Implementation of IEEE 802 Security Architecture History

july 2016 project ieee p802 15 working group l.w
1 / 26
Embed
Share

Explore the history and implementation of the IEEE 802 Security Architecture in this comprehensive document submitted to the IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) in July 2016 by Meareg Abreha. The document covers the background, parameters as security gauges, evolution of security protocols, challenges, and conclusions related to IEEE 802 security. Discover how early security in IEEE 802 gained attention, the essential parameters for controlling clients and resources in a network, and the importance of data access control, authentication, confidentiality, integrity, and more.

  • IEEE 802
  • Security Architecture
  • Wireless Networks
  • Data Security
  • Network Protocols
rayaanacharya
aleinahn Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. <July 2016> Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) doc.: IEEE 802.15-<15-16-0489-00-wng0> Submission Title: [History and Implementation of the IEEE 802 Security Architecture] Date Submitted: [24 July 2016] Source: [Meareg Abreha], E-Mail:[mearegab@gmail.com] Re: [WNG Presentation] Abstract: [Description of document contents.] Purpose: [Description of what the author wants P802.15 to do with the information in the document.] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Submission Slide 1 Meareg Abreha

  2. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> History and Implementation of History and Implementation of the IEEE 802 Security the IEEE 802 Security Architecture Architecture Meareg Abreha San Diego, CA July 2016 Submission Slide 2 Meareg Abreha

  3. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Outline Outline lBackground lParameter as security gauges lIEEE 802 security protocols in terms of the chosen parameters lChallenges and Conclusion Submission Slide 3 Meareg Abreha

  4. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Background Background Early security on IEEE 802: lGained attention in the wireless world lBarely proof of concept for Number theory's application Security protocols evolved due to: lThorough analysis lAttacks Submission Slide 4 Meareg Abreha

  5. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Parameters as Security Gauges Parameters as Security Gauges Parameters that provide the means to control clients and resources in a given network: lData Access Control and Authentication Data Access Control and Authentication lResource access and controls clients lData Confidentiality and Integrity: Data Confidentiality and Integrity: lPrivacy and authenticity of data Submission Slide 5 Meareg Abreha

  6. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Access Control and Authentication Data Access Control and Authentication Started out with 802.1x standard for port-based network Access control in 2001 - uses the PPP based EAP as its authentication mechanism. Authenticator PAE enforces authentication via the uncontrolled port before opening the controlled port to allow supplicants access to resources. Submission Slide 6 Meareg Abreha

  7. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> A little more on 802.1x A little more on 802.1x 802.1x was initially developed for IEEE 802.3 - since 2003, extended to 802.11. It defines EAP-Over-LAN (EAPOL), a standard encapsulation method to adapt EAP messages sent over Ethernet or WLANs. Submission Slide 7 Meareg Abreha

  8. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently The IEEE 802.11i Enterprise mode implements the 802.1x with authentication servers such as RADIUS In Zigbee (Upper layer extension on top of the 802.15.4) a trust center/coordinator requests a node for a valid shared network key before it can join the network. In IEEE 802.21, MIH SA is established either using TLS handshake, (D)TLS or EAP execution over the MIH protocol. Submission Slide 8 Meareg Abreha

  9. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Access Control and Authentication on IEEE 802 Data Access Control and Authentication on IEEE 802 standards currently standards currently The IEEE 802.16 (WiMAX) (MBWA) implements RSA based authentication function using x.509 certificates or EAP based authentication. IEEE 802.20 (MBWA Vehicular Mobility support) has Basic EAP Support Protocol IEEE 802.21 (MIH) uses target network's authentication mechanism before MIH frames exchange. IEEE 802.22 (TVWS) uses EAP-TLS or EAP-TTLS (using RSA or ECC based X.509 digital certificate profiles) Submission Slide 9 Meareg Abreha

  10. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.3 (Ethernet) security IEEE 802.3 (Ethernet) security The IEEE 802.1AE defines a layer 2 security protocol called MACSec. MACSec provides point-to-point security on Ethernet networks. The 2010 revision of 802.1x integrated the MACSec with the EAPOL and the IEEE 802.1AR (Secure device identity) to support service identification. Submission Slide 10 Meareg Abreha

  11. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.11 (WLANs) security IEEE 802.11 (WLANs) security Popularity along medium vulnerability- led to a series of security protocols evolution. The 1999 IEEE 802.11 standard introduced the first wireless protocol called WEP. WEP uses RC4 algorithm for data encryption and integrity- also the reason for its vulnerability. Submission Slide 11 Meareg Abreha

  12. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE Task Group I was formed to replace the WEP security protocol. In 2003 the WPA security protocol (an interim protocol) replaced the WEP. Final draft ratified on June 2004 as 802.11i (security protocol - WPA2) included on the 2007 amendment of the 802.11. Submission Slide 12 Meareg Abreha

  13. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access (WPA) Fi Protected Access (WPA) TKIP (still RC4 though) for data encryption MIC (aka Michael ) for data integrity Submission Slide 13 Meareg Abreha

  14. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security Wi Wi- -Fi Protected Access Version 2 (WPA2) Fi Protected Access Version 2 (WPA2) CCMP (AES based) for data encryption CBC-MAC for data integrity Both WPA and WPA2 include 802.1x (in enterprise mode) Submission Slide 14 Meareg Abreha

  15. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security WPA/WPA2 vulnerabilities include: WPA/WPA2 vulnerabilities include: PTK etc. - GTK vulnerability (Hole 196) - Dictionary based attacks on weak Submission Slide 15 Meareg Abreha

  16. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity ...WLANs security IEEE 802.1w IEEE 802.1w lIs a 2009 amendment to the 802.11i for protecting management frames lAims to avoid DoS caused by spoofed disconnect attacks (de-authentication and disassociation) Submission Slide 16 Meareg Abreha

