W7 NS
akhilesh7593
Ch07NetSec6e_accessiblePPT.pptxNetwork Security Essentials: Applications and Standards
Sixth Edition
Chapter 7
Wireless Network Security
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
If this PowerPoint presentation contains mathematical equations, you may need to check that your computer has the following installed:
1) MathType Plugin
2) Math Player (free versions available)
3) NVDA Reader (free versions available)
There are application-specific security mechanisms for a number of application
areas, including electronic mail (S/MIME, PGP), client/server (Kerberos), Web access
(Secure Sockets Layer), and others. However, users have security concerns that
cut across protocol layers. For example, an enterprise can run a secure, private IP
network by disallowing links to untrusted sites, encrypting packets that leave the
premises, and authenticating packets that enter the premises. By implementing security
at the IP level, an organization can ensure secure networking not only for
applications that have security mechanisms but also for the many security-ignorant
applications.
IP-level security encompasses three functional areas: authentication, confidentiality,
and key management. The authentication mechanism assures that a received
packet was, in fact, transmitted by the party identified as the source in the packet
header. In addition, this mechanism assures that the packet has not been altered in
transit. The confidentiality facility enables communicating nodes to encrypt messages
to prevent eavesdropping by third parties. The key management facility is concerned
with the secure exchange of keys.
We begin this chapter with an overview of IP security (IPsec) and an introduction
to the IPsec architecture. We then look at each of the three functional areas in
detail. Appendix D reviews Internet protocols.
Wireless Security (1 of 2)
Some of the key factors contributing to the higher security risk of wireless networks compared to wired networks include:
Channel
Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks
Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocols
Mobility
Wireless devices are far more portable and mobile than wired devices
This mobility results in a number of risks
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Wireless networks, and the wireless devices that use them, introduce a host of security
problems over and above those found in wired networks. Some of the key factors
contributing to the higher security risk of wireless networks compared to wired
networks include the following [MA10]:
• Channel: Wireless networking typically involves broadcast communications,
which is far more susceptible to eavesdropping and jamming than wired networks.
Wireless networks are also more vulnerable to active attacks that exploit
vulnerabilities in communications protocols.
• Mobility: Wireless devices are, in principal and usually in practice, far more
portable and mobile than wired devices. This mobility results in a number of
risks, described subsequently.
• Resources: Some wireless devices, such as smartphones and tablets, have sophisticated
operating systems but limited memory and processing resources
with which to counter threats, including denial of service and malware.
• Accessibility: Some wireless devices, such as sensors and robots, may be left
unattended in remote and/or hostile locations. This greatly increases their vulnerability
to physical attacks.
2
Wireless Security (2 of 2)
Resources
Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware
Accessibility
Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations
This greatly increases their vulnerability to physical attacks
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Figure 7.1 Wireless Networking Components
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
In simple terms, the wireless environment consists of three components that
provide point of attack (Figure 7.1). The wireless client can be a cell phone, a
Wi-Fi–enabled laptop or tablet, a wireless sensor, a Bluetooth device, and so on.
The wireless access point provides a connection to the network or service. Examples
of access points are cell towers, Wi-Fi hotspots, and wireless access points to wired
local or wide area networks. The transmission medium, which carries the radio
waves for data transfer, is also a source of vulnerability.
4
Wireless Network Threats (1 of 4)
Accidental association
Company wireless L A Ns in close proximity may create overlapping transmission ranges
A user intending to connect to one L A N may unintentionally lock on to a wireless access point from a neighboring network
Malicious association
In this situation, a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users and then penetrate a wired network through a legitimate wireless access point
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
[CHOI08] lists the following security threats to wireless networks:
• Accidental association: Company wireless LANs or wireless access points to
wired LANs in close proximity (e.g., in the same or neighboring buildings)
may create overlapping transmission ranges. A user intending to connect to
one LAN may unintentionally lock on to a wireless access point from a neighboring
network. Although the security breach is accidental, it nevertheless exposes
resources of one LAN to the accidental user.
• Malicious association: In this situation, a wireless device is configured to appear
to be a legitimate access point, enabling the operator to steal passwords
from legitimate users and then penetrate a wired network through a legitimate
wireless access point.
• Ad hoc networks: These are peer-to-peer networks between wireless computers
with no access point between them. Such networks can pose a security
threat due to a lack of a central point of control.
• Nontraditional networks: Nontraditional networks and links, such as personal
network Bluetooth devices, barcode readers, and handheld PDAs, pose a security
risk in terms of both eavesdropping and spoofing.
• Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop
on network traffic and identify the MAC address of a computer with
network privileges.
• Man-in-the middle attacks: This type of attack is described in Chapter 3 in
the context of the Diffie-Hellman key exchange protocol. In a broader sense,
this attack involves persuading a user and an access point to believe that they
are talking to each other when in fact the communication is going through an
intermediate attacking device. Wireless networks are particularly vulnerable
to such attacks.
• Denial of service (DoS): This type of attack is discussed in detail in Chapter 10.
In the context of a wireless network, a DoS attack occurs when an attacker
continually bombards a wireless access point or some other accessible wireless
port with various protocol messages designed to consume system resources.
The wireless environment lends itself to this type of attack, because it is so
easy for the attacker to direct multiple wireless messages at the target.
• Network injection: A network injection attack targets wireless access points
that are exposed to nonfiltered network traffic, such as routing protocol messages
or network management messages. An example of such an attack is
one in which bogus reconfiguration commands are used to affect routers and
switches to degrade network performance.
5
Wireless Network Threats (2 of 4)
Ad hoc networks
These are peer-to-peer networks between wireless computers with no access point between them
Such networks can pose a security threat due to a lack of a central point of control
Nontraditional networks
Personal network Bluetooth devices, barcode readers, and handheld P D As pose a security risk in terms of both eavesdropping and spoofing
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
[CHOI08] lists the following security threats to wireless networks:
• Accidental association: Company wireless LANs or wireless access points to
wired LANs in close proximity (e.g., in the same or neighboring buildings)
may create overlapping transmission ranges. A user intending to connect to
one LAN may unintentionally lock on to a wireless access point from a neighboring
network. Although the security breach is accidental, it nevertheless exposes
resources of one LAN to the accidental user.
• Malicious association: In this situation, a wireless device is configured to appear
to be a legitimate access point, enabling the operator to steal passwords
from legitimate users and then penetrate a wired network through a legitimate
wireless access point.
• Ad hoc networks: These are peer-to-peer networks between wireless computers
with no access point between them. Such networks can pose a security
threat due to a lack of a central point of control.
