From wired internet to ubiquitous wireless internet

Transcription

1 WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1

2 Classical intranet. Network access is restricted to authorized staff. PCs are physically connected by RJ45 plugs. DHCP servers are unsecured, intranet services are freely available (indoors). DHCP Server RJ45 Plug My dot.com Corporate services Mail Server Web Server Internet Firewall Restricted To authorized staff Service Set Identifier SSID Wireless LAN Distribution System Access Point WLAN a/b/g Basic Set Service STAtion What the market needs : Prevention of parking lot attack Access Control Billing & non repudiation AAA infrastructure Wireless Plug DHCP Server RJ45 Plug PORTAL Mail Server Radius Server AP Firewall Internet Parking Lot attack? 2

3 New Services Wireless access to corporate networks (intranet) or to the internet. Access control is mandatory in many environments (who is using my network?). Non repudiation (frame signature) is a pre-requisite for service billing. Wireless user privacy is a plus. But it may be performed at application level. Small Demonstration 3

4 Radio Link Security Radio Security 1 st generation Wireless Equivalent Privacy (WEP), defined in standard 2 nd generation, 802.1x architecture (with WEP). 3 nd generation, 802.1i, TKIP, hardware compatible with WEP 4 nd generation, 802.1i + AES, hardware incompatible with WEP. 4

5 WEP Works with for four static shared secrets and RC4 keys (64/128 bits), not scalable 1G Many security threats, Authentication, Data Integrity, Data Privacy. 2G - Periodic Authentication, Uses re-keying mechanisms (10,000 frames recommended, security limit at about one million frames.) Frame MAC HEADER IV KeyID 2 bits Ciphered block 24 bits 40/104 bits IV Shared Secret RC4 PRNG Body CRC XOR KeyStream A WEP frame RC4 key, 64/128 bits WEP 1G, Key Management, not scalable Shared secrets 5

6 IEEE 802.1x -TLS 802.1x Stack SSL authentication scenario/other -TLS RADIUS RADIUS Shared secret 802 Frames 802 Frames UDP/IP UDP/IP Station Access Point RADIUS Server Wireless Cell IP Network Traffic Filtering 6

7 802.1x Typical Use. Port Based Network Access Protocol Deals with (RFC 2284) protocol and RADIUS (RFC 2058). It is a key distribution architecture. Station (STA) sends an association request to the access point (AP). Station sends a 802.1x -EOL start message to AP. (1) Access Point AP sends an identity request to the station (2) Station produces an identity response. AP forwards this message to the RADIUS Server (RS), of which address is deduced from the identity parameter. (3) A set of request and response messages are exchanged between RS and STA and forwarded by AP. At the end of the authentication scenario, RS delivers a success notification to STA. RS and STA share a session key SK. (4) RS sends SK to AP. AP chooses a master key MK, other WEP keyor TKIP master key. (5) AP sends MK to STA, encrypted by the session key SK x architecture. Support / LAN / RADIUS STAtion Associate 1 Identity Request 2 Identity Response Identity Response Kent@comics.com SK Start Authentication Request Authentication Response -Success Access Point Authenticator Authentication Request Authentication Response -Success Authentication Server - RADIUS comics.com 3 SK SK(MK) 5 SK 4 MK MK 7

8 IEEE 802.1i - TKIP 802.1i TKIP New version of WEP, called TKIP, Temporal Key Integrity Protocol. Hardware compatible with WEP Per Packet Key (RC4 128 bits). Strong Packet Signature (Message Integrity Code). Master Key Distributed via 802.1x Ephemeris key (Transient Key), can be updated via a re-keying process. 8

9 TKIP frame (not yet standardized) Temporal Key 128 bits Master Key Transient Key 256 bits TX MIC Key 64 bits Rekeying RX MIC Key 64 bits MAC Address Temporal Key IV32 MSB (32 bits) Phase 1 Hash 80 bits array 16 bits bits 16 bits bits 16 bits 80 bits array Temporal Key Extended IV16 LSB (24 bits) Phase 2 Hash IV32 IV48 IV16 Hi8(IV16) (Hi8(IV16) 0x20) & 0x7F Lo8(IV16) Per Packet Key bits Extended IV16( 24 bits) = RC4 Key 24 bits Encrypted Data RC4 Key 104 bits Extended IV16 24 bits KeyID 8 bits IV32 32 bits DATA MIC 64 bits CRC 32 bits Extensible Authentication Protocol - 9

