security of wlan

Security of WLAN

無線網路架構• WPANs - 802.15 ( 藍芽 , 紅外線 )

– Wireless Personal Area Networks

• WLANs - 802.11 ( a/b/g )– Wireless Local Area Networks

• WMANs – 802.16 – Wireless Metropolitan Area Networks

• WWANs– Wireless Wide Area Networks

• WLANs - 802.11

IEEE 無線標準— 802.11 家族定義了無線網路實體層的標準

• 802.11b (Wi-Fi) – 2.4G– 11Mbps

• 802.11g ( 提供與 802.11b 相容模式 )– 2.4GHz– 54 Mbps

• 802.11a– 5 GHz – 54Mbps 的頻寬

• 802.11e – 提供具備服務品質保證 (QoS , Quality of Service) 的無

線網路環境

http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci838865,00.html

Wireless Concept

Local AreaNetwork

802.11b/802.11g/802.11a

Wide AreaNetwork3G/GPRS

Wireless PersonalConnectivity

Bluetooth

0 - 10m 0 - 100m 0 - 10 km

Range

http://www.3gpp.org/home.htm

WLAN 的運作方式• IEEE802.11b 標準協定，無線網路共定義

為下列二種模式：1. Ad-hoc Mode:

– 即是一群使用無線網路卡的電腦，可以直接相互連接，資源共享，無需透過基地台 (Access Point) ，此一模式則無法連接 Internet 。

2. Infrastructure Mode– 此種架構模式讓無線網路卡的電腦透過基地台

(Access Point) 來達成網路資源的共享。

802.11 Wireless Local Area Network•Infrastructure network

•Ad Hoc network

WLAN 無線區域網路• Independent Basic Service Set (IBSS) Ad-hoc • Basic Service Set (BSS)• Distribution System (DS)• Extended Service Set (ESS) • Station (STA)

– 無線用戶端• Access Point (AP)

– 無線存取點

802.11 涵蓋的範圍

` ` `

802.11802.11區域的安全性區域的安全性

無線網路無線網路

用戶端用戶端

Access PointAccess Point

有線網路有線網路

Wireless LAN (WLAN)

是延伸有線網路

Seamless Roaming• Infrastructure Network v.s. Ad Hoc Network

• Arranged in a cell structure, similar to cell phone network

• Cells need to overlap to enable seamless roaming

SSID=AAA SSID=AAA SSID=AAA

SSID=AAA SSID=AAA

Account Roaming across different WISPs

WLAN WLAN

Internet

EZon NCS

（ Radius/POP3/LDAP ）

Cipherium NCS

NAM NAM

（ Radius/POP3/LDAP ）

Home registerVisiting site

Trust & Policy

Roaming account authentication request

Travel tousername :[email protected]

General WLAN Security Mechanism

• User Authentication– ESSID

– MAC address filter

– RADIUS external interface

• User Authorization– Full access or none

• Data Security– Static key based

• WEP

– Dynamic key based• LEAP

• 802.1X

802.11b 的安全機制• 身分驗證 Authentication

– 開放式系統 Open System– 封閉式系統 Closed System– 分享密鑰認證 Shared-Key

( Challenge-Response )

• 資料保密 Confidentiality– WEP (Wired Equivalent Privacy)

• 資料的完整性 Integrity– CRC – CRC + WEP

802.11b 認證模式身份驗證

Authentication

SSID

(Service Set ID)WEP 資料加密

開放式系統Open System

接受 SSID 值為空白

不使用不支援

封閉式系統Closed System

需輸入有效的 SSID

不使用不支援

分享密鑰認證 Shared Key

( Challenge-Response )

需輸入有效的 SSID

利用 WEP 與RC4 演算法進

行身分確認

利用 WEP 產生的金要進行資料加密

分享密鑰認證 Shared-Key ( Challenge-Response )

