WLAN與Cellular安全機制探討.ppt

1 WLAN與Cellular安全機制探討 2 Outline CurrentStatusofWLANsDeploymentWLANsNetworkSecurity802 11 AttackWLANsSecurityArchitecture802 1x EAP TLS EAP SIMWPA 802 11iUpcomingWLAN CellularIntegrationSecurityIntegrationArchitectureConclusionQ A 3 PWLAN CrossingtheChasm Source WLANintheEraof3G XinliHouEricsson2003 07 09 4 行動通訊手機普及率106 世界第一 2002 WLAN產量全球市佔率高達80 產值佔全球30 2002 產值與產量不成正比 賺辛苦錢 雙網應用整合發展計畫規劃提昇生產製造優勢 加強高附加價值應用服務藉由雙網應用整合發展計畫 培養國內業者建立整體解決方案能力手機WLANandCellular整合 創造雙網應用服務 2002 世界製造 市場佔有率 WLAN 1 8 0 台灣發展Cellular WLAN雙網服務利基 5 Cellular WLANIntegrationSolution GGSN CellularNetwork SGSN HLR Internet AP AP PublicWLAN GSM GPRS WLAN WLANcard LoosecouplingIntegrationstartingattheIPlayer 6 Cellular與WLAN各有所長 2 5G 數據 GPRS cdmaOne 2G 語音 GSM PDC IS 95 3G 多媒體 W CDMA cdma2000 系統說明 Voice CircuitData 14 4kbps Macro MicrocellGSM PDC IS 95 Voice PacketData Upto115kbps Macro Micro PicocellGPRS IS 95B Multimedia Upto2Mbps Macro Micro Pico SpotcellW CDMA cdma2000 資料來源 工研院IEK 2003 03 Cellular Wideareacoverage voice narrow banddataservicesWLAN High bandwidthwirelessbutinspecificlocation Low costdeployment Cellular及WLAN各有所長 兩者可以互補WLAN有助改變消費者行為 刺激隨處快速存取數據及3Gservice的需求Operator業者結合WLAN 可搶佔高速傳輸市場HotSpot Wi FiCity 雙網 7 WLAN CellularIntegration商機 Service Operator業者可提供傳輸語音與上網的服務 行動電話使用者 網際網路使用者 使用行動電話與網際網路的使用者 GPRS 3G之原有大餅 Keep 語音使用者 資料 語音使用者 CellularOperator業者之用戶 WLAN進入 GPRS 3G加上PWLAN對原有客戶之之大餅 網際網路使用者 資料來源 工研院IEK 2002 12 新客戶 GPRS 3G加上PWLAN對新 舊客戶之之大餅 8 全球Cellular WLAN進展 各國應用Cellular WLAN案例 各國推廣PWLAN進展 9 各國目前發展PWLAN情況 資料來源 工研院IEK 2003 06 10 DigitalContentProgram 1 無線上網點 2003年中約700處 2 用戶數 WLAN發卡數已超過100萬張 但實際達成漫遊者接近0 3 台灣WLAN設備製造全球第一 市佔率超過8成 4 目前已利用主導性新產品開發計畫等 促使WLAN設備之零組件國產化 5 台灣有全球最強的設備製造能力 若能加強應用及Content能力台灣將擁有完整整體解決方案 6 網路服務整合Cellular與WLAN 設備製造 晶片設計 製造 系統整合 服務業者 揚智 上元 威盛 瑞昱 益勤 鎵葳 亞信 聯發 工研院 正文 亞旭 智捷 環隆 建漢 友訊中華電訊 智邦明基電通 晶訊神腦 突破 陽慶 全球領航 傳易科技傳象科技 華電聯網弘運科技 士恆資訊 曜正 Hinet 蕃薯藤 東信 遠傳億聯科技 Content 我國發展PWLAN現況 工研院IEK 2003 06 11 12 PWLAN成功關鍵因素分析 開發具地方特色之應用及內容 示範應用區建立 具競爭力之商業營運模式 系統整合業者 設備提供者 WLAN漫遊 上網及安全機制是否恰當 總入口網站建置與維護 宣導推廣與成果展示 Cellular WLAN網路漫遊認證 作業管理機制 建立漫遊機制與平台 13 SecurityIssuesofWLAN CurrentStatusofWLANsDeploymentWLANsNetworkSecurity802 11 AttackWLANsSecurityArchitecture802 1x EAP TLS EAP SIMWPA 802 11iUpcomingWLAN CellularIntegrationSecurityIntegrationArchitectureConclusion 14 WLAN CellularIntegration挑戰 行動電話服務業者的態度 硬體類PDA或Notebook等可攜式產品價格降低整合GSM GPRS WLAN功能且具有SIM卡的WLAN售價降低TechnologyDevelopment 消費者被適當的教育EducationProgramsRegulatoryBodyGovernmentInitiatives 軟體類軟體業者提供相關線上遊戲等加值軟體 資料來源 工研院IEK 2002 12 ServiceProviders EquipmentManufacturers Customers others ContentProviders ServiceTrials CompetitiveBilling DRMSupport 15 WLAN CellularIntegration挑戰 PowerConsumptionHandoff RoamingSecurity Authentication Authorization DRMBillingQoSSystemInterface BusinessModelsGlobalRoamingAgreementRelationshipamongWISP NetworkProviders ContentProvidersServiceChargeCustomerHabit 