10 What is? An umbrella of authentication schemes shuttled by packets. Defines user Identity concept, a Network Access Identifier. One authentication scheme (Type field) per authentication server, MD5 Challenge, a digest is computed from a random value and a shared secret. PPP TLS a protocol based on SSL mechanisms. IAKERB, adaptation of Kerberos V5 procedures. SIM, reuse of SIM smartcards (GSM 11.11). AKA, support of USIM smartcards (UMTS security modules). Who is supporting? Normalization Committees. IETF - RFC IEEE x. Javacard forum Network Manufacturers CISCO. NOKIA. Operating System Manufacturers Microsoft XP. 10

11 umbrella. 1 Request 2 Response 3 Success 4 Failure Packet Identifier Packet Length Code Identifier Length Type Type-Data Superman@comics.com Authentication Type comics.com Authentication Server WLAN Card 1 Identity 2 Notification 3 NAK 4 MD5 challenge 18 SIM- Authentication Schemes TLS Chap/MD5 Kerberos SIM/USIM Extensible Authentification Protocol Messages Transport Layer Network over RADIUS TCP/IP Over LAN - OL IEEE GSM versus Wi-Fi Attribute GSM WiFi Network Identifier Implicit SSID User Identifier IMSI. Operator dependant NAI. One per WiFi. Authentication Methods A3,A8 plus Ki Key MD5, TLS, Kerberos, Other. Network Access Identifier - NAI - rfc 2486 superman@comics.com login Authentication (radius) server Authentication Scheme Microsoft PKI GSM operators 11

12 OS Glue Operating Software Glue. OS software glue Messages Master Key 12

13 XP Operations. _Info = GetInfo(_Type) provider (DLL) GetIdentity () DIALOG BOX OK Wireless Interface Packet _Info Initialize() Begin() Message() End() Authentication Protocol User Key(s) Software glue InvokeConfigUserInterface() DIALOG BOX Protocol Configuration Standard Smartcard Interface WLAN CARD OK Use cases 13

14 -SIM Operator Wireless LAN OWLAN Charging gateway Example1, -SIM, Mobile. SIM module IMSI Operator Domain NAI Identity K_int K-randsres RANDi Ki A 3 A 8 SRESi Kci NONCE SHA-1 K_Master SHA- 1 K-encr Application specific keys Authenticator Client Set-Identity(1IMSI@domain ) -Packet() WLAN Card _TYPE = -SIM 14

15 L - NT like authentication. Dedicated to MS platforms. Example 2, L, MS Code 0x01 Identifier Length Type 0x11 Version 0x01 Unused 0x00 Count 0x08 Peer Challenge Peer Challenge User Name... Password Hash-MD4 = 16 bytes + 5 nul bytes = 3 DES Keys (7 octets) Code 0x02 Identifier Length Type 0x11 Version 0x01 Unused 0x00 Count 0x18 MS_CHAP Peer Response MS_CHAP Peer Response MS_CHAP Peer Response MS_CHAP Peer Response MS_CHAP Peer Response MS_CHAP Peer Response User Name Response = 24 bytes =(Des 1,Des 2,Des 3 )(challenge 8 octets ) Set-Identity(MyUserName) -Packet() WLAN Card _TYPE = L 15

16 -TLS, PKI Architecture Supported by MS platforms. Example 3, TLS, PKI. <- -Request/Identity Digest MD5+SHA-1 36 octets PrivateExponent (Modulus) RSA Signature -Response/Identity (MyID)------> -Response/-Type=-TLS (TLS client_hello) > -Response/-Type=-TLS TLS certificate, TLS client_key_exchange, [TLS certificate_verify,] TLS change_cipher_spec, TLS finished) > -Response/-Type=-TLS > <- -Request/-Type=-TLS/ TLS Start <- -Request/-Type=-TLS TLS server_hello, TLS certificate, [TLS server_key_exchange,] [TLS certificate_request,] TLS server_hello_done) <- -Request/ -Type=-TLS (TLS change_cipher_spec, TLS finished) <- -Success Set-Identity(MyUserName) -Packet() WLAN Card _TYPE = -TLS 16

17 Protected - P Normalization initiative. 17

18 55th IETF Atlanta, GA, November 17-21, 2002 support in smartcards Draft-urien--smartcard-00.txt Draft Objectives. support in smartcards. is computed in smartcard. Profiles definition, for some types (-SIM, -TLS, ) Interoperability between ISO 7816 smartcards. Agreement between major smartcard manufacturers. Four service primitives. Get-Next-identity() Set-Identity() -Packet() Get-RSN-Master-Key() ENGINE SIM IAK KERB TLS MD5 AKA Smartcard 18

19 JCF javacard API WISP Applet Service Provider Interface -API JavaCard Run time Environment Java Virtual Machine API Framework Classes APIs Smartcard OS Engine Files Management Cryptographic Security IO Library Management Management ISO APDUs IETF Draft User Interface 19