wpa and rsn authentication protocols
play

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring - PowerPoint PPT Presentation

Jan 18, 2024 •277 likes •519 views

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

  1. WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1

  2. Motivation ♦ Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication method ♦ Proposed Solutions • WPA (Wifi Alliance) • RSN / WPA2 (802.11i) CS 6204, Spring 2005 2

  3. WPA and RSN ♦ Separate the user authentication and message protection process • Allows for dynamic key management • Allows existing authentication protocols used in wired environments to be adapted for use in WLANs ♦ Adopted the 802.1x authentication model • Three entities (Client, AS, NAS) ♦ EAP used to communicate during authentication process CS 6204, Spring 2005 3

  4. 4 802.1x model CS 6204, Spring 2005

  5. Extensible Authentication Protocol (EAP) ♦ Used to encapsulate other authentication protocols ♦ Four Message Types • Request • Response • Success • Failure CS 6204, Spring 2005 5

  6. 6 EAP Message Flow CS 6204, Spring 2005

  7. Paper’s Goal ♦ Define the characteristics of a “good” authentication protocol ♦ Survey the existing authentication protocols and determine how well they satisfy these characteristics CS 6204, Spring 2005 7

  8. Desired Properties of WLAN Authentication Mutual Authentication 1. Identity Privacy 2. Dictionary Attack Resistance 3. Replay Attack Resistance 4. Derivation of Strong Session Keys 5. Tested Implementation 6. Delegation 7. Fast Reconnect 8. CS 6204, Spring 2005 8

  9. Three Categories for Proposed Protocols ♦ Secret Key Methods ♦ Public Key Methods ♦ Tunneled Methods CS 6204, Spring 2005 9

  10. Secret Key Methods ♦ The client and AS have a shared secret and establish a trust relationship by proving mutual knowledge of that secret Pros: Efficiency, require little computational power Cons: Difficult to prevent dictionary attacks without introducing computational overhead CS 6204, Spring 2005 10

  11. Secret Key Methods Lightweight Extensible Authentication Protocol 1. (LEAP) Kerberos v5 2. EAP-Secure Remote Password (EAP-SRP) 3. CS 6204, Spring 2005 11

  12. Lightweight Extensible Authentication Protocol (LEAP) CS 6204, Spring 2005 12

  13. 13 Kerberos v5 CS 6204, Spring 2005

  14. EAP-Secure Remote Password (EAP-SRP) CS 6204, Spring 2005 14

  15. Public Key Methods ♦ Public/Private key pair used for authentication. Certificates are generally used to establish trust Pros: Solves dictionary attack vulnerability Cons: More complicated to deploy than secret key methods CS 6204, Spring 2005 15

  16. Public Key Methods EAP-TLS 1. ID-Based Cryptography 2. Greenpass 3. CS 6204, Spring 2005 16

  17. EAP-Transport Layer Security (EAP-TLS) CS 6204, Spring 2005 17

  18. ID-based Cryptography CS 6204, Spring 2005 18

  19. 19 Greenpass CS 6204, Spring 2005

  20. Tunneled Methods ♦ Authentication divided into two phases: 1. The client authenticates the AS using EAP-TLS. The resulting session key is used to establish an encrypted tunnel for further communications 2. The AS authenticates the client through the encrypted tunnel. – Allows the use of a less secure legacy protocol for client authentication Pros: 1. Tunnel hides client’s identity by encrypting the contents of the EAP Response-Identity message 2. Provides resistance to dictionary attacks and replay attacks, even if the protocol used for client authentication does not Cons: 1. Vulnerable to a Man-in-the-Middle Attack CS 6204, Spring 2005 20

  21. Tunneled Methods Protected EAP (PEAP) 1. EAP-Tunneled TLS (EAP-TTLS) 2. CS 6204, Spring 2005 21

  22. PEAP vs. EAP-TTLS ♦ These methods differ only in the supported methods for client authentication – PEAP supports all EAP methods – EAP-TTLS supports legacy password protocols, such as LEAP, in addition to all EAP methods. CS 6204, Spring 2005 22

  23. 23 Protocol Comparison CS 6204, Spring 2005

  24. Conclusions ♦ LEAP and Kerberos not sufficiently secure due to dictionary attack vulnerability ♦ EAP-SRP and ID-based Cryptography lack current implementations for WLANs, so they may contain unknown vulnerabilities ♦ EAP-TLS provides strong security, but lacks support for delegation or identity privacy ♦ Greenpass, Eap-TTLS, and PEAP are the most promising because they combine EAP-TLS with possible support for delegation and identity privacy CS 6204, Spring 2005 24

Recommend

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

CS 166: Information Security Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a Protocol? Rules for interaction, which can include: Human protocols e.g. raise your hand to ask a question

795 views • 76 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides
A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with Sjouke Mauw and Erik de Vink ccremers@win.tue.nl Cas Cremers, July 15, 2005 A Syntactic Criterion for Injectivity of Authentication Protocols - p.

391 views • 36 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

809 views • 49 slides
Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur Protocols Key Agreement Authentication: Group Authentication Key Agreement and Authentication Key Agreement and authentication with key

411 views • 9 slides
Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Hyper Text Transfer Protocol (HTTP) version 0.9 With HTTP, a client (web browser) contacts a server on TCP port 80, sends a request line and receives a response file. Security II: Web authentication Such text-based protocols can be

383 views • 7 slides
Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop March 28, 2011 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 1 / 14 A parable of obsolescent technology Credit:

256 views • 22 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine Meadows Dusko Pavlovic NRL Kestrel Institute Iliano Cervesato Tulane University CSFW 2005 June 20, 2005 Contributions Separate

516 views • 29 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

304 views • 16 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

137 views • 13 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239 Verifying security protocols Computer Security February 4, 2004 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004

297 views • 11 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE http://sloth-attack.org Karthikeyan Bhargavan Gatan Leurent Crypto protocols and applications evolve Agility: graceful transition from old to new

228 views • 18 slides

More recommend