技術面 商業面 16 SecurityIssuesofWLAN CurrentStatusofWLANsDeploymentWLANsNetworkSecurity802 11 AttackWLANsSecurityArchitecture802 1x EAP TLS EAP SIMWPA 802 11iUpcomingWLAN CellularIntegrationSecurityIntegrationArchitectureConclusion 17 WLANSecurity 論文簡述及發表時間 WLANhasencryption authenticationandsystemsecurityproblemWLAN最根本的問題為使用 分享靜態的金鑰 的認證方式 18 WLAN安全標準發展現狀 Time WPA WPAv 2 19 Background WLANusingISM IndustryScientificandMedical bandUnlicensed 2 4GHz IEEE802 11b 11Mbps 22Mbps 1999 5 8GHz IEEE802 11a 54Mbps 72Mbps 2001 2 4GHz IEEE802 11g 54Mbps2003WLANstandards802 11b802 11gisgoodforsecurity802 11a 11MPS 2 4GHZ WPA incompatible11i 30 75m 54MPS 2 4GHZ WPA compatible11i 30 75m compatible11b 54MPS 5 8GHZ WPA incompatible11i 30 75m incompatible11b 20 802 11basic AssociationmustbedonebeforedatatransmissionTheassociationprocesshasthreestates DeAuthentication 21 802 11basic cont AssociationprocessFindAPAPsendbeaconcontainingSSIDperiodicallyorClientsendproberequesttofindAPthatisusingadesiredSSIDAuthenticationOpensystem orpresharesecretMACaddresslistClientsendassociationrequest receiveresponseSenddata 22 802 11basic cont AuthenticationOpenSystemAuthenticateusingSSIDPresharesecretEncryptchallengeusingpresharesecretasakeyAccessPointuses challengeandresponse methodtoauthclient 23 802 11basic cont AccessList 00 02 03 04 05 06 Officeintranet 01 02 03 04 05 07 01 02 03 04 05 65 00 02 03 04 05 06 Setupanaccesstablemanually 02 02 03 04 05 07 reject accept 24 SomeKnownAttacksofWLANEnvironment 1 InformationExposureBrute ForceSSIDDenialofserviceSessionHijackingMan in the middleattack 25 SomeKnownAttacksofWLANEnvironment 2 InformationExposureWhatcanweseeinanAP sConfigurationServiceSetIdentifier SSID ChannelStrengthWEPStatusAP sMACAddressAttackerscanusethesemessagetogetwhattheywant 26 InformationExposureExample SomeKnownAttacksofWLANEnvironment 3 27 SomeKnownAttacksofWLANEnvironment 4 Brute ForceSSID TryDefaultSSID suchas tsunami Cisco 101 3Com Compaq Compaq WLAN Addtron intel Intel linksys Linksys Wireless or Default UseBrute forceDictionaryAttack 28 SomeKnownAttacksofWLANEnvironment 5 DenialofServiceUsingtheflawofthe802 11protocol De authenticationframes UseMACaddressofAccessPointSenddeauthenticateframesSendcontinuouslySendtobroadcastaddressUsersareunabletoreassociatewithAP 29 SomeKnownAttacksofWLANEnvironment 6 SessionHijacking Switch Server10 0 0 100 01 02 03 04 05 Victim10 0 0 1005 04 03 02 01 00 Victim sARPTableIP MAC10 0 0 1 00 01 02 03 04 05 Server sARPTableIP MAC10 0 0 10 05 04 03 02 01 00 30 SomeKnownAttacksofWLANEnvironment 7 Man in the Middle Communicate ESSID CISCOAPMAC 00 01 02 03 04 05 MAC E1 3B D3 78 D5 43 Victim 31 SecurityIssuesinEnterpriseandPublicWLANEnvironment 1 EnterpriseenvironmentPhysicalAPControl connecttointradirectly AuthorizationatAPAuthenticationWEBpageisonGateway 32 SecurityIssuesinEnterpriseandPublicWLANEnvironment 2 