Implementation of IEEE 802 Security Architecture

july 2016 project ieee p802 15 working group n.w
1 / 44
Embed
Share

Explore the history and implementation of the IEEE 802 Security Architecture, covering background, parameters as security gauges, challenges, and conclusions. This document provides valuable insights into the evolution of security protocols in wireless personal area networks (WPANs) and the means to control clients and resources in such networks.

  • Security Architecture
  • IEEE 802
  • Wireless Networks
  • WPANs
  • Data Access Control
rayaanacharya
nclin Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. <July 2016> Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) doc.: IEEE 802.15-<15-16-0489-01-wng0> Submission Title: [History and Implementation of the IEEE 802 Security Architecture] Date Submitted: [24 July 2016] Source: [Meareg Abreha], E-Mail:[mearegab@gmail.com] Re: [WNG Presentation] Abstract: [Description of document contents.] Purpose: [Description of what the author wants P802.15 to do with the information in the document.] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Submissio n Slide 1 Meareg Abreha

  2. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> History and Implementation of History and Implementation of the IEEE 802 Security the IEEE 802 Security Architecture Architecture Meareg Abreha San Diego, CA July 2016 Submissio n Slide 2 Meareg Abreha

  3. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Outline Outline lBackground lParameter as security gauges lIEEE 802 security protocols in terms of the chosen parameters lChallenges and Conclusion Submissio n Slide 3 Meareg Abreha

  4. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Background Background Early security on IEEE 802: lBare proof of security implementation lGained attention in the wireless world Security protocols evolved due to: lThorough analysis lAttacks Submissio n Slide 4 Meareg Abreha

  5. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Parameters as Security Gauges Parameters as Security Gauges Parameters that provide the means to control clients and resources in a given network: lData Access Control and Authentication Data Access Control and Authentication lResource access and controls clients lData Confidentiality and Integrity: Data Confidentiality and Integrity: lPrivacy and authenticity of data Submissio n Slide 5 Meareg Abreha

  6. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Access Control and Authentication Data Access Control and Authentication Started out with 802.1x standard for port-based network Access control in 2001 - uses the PPP based EAP as its authentication mechanism. Authenticator PAE enforces authentication via the uncontrolled port before opening the controlled port to allow supplicants access to resources. Submissio n Slide 6 Meareg Abreha

  7. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> A little more on 802.1x A little more on 802.1x 802.1x was initially developed for IEEE 802.3 - since 2003, extended to 802.11. It defines EAP-Over-LAN (EAPOL), a standard encapsulation method to adapt EAP messages sent over Ethernet or WLANs. Submissio n Slide 7 Meareg Abreha

  8. July 2016 Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently The IEEE 802.11i Enterprise mode implements the 802.1x with authentication servers such as RADIUS In IEEE 802.21, MIH SA is established either using TLS handshake, (D)TLS or EAP execution over the MIH protocol. Meareg Abreha (Addis Ababa University)

  9. January 2016 doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently IEEE 802.15.1 (Bluetooth) implements request- response based scheme where specific implementation is dependent on the specific application/device used. Pairing mechanism can be PIN based comparison or Secure Simple Pairing (SSP)- which is more secure. In Zigbee (Upper layer extension on top of the IEEE 802.15.4) a trust center/coordinator requests a node for a valid shared network key before it can join the network. Submissio n Slide 9 Joseph Levy (InterDigital)

  10. July 2016 Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently IEEE 802.16 (WiMAX) (MBWA) implements RSA based authentication function using x.509 certificates or EAP based authentication. IEEE 802.20 (MBWA with Vehicular Mobility support) has Basic EAP Support Protocol. IEEE 802.21 (MIH) uses target network's authentication mechanism before MIH frames exchange. IEEE 802.22 (TVWS) uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Meareg Abreha (Addis Ababa University)

  11. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.3 (Ethernet) security IEEE 802.3 (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Meareg Abreha (Addis Ababa University)