無線網路使用者無線網路使用者無線網路使用者無線網路使用者 Access PointAccess PointAccess PointAccess Point

認證請求認證請求

挑戰字串挑戰字串

回應回應

確認身分成功確認身分成功

隨機產生隨機產生 128bit128bit

挑戰字串挑戰字串使用使用 WEPWEP 進行進行 RRC4C4 加密運算加密運算

利用利用 WEPWEP 及及 RC4RC4進行解密後進行比進行解密後進行比對對

開始進行連線開始進行連線

Dept. ServersDept. Servers

WEP ChallengesWeak Security

– 大多數 WLAN AP’s 未做安全性設定– 靜態 WEP 易被解– WLAN AP 很難去防止攻擊

mailto:[email protected]:[email protected]..

HackerHackerHackerHacker

mmaa

iill

ttoo

::tt

hhee

bb

X7!g%k0jX7!g%k0j37**54bf(jv37**54bf(jv&8gB)£F..&8gB)£F..

X7!g%k0j37**54bf(jv&8gB)£F..X7!g%k0j37**54bf(jv&8gB)£F..

XX77

!!gg

%%kk

00jj

3377

X7!g%

k0j37**

X7!g%

k0j37**WLAN AccessWLAN AccessPointPoint

WLAN WLAN 使用者使用者

不安全的網路不安全的網路

X7!g%k0j37**

X7!g%k0j37**

意外連接到非法駭客

1. User Station 首先探測是否有 AP

建築物 A 鄰近建築物 B

ACCESS POINT

ACCESS POINT

停車場

ATTACKER

(Soft AP)

探測

探測

探測

2. AP 送回指示訊號

3. User Station 根據訊號 , 干擾…等等各式各樣因素 , 連接到最適當的 AP

Ad Hoc

Network

4. User Station 的 Ad Hoc 網路連接到 Hacker

無法控制所要連接的點 ..

WEP

•WEP (Wired Equivalent Privacy) protocol

•A key shared between all the members of the BSS

•Using RC4 stream cipher encryption algorithm

•24-bit initialization vector

•Append a CRC-32 checksum of the frame payload plaintext in

its encapsulation

802.11 Header Host (layer 3) data

CRC-32

Host (layer 3) data Integrity check value

IV Secret RC4 stream cipher

802.11 Header IV Cipher-text

key

WEP

明文明文

WEP 加密流程

WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)

IVIV

Access PointAccess PointAccess PointAccess Point無線網路用戶端無線網路用戶端無線網路用戶端無線網路用戶端

IV + WEPIV + WEPIV + WEPIV + WEP IV + WEPIV + WEPIV + WEPIV + WEP

PayloadPayloadPayloadPayload

CRCCRCCRCCRC

CRC + PayloadCRC + PayloadCRC + PayloadCRC + Payload

RC4RC4RC4RC4

XORXOR明文明文

XORXOR密文密文

RC4RC4RC4RC4

CRC + PayloadCRC + PayloadCRC + PayloadCRC + Payload

IV (Initial Vector)IV (Initial Vector)IV (Initial Vector)IV (Initial Vector)

WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)WEP ( 40 or 128 bit)

WEP 的資料格式

RC4RC4

實際所傳送的資料實際所傳送的資料

64/128 bit 64/128 bit 加密金鑰加密金鑰

40/104 bit 40/104 bit 金鑰金鑰 24 bit IV24 bit IV

資料資料 CRCCRC

XORXOR

24 bit IV24 bit IV加密資料加密資料

輸入輸入

輸出輸出

WEP 的弱點• Initialization vector (IV)

– 24-bit 欄位 , 利用明碼進行傳送– 廠商設計不良

• 每次重新建立連線就將 IV 歸 0 • 傳送資料時將每個封包的 IV 值加 1

– IV 長度不足及重複使用機率過大• AP 以每封包 1500-byte 在 11mbps 進行傳送 , 金

鑰約 5 小時即有可能重複 , 如果封包更小時間更短

• Integrity check (IC) 欄位– 用 CRC-32 進行錯誤判斷 , 且被放入封包中進行加密 – 無法做資料完整性確認依據Integrity protection for source and destination addresses is not provided