• Nontraditional networks: Nontraditional networks and links, such as personal
network Bluetooth devices, barcode readers, and handheld PDAs, pose a security
risk in terms of both eavesdropping and spoofing.
• Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop
on network traffic and identify the MAC address of a computer with
network privileges.
• Man-in-the middle attacks: This type of attack is described in Chapter 3 in
the context of the Diffie-Hellman key exchange protocol. In a broader sense,
this attack involves persuading a user and an access point to believe that they
are talking to each other when in fact the communication is going through an
intermediate attacking device. Wireless networks are particularly vulnerable
to such attacks.
• Denial of service (DoS): This type of attack is discussed in detail in Chapter 10.
In the context of a wireless network, a DoS attack occurs when an attacker
continually bombards a wireless access point or some other accessible wireless
port with various protocol messages designed to consume system resources.
The wireless environment lends itself to this type of attack, because it is so
easy for the attacker to direct multiple wireless messages at the target.
• Network injection: A network injection attack targets wireless access points
that are exposed to nonfiltered network traffic, such as routing protocol messages
or network management messages. An example of such an attack is
one in which bogus reconfiguration commands are used to affect routers and
switches to degrade network performance.
6
Wireless Network Threats (3 of 4)
Identity theft (M A C spoofing)
This occurs when an attacker is able to eavesdrop on network traffic and identify the M A C address of a computer with network privileges
Man-in-the-middle attacks
This attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device
Wireless networks are particularly vulnerable to such attacks
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
[CHOI08] lists the following security threats to wireless networks:
• Accidental association: Company wireless LANs or wireless access points to
wired LANs in close proximity (e.g., in the same or neighboring buildings)
may create overlapping transmission ranges. A user intending to connect to
one LAN may unintentionally lock on to a wireless access point from a neighboring
network. Although the security breach is accidental, it nevertheless exposes
resources of one LAN to the accidental user.
• Malicious association: In this situation, a wireless device is configured to appear
to be a legitimate access point, enabling the operator to steal passwords
from legitimate users and then penetrate a wired network through a legitimate
wireless access point.
• Ad hoc networks: These are peer-to-peer networks between wireless computers
with no access point between them. Such networks can pose a security
threat due to a lack of a central point of control.
• Nontraditional networks: Nontraditional networks and links, such as personal
network Bluetooth devices, barcode readers, and handheld PDAs, pose a security
risk in terms of both eavesdropping and spoofing.
• Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop
on network traffic and identify the MAC address of a computer with
network privileges.
• Man-in-the middle attacks: This type of attack is described in Chapter 3 in
the context of the Diffie-Hellman key exchange protocol. In a broader sense,
this attack involves persuading a user and an access point to believe that they
are talking to each other when in fact the communication is going through an
intermediate attacking device. Wireless networks are particularly vulnerable
to such attacks.
• Denial of service (DoS): This type of attack is discussed in detail in Chapter 10.
In the context of a wireless network, a DoS attack occurs when an attacker
continually bombards a wireless access point or some other accessible wireless
port with various protocol messages designed to consume system resources.
The wireless environment lends itself to this type of attack, because it is so
easy for the attacker to direct multiple wireless messages at the target.
• Network injection: A network injection attack targets wireless access points
that are exposed to nonfiltered network traffic, such as routing protocol messages
or network management messages. An example of such an attack is
one in which bogus reconfiguration commands are used to affect routers and
switches to degrade network performance.
7
Wireless Network Threats (4 of 4)
Denial of service (D o S)
This attack occurs when an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources
The wireless environment lends itself to this type of attack because it is so easy for the attacker to direct multiple wireless messages at the target
Network injection
This attack targets wireless access points that are exposed to nonfiltered network traffic, such as routing protocol messages or network management messages
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
[CHOI08] lists the following security threats to wireless networks:
• Accidental association: Company wireless LANs or wireless access points to
wired LANs in close proximity (e.g., in the same or neighboring buildings)
may create overlapping transmission ranges. A user intending to connect to
one LAN may unintentionally lock on to a wireless access point from a neighboring
network. Although the security breach is accidental, it nevertheless exposes
resources of one LAN to the accidental user.
• Malicious association: In this situation, a wireless device is configured to appear
to be a legitimate access point, enabling the operator to steal passwords
from legitimate users and then penetrate a wired network through a legitimate
wireless access point.
• Ad hoc networks: These are peer-to-peer networks between wireless computers
with no access point between them. Such networks can pose a security
threat due to a lack of a central point of control.
• Nontraditional networks: Nontraditional networks and links, such as personal
network Bluetooth devices, barcode readers, and handheld PDAs, pose a security
risk in terms of both eavesdropping and spoofing.
• Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop
on network traffic and identify the MAC address of a computer with
network privileges.
• Man-in-the middle attacks: This type of attack is described in Chapter 3 in
the context of the Diffie-Hellman key exchange protocol. In a broader sense,
this attack involves persuading a user and an access point to believe that they
are talking to each other when in fact the communication is going through an
intermediate attacking device. Wireless networks are particularly vulnerable
to such attacks.
• Denial of service (DoS): This type of attack is discussed in detail in Chapter 10.
In the context of a wireless network, a DoS attack occurs when an attacker
continually bombards a wireless access point or some other accessible wireless
port with various protocol messages designed to consume system resources.
The wireless environment lends itself to this type of attack, because it is so
easy for the attacker to direct multiple wireless messages at the target.
• Network injection: A network injection attack targets wireless access points
that are exposed to nonfiltered network traffic, such as routing protocol messages
or network management messages. An example of such an attack is
one in which bogus reconfiguration commands are used to affect routers and
switches to degrade network performance.
8
Securing Wireless Transmissions (1 of 2)
The principal threats to wireless transmission are eavesdropping, altering or inserting messages, and disruption
To deal with eavesdropping, two types of countermeasures are appropriate:
Signal-hiding techniques
Turn off S S I D broadcasting by wireless access points
Assign cryptic names to S S I Ds
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The principal threats to wireless transmission
are eavesdropping, altering or inserting messages, and disruption. To deal with
eavesdropping, two types of countermeasures are appropriate:
• Signal-hiding techniques: Organizations can take a number of measures to
make it more difficult for an attacker to locate their wireless access points,
including turning off service set identifier (SSID) broadcasting by wireless access
points; assigning cryptic names to SSIDs; reducing signal strength to the
lowest level that still provides requisite coverage; and locating wireless access
points in the interior of the building, away from windows and exterior walls.
Greater security can be achieved by the use of directional antennas and of
signal-shielding techniques.
