P1451dot5 Security by LA4c64

VIEWS: 21 PAGES: 23

									P1451.5 Security
   Survey and Recommendations
               By:
          Ryon Coleman
      (rcoleman@3eti.com)

          October 16, 2003
    Agenda – Analyze Security Techniques Of
    Candidate Stacks & Present Conclusions

   802.11 / 802.11i
       Key Management
       Encryption
       Authentication
   Bluetooth
       Profile Approach
       Layered Framework
   ZigBee / 802.15.4
   Government Considerations
   Areas for Convergence
   Backup Slides
                                              2
    802.11 Security
    802.11i Specification for Enhanced Security

   IEEE 802.1X-based authentication mechanisms are
    used, with AES in CCMP mode, to establish an 802.11
    Robust Security Network (RSN).
   IEEE 802.1X-2001 defines a framework based on the
    Extensible Authentication Protocol (EAP) over LANs,
    also known as EAPoL.
   EAPoL is used to exchange EAP messages. EAP
    messages perform authentication and are used for key
    derivation between a STA and an EAP entity known as
    the Authentication Server (AS).
   802.11i defines a 4-way handshake using EAPoL for
    key management / key derivation.
                                                           3
          802.11i Authentication &
          Key Management Overview


                                                  EAP
        EAP Client                                                                EAP Server




     IEEE 802.1X                             IEEE 802.1X
                                                                       Secure
                              EAPoL                                    Channel   Authentication
        Supplicant                             Authenticator
                                                                                  Server (AS)


    Port Access Entity                      Port Access Entity



1451.5 Transducer Interface           1451.5 NCAP / LAN Access Point




                                                                                                  4
802.11 EAP Encapsulation
   EAPoL frames are normal IEEE 802.11 data
    frames, thus they follow the format of IEEE
    802.11 MSDUs and MPDUs.




                                                  5
    EAPoL for Key Exchange
   Packet Type = 0x03 in the 802.1X header indicates EAPoL-Key
    message.
   Used by the Authenticator and Supplicant to derive or exchange
    cryptographic keying information.
   After the association first forms, only IEEE 802.1X protocol
    messages (i.e., EAP and its associated authentication method)
    flow across the link until authentication completes
   The Supplicant’s IEEE 802.1X Port Access Entity (PAE) filters all
    non-EAP traffic during this period. Until authentication
    completes with the distribution of a Pairwise Master Key (PMK),
    the PAE ensures that only EAP packets are sent or received
    between this STA and the wireless medium.




                                                                        6
802.11 RSN Information Element




                                 7
Successful 802.1X
Authentication Exchange




                          8
4-Way Handshake to Derive
Encryption & Authentication Keys




                                   9
4-Way Handshake to Derive
Encryption & Authentication Keys




                               10
Pairwise Key Hierarchy
Derivation Process – For Unicast




                                   11
Group Key Hierarchy
Derivation Process – For Multicast




                                 12
AES Counter + CBC-MAC
(CCMP) Provides Encryption & Authentication

   The CCMP protocol is based on AES using the CCM
    mode of operation.
   The CCM mode combines Counter (CTR) mode
    privacy and Cipher Block Chaining Message
    Authentication Code (CBC-MAC) authentication.
   These modes have been used and studied for a long
    time, have well-understood cryptographic properties,
    and no known patent encumbrances.
   They provide good security and performance in both
    hardware or software.


                                                       13
802.11 CCMP Encapsulation




                            14
802.11 CCMP Decapsulation




                            15
Bluetooth Security: LAN Access
Profile - A Cross-Layered Approach

           Applications                                                           Applications

           TCP & UDP                                                              TCP & UDP

               IP                               PPP Networking                          IP

            PPP                                PPP

     SDP       RFCOMM                 RFCOMM          SDP
                                                                     LAN               LAN
    L2CAP                                            L2CAP
                    LMP                  LMP

        Baseband                            Baseband

1451.5 Transducer Interface           1451.5 NCAP / LAN Access Point


               Bluetooth Baseband Authentication & Encryption

               PPP Authentication & Encryption

               IP Security Authentication, Integrity Protection & Encryption
                                                                               From “Bluetooth Security Whitepaper”
               Different Application Level Security Mechanisms
                                                                               Bluetooth SIG Security Expert Group
                                                                                                                      16
     Bluetooth Security Overview
   Bluetooth takes a cross-layered approach to implementing
    security:
       SAFER+ algorithm used at the Baseband for encryption &
        authentication.
       Link Manager specification covers link level procedures for
        configuring security.
       HCI specification details how a host controls security & how
        security-related events are reported by a Bluetooth module to its
        host.
       Bluetooth SIG whitepaper exists for implementing security and
        provides examples of how services might use security.
   Drawback: SAFER+ (Secure And Fast Encryption Routine) was
    beaten out by Rijndael for selection for AES in the U.S.
       Existing Bluetooth security does not satisfy U.S. DoD
        requirements.


                                                                            17
ZigBee / 802.15.4 Security
   Like 802.11i, ZigBee relies on AES CCM as a
    mainstay for encryption + authentication.
   CCM mode consists of CTR mode encryption
    combined with CBC-MAC authentication to
    produce an authenticate-and-encrypt block
    cipher using NIST-approved AES.
   AES CCM is intended to provide encryption,
    sender authentication, and message integrity.

                                                18
ZigBee Key Management
   Currently ZigBee is establishing its key
    management / key distribution
    techniques.
   Elliptic Curve based techniques are
    supposedly in the works
   Need additional input on ZigBee
    security from a member
    representative…

                                               19
Government Considerations
   Currently, there exist four FIPS-approved symmetric
    key algorithms for encryption:
       Advanced Encryption Standard (AES)
       Data Encryption Standard (DES)
       Triple-DES
       Skipjack
   AES is the FIPS-Approved symmetric encryption
    algorithm of choice.
   FIPS 197, Advanced Encryption Standard (AES),
    specifies the AES algorithm
    (http://csrc.nist.gov/cryptval/)
   802.11i is compliant with NIST FIPS 197 and FIPS
    140-2 validation requirements.                        20
     Areas for Convergence
   AES CCM should be called out by 1451.5 at the MAC sublayer for
    authentication and encryption.
   Key Management is a crucial area for wireless security. 802.11i is
    good but may be too “heavy” for smart sensors.
        Access to ZigBee techniques would be useful in this area
   Bluetooth implements a layered approach, but is not in
    compliance with NIST or DoD requirements.
   A strong, layered approach for 1451.5 security would be AES CCM
    at the MAC plus 802.11i constructs including 802.1X EAPoL for
    mutual key derivation / key exchange.
   Any additional information from Axonn or ZigBee?


            Form Subgroup?                                               21
Backup Slides
Bluetooth Versus OSI Model

     Application Layer        Applications

    Presentation Layer     RFCOMM / SDP
      Session Layer             L2CAP
     Transport Layer     Host Ctrlr Intfce (HCI)
                          Link Manager (LM)
      Network Layer
                            Link Controller
     Data Link Layer
                               Baseband
      Physical Layer             Radio

   OSI Reference Model        Bluetooth



                                                   23

								
To top