常見的威脅• 網路掃瞄工具

– SSID– Channel

• 窮舉攻擊法• 字典攻擊法• 緩衝區溢位攻擊• MITM (Man-In-The-Middle) 攻擊

如何強化 WLAN 的安全性• 目前的認證解決方案

– 802.1x 身份認證機制• EAP 金鑰交換

– PEAP ( 使用者密碼 )

– TLS ( 數位憑證驗證 )

• AP 需支援– RADIUS 提供身份驗證服務– CA 進行憑證發放– Active Directory 進行身份驗證

目前的解決方案 : 802.1x

• Port-based 存取控制方式– 可以用在無線或有線網路環境– Access point 必須支援 802.1x– 不需要大幅改變現有硬體架構

• 可以使用 EAP 使用更高安全性的驗證方式– 讓用戶端選擇使用的驗證方式– Access point 不需要提供 EAP 的驗證方式

• 金鑰自動管理– 不須重新改寫無線網卡的晶片設計

加密用金鑰• 用戶端及 RADIUS 伺服器對每位使用者重新產

生連線用 WEP 金鑰– 未在無線網路中傳送– RADIUS 伺服器將金鑰送到 AP ( 利用共享金鑰加密

)

• Access point 使用通用 WEP 金鑰– 用來作為 AP 與用戶端初始連線驗證– 透過 EAPOW-key 訊息進行傳遞– 使用連線加密金鑰加密資料

• 連線用加密金鑰將重新產生…– 金鑰到期 ( 預設 60 分鐘 )

– 用戶端移到新的 AP

TKIP ： IEEE 802.11i short-term solutionA message integrity code (MIC), called Michael,to defeat forgeries;

A packet sequencing discipline, to defeat replay attacks

A per-packet key mixing function, to prevent attack並對 source and destination address 做保護引進 IEEE 802.1X 的 key management

Long-term solutionCCMP(Counter-Mode-CBC-MAC Protocol)

選用 AES

並採取新的模式運作 protocol ，稱為 CCMP ，利用計數模式 (packet sequence) 加密，並利用 CBC-MAC 對資料完整性做保證

目前的加密解決方案

加解密實作標準 TKIP

Authentication server

認證實作標準 IEEE802.1X

Upper layer frame

Data link layer frame

802.1x vs TKIP

WEP TKIP

Cipher Key Size(s) RC4 40 or 104-bit encryption

RC4 128-bit encryption 64-bit authentication

Key Lifetime Per-packet-key

25-bit wrapping IV Concatenate IV to base key

48-bit IV TKIP mixing function

Packet Data Replay detection

CRC-32

None

Michael

Enforcing IV sequencing

Key Management None IEEE802.1X

What’s 802.1X

• Standard for Port-based network access control.

• A basic authentication mechanism is Extensible Authentication Protocol (EAP).

802.1X Port-based Authentication

•Defines a client-server-based access control and

authentication protocol

•Restricts unauthorized clients from connecting to a LAN

(or a WLAN)

•Based on EAP (Extensible Authentication Protocol)

•Setup a RADIUS (Remote Authentication Dial-In User

Service) security system

802.1X Ports

LAN

Controlled Port Uncontrolled Port Controlled Port Uncontrolled Port

Port Unauthorized Port Authorized

Security Claims of 802.1x

Mutual Authentication

Integrity Protection

Replay Protection

Confidentiality

Key Derivation

Dictionary Attack Resistance

Fast Reconnect

Man-in-the-middle Resistance

What’s EAP

• Offers a basic framework for authentication.

• Many different authentication protocols can be used over it.

• New authentication protocols can be easily added.

Background for EAP

• EAP is originally a Point-to-Point Protocol (PPP) authentication scheme

• EAP supports multiple authentication schemes such as smart cards, Kerberos, Public Key, TLS, One Time Passwords, etc.

