Overview of IEEE 802.16 Security - PowerPoint PPT Presentation

Loading...

PPT – Overview of IEEE 802.16 Security PowerPoint presentation | free to view - id: 7bb43f-ZWQ0M



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Overview of IEEE 802.16 Security

Description:

Overview of IEEE 802.16 Security Advisor: Dr. Kai-Wei Ke Speaker: Yen-Jen Chen Date: 03/26/2007 – PowerPoint PPT presentation

Number of Views:134
Avg rating:3.0/5.0
Slides: 41
Provided by: TIG129
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Overview of IEEE 802.16 Security


1
Overview of IEEE 802.16 Security
  • Advisor Dr. Kai-Wei Ke
  • Speaker Yen-Jen Chen
  • Date 03/26/2007

2
Outline
  • Introduction to IEEE 802.16
  • IEEE 802.16 Security Architecture
  • IEEE 802.16 Security Issues
  • IEEE 802.16 Security Flaws
  • Conclusion
  • References

3
Introduction to IEEE 802.16
4
IEEE 802.16 WiMAX
  • For the wide area( ranging up to 50 Km)
  • Last mile connectively
  • Provide the higher speed connectively for the
    data, voice and video(32-134Mbps)
  • Low cast

5
IEEE 802.16 WiMAX
6
IEEE 802.16 WiMAX
7
IEEE 802.16 WiMAX
8
Comparing Technologies
802.11WiFi 802.16WiMAX 802.20Mobile-FI UMTS3G
Bandwidth 11-54 Mbps shared Share up to 70 Mbps Up to 1.5 Mbps each 384 Kbps 2 Mbps
Range (LOS)Range (NLOS) 100 meters 30 meters 30 50 km 2 - 5 km (07) 3 8 km Coverage is overlaid on wireless infrastructure
Mobility Portable Fixed (Mobile - 16e) Full mobility Full mobility
Frequency/Spectrum 2.4 GHz for 802.11b/g 5.2 GHz for 802.11a 2-11 GHz for 802.16a 11-60 GHz for 802.16 lt3.5 GHz Existing wireless spectrum
Standardization 802.11a, b and g standardized 802.16, 802.16a and 802.16 REVd standardized, other under development 802.20 in development Part of GSM standard
Backers Industry-wide Intel, Fujitsu, Alcatel, Siemens, BT, ATT, Qwest, McCaw Cisco, Motorola, Qualcom and Flarion GSM Wireless Industry
9
IEEE 802.16 Security Architecture
10
802.16 MAC Protocol Stack
11
MAC CS Sub-layer
  • CS Layer
  • Receives data from higher layers
  • Classifies the packet
  • Forwards frames to CPS layer

12
MAC CPS Sub-layer
  • Performs typical MAC functions such as addressing
  • Each SS assigned 48-bit MAC address
  • Connection Identifiers used as primary address
    after initialization
  • MAC policy determined by direction of
    transmission
  • Uplink is DAMA-TDM
  • Downlink is TDM
  • Data encapsulated in a common format facilitating
    interoperability
  • Fragment or pack frames as needed
  • Changes transparent to receiver

13
MAC Privacy Sub-layer
  • Provides secure communication
  • Data encrypted with cipher clock chaining mode of
    DES
  • Prevents theft of service
  • SSs authenticated by BS using key management
    protocol

14
IEEE 802.16 Security Architecture
15
IEEE 802.16 Security Issues
16
WMAN Threat Model
  • PHY threats
  • Water torture attack, jammings
  • No protection under 802.16
  • MAC threats
  • Typical threats of any wireless network
  • Sniffing, Masquerading, Content modification,
    Rouge Base Stations, DoS attacks, etc

17
IEEE 802.16 Security Model
  • DOCSIS (Data Over Cable Service Interface
    Specifications)
  • Assumption All equipments are controlled by the
    service provider.
  • Flaw May not be suitable for wireless
    environment.
  • Connection oriented (e.g. basic CID, SAID)
  • Connection
  • Management connection
  • Transport connection
  • Identified by connection ID (CID)
  • Security Association (SA)
  • Cryptographic suite (i.e. encryption algorithm)
  • Security info. (i.e. key, IV)
  • Identified by SAID

18
Security Association
  • Authorization SA
  • X.509 certificate ? SS
  • 160-bit authorization key (AK)
  • 4-bit AK identification tag
  • Lifetime of AK
  • KEK for distribution of TEK
  • Truncate-128(SHA1(((AK 044) xor 5364)
  • Downlink HMAC key
  • SHA1((AK044) xor 3A64)
  • Uplink HMAC key
  • SHA1((AK044) xor 5C64)
  • A list of authorized data SAs
  • Data SA
  • 16-bit SA identifier
  • Cipher to protect data DES-CBC
  • 2 TEK
  • TEK key identifier (2-bit)
  • TEK lifetime
  • 64-bit IV