• Encryption: Encryption of all wireless transmission is effective against eavesdropping
to the extent that the encryption keys are secured.
The use of encryption and authentication protocols is the standard method of
countering attempts to alter or insert transmissions.
The methods discussed in Chapter 10 for dealing with DoS apply to wireless
transmissions. Organizations can also reduce the risk of unintentional DoS attacks.
Site surveys can detect the existence of other devices using the same frequency
range, to help determine where to locate wireless access points. Signal strengths can
be adjusted and shielding used in an attempt to isolate a wireless environment from
competing nearby transmissions.
9
Securing Wireless Transmissions (2 of 2)
Reduce signal strength to the lowest level that still provides requisite coverage
Locate wireless access points in the interior of the building, away from windows and exterior walls
Encryption
Is effective against eavesdropping to the extent that the encryption keys are secured
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The principal threats to wireless transmission
are eavesdropping, altering or inserting messages, and disruption. To deal with
eavesdropping, two types of countermeasures are appropriate:
• Signal-hiding techniques: Organizations can take a number of measures to
make it more difficult for an attacker to locate their wireless access points,
including turning off service set identifier (SSID) broadcasting by wireless access
points; assigning cryptic names to SSIDs; reducing signal strength to the
lowest level that still provides requisite coverage; and locating wireless access
points in the interior of the building, away from windows and exterior walls.
Greater security can be achieved by the use of directional antennas and of
signal-shielding techniques.
• Encryption: Encryption of all wireless transmission is effective against eavesdropping
to the extent that the encryption keys are secured.
The use of encryption and authentication protocols is the standard method of
countering attempts to alter or insert transmissions.
The methods discussed in Chapter 10 for dealing with DoS apply to wireless
transmissions. Organizations can also reduce the risk of unintentional DoS attacks.
Site surveys can detect the existence of other devices using the same frequency
range, to help determine where to locate wireless access points. Signal strengths can
be adjusted and shielding used in an attempt to isolate a wireless environment from
competing nearby transmissions.
10
Securing Wireless Access Points
The main threat involving wireless access points is unauthorized access to the network
The principal approach for preventing such access is the I E E E 802.1x standard for port-based network access control
The standard provides an authentication mechanism for devices wishing to attach to a L A N or wireless network
The use of 802.1x can prevent rogue access points and other unauthorized devices from becoming insecure backdoors
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The main threat involving wireless access
points is unauthorized access to the network. The principal approach for preventing
such access is the IEEE 802.1X standard for port-based network access control. The
standard provides an authentication mechanism for devices wishing to attach to a
LAN or wireless network. The use of 802.1X can prevent rogue access points and
other unauthorized devices from becoming insecure backdoors.
Section 5.3 provides an introduction to 802.1X.
11
Securing Wireless Networks
Use encryption
Use antivirus, antispyware software and a firewall
Turn off identifier broadcasting
Change the identifier on your router from the default
Change your router’s pre-set password for administration
Allow only specific computers to access your wireless network
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
[CHOI08] recommends the following techniques for
wireless network security:
1. Use encryption. Wireless routers are typically equipped with built-in encryption
mechanisms for router-to-router traffic.
2. Use antivirus and antispyware software, and a firewall. These facilities should
be enabled on all wireless network endpoints.
3. Turn off identifier broadcasting. Wireless routers are typically configured to
broadcast an identifying signal so that any device within range can learn of the
router’s existence. If a network is configured so that authorized devices know
the identity of routers, this capability can be disabled, so as to thwart attackers.
4. Change the identifier on your router from the default. Again, this measure
thwarts attackers who will attempt to gain access to a wireless network using
default router identifiers.
5. Change your router’s pre-set password for administration. This is another prudent
step.
6. Allow only specific computers to access your wireless network. A router can
be configured to only communicate with approved MAC addresses. Of course,
MAC addresses can be spoofed, so this is just one element of a security strategy.
12
Mobile Device Security
Mobile devices have become an essential element for organizations as part of the overall network infrastructure
Prior to the widespread use of smartphones, network security was based upon clearly defined perimeters that separated trusted internal networks from the untrusted Internet
Due to massive changes, an organization’s networks must now accommodate:
Growing use of new devices
Cloud-based applications
De-perimeterization
External business requirements
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Prior to the widespread use of smartphones, the dominant paradigm for computer
and network security in organizations was as follows. Corporate IT was tightly controlled.
User devices were typically limited to Windows PCs. Business applications
were controlled by IT and either run locally on endpoints or on physical servers
in data centers. Network security was based upon clearly defined perimeters that
separated trusted internal networks from the untrusted Internet. Today, there have
been massive changes in each of these assumptions. An organization’s networks
must accommodate the following:
• Growing use of new devices: Organizations are experiencing significant growth
in employee use of mobile devices. In many cases, employees are allowed to
use a combination of endpoint devices as part of their day-to-day activities.
• Cloud-based applications: Applications no longer run solely on physical
servers in corporate data centers. Quite the opposite, applications can run
anywhere—on traditional physical servers, on mobile virtual servers, or in the
cloud. Additionally, end users can now take advantage of a wide variety of
cloud-based applications and IT services for personal and professional use.
Facebook can be used for an employee’s personal profiles or as a component
of a corporate marketing campaign. Employees depend upon Skype to speak
with friends abroad or for legitimate business video conferencing. Dropbox
and Box can be used to distribute documents between corporate and personal
devices for mobility and user productivity.
• De-perimeterization: Given new device proliferation, application mobility,
and cloud-based consumer and corporate services, the notion of a static network
perimeter is all but gone. Now there are a multitude of network perimeters
around devices, applications, users, and data. These perimeters have also
become quite dynamic as they must adapt to various environmental conditions
such as user role, device type, server virtualization mobility, network location,
and time-of-day.
• External business requirements: The enterprise must also provide guests,
third-party contractors, and business partners network access using various
devices from a multitude of locations.
The central element in all of these changes is the mobile computing device.
Mobile devices have become an essential element for organizations as part of the
overall network infrastructure. Mobile devices such as smartphones, tablets, and
memory sticks provide increased convenience for individuals as well as the potential
for increased productivity in the workplace. Because of their widespread use and
unique characteristics, security for mobile devices is a pressing and complex issue.
In essence, an organization needs to implement a security policy through a combination
of security features built into the mobile devices and additional security controls
provided by network components that regulate the use of the mobile devices.
