Original Lecture Slides by Lawrie Brown Revised by Gerhard P Hancke (2011-03-23)

*
*IEEE 802 committee for LAN standards *IEEE 802.11 formed in 1990s
*Charter to develop a protocol & transmission
specifications for wireless LANs (WLANs)

*Since then demand for WLANs, at different

frequencies and data rates, has exploded issued

*Hence seen ever-expanding list of standards

*
Table 6.1 briefly defines key terms used in the IEEE 802.11 standard.

*
*802.11b first broadly accepted standard *Wireless Ethernet Compatibility Alliance (WECA)
industry consortium formed 1999

*To assist interoperability of products *Renamed Wi-Fi (Wireless Fidelity) Alliance *Created a test suite to certify interoperability *Initially for 802.11b, later extended to 802.11g *Concerned with a range of WLANs markets, including
enterprise, home, and hot spots

*
Figure 6.1

Figure 6.3

IEEE 802.11 defines nine services that need to be provided by the wireless LAN to achieve functionality equivalent to wired LANs. (Table 6.2)

*
*Wireless traffic can be monitored by any radio in
range, not physically connected

*Original 802.11 spec had security features

*Wired Equivalent Privacy (WEP) algorithm *but found this contained major weaknesses

*802.11i task group developed capabilities to

address WLAN security issues

*Wi-Fi Alliance Wi-Fi Protected Access (WPA) *final 802.11i Robust Security Network (RSN)

*
This specification defines the following services: *Authentication: A protocol is used to define an
exchange between a user and an AS that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link. authentication function, routes the messages properly, and facilitates key exchange. It can work with a variety of authentication protocols.

* Access control: This function enforces the use of the

* Privacy with message integrity: MAC-level

data (e.g., an LLC PDU) are encrypted, along with a message integrity code that ensures that the data have not been altered.

*
Stallings Figure 6.4a indicates the security protocols used to support these services.

*
Stallings Figure 6.4b lists the cryptographic algorithms used for the 802.11i RSN security services.

*
Five distinct phases of operation, as shown in Figure 6.5

*
IEEE 802.11i uses the Extensible Authentication Protocol (EAP) that is defined in the IEEE 802.1X standard, designed to provide access control functions for LANs.

Figure 6.6

802.11i Key Management Phase

The upper part of Figure 6.9 shows the MPDU exchange for distributing pairwise keys, known as the 4-way handshake.

*
*Have two schemes for protecting data *Temporal Key Integrity Protocol (TKIP)
*s/w changes only to older WEP *adds 64-bit Michael message integrity code (MIC) *encrypts MPDU plus MIC value using RC4

*Counter Mode-CBC MAC Protocol (CCMP)

*uses the cipher block chaining message authentication
code (CBC-MAC) for integrity

*uses the CRT block cipher mode of operation

*
At a number of places in the IEEE 802.11i scheme, a pseudorandom function (PRF) is used. For example, it is used to generate nonces, to expand pairwise keys, and to generate the GTK. The PRF is built on the use of HMAC-SHA-1 to generate a pseudorandom bit stream. The IEEE 802.11i PRF takes four parameters (a secret key K, an application specific text string A, some data specific to each case B, and the desired number of pseudorandom bits Len) as input, and produces the desired number of random bits.

*
*A universal, open standard developed by WAPF
Forum to provide mobile wireless users access to telephony and information services

*Drawback: Significant limitations of devices(e.g.

processors, memory and battery life), networks, displays with wide variations

*WAP specification includes:

*programming model, markup language, small browser,
lightweight communications protocol stack, applications framework

*
The WAP Programming Model is based on three elements: the client, the gateway, and the original server, as shown here in Stallings Figure 6.11

Figure 6.12 illustrates key components in a WAP environment.

*
*Describes content and format for data display
on devices with limited bandwidth, screen size, and user input capability

*Features include:
*text / image formatting and layout commands *deck/card organizational metaphor *support for navigation among cards and decks

*A card is one or more units of interaction *A deck is similar to an HTML page

*
Stallings Figure 6.13 (next slide) illustrates the overall stack architecture implemented in a WAP client. In essence, this is a five-layer model. Each layer provides a set of functions and/or services to other services and applications through a set of well-defined interfaces. Each of the layers of the architecture is accessible by the layers above, as well as by other services and applications. Many of the services in the stack may be provided by more than one protocol. For example, either HTTP or WSP may provide the Hypermedia Transfer service.

Figure 6.13

*
Figure 6.14 depicts a common protocol stack configuration in which a WAP client device connects to a Web server via a WAP gateway.

*
*Wireless Session Protocol (WSP)
*provides applications two session services *connection-oriented and connectionless *based on HTTP with optimizations

*Wireless Transaction Protocol (WTP)

*manages transactions of requests / responses
between a user agent & an application server

*provides an efficient reliable transport service

*Wireless Datagram Protocol (WDP)

*adapts higher-layer WAP protocol to comms

*
*Provides security services between mobile
device (client) and WAP gateway

*provides data integrity, privacy, authentication,

denial-of-service protection

*Based on TLS
*more efficient with fewer message exchanges *use WTLS between the client and gateway *use TLS between gateway and target server

*WAP gateway translates WTLS / TLS

*
Two important WTLS concepts are:

*Secure connection
*a transport providing a suitable type of service *connections are transient *every connection is associated with 1 session

* Secure session
*an association between a client and a server *created by Handshake Protocol *define set of cryptographic security parameters *shared among multiple connections

*
WTLS is not a single protocol but rather two layers of protocols, as illustrated in Figure 6.15:

*
The following steps occur (Figure 6.16):

*
*Change Cipher Spec Protocol
*simplest, to make pending state current

*Alert Protocol
*used to convey WTLS-related alerts to peer *has severity: warning, critical, or fatal *and specific alert type

*Handshake Protocol
*allow server & client to mutually authenticate *negotiate encryption & MAC algs & keys *used before any application data are transmitted

*
A series of messages exchanged by the client and server

*
*WTLS authentication
*uses certificates
* X.509v3, X9.68 and WTLS (optimized for size)

*can occur between client and server or client may

only authenticates server

*WTLS key exchange

*generates a mutually shared pre-master key
*optional use server_key_exchange message * for DH_anon, ECDH_anon, RSA_anon * not needed for ECDH_ECDSA or RSA

*
*Pseudorandom Function (PRF) *Master Key Generation
*HMAC based, used for a number of purposes *only one hash alg, agreed during handshake *of shared master secret *master_secret = PRF( pre_master_secret, "master
secret, ClientHello.random || ServerHello.random ) *then derive MAC and encryption keys

*Encryption with RC5, DES, 3DES, IDEA

*
*Mobile device establishes a secure WTLS session with
the WAP gateway. *The WAP gateway establishes a secure SSL or TLS session with the Web server. *Within the gateway, data are not encrypted during the translation process. *The gateway is thus a point at which the data may be compromised.

Figure 6.19

In both approaches, the mobile client implements TCP/IP and HTTP.

Figure 6.20

Figure 6.21

*
*Have considered:
*IEEE 802.11 Wireless LANs *Protocol overview and security

*Wireless Application Protocol (WAP)

*Protocol overview

*Wireless Transport Layer Security (WTLS)