PublicenvironmentAPsatinsecureenvironment forgeAPs SeldomWEPEncryptionAuthorizationatAPorGateway Authentication Authorization SeldomWEPEncryption CentralizedAAA AAAservers Gateway PublicNetwork ISPnetwork Office Insecureenvironment secureenvironment 33 EnhancedWLANaccessmethodsneeded Link layerenhancementsAuthenticationWeb basedauthentication forpublicWLAN 802 1x basedauthentication foroffice publicWLAN EncryptionFrequentkeyexchangeTKIP longIV MD5inkeyscheduling MIC AES OCB combinedencryptionandMIC IP layerenhancement IPsecoverWLAN 34 SecurityIssuesinEnterpriseandPublicWLANEnvironment 3 ProblemstatementAuthenticationinterfaceWEBbaseManageWEPkeysbymanually ItisnotsuitableforlargescaleofficeSeldomWEPEncryptinPublicWLANAuthenticationWEBpageisonGatewayDonotinstallanotherclientsoftware Userneedtoinputid passwdwhenhe sheconnecttonetwork 802 1xbaseDonotneeduserinterfacewhenuserwanttoassociatetoWLANnetwork Itissuitablefor3G WLANintegrating Authentication keymanagementwithAAA 802 1x DynamickeyexchangeUsedinRSN RobustSecurityNetwork whichisthelongtermsecurityarchitectureproposedbyIEEE 35 Counter measure PreventionWLANScannerunifiedlogcollectionsystemDetectionMis configurationDetectionLayer 2IDSSecureSensorThreatandWeaknessDetectionofLogsystemProtectionFirewall過濾非法連線VPN建立點對點間的加密連線WLAN802 1x 802 11i利用身份認證措施防止非法入侵行為安全度較高之密碼演算法 RC4 AES TKIP 36 SecurityIssuesofWLAN CurrentStatusofWLANsDeploymentWLANsNetworkSecurity802 11 AttackWLANsSecurityArchitecture802 1x EAP TLS EAP SIMWPA 802 11iUpcomingWLAN CellularIntegrationSecurityIntegrationArchitectureConclusion 37 WLANSecurityArchitecture 1 802 1xstandardTorestrictaccesstotheserviceofferedbyaLANtothoseusersanddevices Maybeusedbyall802 xnetworksDefineportbaseaccesscontrolDonothaveanymentionforkeymanagementLeftforvendorimplementation EAP TLSv sEAP MD5 CanuseanyEAP RFC2284 methodinstalledonanAAAserver 38 WLANSecurityArchitecture 2 802 1xarchitecture Supplicant AuthenticationServer Authenticator SupplicantEthernet 802 3 WLAN 802 11 AuthenticatorEthernet 802 3 WLAN 802 11 AP AAARADIUSDiameter Afterauthenticationthenportopens EAPOL overlan EAPinRADIUS 39 WLANSecurityArchitecture 3 802 1xauthentication802 1xrequiresEAP ExtensibleAuthenticationProtocolEAPhasfourmainauthenticationprotocolsMD5CiscoLEAPEAP TLSEAP TTLSandPEAP TTLS PEAPusecertificatestoauthenticateserverside butTTLSclientloginusingpassword AllbutMD5use128bitkeys 40 WLANSecurityArchitecture 4 802 1xauthenticationprotocolscompare 備註 EAP SIMisonlydraft 41 WLANSecurityArchitecture 5 EAP XXXTherearemanyEAPauthenticationprotocolsproposedin802 1x Whichprotocolsaresurvival Whichprotocolsdowefollow TypeDescriptionReferenceImplemented SpecAvailable 1Identity RFC2284 YesRFC22842Notification RFC2284 YesRFC22843NAK Responseonly RFC2284 YesRFC22844MD5 Challenge RFC2284 YesRFC22845OneTimePassword OTP RFC2284 NoRFC22846GenericTokenCard RFC2284 NoRFC22847EAP simyesI