Evolution and Impact of IEEE 802 Security Architectures

july 2016 history and implementation of the ieee n.w
1 / 26
Embed
Share

Explore the history and implementation of the IEEE 802 security architecture, from early developments to current challenges and conclusions. Learn about key parameters as security gauges, data access control, authentication, data confidentiality, integrity, and more. Discover the evolution of security protocols and the role of IEEE 802 in wireless network security.

  • Security
  • IEEE 802
  • Network
  • Authentication
  • Data Confidentiality
rayaanacharya
jall371 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. July 2016 History and Implementation of the IEEE 802 Security Architecture Date: 2016-07-26 Authors: doc.: IEEE 802.11-16/0940r1 Name Affiliations Address Addis Ababa University Phone email Meareg Abreha mearegab@gmail.com Submission Slide 1 Meareg Abreha (Addis Ababa University)

  2. July 2016 doc.: IEEE 802.11-16/0940r1 History and Implementation of History and Implementation of the IEEE 802 Security the IEEE 802 Security Architecture Architecture Meareg Abreha San Diego, CA July 2016 Submission Meareg Abreha (Addis Ababa University)

  3. July 2016 doc.: IEEE 802.11-16/0940r1 Outline Outline Background Parameter as security gauges IEEE 802 security protocols in terms of the chosen parameters Challenges and Conclusion Submission Meareg Abreha (Addis Ababa University)

  4. July 2016 doc.: IEEE 802.11-16/0940r1 Background Background Early security on IEEE 802: Gained attention in the wireless world Barely proof of concept for Number theory's application Security protocols evolved due to: Thorough analysis Attacks Submission Meareg Abreha (Addis Ababa University)

  5. July 2016 doc.: IEEE 802.11-16/0940r1 Parameters as Security Gauges Parameters as Security Gauges Parameters that provide the means to control clients and resources in a given network: Data Access Control and Authentication Data Access Control and Authentication Resource access and controls clients Data Confidentiality and Integrity: Data Confidentiality and Integrity: Privacy and authenticity of data Submission Meareg Abreha (Addis Ababa University)

  6. July 2016 doc.: IEEE 802.11-16/0940r1 Data Access Control and Authentication Data Access Control and Authentication Started out with 802.1x standard for port-based network Access control in 2001 - uses the PPP based EAP as its authentication mechanism. 802.1x contains three components and two logical ports. Authenticator PAE enforces authentication via the uncontrolled port before opening the controlled port to allow supplicants access to resources. Submission Meareg Abreha (Addis Ababa University)

  7. July 2016 doc.: IEEE 802.11-16/0940r1 A little more on 802.1x A little more on 802.1x 802.1x was initially developed for IEEE 802.3 - since 2003, extended to 802.11. It defines EAP-Over-LAN (EAPOL), a standard encapsulation method to adapt EAP messages sent over Ethernet or WLANs. Submission Meareg Abreha (Addis Ababa University)

  8. July 2016 doc.: IEEE 802.11-16/0940r1 Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently The IEEE 802.11i Enterprise mode implements the 802.1x with authentication servers such as RADIUS In IEEE 802.21, MIH SA is established either using TLS handshake, (D)TLS or EAP execution over the MIH protocol. Submission Meareg Abreha (Addis Ababa University)

  9. January 2016 doc.: IEEE 802.11-16/0940r1 Data Access Control and Authentication on Data Access Control and Authentication on IEEE 802 standards IEEE 802 standards currently currently IEEE IEEE 802.15.1 802.15.1 (Bluetooth) implements request (Bluetooth) implements request- - response based scheme where specific response based scheme where specific implementation is dependent on the application implementation is dependent on the application used used. . In In Zigbee Zigbee (Upper layer extension on top of the (Upper layer extension on top of the IEEE 802.15.4 IEEE 802.15.4) a trust center/coordinator requests ) a trust center/coordinator requests a node for a valid shared network key a node for a valid shared network key before it can join the network can join the network. . The The IEEE 802.16 IEEE 802.16 (WiMAX) (MBWA) implements (WiMAX) (MBWA) implements RSA based authentication function using x.509 RSA based authentication function using x.509 certificates or EAP based authentication. certificates or EAP based authentication. before it Submission Slide 9 Joseph Levy (InterDigital)

  10. July 2016 doc.: IEEE 802.11-16/0940r1 Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently IEEE 802.20 (MBWA with Vehicular Mobility support) has Basic EAP Support Protocol. IEEE 802.21 (MIH) uses target network's authentication mechanism before MIH frames exchange. IEEE 802.22 (TVWS) uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Submission Meareg Abreha (Addis Ababa University)

  11. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.3 (Ethernet) security IEEE 802.3 (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Submission Meareg Abreha (Addis Ababa University)

