IEEE 802.11i, IEEE 802.11r, IEEE 802.11k and IEEE 802.11w

IEEE 802.11i

Also known as WPA2 is an amendment to the 802.11 standard specifying security mechanisms for wireless networks and supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have severe security weaknesses. 

Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher; WEP and WPA use the RC4 stream cipher.

The 802.11i architecture contains the following components: 802.1X for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations, and AES-based CCMP to provide confidentiality, integrity and origin authentication. Another important element of the authentication process is the four-way handshake.

IEEE 802.11r

The original IEEE 802.11 standards were fashioned with single access points (APs), but that is not the case in offices, where multiple APs are required. In this new standard, devices are designed to jump from one AP to another very swiftly compared to the earlier standard. 802.11r minimizes handoff delays linked with 802.1X authentication by reducing the time taken to re-establish connectivity after a client moves between 802.11 APs while roaming. 

The 802.11r have included typical QoS mechanisms, such as packet prioritization and call admission control (CAC), to enhance the operation of real-time voice applications. Using three MAC-layer enhancements, the standard was able to lower the handoff time, but at the same time maintains high levels of security.

The first of the three enhancements was the elimination of the 802.1X key exchange because it was not required during handoffs between APs within the same “mobility domain.” A mobility domain is a set of APs built to execute fast transitions between them.

The second improvement was the addition of a four-way handshake. This was essential for session key establishment and was also integrated in the previously active 802.11 authentication/association messages. This reduced the delay after re-association pending the completion of the security negotiation and allowed data transmissions to resume faster. The final enhancement packages all call resource requests into new authentication messages exchanged before the re-association.

Until recently, vendors have implemented lower security alternatives such as Wired Equivalent Privacy (WEP) encryption on their Wi-Fi VoIP networks. They have also placed VoIP traffic on different Virtual LANs (VLANs) to keep the rest of the network protected.

IEEE 802.11k

Define radio resource measurement (RRM) parameters for network management and performance enhancement provide mechanisms to higher layers for radio and network measurements

Make measurements from layer 1 and 2 of OSI protocol stack

·         Statical Measurement

o   Characterize the radio environment in long-term statistical sense

·         Identity Measurements

o   Identify stations that affect each other’s performance

Currently APs and clients cannot share channel information

With 802.11k...

ü  Noise histogram

ü  Channel load

ü  Time histogram

AP will know is the channel quality good enough

Clients or APs that other clients or access points can’t hear

With 802.11k...

Clients track hidden nodes and access points query clients with those lists

APs knows now about clients who are on the edge of their cells

Currently are limited to statistics APs maintain

With 802.11k

802.11 MAC statistics

Counts of MSDUs/MPDUs received/transmitted

Counts of Channel utilization in rx & tx direction

Data rate & modulation of last rx and tx

RSSI, RCPI, and signal quality

How it works

1.      Client is moving away AP1, so AP1 informs the client prepare to move to another access point

2.      The Client asks the AP1 to provide it with a list of preferred access points nearby

3.      AP1 responds with a site report

4.      Client moves to the channel of best access point listed in the site report and connects it

IEEE 802.11w 

The IEEE 802.11w wireless encryption standard builds on the 802.11i framework to protect against subtle attacks on wireless LAN (WLAN) management frames. It will increase the confidence of network managers that applications such as wireless VoIP can be depended upon to provide adequate call quality and availability while ensuring wireless security.

The need for strong encryption and authentication for wireless LAN data was recognized as early as 2000.

The IEEE Standards Board has ratified IEEE 802.11w-2009, Standard for Information Technology-Telecommunications and Information Exchange between systems-Local and Metropolitan networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications: Protected Management Frames Amendment.

Defining mechanisms that provide enhanced protection for WLANs, this new amendment to the IEEE 802.11 base standard will help the data communications industry address the escalating security demands placed on WLANs by providing added protection to management frames. IEEE 802.11w defines enhancements such as data integrity, data origin authenticity, replay protection, and data confidentiality.

The IEEE 802.11 standard defines protocols that can be used by interoperable WLAN equipment to provide a variety of capabilities including a wide range of data rates, quality of service, reliability, range optimization, device link options, network management and security.

Microsoft’s Active Directory

Active Directory (AD) is Microsoft’s implementation of directory services. It is based on various standards, but the most important standards are LDAP and X.500 ( a schema based on X.500).

In addition to compliance with LDAP, AD has a few additional features and compatibility such as the close integration of the directory services to Windows domains and Domain Name Service (DNS). The alliance of directory services to Windows domains is the main point to directory scalability. AD security, authentication, and access control are also provided by the combination of the domains to the directory. While this approach works well, the integration of AD to Windows domains forces the choice of Active Directory services when selecting the Windows 2000 operating system.