13
Security Threats (1 of 3)
Major security concerns for mobile devices:
Lack of physical security controls
The security policy for mobile devices must be based on the assumption that any mobile device may be stolen or at least accessed by a malicious party
Use of untrusted mobile devices
The organization must assume that not all devices are trustworthy
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Mobile devices need additional, specialized protection measures beyond those
implemented for other client devices, such as desktop and laptop devices that are
used only within the organization’s facilities and on the organization’s networks.
SP 800-14 (Guidelines for Managing and Securing Mobile Devices in the Enterprise ,
July 2012) lists seven major security concerns for mobile devices. We examine each
of these in turn.
Lack of Physical Security Controls
Mobile devices are typically under the complete
control of the user, and are used and kept in a variety of locations outside the
organization’s control, including off premises. Even if a device is required to remain
on premises, the user may move the device within the organization between secure
and nonsecured locations. Thus, theft and tampering are realistic threats.
The security policy for mobile devices must be based on the assumption that
any mobile device may be stolen or at least accessed by a malicious party. The threat
is twofold: A malicious party may attempt to recover sensitive data from the device
itself, or may use the device to gain access to the organization’s resources.
Use of Untrusted Mobile Devices
In addition to company-issued and company controlled
mobile devices, virtually all employees will have personal smartphones
and/or tablets. The organization must assume that these devices are not trustworthy.
That is, the devices may not employ encryption and either the user or a third
party may have installed a bypass to the built-in restrictions on security, operating
system use, and so on.
Use of Untrusted Networks
If a mobile device is used on premises, it can connect
to organization resources over the organization’s own in-house wireless networks.
However, for off-premises use, the user will typically access organizational
resources via Wi-Fi or cellular access to the Internet and from the Internet to the
organization. Thus, traffic that includes an off-premises segment is potentially susceptible
to eavesdropping or man-in-the-middle types of attacks. Thus, the security
policy must be based on the assumption that the networks between the mobile device
and the organization are not trustworthy.
Use of Applications Created by Unknown Parties
By design, it is easy to find
and install third-party applications on mobile devices. This poses the obvious risk of
installing malicious software. An organization has several options for dealing with
this threat, as described subsequently.
Interaction with Other Systems
A common feature found on smartphones and
tablets is the ability to automatically synchronize data, apps, contacts, photos, and
so on with other computing devices and with cloud-based storage. Unless an organization
has control of all the devices involved in synchronization, there is considerable
risk of the organization’s data being stored in an unsecured location, plus the
risk of the introduction of malware.
Use of Untrusted Content
Mobile devices may access and use content that other
computing devices do not encounter. An example is the Quick Response (QR)
code, which is a two-dimensional barcode. QR codes are designed to be captured
by a mobile device camera and used by the mobile device. The QR code translates
to a URL, so that a malicious QR code could direct the mobile device to malicious
Web sites.
Use of Location Services
The GPS capability on mobile devices can be used to
maintain a knowledge of the physical location of the device. While this feature
might be useful to an organization as part of a presence service, it creates security
risks. An attacker can use the location information to determine where the device
and user are located, which may be of use to the attacker.
14
Security Threats (2 of 3)
Use of untrusted networks
The security policy must be based on the assumption that the networks between the mobile device and the organization are not trustworthy
Use of untrusted content
Mobile devices may access and use content that other computing devices do not encounter
Use of applications created by unknown parties
It is easy to find and install third-party applications on mobile devices and this poses the risk of installing malicious software
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Mobile devices need additional, specialized protection measures beyond those
implemented for other client devices, such as desktop and laptop devices that are
used only within the organization’s facilities and on the organization’s networks.
SP 800-14 (Guidelines for Managing and Securing Mobile Devices in the Enterprise ,
July 2012) lists seven major security concerns for mobile devices. We examine each
of these in turn.
Lack of Physical Security Controls
Mobile devices are typically under the complete
control of the user, and are used and kept in a variety of locations outside the
organization’s control, including off premises. Even if a device is required to remain
on premises, the user may move the device within the organization between secure
and nonsecured locations. Thus, theft and tampering are realistic threats.
The security policy for mobile devices must be based on the assumption that
any mobile device may be stolen or at least accessed by a malicious party. The threat
is twofold: A malicious party may attempt to recover sensitive data from the device
itself, or may use the device to gain access to the organization’s resources.
Use of Untrusted Mobile Devices
In addition to company-issued and company controlled
mobile devices, virtually all employees will have personal smartphones
and/or tablets. The organization must assume that these devices are not trustworthy.
That is, the devices may not employ encryption and either the user or a third
party may have installed a bypass to the built-in restrictions on security, operating
system use, and so on.
Use of Untrusted Networks
If a mobile device is used on premises, it can connect
to organization resources over the organization’s own in-house wireless networks.
However, for off-premises use, the user will typically access organizational
resources via Wi-Fi or cellular access to the Internet and from the Internet to the
organization. Thus, traffic that includes an off-premises segment is potentially susceptible
to eavesdropping or man-in-the-middle types of attacks. Thus, the security
policy must be based on the assumption that the networks between the mobile device
and the organization are not trustworthy.
Use of Applications Created by Unknown Parties
By design, it is easy to find
and install third-party applications on mobile devices. This poses the obvious risk of
installing malicious software. An organization has several options for dealing with
this threat, as described subsequently.
Interaction with Other Systems
A common feature found on smartphones and
tablets is the ability to automatically synchronize data, apps, contacts, photos, and
so on with other computing devices and with cloud-based storage. Unless an organization
has control of all the devices involved in synchronization, there is considerable
risk of the organization’s data being stored in an unsecured location, plus the
risk of the introduction of malware.
Use of Untrusted Content
Mobile devices may access and use content that other
computing devices do not encounter. An example is the Quick Response (QR)
code, which is a two-dimensional barcode. QR codes are designed to be captured
by a mobile device camera and used by the mobile device. The QR code translates
to a URL, so that a malicious QR code could direct the mobile device to malicious
Web sites.
Use of Location Services
The GPS capability on mobile devices can be used to
maintain a knowledge of the physical location of the device. While this feature
might be useful to an organization as part of a presence service, it creates security
risks. An attacker can use the location information to determine where the device
and user are located, which may be of use to the attacker.
15
Security Threats (3 of 3)
Interaction with other systems
Unless an organization has control of all the devices involved in synchronization, there is considerable risk of the organization’s data being stored in an unsecured location, plus the risk of the introduction of malware
Use of location services
An attacker can use location information to determine where the device and user are located, which may be of use to the attacker
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Mobile devices need additional, specialized protection measures beyond those
implemented for other client devices, such as desktop and laptop devices that are
used only within the organization’s facilities and on the organization’s networks.
