Transcript P1451dot5_Security - IEEE-SA
P1451.5 Security
Survey and Recommendations By: Ryon Coleman ( [email protected]
)
October 16, 2003
Agenda – Analyze Security Techniques Of Candidate Stacks & Present Conclusions 802.11 / 802.11i
Key Management Encryption Authentication Bluetooth Profile Approach Layered Framework ZigBee / 802.15.4
Government Considerations Areas for Convergence Backup Slides 2
802.11 Security 802.11i Specification for Enhanced Security IEEE 802.1X-based authentication mechanisms are used, with AES in CCMP mode, to establish an 802.11 Robust Security Network (RSN).
IEEE 802.1X-2001 defines a framework based on the Extensible Authentication Protocol (EAP) over LANs, also known as EAPoL.
EAPoL is used to exchange EAP messages. EAP messages perform authentication and are used for key derivation between a STA and an EAP entity known as the Authentication Server (AS).
802.11i defines a 4-way handshake using EAPoL for key management / key derivation.
3
802.11i Authentication & Key Management Overview
EAP
EAP Client IEEE 802.1X
Supplicant Port Access Entity 1451.5 Transducer Interface
EAPoL
IEEE 802.1X
Authenticator Port Access Entity 1451.5 NCAP / LAN Access Point
Secure Channel
EAP Server Authentication Server (AS) 4
802.11 EAP Encapsulation EAPoL frames are normal IEEE 802.11 data frames, thus they follow the format of IEEE 802.11 MSDUs and MPDUs.
5
EAPoL for Key Exchange
Packet Type = 0x03 in the 802.1X header indicates EAPoL-Key message.
Used by the Authenticator and Supplicant to derive or exchange cryptographic keying information.
After the association first forms, only IEEE 802.1X protocol messages (i.e., EAP and its associated authentication method) flow across the link until authentication completes The Supplicant’s IEEE 802.1X Port Access Entity (PAE) filters all non-EAP traffic during this period. Until authentication completes with the distribution of a Pairwise Master Key (PMK), the PAE ensures that only EAP packets are sent or received between this STA and the wireless medium.
6
802.11 RSN Information Element 7
Successful 802.1X Authentication Exchange 8
4-Way Handshake to Derive Encryption & Authentication Keys 9
4-Way Handshake to Derive Encryption & Authentication Keys 10
Pairwise Key Hierarchy Derivation Process – For Unicast 11
Group Key Hierarchy Derivation Process – For Multicast 12
AES Counter + CBC-MAC (CCMP) Provides Encryption & Authentication The CCMP protocol is based on AES using the CCM mode of operation. The CCM mode combines privacy and
Authentication Code Counter
(CTR) mode
Cipher Block Chaining Message
(CBC-MAC) authentication. These modes have been used and studied for a long time, have well-understood cryptographic properties, and no known patent encumbrances. They provide good security and performance in both hardware or software.
13
802.11 CCMP Encapsulation
14
802.11 CCMP Decapsulation
15
Bluetooth Security: LAN Access Profile - A Cross-Layered Approach SDP L2CAP Applications TCP & UDP PPP IP RFCOMM Baseband LMP
1451.5 Transducer Interface
PPP Networking PPP RFCOMM SDP LAN L2CAP LMP Baseband
1451.5 NCAP / LAN Access Point
Bluetooth Baseband Authentication & Encryption PPP Authentication & Encryption IP Security Authentication, Integrity Protection & Encryption Different Application Level Security Mechanisms Applications TCP & UDP IP LAN From “Bluetooth Security Whitepaper” Bluetooth SIG Security Expert Group 16
Bluetooth Security Overview
Bluetooth takes a cross-layered approach to implementing security: SAFER+ algorithm used at the Baseband for encryption & authentication.
Link Manager specification covers link level procedures for configuring security. HCI specification details how a host controls security & how security-related events are reported by a Bluetooth module to its host.
Bluetooth SIG whitepaper exists for implementing security and provides examples of how services might use security.
Drawback: SAFER+ (Secure And Fast Encryption Routine) was beaten out by Rijndael for selection for AES in the U.S.
Existing Bluetooth security does not satisfy U.S. DoD requirements.
17
ZigBee / 802.15.4 Security
Like 802.11i, ZigBee relies on AES CCM as a mainstay for encryption + authentication.
CCM mode consists of CTR mode encryption combined with CBC-MAC authentication to produce an authenticate-and-encrypt block cipher using NIST-approved AES.
AES CCM is intended to provide encryption, sender authentication, and message integrity.
18
ZigBee Key Management
Currently ZigBee is establishing its key management / key distribution techniques.
Elliptic Curve based techniques are supposedly in the works Need additional input on ZigBee security from a member representative… 19
Government Considerations
Currently, there exist four FIPS-approved symmetric key algorithms for encryption: Advanced Encryption Standard (
AES
) Data Encryption Standard (
DES
)
Triple-DES Skipjack
AES is the FIPS-Approved symmetric encryption algorithm of choice.
FIPS 197 , Advanced Encryption Standard (AES) specifies the AES algorithm ( http://csrc.nist.gov/cryptval/ ) , 802.11i is compliant with NIST FIPS 197 and FIPS 140-2 validation requirements.
20
Areas for Convergence
AES CCM should be called out by 1451.5 at the MAC sublayer for authentication and encryption.
Key Management is a crucial area for wireless security. 802.11i is good but may be too “heavy” for smart sensors.
Access to ZigBee techniques would be useful in this area Bluetooth implements a layered approach, but is not in compliance with NIST or DoD requirements.
A strong, layered approach for 1451.5 security would be AES CCM at the MAC plus 802.11i constructs including 802.1X EAPoL for mutual key derivation / key exchange.
Any additional information from Axonn or ZigBee?
Form Subgroup?
21
Backup Slides
Bluetooth Versus OSI Model
Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer
OSI Reference Model
Applications RFCOMM / SDP L2CAP Host Ctrlr Intfce (HCI) Link Manager (LM) Link Controller Baseband Radio
Bluetooth
23