• EAP hides the details of the authentication scheme from those network elements that need not know

•For example in PPP, the client and the AAA (authentication, authorization, and accounting) server only need to know the EAP type, and the Network Access Server does not

• EAP is currently being used for PPP, wireless LAN and Virtual Private Network (VPN) authentication

The EAP Protocol

• A request-response protocol

• Four kinds of messages1.EAP request

2.EAP response

3.EAP success

4.EAP failure

Security claims terminology for EAP Mutual authentication The authenticator authenticates the peer and the peer

authenticates the authenticator

Integrity protection Providing data origin authentication and protection against unauthorized modification of information for EAP packets

Replay protection Against replay of an EAP method or its messages

Confidentiality The encryption of EAP messages, including EAP Requests and Responses, and method-specific success and failure indications.

Key derivation The ability of the EAP method to derive exportable keying material

Dictionary attack resistance

When there is a weak password in the secret, the method does’nt allow an attack more efficient than brute force

MIC A keyed hash function used for authentication and integrity protection of data

Cryptographic binding

A single entity has acted as the EAP peer for all methods executed within a sequence or tunnel.

RADIUS •Authentication server － Performs the actual authentication of the client

LAN architecture

WLAN architecture

IEEE 802.1x provide both authentication and key management

EAP RADIUS

WIRELESS ACCESS POINT

WLAN Bridge

Authentication & KeyManagement Module

CryptoModule

802.1X WLAN 架構WIRELESS CLIENT

WLANClient

WLAN Adapter

NetworkApplication

CertificateClient

CryptoModule

WLANDriver

NETWORK AUTHENTICATION &AUTHORIZATION SERVICE

Directory

CertificationAuthority

RADIUS(Network

Authentication andAccess Control)

Internal Network

NetworkResources

Certificate Enrollment

Certificate

Certificate

User

1

AccessPolicy

3

Key Exchange 45

WEP/WPA Encryption

Client Identification2

2

Figure of Port-based Network Access Control

802.1X Over 802.11SupplicantSupplicantSupplicantSupplicant AuthenticatorAuthenticatorAuthenticatorAuthenticator AuthenticationAuthentication

ServerServerAuthenticationAuthentication

ServerServer

802.11 802.11 associationassociation

EAPOL-startEAPOL-start

EAP-request/EAP-request/identityidentity

EAP-response/EAP-response/identityidentity

RADIUS-access-RADIUS-access-requestrequest

EAP-requestEAP-request RADIUS-access-RADIUS-access-challengechallenge

EAP-response EAP-response (credentials)(credentials)

RADIUS-access-RADIUS-access-requestrequest

EAP-successEAP-success RADIUS-access-acceptRADIUS-access-accept

EAPOW-key EAPOW-key (WEP)(WEP)

Access blockedAccess blocked

Access allowedAccess allowed

Figure of EAPOW

EAP Message Flow

802.11 association

EAPOL-Start

EAP-request/identity

EAP-response/identity

RADIUS-access-request

RADIUS-access-challengeEAP-request

EAP-response RADIUS-access-response

RADIUS-access-acceptEAP-success

EAPOW-key(WEP)

Access Blocked

Access allowed Access allowed

Supplicant Authenticator AuthenticationServer

◎EAP Architecture

802.11

EAP

TLS,SPEKE, SRP MD5, TTLS, PEAP…

802.1X

Figure of EAP network Layers

EAP-MD5 Message Flow


EAP-response/Username

RADIUS-access-request

RADIUS-access-challengeEAP-challenge-request

EAP-challenge-response RADIUS-access-response

RADIUS-access-acceptEAP-success

Client Access Point RADIUS Server

MD5 of EAP-Message ID+Challenge + Password

Drawbacks of EAP-MD5

• No mutual Authentication.

• No Protection against offline brute-force/Dictionary based attacks on user passwords.