SP 800-14 (Guidelines for Managing and Securing Mobile Devices in the Enterprise ,
July 2012) lists seven major security concerns for mobile devices. We examine each
of these in turn.
Lack of Physical Security Controls
Mobile devices are typically under the complete
control of the user, and are used and kept in a variety of locations outside the
organization’s control, including off premises. Even if a device is required to remain
on premises, the user may move the device within the organization between secure
and nonsecured locations. Thus, theft and tampering are realistic threats.
The security policy for mobile devices must be based on the assumption that
any mobile device may be stolen or at least accessed by a malicious party. The threat
is twofold: A malicious party may attempt to recover sensitive data from the device
itself, or may use the device to gain access to the organization’s resources.
Use of Untrusted Mobile Devices
In addition to company-issued and company controlled
mobile devices, virtually all employees will have personal smartphones
and/or tablets. The organization must assume that these devices are not trustworthy.
That is, the devices may not employ encryption and either the user or a third
party may have installed a bypass to the built-in restrictions on security, operating
system use, and so on.
Use of Untrusted Networks
If a mobile device is used on premises, it can connect
to organization resources over the organization’s own in-house wireless networks.
However, for off-premises use, the user will typically access organizational
resources via Wi-Fi or cellular access to the Internet and from the Internet to the
organization. Thus, traffic that includes an off-premises segment is potentially susceptible
to eavesdropping or man-in-the-middle types of attacks. Thus, the security
policy must be based on the assumption that the networks between the mobile device
and the organization are not trustworthy.
Use of Applications Created by Unknown Parties
By design, it is easy to find
and install third-party applications on mobile devices. This poses the obvious risk of
installing malicious software. An organization has several options for dealing with
this threat, as described subsequently.
Interaction with Other Systems
A common feature found on smartphones and
tablets is the ability to automatically synchronize data, apps, contacts, photos, and
so on with other computing devices and with cloud-based storage. Unless an organization
has control of all the devices involved in synchronization, there is considerable
risk of the organization’s data being stored in an unsecured location, plus the
risk of the introduction of malware.
Use of Untrusted Content
Mobile devices may access and use content that other
computing devices do not encounter. An example is the Quick Response (QR)
code, which is a two-dimensional barcode. QR codes are designed to be captured
by a mobile device camera and used by the mobile device. The QR code translates
to a URL, so that a malicious QR code could direct the mobile device to malicious
Web sites.
Use of Location Services
The GPS capability on mobile devices can be used to
maintain a knowledge of the physical location of the device. While this feature
might be useful to an organization as part of a presence service, it creates security
risks. An attacker can use the location information to determine where the device
and user are located, which may be of use to the attacker.
16
Figure 7.2 Mobile Device Security Elements
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
With the threats listed in the preceding discussion in mind, we outline the principal
elements of a mobile device security strategy. They fall into three categories: device
security, client/server traffic security, and barrier security (Figure 7.2).
Device Security
A number of organizations will supply mobile devices for employee
use and preconfigure those devices to conform to the enterprise security policy.
However, many organizations will find it convenient or even necessary to adopt a bring-your-
own-device (BYOD) policy that allows the personal mobile devices of employees
to have access to corporate resources. IT managers should be able to inspect each
device before allowing network access. IT will want to establish configuration guidelines
for operating systems and applications. For example, “rooted” or “jail-broken”
devices are not permitted on the network, and mobile devices cannot store corporate
contacts on local storage. Whether a device is owned by the organization or BYOD, the
organization should configure the device with security controls, including the following:
• Enable auto-lock, which causes the device to lock if it has not been used for a
given amount of time, requiring the user to re-enter a four-digit PIN or a password
to re-activate the device.
• Enable password or PIN protection. The PIN or password is needed to unlock
the device. In addition, it can be configured so that e-mail and other data on
the device are encrypted using the PIN or password and can only be retrieved
with the PIN or password.
• Avoid using auto-complete features that remember user names or passwords.
• Enable remote wipe.
• Ensure that SSL protection is enabled, if available.
• Make sure that software, including operating systems and applications, is up
to date.
• Install antivirus software as it becomes available.
• Either sensitive data should be prohibited from storage on the mobile device
or it should be encrypted.
• IT staff should also have the ability to remotely access devices, wipe the device
of all data, and then disable the device in the event of loss or theft.
• The organization may prohibit all installation of third-party applications,
implement white-listing to prohibit installation of all unapproved applications,
or implement a secure sandbox that isolates the organization’s data and
applications from all other data and applications on the mobile device. Any
application that is on an approved list should be accompanied by a digital
signature and a public-key certificate from an approved authority.
• The organization can implement and enforce restrictions on what devices can
synchronize and on the use of cloud-based storage.
• To deal with the threat of untrusted content, security responses can include
training of personnel on the risks inherent in untrusted content and disabling
camera use on corporate mobile devices.
• To counter the threat of malicious use of location services, the security policy
can dictate that such service is disabled on all mobile devices.
Traffic Security
Traffic security is based on the usual mechanisms for encryption
and authentication. All traffic should be encrypted and travel by secure means, such
as SSL or IPv6. Virtual private networks (VPNs) can be configured so that all traffic
between the mobile device and the organization’s network is via a VPN.
A strong authentication protocol should be used to limit the access from the
device to the resources of the organization. Often, a mobile device has a single
device-specific authenticator, because it is assumed that the device has only one
user. A preferable strategy is to have a two-layer authentication mechanism, which
involves authenticating the device and then authenticating the user of the device.
Barrier Security
The organization should have security mechanisms to protect the
network from unauthorized access. The security strategy can also include firewall policies
specific to mobile device traffic. Firewall policies can limit the scope of data and
application access for all mobile devices. Similarly, intrusion detection and intrusion
prevention systems can be configured to have tighter rules for mobile device traffic.
17
I E E E 802.11 Wireless L A N Overview
I E E E 802 is a committee that has developed standards for a wide range of local area networks (L A Ns)
In 1990 the I E E E 802 Committee formed a new working group, I E E E 802.11, with a charter to develop a protocol and transmission specifications for wireless L A Ns (W L A Ns)
Since that time, the demand for W L A Ns at different frequencies and data rates has exploded
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
IEEE 802 is a committee that has developed standards for a wide range of local
area networks (LANs). In 1990, the IEEE 802 Committee formed a new working
group, IEEE 802.11, with a charter to develop a protocol and transmission
specifications for wireless LANs (WLANs). Since that time, the demand for
WLANs at different frequencies and data rates has exploded. Keeping pace
with this demand, the IEEE 802.11 working group has issued an ever-expanding
list of standards.