19
X.509 certificate
20
Security Association
  • BS use the X.509 certificate from SS to
    authenticate.
  • No BS authentication
  • Negotiate security capabilities between BS and SS
  • Authentication Key (AK)
  • exchange AK serves as authorization token
  • AK is encrypted using public key cryptography
  • Authentication is done when both SS and BS
    possess AK

21
IEEE 802.16 Security Process
22
Authentication
Key lifetime 1 to 70 days , usually 7days
SS ?BS Cert(Manufacturer(SS)) SS ?BS Cert(SS)
Capabilities SAID BS ?SS RSA-Encrypt(PubKey(SS)
, AK) Lifetime SeqNo SAIDList
23
Authorization state machine flow diagram
24
Authorization FSM state transition matrix
25
Data Key Exchange
  • Data encryption requires data key called
    Transport Encryption key (TEK).
  • TEK is generated by BS randomly
  • TEK is encrypted with
  • Triple-DES (use 128 bits KEK)
  • RSA (use SSs public key)
  • AES (use 128 bits KEK)
  • Key Exchange message is authenticated by
    HMAC-SHA1 (provides Message Integrity and AK
    confirmation)

26
Key Derivation
  • KEK Truncate-128(SHA1(((AK 044) xor 5364)
  • Downlink HMAC key SHA1((AK044) xor 3A64)
  • Uplink HMAC key SHA1((AK044) xor 5C64)

27
Data Key Exchange
28
Data Encryption
29
Data Encryption
  • Encrypt only data message not management message
  • DES in CBC Mode
  • 56 bit DES key (TEK)
  • No Message Integrity Detection
  • No Replay Protection

30
Data Encryption
31
IEEE 802.16 Security Flaws
32
IEEE 802.16 Security Flaws
  • Lack of Explicit Definitions
  • Authorization SA not explicitly defined
  • SA instances not distinguished open to replay
    attacks
  • Solution Need to add nonces from BS and SS to
    the authorization SA
  • Data SA treats 2-bit key as circular buffer
  • Attacker can interject reused TEKs
  • SAID 2 bits ? at least 12 bits (AK lasts 70 days
    while TEK lasts for 30 minutes)
  • TEKs need expiration due to DES-CBC mode
  • Determine the period 802.16 can safely produce
    232 64-bit blocks only.

33
IEEE 802.16 Security Flaws
  • Lack of the mutual authentication
  • Authentication is one way
  • BS authenticates SS
  • No way for SS to authenticate BS
  • Rouge BS ? possible because all information's are
    public
  • Possible enhancement BS certificate
  • Limited authentication methodSS certification

34
IEEE 802.16 Security Flaws
  • Authentication Key (AK) generation
  • BS generates AK
  • No contribution from SS
  • SS must trust BS for the generation of AK

35
IEEE 802.16 Security Flaws
  • Data protection errors
  • 56-bit DES does not offer strong data
    confidentiality( Brute force attack)
  • Uses a PREDICTABLE initialization vector (while
    DES-CBC requires a random IV)
  • CBC-IV IV Parameter from TEK exchangeXOR
    PHY Synchronization field
  • Chosen Plaintext Attack to recover the original
    plaintext
  • Generates each per-frame IV randomly and inserts
    into the payload.
  • Though increases overhead, no other choice.

36
IEEE 802.16 Security Flaws
  • No Message Integrity Detection, No replay
    protection
  • Active attack
  • AES in CCM Mode
  • 128 bit key (TEK)
  • Message Integrity Check
  • Replay Protection using Packet Number

37
Conclusion
38
WiMAX PKM Protocol
BS
SS
1.??SS?? 2.??AK, ??????public key????
?AK??
1.??SHA?????HMAC-Digest 2.??TEK 3.?AK??KEK????TEK
1.??SHA??HMAC-Digest 2.?AK???KEK???TEK
HMAC-Digest??????????
39
Conclusion
  • It need the bidirectional authorization
  • Require more flexible authentication method
  • EAP Authentication
  • Improve Key derivation
  • Include the system identity (i.e., SSID)
  • Key freshness include random number from both SS
    and BS
  • Prefer AES to DES for data encryption

40
References
  • IEEE Std 802.16-2001 standard for the local and
    metropolitan Area Networks,part 16 ZAir
    interface for Fixed BroadBand Wireless Access
    Systems, IEEE Press , 2001
  • IEEE Std 802.16-2004(Revision of IEEE Std
    802.16-2001)
  • Johnson, David and Walker, Jesse of Intel (2004),
    Overview of IEEE 802.16 Security ,published by
    the IEEE computer society
  • http//www.seas.gwu.edu/cheng/388/LecNotes2006/
About PowerShow.com