LEAP (EAP-Cisco Wireless)

• Username and Password based• Support for Windows platforms, Macintosh and Linux• Cisco PROPRIETARY (based on 802.1X)• Username 以明碼傳送• Password challenge and response 以明碼傳送 :會被字典攻

擊法入侵 (MSCHAP v1 hash - * ftp://ftp.isi.edu/in-notes/rfc2433.txt)

• No support for One Time Password (OTP)• 只支援 Cisco 之 Access Point, 且不 Support Token Card

EAP-TLS

• Developed by Microsoft.• Provides mutual authentication, credential security

and dynamic keys.• Requires distribution of digital certificates to all

users and RADIUS servers.• A certificate management infrastructure is required

(PKI).

STA AP

EAPoW start

EAP request, Identity

EAP response, Identity (username)

EAP response, EAP-Type(EAP/TLS)(TLS:client Hello)

RADIUS Access Request (username)

EAP request, EAP-Type(EAP/TLS)

RADIUS Access ChallengeTLS:server Hello, (TLS certificate[TLS server_key_exchange,TLS certificate_request])

RADIUS Access Challenge

RADIUS Access request(TLS:client Hello)

Random Session ID（明文，且沒有 MAC）CipherSuite list ： To define a key exchange algorithm, a bulk encryption algorithm, MAC algorithm

Random number

Generally is an X.509v3 certificate

Certificate key type ： encryption、 signing、 encryption＋ signing

Key exchange algorithm ： RSA (encryption / signing)、 Diffie-Hellman (encryption / signing) 、 DSS (signing)

[Sever Key Exchange] ： extension of TLS certificate

p ， g ， A = gx mod p ， H(ra, rb, p, g, A, S)

RADIUS Access ChallengeTLS:server Hello, TLS certificateTLS client_key_exchange,([TLS certificate_verify],TLS change_cipher_spec), TLS finished

RADIUS Access ChallengeTLS change_cipher_spec,TLS finished

Done ACK

EAP-TLS Message Flow (1/2)

Client AP

EAP-Request/Identity

EAP-Response/Identity (My ID)

EAP-Request/EAP-Type = EAP-TLS (TLS Start)

EAP-Response/EAP-Type = EAP-TLS (TLS client_hello)

EAP-Request/EAP-Type = EAP-TLS

(TLS server_hello, TLS certificate, [TLS server_key_exchange], [TLS certificate_request], TLS server_hello_done) EAP-Response/EAP-Type = EAP-TLS

(TLS certificate, TLS client_key_exchange, TLS [certificate_verify], TLS change_cipher_spec, TLS finished)

EAP-TLS Message Flow (2/2)

Supplicant Authenticator

EAP-Response/EAP-Type = EAP-TLS

(TLS change_cipher_spec, TLS finished)

EAP-Response/EAP-Type = EAP-TLS

EAP-Success or EAP-Failure

Drawbacks of EAP-TLS

• Lack of user identity protection.

• Needs client certificate in order to authenticate client.

EAP-TTLS

• Allows users to authenticate by username and password, with no loss of security

• Developed by Funk Software and Certicom

• Provides strong mutual authentication, credential security, and dynamic keys

• Requires that certificates be distributed to the RADIUS servers only, not to users

• Compatible with existing user security databases, including Windows Active Directory, token systems, SQL, LDAP, etc.( 不用改變任何環境 )

EAP-TTLS

• Requires that certificates be distributed to the authentication servers only, not to users.

• Two phases:1.Establish TLS Channel, authenticate

server (Optionally authenticate user too).

2.If the user wasn’t authenticated, use the TLS channel to authenticate user using an authentication protocol (PAP/CHAP/EAP).

