P1451dot5 Security by LA4c64


									P1451.5 Security
   Survey and Recommendations
          Ryon Coleman

          October 16, 2003
    Agenda – Analyze Security Techniques Of
    Candidate Stacks & Present Conclusions

   802.11 / 802.11i
       Key Management
       Encryption
       Authentication
   Bluetooth
       Profile Approach
       Layered Framework
   ZigBee / 802.15.4
   Government Considerations
   Areas for Convergence
   Backup Slides
    802.11 Security
    802.11i Specification for Enhanced Security

   IEEE 802.1X-based authentication mechanisms are
    used, with AES in CCMP mode, to establish an 802.11
    Robust Security Network (RSN).
   IEEE 802.1X-2001 defines a framework based on the
    Extensible Authentication Protocol (EAP) over LANs,
    also known as EAPoL.
   EAPoL is used to exchange EAP messages. EAP
    messages perform authentication and are used for key
    derivation between a STA and an EAP entity known as
    the Authentication Server (AS).
   802.11i defines a 4-way handshake using EAPoL for
    key management / key derivation.
          802.11i Authentication &
          Key Management Overview

        EAP Client                                                                EAP Server

     IEEE 802.1X                             IEEE 802.1X
                              EAPoL                                    Channel   Authentication
        Supplicant                             Authenticator
                                                                                  Server (AS)

    Port Access Entity                      Port Access Entity

1451.5 Transducer Interface           1451.5 NCAP / LAN Access Point

802.11 EAP Encapsulation
   EAPoL frames are normal IEEE 802.11 data
    frames, thus they follow the format of IEEE
    802.11 MSDUs and MPDUs.

    EAPoL for Key Exchange
   Packet Type = 0x03 in the 802.1X header indicates EAPoL-Key
   Used by the Authenticator and Supplicant to derive or exchange
    cryptographic keying information.
   After the association first forms, only IEEE 802.1X protocol
    messages (i.e., EAP and its associated authentication method)
    flow across the link until authentication completes
   The Supplicant’s IEEE 802.1X Port Access Entity (PAE) filters all
    non-EAP traffic during this period. Until authentication
    completes with the distribution of a Pairwise Master Key (PMK),
    the PAE ensures that only EAP packets are sent or received
    between this STA and the wireless medium.

802.11 RSN Information Element

Successful 802.1X
Authentication Exchange

4-Way Handshake to Derive
Encryption & Authentication Keys

4-Way Handshake to Derive
Encryption & Authentication Keys

Pairwise Key Hierarchy
Derivation Process – For Unicast

Group Key Hierarchy
Derivation Process – For Multicast

AES Counter + CBC-MAC
(CCMP) Provides Encryption & Authentication

   The CCMP protocol is based on AES using the CCM
    mode of operation.
   The CCM mode combines Counter (CTR) mode
    privacy and Cipher Block Chaining Message
    Authentication Code (CBC-MAC) authentication.
   These modes have been used and studied for a long
    time, have well-understood cryptographic properties,
    and no known patent encumbrances.
   They provide good security and performance in both
    hardware or software.

802.11 CCMP Encapsulation

802.11 CCMP Decapsulation

Bluetooth Security: LAN Access
Profile - A Cross-Layered Approach

           Applications                                                           Applications

           TCP & UDP                                                              TCP & UDP

               IP                               PPP Networking                          IP

            PPP                                PPP

     SDP       RFCOMM                 RFCOMM          SDP
                                                                     LAN               LAN
    L2CAP                                            L2CAP
                    LMP                  LMP

        Baseband                            Baseband

1451.5 Transducer Interface           1451.5 NCAP / LAN Access Point

               Bluetooth Baseband Authentication & Encryption

               PPP Authentication & Encryption

               IP Security Authentication, Integrity Protection & Encryption
                                                                               From “Bluetooth Security Whitepaper”
               Different Application Level Security Mechanisms
                                                                               Bluetooth SIG Security Expert Group
     Bluetooth Security Overview
   Bluetooth takes a cross-layered approach to implementing
       SAFER+ algorithm used at the Baseband for encryption &
       Link Manager specification covers link level procedures for
        configuring security.
       HCI specification details how a host controls security & how
        security-related events are reported by a Bluetooth module to its
       Bluetooth SIG whitepaper exists for implementing security and
        provides examples of how services might use security.
   Drawback: SAFER+ (Secure And Fast Encryption Routine) was
    beaten out by Rijndael for selection for AES in the U.S.
       Existing Bluetooth security does not satisfy U.S. DoD

ZigBee / 802.15.4 Security
   Like 802.11i, ZigBee relies on AES CCM as a
    mainstay for encryption + authentication.
   CCM mode consists of CTR mode encryption
    combined with CBC-MAC authentication to
    produce an authenticate-and-encrypt block
    cipher using NIST-approved AES.
   AES CCM is intended to provide encryption,
    sender authentication, and message integrity.

ZigBee Key Management
   Currently ZigBee is establishing its key
    management / key distribution
   Elliptic Curve based techniques are
    supposedly in the works
   Need additional input on ZigBee
    security from a member

Government Considerations
   Currently, there exist four FIPS-approved symmetric
    key algorithms for encryption:
       Advanced Encryption Standard (AES)
       Data Encryption Standard (DES)
       Triple-DES
       Skipjack
   AES is the FIPS-Approved symmetric encryption
    algorithm of choice.
   FIPS 197, Advanced Encryption Standard (AES),
    specifies the AES algorithm
   802.11i is compliant with NIST FIPS 197 and FIPS
    140-2 validation requirements.                        20
     Areas for Convergence
   AES CCM should be called out by 1451.5 at the MAC sublayer for
    authentication and encryption.
   Key Management is a crucial area for wireless security. 802.11i is
    good but may be too “heavy” for smart sensors.
        Access to ZigBee techniques would be useful in this area
   Bluetooth implements a layered approach, but is not in
    compliance with NIST or DoD requirements.
   A strong, layered approach for 1451.5 security would be AES CCM
    at the MAC plus 802.11i constructs including 802.1X EAPoL for
    mutual key derivation / key exchange.
   Any additional information from Axonn or ZigBee?

            Form Subgroup?                                               21
Backup Slides
Bluetooth Versus OSI Model

     Application Layer        Applications

    Presentation Layer     RFCOMM / SDP
      Session Layer             L2CAP
     Transport Layer     Host Ctrlr Intfce (HCI)
                          Link Manager (LM)
      Network Layer
                            Link Controller
     Data Link Layer
      Physical Layer             Radio

   OSI Reference Model        Bluetooth


To top