  12. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.11 (WLANs) security IEEE 802.11 (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE 802.11 standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Submission Meareg Abreha (Addis Ababa University)

  13. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as 802.11i (security protocol - WPA2) included on the 2007 amendment of the 802.11. Submission Meareg Abreha (Addis Ababa University)

  14. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access (WPA) Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka Michael ) for data integrity Submission Meareg Abreha (Addis Ababa University)

  15. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access Version 2 (WPA2) Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity Submission Meareg Abreha (Addis Ababa University)

  16. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: WPA/WPA2 vulnerabilities include: - GTK vulnerability (Hole 196) - Dictionary based attacks on weak PTK etc. Submission Meareg Abreha (Addis Ababa University)

  17. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE 802.1w IEEE 802.1w Is a 2009 amendment to the 802.11i for protecting management frames Aims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Submission Meareg Abreha (Addis Ababa University)

  18. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.1 (Bluetooth) security IEEE 802.15.1 (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption unicast Point-to-point and broadcast encryption - both Submission Meareg Abreha (Addis Ababa University)

  19. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.4 (LR WPANs) security IEEE 802.15.4 (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. Submission Meareg Abreha (Addis Ababa University)

  20. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.16 (WiMAX) security IEEE 802.16 (WiMAX) security Has two component protocols: l Encapsulation Protocol secures data across the fixed Broadband Wireless Access Network l Key Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Submission Meareg Abreha (Addis Ababa University)

  21. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.20 (MBWA IEEE 802.20 (MBWA - - Vehicular Mobility) security Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Submission Meareg Abreha (Addis Ababa University)

  22. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Submission Meareg Abreha (Addis Ababa University)

  23. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity WRANs (IEEE 802.22) security WRANs (IEEE 802.22) security Two security sub-layers: l Sublayer 1 targets non-cognitive functionalities l Sublayer 2 targets cognitive functionalities Submission Meareg Abreha (Addis Ababa University)

  24. July 2016 doc.: IEEE 802.11-16/0940r1 Data Confidentiality and Integrity Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the 802.22 systems against DoS attack types targeted at that layer. Submission Meareg Abreha (Addis Ababa University)

  25. July 2016 doc.: IEEE 802.11-16/0940r1 Challenges and Conclusion Challenges and Conclusion Challenges Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Submission Meareg Abreha (Addis Ababa University)

  26. July 2016 doc.: IEEE 802.11-16/0940r1 Thank You! Questions and comments are welcome :-) Submission Meareg Abreha (Addis Ababa University)

Related


Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
IEEE 802.11-23/2092r2 AIML Report Summary

IEEE 802.11-23/2092r2 AIML Report Summary

eudora
Discussion on IEEE 802.11be MLD Architecture Alignment

Discussion on IEEE 802.11be MLD Architecture Alignment

jannat
IEEE 802.11-20/0055r0 Multi-link Block Ack Architecture Overview

IEEE 802.11-20/0055r0 Multi-link Block Ack Architecture Overview

haleema
IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

tina
IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

finlo
IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

valerio
IEEE 802.11be MLD Architecture Discussion

IEEE 802.11be MLD Architecture Discussion

aylin
Wireless TSN in 802.11: New Requirements and Integration with 802.1

Wireless TSN in 802.11: New Requirements and Integration with 802.1

jaxxon
LDPC Investigation for IEEE 802.11bd Technology in March 2019

LDPC Investigation for IEEE 802.11bd Technology in March 2019

maureen
Evolution of Standards: IEEE 802.11 and 802.1D Relationship

Evolution of Standards: IEEE 802.11 and 802.1D Relationship

amethyst
IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

jewel
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

jshah
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

wale
IEEE 802.1CQ: Address Assignment and Validation Protocols

IEEE 802.1CQ: Address Assignment and Validation Protocols

coia227
Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

kish678
Implementation and Demonstration of eBCS Concept in IEEE 802.11-19/1999r0

Implementation and Demonstration of eBCS Concept in IEEE 802.11-19/1999r0

alfo821
IEEE 802 Wireless Meeting Venue Reports and Future Plenary Contracts Update

IEEE 802 Wireless Meeting Venue Reports and Future Plenary Contracts Update

drod
Suitability of IEEE 802.11ah for LPWAN Applications Analysis

Suitability of IEEE 802.11ah for LPWAN Applications Analysis

milia
IEEE 802 Viewpoints on WRC-23 Agenda Items

IEEE 802 Viewpoints on WRC-23 Agenda Items

chtz996
Security Testing and Architecture

Security Testing and Architecture

nataleaei
IEEE 802.11 Sensing: Applications, Feasibility, Standardization

IEEE 802.11 Sensing: Applications, Feasibility, Standardization

medidoc

More Related Content