18
Table 7.1 I E E E 802.11 Terminology
| Access point (A P) | Any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations. |
| Basic service set (B S S) | A set of stations controlled by a single coordination function. |
| Coordination function | The logical function that determines when a station operating within a BSS is permitted to transmit and may be able to receive P D Us. |
| Distribution system | A system used to interconnect a set of B S Ss and integrated L A Ns to create an E S S. |
| Extended service set (E S S) | A set of one or more interconnected B S Ss and integrated L A Ns that appear as a single B S S to the L L C layer at any station associated with one of these B S Ss. |
| M A C protocol data unit (H P D U) | The unit of data exchanged between two peer M A C entities using the services of the physical layer. |
| M A C service data unit (H S D U) | Information that is delivered as a unit between M A C users. |
| Station | Any device that contains an I E E E 802.11 conformant M A C and physical layer. |
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
19
Table 7.1 briefly defines key terms used in the IEEE 802.11
standard. Table is on page 215 in the textbook.
Wi-Fi Alliance (1 of 2)
The first 802.11 standard to gain broad industry acceptance was 802.11b
Wireless Ethernet Compatibility Alliance (W E C A)
An industry consortium formed in 1999
Subsequently renamed the Wi-Fi (Wireless Fidelity) Alliance
Created a test suite to certify interoperability for 802.11 products
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The first 802.11 standard to gain broad industry acceptance was 802.11b. Although
802.11b products are all based on the same standard, there is always a concern
whether products from different vendors will successfully interoperate. To meet
this concern, the Wireless Ethernet Compatibility Alliance (WECA), an industry
consortium, was formed in 1999. This organization, subsequently renamed the
Wi-Fi (Wireless Fidelity) Alliance, created a test suite to certify interoperability for
802.11b products. The term used for certified 802.11b products is Wi-Fi . Wi-Fi certification
has been extended to 802.11g products. The Wi-Fi Alliance has also developed
a certification process for 802.11a products, called Wi-Fi5 . The Wi-Fi Alliance
is concerned with a range of market areas for WLANs, including enterprise, home,
and hot spots.
More recently, the Wi-Fi Alliance has developed certification procedures for
IEEE 802.11 security standards, referred to as Wi-Fi Protected Access (WPA). The
most recent version of WPA, known as WPA2, incorporates all of the features of
the IEEE 802.11i WLAN security specification.
20
Wi-Fi Alliance (2 of 2)
Wi-Fi
The term used for certified 802.11b products
Has been extended to 802.11g products
Wi-Fi5
A certification process for 802.11a products that was developed by the Wi-Fi Alliance
Recently the Wi-Fi Alliance has developed certification procedures for I E E E 802.11 security standards
Referred to as Wi-Fi Protected Access (W P A)
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The first 802.11 standard to gain broad industry acceptance was 802.11b. Although
802.11b products are all based on the same standard, there is always a concern
whether products from different vendors will successfully interoperate. To meet
this concern, the Wireless Ethernet Compatibility Alliance (WECA), an industry
consortium, was formed in 1999. This organization, subsequently renamed the
Wi-Fi (Wireless Fidelity) Alliance, created a test suite to certify interoperability for
802.11b products. The term used for certified 802.11b products is Wi-Fi . Wi-Fi certification
has been extended to 802.11g products. The Wi-Fi Alliance has also developed
a certification process for 802.11a products, called Wi-Fi5 . The Wi-Fi Alliance
is concerned with a range of market areas for WLANs, including enterprise, home,
and hot spots.
More recently, the Wi-Fi Alliance has developed certification procedures for
IEEE 802.11 security standards, referred to as Wi-Fi Protected Access (WPA). The
most recent version of WPA, known as WPA2, incorporates all of the features of
the IEEE 802.11i WLAN security specification.
21
Figure 7.3 I E E E 802.11 Protocol Stack
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Before proceeding, we need to briefly preview the IEEE 802 protocol architecture.
IEEE 802.11 standards are defined within the structure of a layered set of protocols.
This structure, used for all IEEE 802 standards, is illustrated in Figure 7.3.
Physical Layer
The lowest layer of the IEEE 802 reference model is the physical
layer, which includes such functions as encoding/decoding of signals and bit transmission/
reception. In addition, the physical layer includes a specification of the
transmission medium. In the case of IEEE 802.11, the physical layer also defines
frequency bands and antenna characteristics.
Media Access Control
All LANs consist of collections of devices that share the network’s
transmission capacity. Some means of controlling access to the transmission
medium is needed to provide an orderly and efficient use of that capacity. This is
the function of a media access control (MAC) layer. The MAC layer receives data
from a higher-layer protocol, typically the Logical Link Control (LLC) layer, in the
form of a block of data known as the MAC service data unit (MSDU). In general,
the MAC layer performs the following functions:
• On transmission, assemble data into a frame, known as a MAC protocol data
unit (MPDU) with address and error-detection fields.
• On reception, disassemble frame, and perform address recognition and error
detection.
• Govern access to the LAN transmission medium.
Logical Link Control
In most data-link control protocols, the data-link protocol
entity is responsible not only for detecting errors using the CRC, but for recovering
from those errors by retransmitting damaged frames. In the LAN protocol architecture,
these two functions are split between the MAC and LLC layers. The MAC
layer is responsible for detecting errors and discarding any frames that contain errors.
The LLC layer optionally keeps track of which frames have been successfully
received and retransmits unsuccessful frames.
22
Figure 7.4 General I E E E 802 M P D U Format
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The exact format of the MPDU differs somewhat for the various MAC protocols
in use. In general, all of the MPDUs have a format similar to that of Figure 7.4.
The fields of this frame are as follows.
• MAC Control: This field contains any protocol control information needed
for the functioning of the MAC protocol. For example, a priority level could
be indicated here.
• Destination MAC Address: The destination physical address on the LAN for
this MPDU.
• Source MAC Address: The source physical address on the LAN for this
MPDU.
• MAC Service Data Unit: The data from the next higher layer.
• CRC: The cyclic redundancy check field; also known as the Frame Check
Sequence (FCS) field. This is an error-detecting code, such as that which is
used in other data-link control protocols. The CRC is calculated based on the
bits in the entire MPDU. The sender calculates the CRC and adds it to the
frame. The receiver performs the same calculation on the incoming MPDU
and compares that calculation to the CRC field in that incoming MPDU. If the
two values don’t match, then one or more bits have been altered in transit.