Security Feature

AD security is not a single setting; it is a compilation of settings that has a few phases and can become very complicated.

The default AD security settings does the basic control of objects, such as user accounts, group accounts, and computer accounts. In small companies, this default configuration might be enough. However, larger companies’ built-in security will be outgrown quickly and additional security settings and design is needed. In order to ensure a secure and stable IT infrastructure, regardless of the size of the company, a firm grasp of AD security settings is required.

During the design phase of AD, the security of AD objects should be considered and documented. The objects that need to be considered for security include:

• Domain controllers
• Servers
• User accounts
• Group accounts
• Client computers
• GPOs
• OUs

The security design for AD must be fulfilled properly in order for it to be effective. Failure to follow the assigned design documents will result the AD to be vulnerable to attacks from both within and outside of the LAN. In addition, AD security is very difficult to audit and track if was not set up with precaution.

Another key aspect of AD security is management. The management phase is important as at this stage that ongoing AD security must be properly maintained. Whether it is giving users the ability to add members to groups or locking down computers that are located in the reception area, the management of the security for AD must be procedural and consistent.

Reference:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa746492(v=vs.85).aspx

Lightweight Directory Access Protocol

 LDAP has been positioned as an open standard for Directory Services. It is a standard way for client applications and Internet Web servers to access on-line directory services over the TCP/IP network. The main purpose is to allow users to have a quick and easy access directory of people and information such as user names, e-mail addresses, and telephone numbers.

LDAP Security Feature

LDAP and especially OpenLDAP have a number of security features which might seem to be a little daunting.

Diagram below provides a perspective of the problem before going into detail. It shows the different kinds of access interfaces and methods to an LDAP system and also, it describes some security issues and the availability of method to manage the risks involved. The reason of this exercise is to determine either a set of security policies or implementation priorities.

All numbers in the descriptions below refer to the Figure above:

1. Remote Communications (1): Remote communication security may or may not be an issue. If you provide unlimited (anonymous) access to non-sensitive LDAP data then the security issue is undecided. 

If all LDAP communications can be guaranteed to happen within a trusted network then people may prefer to administer using a simple clear text password with no additional security.

The growing emphasis on run-time configuration (RTC) (a.k.a cn=config) and monitoring (cn=monitor) is increasingly becoming the norm that turning LDAP browsers into a remote consoles for administering LDAP servers due to their highly sensitivity of security.

2. Passwords (2):  When hashed passwords are sent in a snoop-able data stream they can become accessible to a dictionary attack where, the attacker has the hashed form and runs a list of passwords (a dictionary) through the hashing algorithm until it is found.

Using salt (one or more octets - depending on the utilization- are added to the password before hashing and hence, be removed before comparison) substantially increases the security of hashed passwords. ACLs should be used to restrict access to passwords other than accurately authorized users. An example, a userPassword attribute the following ACL will only allow the attribute to be sent to the owner of the entry or a specific (admin) group of users:

access to attrs=userpassword

 by self       write

 by anonymous  auth

 by group.exact="cn=admin,ou=groups,dc=example,dc=com" write

 by *          none

3. Data (3): The only way in keeping the data snoop-proof which comes from an LDAP server is by encrypting the whole data stream using SSL/TLS (with SASL or without SASL) or Kerberos (SASL). However, there is a disadvantage. Encryption, being a CPU’s comprehensive process and if resource usage or performance is a major consideration then the choice of bulk encryption methods available within the SSL/TLS suite becomes vital (configure SSL/TLS and configure SSL/TLS via SASL).

OpenLDAP provides two capabilities to generate audit information; overlay auditlog (more info use 'man slapo-auditlog') and overlay access log, where both provide features to log changes to the underlying DIT. Access log even provides capabilities to record binds and read/search access as well as save earlier contents of entries and even attributes.

4. Local Access (4): Local access simply referring to any event that happened within the LDAP server or server cluster (or through secured remote access such as provided by the ssh) and including the config files(5) and locally issued commands (6).

References: http://www.tech-faq.com/ldap-security-issues.html

X.500 Security Feature

What is X.500?

The X.500 specification is a standard for how information about objects, like people, and application was being stored, maintained, update, interrogated and even deleted. Entries about objects are organised in a hierarchical structure reflecting the real life hierarchy.

Information in an X.500 directory may be distributed and/or replicated among different directory servers. A directory server is called a Directory System Agent (DSA). A client accessing an X.500 directory is called a Directory User Agent (DUA). A client may also be a Lightweight Directory Access Protocol (LDAP) client.

