview 77
4.5.3 Example of an EAP-SIM Session 79
4.5.4 Security Issues with SIM over 802.11 WLANs 80
4.6 EAP-AKA 82
4.7 EAP-FAST 84
4.8 RADIUS Support for EAP 86
4.9 Summary 87
References 88
II Data Protection inWireless LANs 91
Chapter 5 WEP 93
5.1 Introduction 93
5.2 Threat Model 94
5.2.1 Threat Model Addressed by the WEP Design 95
5.3 Entity Authentication 95
5.3.1 Open-System Authentication 96
5.3.2 Shared-Key Authentication 96
5.4 WEP Encapsulation and Decapsulation 98
5.4.1 WEP Design Requirements 98
5.4.2 WEP Shared Secret Keys 99
5.4.3 WEP Cipher: RC4 99
5.4.4 WEP Integrity Algorithm: CRC-32 100
5.4.5 WEP Encapsulation 100
5.4.6 WEP Decapsulation 103
5.5 Design Flaws in WEP 103
5.5.1 Lack of Proper Integrity Protection 104
5.5.2 Improper Use of RC4 104
5.5.3 Lack of Replay Protection 105
5.5.4 Lack of Mutual Authentication and
Key Management 106
5.6 Summary 106
References 106
Chapter 6 802.11i Security: RSNA 109
6.1 Introduction 109
x Security in Wireless LANs and MANs
6.2 802.11i Security Goals 110
6.2.1 Enforcing Authorized Access to a Wired Network 110
6.2.2 Protection Against Downgrade Attacks 111
6.2.3 Data Protection 112
6.3 Components of an RSNA 113
6.3.1 Security Associations Within an RSNA 113
6.3.2 RSN IE 114
6.4 Steps in Establishing an RSN Association 115
6.5 Mutual Authentication in RSNAs 117
6.5.1 802.1X and EAP-Based Authentication 117
6.5.2 PMK Caching 118
6.5.3 PSK-Based Authentication 118
6.5.4 Preauthentication in RSNs 119
6.6 SA and Key Management in RSNs 119
6.6.1 4-Way Handshake 121
6.6.2 Summary of the Security Properties of the 4-Way
Exchange 124
6.6.3 Security Assumptions Inherent to the 4-Way
Exchange 126
6.6.4 PTK Derivation 127
6.7 Key Download Protocols in 802.11i 128
6.7.1 Group Key Exchange 128
6.7.2 STAkey Exchange 129
6.8 Summary 129
References 130
Chapter 7 CCMP 131
7.1 Introduction 131
7.2 AES CCM Mode 132
7.2.1 CCM Parameters 132
7.2.2 MIC Computation Using AES-CBC-MAC 133
7.2.3 AES-CTR Mode Encryption in CCM 134
7.2.4 CCM Decapsulation 135
7.3 Security Analysis of the CCM Mode 135
7.3.1 Vulnerability to Precomputation Attacks 136
7.4 802.11i CCMP 137
7.4.1 Key Derivation for CCMP 137
7.4.2 Additional Authentication Data in CCMP 138
7.4.3 Nonce Construction in CCMP 139
7.4.4 Replay Protection 140
7.4.5 MPDU Encapsulation and Decapsulation 140
Contents xi
7.5 Summary 141
References 141
Chapter 8 TKIP 143
8.1 Introduction 143
8.2 TKIP Design 144
8.2.1 TKIP Design Goals and Constraints 144
8.2.2 TKIP Design Components 146
8.3 Message Integrity Protection Using Michael 147
8.3.1 Michael Protocol Limitations 147
8.4 Confidentiality 148
8.4.1 TKIP Key Mixing 148
8.4.2 Security Limitations of TKIP Key Mixing 149
8.5 Replay Protection 150
8.6 TKIP Encapsulation and Decapsulation 151
8.6.1 TKIP Countermeasures 153
8.7 Summary 154
References 154
III Wireless Roaming Security 155
Chapter 9 Security in WiFi Roaming 157
9.1 Introduction 157
9.2 Roaming in Dial-Up IP Services: Background 158
9.2.1 The Dial-Up Access Model 159
9.2.2 Authentication in Dial-Up IP Services 160
9.2.3 The Network Access Identifier (NAI) 160
9.2.4 The NAI for Dial-Up Remote Access 161
9.3 WiFi Roaming: Entities and Models 162
9.3.1 WiFi Roaming Entities 163
9.3.2 Roaming Models 164
9.3.3 WiFi Roaming Security Requirements:
A Classification 165
9.4 WISPr: The Wireless ISP Roaming Architecture 167
9.4.1 Hotspot Operational Aspects 168
9.4.2 AAA Sessions in WISPr 169
9.4.3 Alternative Authentication Methods in WISPr 171
9.5 Summary 171
References 172
xii Security in Wireless LANs and MANs
Chapter 10 3G-WLAN Roaming 173
10.1 Introduction 173
10.2 A Brief History of GSM and 3G 173
10.3 3G-WLAN Interworking: The 3GPP Perspective 174
10.4 The 3GPP-WLAN Interworking Architecture 177
10.4.1 3GPP-WLAN Interworking: Entities 178
10.4.2 3G-WLAN Roaming: The NAI 182
10.4.3 3G-WLAN Roaming: Security Issues
and Requirements 183
10.5 Summary 185
References 185
IV WMAN Security 187
Chapter 11 An Overview of 802.16 WMANs 189
11.1 Introduction 189
11.2 Background on 802.16 WMANs 190
11.2.1 The Basic 802.16 Network Arrangement 190
11.2.2 Frequency Bands in 802.16 192
11.2.3 The 802.16 Protocol Layers 192
11.2.4 The MAC Security Sublayer 193
11.3 Network Entry and Initialization 194
11.4 The Privacy Key Management (PKM) Protocol 197
11.4.1 Background to the PKM Protocol 197
11.4.2 Authorization Key Establishment 199
11.4.3 The TEK Exchanges Phase 201
11.4.4 Key Transitions and Synchronizations 202
11.5 Certificates in 802.16 204
11.5.1 The Need for Certificates in Subscriber Devices 204
11.5.2 The CableHome Certificate Hierarchy 205
11.5.3 A Certificate Hierarchy for the WMAN Industry 207
11.6 Summary 209
References 209
Chapter 12 Wireless MAN Security 211
12.1 Introduction 211
12.2 WMAN Threat Model and Security Requirements 212
12.2.1 Original Design of the 802.16 Security Sublayer 212
12.3 PKMv2 214
12.3.1 Mutual Authentication Between a BS and an MS 215
12.4 Authentication and Access Control in PKMv2 216
Contents xiii
12.4.1 Public-Key–Based Mutual Authentication
in PKMv2 216
12.4.2 EAP-Based Mutual Authorization in PKMv2 218
12.4.3 PKMv2 Key Hierarchy 220
12.4.4 TEK and GTEK Update 223
12.5 CCM Encapsulation of 802.16 MPDUs 224
12.5.1 Nonce Construction 226
12.6 Secure Encapsulation of Multicast and Broadcast MPDUs 227
12.6.1 802.16 Security Associations 228
12.7 Security Issues in the 802.16 Specification 228
12.8 Summary 229
References 229
Chapter 13 Conclusion and Outlook 231
About the Authors 235
Index 237
REGARDS