The fields preceding the MSDU field are referred to as the MAC header, and
the field following the MSDU field is referred to as the MAC trailer. The header
and trailer contain control information that accompany the data field and that are
used by the MAC protocol.
23
Figure 7.5 I E E E 802.11 Extended Service Set
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Figure 7.5 illustrates the model developed by the 802.11 working group. The smallest
building block of a wireless LAN is a basic service set (BSS) , which consists of
wireless stations executing the same MAC protocol and competing for access to the
same shared wireless medium. A BSS may be isolated, or it may connect to a backbone
distribution system (DS) through an access point (AP) . The AP functions as a
bridge and a relay point. In a BSS, client stations do not communicate directly with
one another. Rather, if one station in the BSS wants to communicate with another
station in the same BSS, the MAC frame is first sent from the originating station to
the AP and then from the AP to the destination station. Similarly, a MAC frame
from a station in the BSS to a remote station is sent from the local station to the AP
and then relayed by the AP over the DS on its way to the destination station. The
BSS generally corresponds to what is referred to as a cell in the literature. The DS
can be a switch, a wired network, or a wireless network.
When all the stations in the BSS are mobile stations that communicate directly
with one another (not using an AP), the BSS is called an independent BSS (IBSS) .
An IBSS is typically an ad hoc network. In an IBSS, the stations all communicate
directly, and no AP is involved.
A simple configuration is shown in Figure 7.5, in which each station belongs
to a single BSS; that is, each station is within wireless range only of other stations
within the same BSS. It is also possible for two BSSs to overlap geographically, so
that a single station could participate in more than one BSS. Furthermore, the association
between a station and a BSS is dynamic. Stations may turn off, come within
range, and go out of range.
An extended service set (ESS) consists of two or more basic service sets interconnected
by a distribution system. The extended service set appears as a single
logical LAN to the logical link control (LLC) level.
24
Table 7.2 I E E E 802.11 Services
| Service | Provider | Used to support |
| Association | Distribution system | M S D U delivery |
| Authentication | Station | L A N access and security |
| Deauthentication | Station | L A N access and security |
| Distribution | Distribution system | M S D U delivery |
| Dissassociation | Distribution system | M S D U delivery |
| Integration | Distribution system | M S D U delivery |
| M S D U delivery | Station | M S D U delivery |
| Privacy | Station | L A N access and security |
| Reassociation | Distribution system | M S D U delivery |
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
IEEE 802.11 defines nine services that need to be provided by the wireless LAN to
achieve functionality equivalent to that which is inherent to wired LANs. Table 7.2
lists the services and indicates two ways of categorizing them.
1. The service provider can be either the station or the DS. Station services are
implemented in every 802.11 station, including AP stations. Distribution
services are provided between BSSs; these services may be implemented
in an AP or in another special-purpose device attached to the distribution
system.
2. Three of the services are used to control IEEE 802.11 LAN access and confidentiality.
Six of the services are used to support delivery of MSDUs between
stations. If the MSDU is too large to be transmitted in a single MPDU, it may
be fragmented and transmitted in a series of MPDUs.
Following the IEEE 802.11 document, we next discuss the services in an order
designed to clarify the operation of an IEEE 802.11 ESS network. MSDU delivery,
which is the basic service, already has been mentioned. Services related to security
are introduced in Section 7.4.
25
Distribution of Messages Within a D S
The two services involved with the distribution of messages within a D S are:
Integration
Enables transfer of data between a station on an I E E E 802.11 L A N and a station on an integrated I E E E 802.x L A N
Takes care of any address translation and media conversion logic required for the exchange of data
Distribution
The primary service used by stations to exchange M P D Us when the M P D Us must traverse the D S to get from a station in one B S S to a station in another B S S
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The two services involved with the distribution
of messages within a DS are distribution and integration. Distribution is
the primary service used by stations to exchange MPDUs when the MPDUs must
traverse the DS to get from a station in one BSS to a station in another BSS. For
example, suppose a frame is to be sent from station 2 (STA 2) to station 7 (STA 7)
in Figure 7.5. The frame is sent from STA 2 to AP 1, which is the AP for this BSS.
The AP gives the frame to the DS, which has the job of directing the frame to the
AP associated with STA 7 in the target BSS. AP 2 receives the frame and forwards
it to STA 7. How the message is transported through the DS is beyond the scope of
the IEEE 802.11 standard.
If the two stations that are communicating are within the same BSS, then the
distribution service logically goes through the single AP of that BSS.
The integration service enables transfer of data between a station on an IEEE
802.11 LAN and a station on an integrated IEEE 802.x LAN. The term integrated
refers to a wired LAN that is physically connected to the DS and whose stations
may be logically connected to an IEEE 802.11 LAN via the integration service. The
integration service takes care of any address translation and media conversion logic
required for the exchange of data.
26
Association-Related Services (1 of 4)
Transition types based on mobility:
No transition
A station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single B S S
B S S transition
This is defined as a station movement from one B S S to another B S S within the same E S S
In this case, delivery of data to the station requires that the addressing capability be able to recognize the new location of the station
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The primary purpose of the MAC layer is to transfer
MSDUs between MAC entities; this purpose is fulfilled by the distribution service.
For that service to function, it requires information about stations within the ESS
that is provided by the association-related services. Before the distribution service
can deliver data to or accept data from a station, that station must be associated .
Before looking at the concept of association, we need to describe the concept of
mobility. The standard defines three transition types, based on mobility:
• No transition: A station of this type is either stationary or moves only
within the direct communication range of the communicating stations of a
single BSS.
• BSS transition: This is defined as a station movement from one BSS to another
BSS within the same ESS. In this case, delivery of data to the station
requires that the addressing capability be able to recognize the new location of
the station.
• ESS transition: This is defined as a station movement from a BSS in one ESS
to a BSS within another ESS. This case is supported only in the sense that
the station can move. Maintenance of upper-layer connections supported by
802.11 cannot be guaranteed. In fact, disruption of service is likely to occur.
27
Association-Related Services (2 of 4)
E S S transition
This is defined as a station movement from a B S S in one E S S to a B S S within another E S S
Maintenance of upper-layer connections supported by 802.11 cannot be guaranteed
Disruption of service is likely to occur
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The primary purpose of the MAC layer is to transfer
MSDUs between MAC entities; this purpose is fulfilled by the distribution service.
For that service to function, it requires information about stations within the ESS
that is provided by the association-related services. Before the distribution service
can deliver data to or accept data from a station, that station must be associated .