Security Features

·         Access control –has a standard that defines the security mechanisms to protect information in the directory and also restrict user access to it meaning the users are restrict from seeing it or even modifying the information.

·         Strong authentication – protect against replay and denial-of-service attacks but most importantly, is to build trust between the X.500 directory components which will validates the identity of directory users for access control.

·         Digital signature – a message encrypted by the private key can be decrypted by anyone holding a copy of the public key. If decryption is possible, only the holder of the private key could have sent this message. This technique is used to create digital signatures.

When a message is to be digitally signed, a hash of the message is created. The hash is encrypted using the private key and appended to the message as a digital signature. The receiver decrypts the signature using the public key. It then creates its own hash of the message. If the two hashes are identical, the receiver knows that the message has been transmitted unchanged and that the sender’s identity is known with a high level of certainty. This gives an end-to-end security also in a distributed environment.

GPRS Security Feature, Threats and Solution

General Packet Radio Services (GPRS) that extends GSM data capabilities for Internet access is a packet-based wireless communication service that promises data rates from 56 up to 114Kbps and continuous connection to the Internet for mobile phone and computer users. GPRS is based in Global System for Mobile (GSM) communication. It i a second generation (2G) and third generation (3G) – or sometimes referred to as in-between both generation , 2.5G – wireless data service and complements existing services such circuit-switched cellular phone connections and the multimedia messaging services.

Security Threats and Solution

Attacks on the Mobile Device –unauthorized access to the GPRS network can be regularly retrieved using a stolen mobile device and assuming there is no security locking mechanism (such as password protection) is enabled on the stolen mobile device, an unauthorized user can request services on the GPRS network in disguise as the original owner.

Countermeasures include safeguarding the mobile device with a password or exploit the E-911 location functionality charged by the FCC. Let say a mobile device was stolen, the E-911 mandate requires carriers to implement the capability of location identification through triangulation. However, this functionality is currently being tested and has not been fully implemented.

Attacks on the Radio Path – The radio path make use of the open air, and hence, exposing itself to potential attackers from any outside party within a close enough perimeter to detect the signal. The greatest threat along the radio path is eavesdropping by an unauthorized party. Subscribers use GPRS services with the assumption that the information transmitted to and from their mobile is being safeguarded.

GPRS standards provide algorithms to generate session-unique encryption keys for the specific purpose of jumbling and alteration of the data packets being transmitted across the radio path between a mobile station and the SGSN. Each time an authorized GPRS enabled mobile device registers with the GPRS network, it establishes a session-unique encryption key that is used to encrypt any information which are being transmitted between the mobile station and the SGSN.

Attacks on the Cellular Network – Securing the digital cellular network involve protecting the following GSM network elements: Base Transceiver Subsystem; Base Station Controller;

Mobile Switching Center; Home Location Register; Visitors Location Register. 

Traditionally, these network elements were used strictly to support wireless voice services, but with the introduction of wireless non-voice services such as public Internet data services, these network components have been altered in order to make it possible for non-voice services to use the same network. Implementing these new configurations to support non-voice services not only increased the types of services available to subscribers, but also captivate new network threats.

Concentrating on threats directed specifically at the digital cellular network as contrary to threats coming from the GPRS network, physical security is of utmost importance. Having direct access to one or more of the GSM network elements listed above can result in significant negative business effects. 

Unauthorized access can lead to fraudulent activities, such as invalid and fictitious subscribers loaded into the HLR or VLR, or may lead to network outages (Denial of Service attack). Thus, securing the physical locations of these network elements is vital. It is also important, in knowing exactly who internally has access to these network elements. Access lists and logs should be closely scrutinized and reviewed for suspicious entries. Improving upon this would be implementing preventive security measures such as 24-hour monitoring of the facilities housing network equipment, enforcing valid access times during the day, and performing background checks on switch engineers and others who are hired in as field technicians.

Attacks on the GPRS, Public, and Corporate networks –  It can be distinguished as an attack on the GPRS network because both the public network and private corporate networks are external access points to the GPRS network.

Additional threats to the GPRS network can also come from roaming partner networks (intercarrier services). Attacks originating from the public Internet are becoming more and more experienced. Every day, public IP networks are constantly being interrogate and scanned by external parties. Mostly, tracing the originating path of a scan will reveal an innocent source unaware of the scan. This is being done through the use of IP-spoofing where an attacker can redirect data packets through a third-party’s network, or do some changes to the data packet addressing information. This increases the complexity of securing the GPRS IP-backbone and investigating detected network attacks. 

The first security measure all wireless operators must implement is a firewall at any point of entry to the GPRS network from an external network. Firewalls can be configured in order to allow only legitimate traffic into the GPRS network. However, simply implementing a firewall does not guarantee a full protection from all external attacks. Using network routing techniques, intrusion detection systems, and securing the tunnelling protocols, in addition to firewalls, it will enhance an operator’s ability to protect its GPRS network from external threats.