D8NoNo9RSAPublicKeyAuthentication Whelan NoExpired10DSSUnilateral Nace YesI D 11KEA Nace YesI D 12KEA Validate Nace YesI D 13EAP TLS Aboba YesRFC271614DefenderToken AXENT Roselli YesNo15Windows2000EAP Asnes No16ArcotSystemsEAP Jerdonek No17EAP CiscoWireless Norman YesNo18NokiaIPsmartcardauth Haverinen No19SRP SHA1Part1 Carlson YesI D20SRP SHA1Part2 Carlson NoI D21EAP TTLS Funk YesI D22RemoteAccessService Fields No23UMTSAuthandKeyagreement Haverinen 24EAP 3ComWireless Young YesNo25PEAP Palekar YesI D 42 WLANSecurityArchitecture 6 PKIbasedPWLAN EAP TLS cert based VA資料由各WISP隨時更新 由RoamingCenter放入VAsystemVA角色就像BrokerAAA 43 WLANSecurityArchitecture 7 RoamingModelforPKIArchitecture EAP TLS cert based 44 WLANSecurityArchitecture 8 SIMauthenticationfor1x 11iterminal 45 WLANSecurityArchitecture 9 IETF3GPP EAP SIM認證程序 46 WLANSecurityArchitecture 10 EAP SIM Mechanism symmetricsecretkeysdistributedonGSMSIMcards GSMA3andA8algorithmsMutualauthenticationKeyderivationsupported128 bitkeysIfthesameSIMisusedinGSMandGPRS theneffectivekeylengthmaybereducedto64bitswithattacksoverGSM GPRSNotvulnerabletodictionaryattacksIdentityprivacywithpseudonyms identitystringintegrityprotectedBecauseEAPSIMisnotatunnellingmethod itdoesnotprotectEAPmethodnegotiation EAPnotifications EAPsuccess EAPfailureNociphersuitenegotiationFastreconnectsupported called re authentication inEAPSIM EAP SIMforCellularSIMcard 47 WLANSecurityArchitecture 11 EAPrelatedAuthentication WhichEAPauthenticationmethodwillbechosenNecessaryconditionsMutualauthenticationDynamickeyexchangePKIv s SIMPKIbaseEAPprotocolsarecurrentstandards suchasEAP TLS SIMbaseEAPprotocolsarestandarddrafts suchasEAP SIM Thekeypointisthecustomerbase 48 WLANSecurityArchitecture 12 RSN 802 11i IEEEhasproposedalong termsecurityarchitecturefor802 11WLANwhichtheycalltheRobustSecurityNetwork RSN IEEEisfinalizingthenewstandard802 11i whichincludes 802 1xport basedauthenticationTemporalKeyIntegrityProtocol TKIP AdvancedEncryptionStandard AES KeyhierarchyandmanagementfeaturesCipherandauthenticationnegotiation 49 WLANSecurityArchitecture 13 RSNandWPA Wi FiProtectedAccess WPAusescurrentlyavailabletechniqueswithgoodperformance802 11iwillbeWPAversion2WPAversion1includesallbutAES 802 1xport basedauthentication TemporalKeyIntegrityProtocol TKIP KeyhierarchyandmanagementfeaturesCipherandauthenticationnegotiationWPAspecifiestwoformsofauthentication802 1x RADIUSPre sharedkey GenerateSessionKey 50 SecurityIssuesofWLAN CurrentStatusofWLANsDeploymentWLANsNetworkSecurity802 11 AttackWLANsSecurityArchitecture802 1x EAP TLSWPA 802 11iUpcomingWLAN CellularIntegrationSecurityIntegrationArchitectureConclusion 51 IntegrationArchitecture 1 SeamlessMobilityin3G WLANproposedby3GPP 3GNetwork OtherIPnetwork HotSpot802 11iENV FA 3GRAN PublicNetwork 3GRAN Corenetwork FA HA NoneedforuserinteractionwhenmovingbetweenMobile IPenablednetworks Dual modeterminal Mobil