  12. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.11 (WLANs) security IEEE 802.11 (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE 802.11 standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Meareg Abreha (Addis Ababa University)

  13. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as 802.11i (security protocol - WPA2) included on the 2007 amendment of the 802.11. Meareg Abreha (Addis Ababa University)

  14. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access (WPA) Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka Michael ) for data integrity Meareg Abreha (Addis Ababa University)

  15. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access Version 2 (WPA2) Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity Meareg Abreha (Addis Ababa University)

  16. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: WPA/WPA2 vulnerabilities include: - GTK vulnerability (Hole 196) - Dictionary based attacks on weak PTK Meareg Abreha (Addis Ababa University)

  17. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE 802.1w IEEE 802.1w Is a 2009 amendment to the 802.11i for protecting management frames Aims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Meareg Abreha (Addis Ababa University)

  18. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.1 (Bluetooth) security IEEE 802.15.1 (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption unicast Point-to-point and broadcast encryption both Meareg Abreha (Addis Ababa University)

  19. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.4 (LR WPANs) security IEEE 802.15.4 (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. MIC is used for data integrity. Meareg Abreha (Addis Ababa University)

  20. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.16 (WiMAX) security IEEE 802.16 (WiMAX) security Has two component protocols: lEncapsulation Protocol secures data across the fixed Broadband Wireless Access Network lKey Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Meareg Abreha (Addis Ababa University)

  21. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.20 (MBWA IEEE 802.20 (MBWA - - Vehicular Mobility) security Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Meareg Abreha (Addis Ababa University)

  22. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Meareg Abreha (Addis Ababa University)

  23. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity WRANs (IEEE 802.22) security WRANs (IEEE 802.22) security Two security sub-layers: lSublayer 1 targets non-cognitive functionalities lSublayer 2 targets cognitive functionalities Meareg Abreha (Addis Ababa University)

  24. July 2016 Data Confidentiality and Integrity Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the 802.22 systems against DoS attack types targeted at that layer. Meareg Abreha (Addis Ababa University)

  25. July 2016 Challenges and Conclusion Challenges and Conclusion Challenges Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Meareg Abreha (Addis Ababa University)

  26. July 2016 Thank You! Questions and comments are welcome :-) Meareg Abreha (Addis Ababa University)

  27. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently The IEEE 802.16 (WiMAX) (MBWA) implements RSA based authentication function using x.509 certificates or EAP based authentication. IEEE 802.20 (MBWA Vehicular Mobility support) has Basic EAP Support Protocol IEEE 802.21 (MIH) uses target network's authentication mechanism before MIH frames exchange. IEEE 802.22 (TVWS) uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Submissio n Slide 27 Meareg Abreha

  28. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.3 (Ethernet) security IEEE 802.3 (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Submissio n Slide 28 Meareg Abreha

  29. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.11 (WLANs) security IEEE 802.11 (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE 802.11 standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Submissio n Slide 29 Meareg Abreha

  30. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as 802.11i (security protocol - WPA2) included on the 2007 amendment of the 802.11. Submissio n Slide 30 Meareg Abreha

  31. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access (WPA) Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka Michael ) for data integrity Submissio n Slide 31 Meareg Abreha

  32. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access Version 2 (WPA2) Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity Both WPA and WPA2 include 802.1x (in enterprise mode) Submissio n Slide 32 Meareg Abreha

  33. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: WPA/WPA2 vulnerabilities include: - GTK vulnerability (Hole 196) - Dictionary based attacks on weak PTK etc. Submissio n Slide 33 Meareg Abreha

  34. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE 802.1w IEEE 802.1w lIs a 2009 amendment to the 802.11i for protecting management frames lAims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Submissio n Slide 34 Meareg Abreha

  35. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.1 (Bluetooth) security IEEE 802.15.1 (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption unicast Point-to-point and broadcast encryption - both Submissio n Slide 35 Meareg Abreha

  36. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.4 (LR WPANs) security IEEE 802.15.4 (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. MIC is used for data integrity. Submissio n Slide 36 Meareg Abreha