  17. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.1 (Bluetooth) security IEEE 802.15.1 (Bluetooth) security Generates symmetric encryption key from a generated authentication key to encrypt data. Encryption has three setting modes: No encryption Point-to-point only encryption unicast Point-to-point and broadcast encryption - both Submission Slide 17 Meareg Abreha

  18. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.15.4 (LR WPANs) security IEEE 802.15.4 (LR WPANs) security Supports up to 128 symmetric keys based data encryption and authenticity (AES based) with varying degree of protection option for data. Submission Slide 18 Meareg Abreha

  19. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.16 (WiMAX) security IEEE 802.16 (WiMAX) security Has two component protocols: lEncapsulation Protocol secures data across the fixed Broadband Wireless Access Network lKey Management Protocol- Secure distribution of keying data from the Base Station to the Server Station Submission Slide 19 Meareg Abreha

  20. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.20 (MBWA IEEE 802.20 (MBWA - - Vehicular Mobility) security Vehicular Mobility) security AES for securing Radio Link Protocol packets AES CMAC function is used for message integrity Submission Slide 20 Meareg Abreha

  21. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH PDUs between heterogeneous IEEE 802 as well as other systems. Submission Slide 21 Meareg Abreha

  22. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity IEEE 802.21 (MIHS) security IEEE 802.21 (MIHS) security Keys negotiated during the TLS or EAP MIH SA establishment are used to secure the MIH PDU. TKIP or CCMP to secure MIH between heterogeneous IEEE 802 as well as other systems. Submission Slide 22 Meareg Abreha

  23. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity WRANs (IEEE 802.22) security WRANs (IEEE 802.22) security Two security sub-layers: lSublayer 1 targets non-cognitive functionalities lSublayer 2 targets cognitive functionalities Submission Slide 23 Meareg Abreha

  24. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Data Confidentiality and Integrity Data Confidentiality and Integrity In sublayer1, encapsulation protocol defines set of supported cryptographic suites. AES in GCM (Galois Counter Mode) is supported The cognitive targeting, sublayer 2, provides protection to the incumbents as well as to the 802.22 systems against DoS attack types targeted at that layer. Submission Slide 24 Meareg Abreha

  25. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Challenges and Conclusion Challenges and Conclusion Challenges Challenges Weaknesses in security mechanisms Increasing computing power Cloud computing changing the way service is provided Conclusion Conclusion Early IEEE 802 security started with simple cryptographic techniques and evolved to its current state. Future security protocols need to consider the above factors and provide scalable solutions to existing weaknesses. Submission Slide 25 Meareg Abreha

  26. <July 2016> doc.: IEEE 802.15-<15-16-0489-00-wng0> Thank You! Questions and comments are welcome :-) Submission Slide 26 Meareg Abreha

Related


Proposed Approach for MAC Address Assignment in IEEE 802.11

Proposed Approach for MAC Address Assignment in IEEE 802.11

adlai
IEEE 802.11-23/2092r2 AIML Report Summary

IEEE 802.11-23/2092r2 AIML Report Summary

eudora
Discussion on IEEE 802.11be MLD Architecture Alignment

Discussion on IEEE 802.11be MLD Architecture Alignment

jannat
IEEE 802.11-20/0055r0 Multi-link Block Ack Architecture Overview

IEEE 802.11-20/0055r0 Multi-link Block Ack Architecture Overview

haleema
IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

IEEE 802.11-23-1689r1 Vice Chair Report - November 2023 Plenary Session

tina
IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

IEEE 802.11-20/0021-00 Priority Access Support for NS/EP Services Overview

finlo
IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

IEEE 802.11-19-0202/r1 TGbd Agreed Terminology and Requirements

valerio
IEEE 802.11be MLD Architecture Discussion

IEEE 802.11be MLD Architecture Discussion

aylin
Wireless TSN in 802.11: New Requirements and Integration with 802.1

Wireless TSN in 802.11: New Requirements and Integration with 802.1

jaxxon
LDPC Investigation for IEEE 802.11bd Technology in March 2019

LDPC Investigation for IEEE 802.11bd Technology in March 2019

maureen
Evolution of Standards: IEEE 802.11 and 802.1D Relationship

Evolution of Standards: IEEE 802.11 and 802.1D Relationship

amethyst
IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

IEEE Std. 802.11-22/1017r0 Overview and Architecture Presentation

jewel
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2019 Schedule

jshah
IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

IEEE-SA Fellowship Program at IEEE 802 Plenary March 2018

wale
IEEE 802.1CQ: Address Assignment and Validation Protocols

IEEE 802.1CQ: Address Assignment and Validation Protocols

coia227
Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

Discussion on Multi-AP Coordination Architecture in IEEE 802.11-23

kish678
Implementation and Demonstration of eBCS Concept in IEEE 802.11-19/1999r0

Implementation and Demonstration of eBCS Concept in IEEE 802.11-19/1999r0

alfo821
IEEE 802 Wireless Meeting Venue Reports and Future Plenary Contracts Update

IEEE 802 Wireless Meeting Venue Reports and Future Plenary Contracts Update

drod
Suitability of IEEE 802.11ah for LPWAN Applications Analysis

Suitability of IEEE 802.11ah for LPWAN Applications Analysis

milia
IEEE 802 Viewpoints on WRC-23 Agenda Items

IEEE 802 Viewpoints on WRC-23 Agenda Items

chtz996
Security Testing and Architecture

Security Testing and Architecture

nataleaei
IEEE 802.11 Sensing: Applications, Feasibility, Standardization

IEEE 802.11 Sensing: Applications, Feasibility, Standardization

medidoc

More Related Content