Professional Documents
Culture Documents
Contents
No key management
Key A AP
Key A
Key A
Key A
Static key:
Since it is relatively easy to crack WEP encryption in a
reasonably short time, the keys should be changed often,
but the preshared key concept does not support this.
1: MAC address
2: Status code AP
Shared-key authentication
1: MAC address
AP
2: Challenge text
(128 octets, clear)
MAC address 2
AP
Access ok
Accepted MAC
addresses:
Not very secure: Attacker can read
MAC address of a wireless station MAC address 1
attached to the WLAN and replace MAC address 2
own MAC address with this stolen MAC address 3
MAC address 4
MAC address.
:
WEP encryption
Preshared Preshared
key (40 bits) key (40 bits)
+ RC4
RC4 RC4
RC4 +
Init. vector algorithm
algorithm algorithm
algorithm Init. vector
(24 bits) (24 bits)
RC4 keystream RC4 keystream
Plaintext Plaintext
information Encrypted information
information
Transmitter Receiver
Standard solution:
Enhanced solution:
Tx Rogue station Rx
Information Altered
information
WEP
Plaintext information ICV
encryption
Receiver
WEP Plaintext information ICV
decryption
Integrity Integrity ok
ICV’ if
algorithm
ICV’ = ICV
Plaintext information
40 bit
WEP key RC4 Integrity
algorithm ICV’
algorithm
24 bit
initialisation ICV ICV’
ICV’==ICV?
ICV?
vector (IV)
WEP summary
802.1X architecture
EAP over
LAN (EAPoL) RADIUS
AS
Other network
resources
AP
Wireless client AS
Other network
resources
AP
Wireless client AS
AP
Wireless client AS
Example: EAP-TLS
EAP-TLS RADIUS
AP AS
Wireless client
Client Server
1. Supported security algorithms
2. Chosen security algorithms + certificate
3. Encrypted pre-master secret
EAP request: ID
WS AP
EAP response: ID
Network Authentication
Authentication
Center
Center(AuC)
(AuC)
SIM
Challenge
Authentication
Authentication
Center
Center(AuC)
(AuC)
Response
SIM
Challenge
Authentication
Authentication
Center
Center(AuC)
(AuC)
Response Result
SIM
Challenge
Authentication
Authentication
Center
Center(AuC)
(AuC)
Response Result
SIM
Authentication
Authentication
Center
Center(AuC)
(AuC)
SIM
Authentication
Authentication
Center
Center(AuC)
(AuC)
SIM
Operator services