  37. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.16 (WiMAX) security IEEE 802.16 (WiMAX) security Has two component protocols: lEncapsulation Protocol secures data across the fixed Broadband Wireless Access Network lKey Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Submissio n Slide 37 Meareg Abreha

  38. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.20 (MBWA IEEE 802.20 (MBWA - - Vehicular Mobility) security Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Submissio n Slide 38 Meareg Abreha

  39. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Submissio n Slide 39 Meareg Abreha

  40. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH between heterogeneous IEEE 802 as well as other systems. Submissio n Slide 40 Meareg Abreha

  41. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity WRANs (IEEE 802.22) security WRANs (IEEE 802.22) security Two security sub-layers: lSublayer 1 targets non-cognitive functionalities lSublayer 2 targets cognitive functionalities Submissio n Slide 41 Meareg Abreha

  42. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the 802.22 systems against DoS attack types targeted at that layer. Submissio n Slide 42 Meareg Abreha

  43. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Challenges and Conclusion Challenges and Conclusion Challenges Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Submissio n Slide 43 Meareg Abreha

  44. <July 2016> doc.: IEEE 802.15-<15-16-0489-01-wng0> Thank You! Questions and comments are welcome :-) Submissio n Slide 44 Meareg Abreha

Related


Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
Discussion on IEEE 802.11be MLD Architecture Alignment

Discussion on IEEE 802.11be MLD Architecture Alignment

jannat
IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

finlo
IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

valerio
IEEE 802.11be MLD Architecture Discussion

IEEE 802.11be MLD Architecture Discussion

aylin
IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

jewel
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

jshah
IEEE 802.1CQ: Address Assignment and Validation Protocols

IEEE 802.1CQ: Address Assignment and Validation Protocols

coia227
Suitability of IEEE 802.11ah for LPWAN Applications Analysis

Suitability of IEEE 802.11ah for LPWAN Applications Analysis

milia
Security Testing and Architecture

Security Testing and Architecture

nataleaei
IEEE 802.1ABrev Extension for Auto Attach in SPB Networks

IEEE 802.1ABrev Extension for Auto Attach in SPB Networks

rjay
802.11be Architecture/Association Discussion

802.11be Architecture/Association Discussion

frff734
IEEE P802.15.13 Architecture Overview at Joint IEEE Meeting

IEEE P802.15.13 Architecture Overview at Joint IEEE Meeting

psuh
IEEE 802.11-20/0908r1 Multilink Traffic Stream Operation Overview

IEEE 802.11-20/0908r1 Multilink Traffic Stream Operation Overview

knox_roy
IEEE 802.11-24/2072r0 Document Summary

IEEE 802.11-24/2072r0 Document Summary

quin_win
Evolution and Impact of IEEE 802 Security Architectures

Evolution and Impact of IEEE 802 Security Architectures

jall371
Switching to EtherType Protocol Discrimination in IEEE 802.11 for 5.9GHz Operations

Switching to EtherType Protocol Discrimination in IEEE 802.11 for 5.9GHz Operations

lamya
IEEE 802.19-23/0025r2 Enhanced Sub-1GHz Study Group PAR and CSD Comments Resolution

IEEE 802.19-23/0025r2 Enhanced Sub-1GHz Study Group PAR and CSD Comments Resolution

prey803
Implementation of IEEE 802 Security Architecture History

Implementation of IEEE 802 Security Architecture History

aleinahn
IEEE 802 October 2024 Public Visibility Report & New Initiatives

IEEE 802 October 2024 Public Visibility Report & New Initiatives

yoo_vya
IEEE 802.19-24 Simulation Update for Coexistence of IEEE 802.15.4g and IEEE 802.11ah

IEEE 802.19-24 Simulation Update for Coexistence of IEEE 802.15.4g and IEEE 802.11ah

agoll
IEEE 802.11 WLAN Network Security: Elements and Operations

IEEE 802.11 WLAN Network Security: Elements and Operations

aich366

More Related Content