EAP-TTLS Layers (1/2)

User Authentication-PAP/CHAP/EAP

TLS

EAP-TTLS

EAP

Link Layer/AAA – PPP, Radius, etc

EAP-TTLS Message Flow (1/5)

Client AP TTLS Server AAA/H Server


EAP-response/username@realm

RADIUS-access-request:EAP-Response pass throughRADIUS-access-Challenge: EAP-Request/TTLS-StartEAP-request pass

throughEAP-Response/TTLS: Client Hello

RADIUS Access-Request: EAP-Response pass through



RADIUS Access-Challenge: EAP-Request/TTLS: Server Hello Certificate ServerKeyExchange ServerHelloDone

EAP-request pass through

EAP-Response/TTLS: ClientKeyExchange ChangeCipherSpec Finished

RADIUS-access-request:EAP-Response pass through



RADIUS Access-Challenge: EAP-Request/TTLS: ChangeCipherSpec Finished


EAP-Response/TTLS: {EAP-Response/Identity}





RADIUS Access-Challenge EAP-Request/ MD5-Challenge

RADIUS Access-Challenge: EAP-Request/TTLS: {EAP-Request/MD5-Challenge}


EAP-Response/TTLS: {EAP-Response/MD5-Challenge}


RADIUS Access-Challenge EAP-Response/ MD5-Challenge



RADIUS Access-Accept

RADIUS Access-Accept: EAP-Success

EAP-Success pass through

Secure password authentication tunnel

Secure data tunnel

A Comparison of methods

EAP-MD5 EAP-TLS EAP-TTLS

TYPE Password

based

Certificate

based

Hybrid

Exchange

Dynamic key

No Yes Yes

Mutual

Authentication

No Yes Yes

Certificate

Server

Client

No Yes

Yes

Yes

Yes

Yes

Optional

PEAP(Palekar et al., 2004)

1. 同 EAP-TTLS 一樣，基於 TLS 提供一個加密及以認證的通道

在 TLS 通道內進行 EAP 認證方法的認證機制2. 達到解決傳統以密碼認證方式及 EAP-TLS 所產生的問題3. 並提供雙向認證及產生動態會議金鑰的安全性。

PEAP

A likely alternative to TLS

Support UserID and password-based authentication

Easier to deploy than certificate-based authentication

It could build up a shared key

◎SRP – Secure Remote Password(RFC 2945)

EAP-MD-5• Username and Password based• Username 以明碼傳送• Password challenge and response 以明碼傳送• 會被字典攻擊法入侵• EAP-MD5 以靜態 WEP 方式處理• 只提供 Server 認證 Client ，不提供 Client 認證

Server ，對 Client 無保障

EAP-SRP

• Based on Secure Remote Password (SRP)

• Four Subtypes of messages– 1.Challenge / Client Key

– 2.Server Key / Client Validator

– 3.Server Validator

– 4.Lightweight Rechallenge

SRP• Two Phase

– Client and server calculate and exchange public keys

– Client and server authenticate hashes based on the DH key, verifier, group, salt, username, etc.

• Using the SHA1 hash function

• The server stores user password as triplets of the form:

– {<username>, <password verifier>, <salt>}

– <salt> = random()

– x = SHA(<salt> | SHA(<username> | ":" | <raw password>))

– <password verifier> = v = g ^ x % N

– N = prime modulus; g = generator

SRP Sequence

gb(a+ux) (gagxu)b


ID, A = ga , a random number chosen by useru = H(A, B)

S = (Avu)b

K=H(S)

s ： user’s salt

x ： shared key x = H(s, H(ID||pwd))

v ： Password verifier v = gx

B = v + gb

s , B = v + gb

u = H(A, B)

x = H(s, H(ID||pwd))

S = (B – gx)(a+ux)

K = H(S)

H(H(p) ⊕ H(g), H(ID), s, A, B, K)

H(A, M, K)

EAP-SPEKESimple Password Exponential Key

Exchange Protocol

Password-authenticated Diffie-Hellman key exchange

1st stage ： Uses a Diffie-Hellman exchange to establish a share key K, but instead of the commonly used fixed primitive base g, a function f converts the password S in to a base for exponentiation.