The same security risks pertaining to physical access from both internal and external parties described in the section, Attacks on the Cellular Network, exist for GPRS network elements (SGSN, GGSN) as well.






Reference: www.brookson.com/gsm/gprs.pdf
                 www.tml.tkk.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf
                 yourfamily.o2.co.uk/assets2/PRODImages/PDF/security.pdf
                 
                 

GSM Security Feature, Threats and Solution

Global system for Mobile communication in short, GSM. It is a digital mobile telephony system and it uses a variation of time division multiple access (TDMA). It is mostly implemented in the three digital wireless telephony technologies (TDMA, GSM and CDMA). CDMA also known as Code Division Multiple Access and it refers to any protocol used in second-generation(2G) and the third-generation (3G) wireless communications.

GSM converts the data into digital form before compression it and finally sending them down a channel with two other streams of user data, each having its own time allocation. It operates at either 900 MHz or 1800 MHz frequency band.

GSM Security Objectives

Concerns

·         Operators – Billing in the right people, prevention of duplicity and protection of services

·         Customers - Privacy and a state of being anonymous.

·         Making the system at least secure as PSTN

 Security Goals

• Prevention of operators from compromising of each others’ security which might cause any thoughtless and competition pressure
• Confidentiality and Anonymity on the radio path
• Strong client authentication in order to protect the operator against any billing fraud

Security Design Requirements

The security mechanism must not

·         Increase error rate

·         Add important overhead on call set up

·         Increase bandwidth of the channel

·         Add any unnecessary misunderstanding to the system.

Instead it should be a cost effective scheme and be able to define security procedures such as

·         Confidentiality of algorithms

·         Generation and distribution of keys

·         Exchanging of information between operators

GSM Security Mechanisms

Features

·         Key management is independency of equipment. An example is when subscribers wants to change physical parts of the equipment, they do not have to worry about the settings they have set earlier  

·         Subscriber identity protection is about the difficulty of  identifying the user of the system intercepting a user data

·         Detection of compromised equipment such as whether a mobile device was being compromised or not

·         Subscriber authentication meaning that the operator must have the authority to know the billing purposes  and also who is using the system

·         Signaling and user data channels must be protected over the radio path

GSM Mobile Station

·         Mobile Equipment (ME)

       Physical mobile device and Identifiers (IMEI – International Mobile Equipment Identity)

·         Subscriber Identity Module (SIM)

       Smart Card which comprises of keys, identifiers and algorithms

       Examples of Identifiers are:

•    K_i – Subscriber Authentication Key
•  IMSI – International Mobile Subscriber Identity
• TMSI – Temporary Mobile Subscriber Identity
•  MSISDN – Mobile Station International Service Digital Network
• PIN – Personal Identity Number protecting a SIM
• LAI – location area identity
• 
  

Subscriber Identity Protection

TMSI – Temporary Mobile Subscriber Identity

Goals

• TMSI is used instead of IMSI as an a temporary subscriber identifier
• TMSI prevents an eavesdropper from identifying of subscribe

Usage

• TMSI is assigned when IMSI is transmitted to AuC on the first phone switch on
• Every time a location update (new MSC) occur the networks assigns  a new TMSI
• TMSI is used by the MS to report to the network or during a call initialization
• Network uses TMSI to communicate with MS
• On MS switch off TMSI is stored on SIM card to be reused next

The Visitor Location Register (VLR) performs assignment, administration and update of the TMSI

Authentication

 Goal

     Subscriber (SIM holder) authentication

     Protection of the network against the unauthorized use

     Create a session key

A3 – MS Authentication Algorithm

A8 – Voice Privacy Key Generation Algorithm

      Logical Implementation of A3 and A8

             Both A3 and A8 algorithms are implemented on the SIM

•           Operator can decides which algorithm to us
• • Algorithms implementation is independent of hardware manufacturers and network    operators
• 
  

COMP128 is used for both A3 and A8 in most GSM networks

COMP128 is a keyed hash function

A5 – Encryption Algorithm

    A5 is a stream cipher and is being implemented very efficiently on hardware and the design was never made public

    Variants:

A5/1 – the strong version

A5/2 – the weak version

A5/3 - GSM Association Security Group and 3GPP design, b

ased on Kasumi algorithm used in 3G mobile systems

• 
  

  
  

  References: 
• www.gsm-security.net/gsm-security-papers.shtml
•                       
• www.blackhat.com/presentations/bh-asia-01/gadiax.ppt
•                       
en.wikipedia.org/wiki/GSM