Two random number RA and RB

◎SPEKE

1. The client computes ：， A B :QA

2. The server computes ：， B A :QB

3. The client computes ：

4. The server computes ：

◎SPEKE

)mod( pQhK ARB

)mod( pQhK BRA

ppwdfQ ARA mod)( 2

ppwdfQ BRB mod)( 2

2nd stage ： both client and server confirm each other’s knowledge of K before proceeding to use it as a session key

◎SPEKE


)mod( pQhK BRA

)mod( pQhK ARB

EK(CA), CA: random number chosen by user

EK(CB ,CA), CB: random number chosen by server

EK(CB)

ID,

QB

ppwdfQ ARA mod)( 2

ppwdfQ BRB mod)( 2


QA, H(IDA , R2A)

QB, EK(R2A, R2B)

EK(R2B)

EAP-TYPE Re-keying Mutual authentication

UserID & Password

Attack methods

EAP-MD5 No No Yes Dictionary attackMan in middleSession hijack

EAP-TLS Yes Yes No X

EAP-SRP Yes Yes Yes ?

EAP-SPEKE Yes Yes Yes ?

EAP-TYPE Re-Keying

Mutual authentication

UserID & Password

Attack

EAP-MD5 No No Yes Dictionary attackMan-in-middle attack

Session hijacking attack

EAP-TLS Yes Yes No X

EAP-SRP Yes Yes Yes Dictionary attack ?

EAP-SPEKE Yes Yes Yes X

Improved EAP-SPEKE

Yes Yes Yes X

EAP-TYPE Round Encryptions Exponents Randoms

User Server User Server User Server

EAP-SRP 4 9 9 3 4 1 2

EAP-SPEKE 6 4 4 2 2 2 2

Improved EAP-SPEKE

4 4 4 2 2 2 2

Comparisons of EAP methods

Summary

• Practical Authentication methods of 802.1X are EAP-MD5,EAP-TLS,EAP-TTLS and PEAP.

• EAP-SIM or EAP-AKA is suitable for the Integration of Wireless LANs and Mobile Network.

802.11n is going on

• 802.11 Task Group n (TGn)• The next Wifi 802.11 Standard• Provide higher speed for new application & Market• Improve PHY & MAC Performance• Real Speed more than 108Mbps or beyond as 320Mbps• New Antenna Technology• Multiple In Multiple Out (MIMO)• To be complete at least 3 years until 2005/2006

What is MIMO?

• Multiple In Multiple Out (MIMO)• Reduce Multi-Path decline-抗多徑衰落• BLAST 演算法• 高頻譜利用率• MIMO+OFDM• 改善無線網路效能• 提高無線網路的容量及覆蓋率

Secure your wireless,802.11i• Uses the Advanced Encryption Standard

• Will be Standard in 2003/Q4~2004/Q1

• Hardware Upgrade

WEP WPA 802.11i

Cipher RC4 RC4 AES

Key Size 40bits128bits

encryption128bits

Key life 24-bits IV 48-bits IV 48-bits IV

Data Integrity CRC-32 Michael CCM

Header Integrity None Michael CCM

Key manage None EAP-based EAP-based

802.16 Wireless MAN• IEEE 802.16a (MAN)

• IEEE 802.16e(Highly Mobility)

• Broadband Wireless Access(BWA)

• 802.11=WiFi 802.16=WiMAX

• 2~11Ghz

• Speed up to 70 Mbps

• Range extend to 30miles(about 48km)

• Another Choice for “Last Mile”

WLAN + GPRS• PWLAN (Public WLAN)• GPRS 的優勢

– 涵蓋範圍廣– 安全性高

• WLAN 的優勢– 建置成本低– 免費的頻帶

• 雙網整合效益

Reference

• Wireless lan security and laboratory designs 2003 CCSC

• 無線企業網路 WLAN應用技術研討會講義中華電信訓練所 2004 March

• WLAN security: current and future IEEE internet computing 2003 October

• 利用 Windows 的技術建置安全的無線區域網路環境陳其元講師資策會教育訓練處台北中心

• Reports from NCHU CS security lab• Reports from CYUT IM security lab

security of wlan

Documents