Before looking at the concept of association, we need to describe the concept of
mobility. The standard defines three transition types, based on mobility:
• No transition: A station of this type is either stationary or moves only
within the direct communication range of the communicating stations of a
single BSS.
• BSS transition: This is defined as a station movement from one BSS to another
BSS within the same ESS. In this case, delivery of data to the station
requires that the addressing capability be able to recognize the new location of
the station.
• ESS transition: This is defined as a station movement from a BSS in one ESS
to a BSS within another ESS. This case is supported only in the sense that
the station can move. Maintenance of upper-layer connections supported by
802.11 cannot be guaranteed. In fact, disruption of service is likely to occur.
28
Association-Related Services (3 of 4)
To deliver a message within a D S, the distribution service needs to know the identity of the A P to which the message should be delivered in order for that message to reach the destination station
Three services relate to a station maintaining an association with the A P within its current B S S:
Association
Establishes an initial association between a station and an A P
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
To deliver a message within a DS, the distribution service needs to know
where the destination station is located. Specifically, the DS needs to know the
identity of the AP to which the message should be delivered in order for that message
to reach the destination station. To meet this requirement, a station must
maintain an association with the AP within its current BSS. Three services relate
to this requirement:
• Association: Establishes an initial association between a station and an AP.
Before a station can transmit or receive frames on a wireless LAN, its identity
and address must be known. For this purpose, a station must establish an association
with an AP within a particular BSS. The AP can then communicate
this information to other APs within the ESS to facilitate routing and delivery
of addressed frames.
• Reassociation: Enables an established association to be transferred from one
AP to another, allowing a mobile station to move from one BSS to another.
• Disassociation: A notification from either a station or an AP that an existing
association is terminated. A station should give this notification before leaving
an ESS or shutting down. However, the MAC management facility protects
itself against stations that disappear without notification.
29
Association-Related Services (4 of 4)
Reassociation
Enables an established association to be transferred from one A P to another, allowing a mobile station to move from one B S S to another
Disassociation
A notification from either a station or an A P that an existing association is terminated
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
To deliver a message within a DS, the distribution service needs to know
where the destination station is located. Specifically, the DS needs to know the
identity of the AP to which the message should be delivered in order for that message
to reach the destination station. To meet this requirement, a station must
maintain an association with the AP within its current BSS. Three services relate
to this requirement:
• Association: Establishes an initial association between a station and an AP.
Before a station can transmit or receive frames on a wireless LAN, its identity
and address must be known. For this purpose, a station must establish an association
with an AP within a particular BSS. The AP can then communicate
this information to other APs within the ESS to facilitate routing and delivery
of addressed frames.
• Reassociation: Enables an established association to be transferred from one
AP to another, allowing a mobile station to move from one BSS to another.
• Disassociation: A notification from either a station or an AP that an existing
association is terminated. A station should give this notification before leaving
an ESS or shutting down. However, the MAC management facility protects
itself against stations that disappear without notification.
30
I E E E 802.11I Wireless LAN Security (1 of 2)
There is an increased need for robust security services and mechanisms for wireless L A Ns
Wired Equivalent Privacy (W E P)
The privacy portion of the 802.11 standard
Contained major weaknesses
Wi-Fi Protected Access (W P A)
A set of security mechanisms that eliminates most 802.11 security issues
Based on the current state of the 802.11i standard
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
There are two characteristics of a wired LAN that are not inherent in a wireless
LAN.
1. In order to transmit over a wired LAN, a station must be physically connected
to the LAN. On the other hand, with a wireless LAN, any station within radio
range of the other devices on the LAN can transmit. In a sense, there is a form
of authentication with a wired LAN in that it requires some positive and presumably
observable action to connect a station to a wired LAN.
2. Similarly, in order to receive a transmission from a station that is part of a
wired LAN, the receiving station also must be attached to the wired LAN.
On the other hand, with a wireless LAN, any station within radio range can
receive. Thus, a wired LAN provides a degree of privacy, limiting reception of
data to stations connected to the LAN.
These differences between wired and wireless LANs suggest the increased
need for robust security services and mechanisms for wireless LANs. The original
802.11 specification included a set of security features for privacy and authentication
that were quite weak. For privacy, 802.11 defined the Wired Equivalent
Privacy (WEP) algorithm. The privacy portion of the 802.11 standard contained
major weaknesses. Subsequent to the development of WEP, the 802.11i task
group has developed a set of capabilities to address the WLAN security issues.
In order to accelerate the introduction of strong security into WLANs, the Wi-Fi
Alliance promulgated Wi-Fi Protected Access (WPA) as a Wi-Fi standard. WPA
is a set of security mechanisms that eliminates most 802.11 security issues and
was based on the current state of the 802.11i standard. The final form of the
802.11i standard is referred to as Robust Security Network (RSN) . The Wi-Fi
Alliance certifies vendors in compliance with the full 802.11i specification under
the WPA2 program.
The RSN specification is quite complex, and occupies 145 pages of the 2012
IEEE 802.11 standard. In this section, we provide an overview.
31
I E E E 802.11I Wireless L A N Security (2 of 2)
Robust Security Network (R S N)
Final form of the 802.11i standard
Complex
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
There are two characteristics of a wired LAN that are not inherent in a wireless
LAN.
1. In order to transmit over a wired LAN, a station must be physically connected
to the LAN. On the other hand, with a wireless LAN, any station within radio
range of the other devices on the LAN can transmit. In a sense, there is a form
of authentication with a wired LAN in that it requires some positive and presumably
observable action to connect a station to a wired LAN.
2. Similarly, in order to receive a transmission from a station that is part of a
wired LAN, the receiving station also must be attached to the wired LAN.
On the other hand, with a wireless LAN, any station within radio range can
receive. Thus, a wired LAN provides a degree of privacy, limiting reception of
data to stations connected to the LAN.
These differences between wired and wireless LANs suggest the increased
need for robust security services and mechanisms for wireless LANs. The original
802.11 specification included a set of security features for privacy and authentication
that were quite weak. For privacy, 802.11 defined the Wired Equivalent
Privacy (WEP) algorithm. The privacy portion of the 802.11 standard contained
major weaknesses. Subsequent to the development of WEP, the 802.11i task
group has developed a set of capabilities to address the WLAN security issues.
In order to accelerate the introduction of strong security into WLANs, the Wi-Fi
Alliance promulgated Wi-Fi Protected Access (WPA) as a Wi-Fi standard. WPA
is a set of security mechanisms that eliminates most 802.11 security issues and
was based on the current state of the 802.11i standard. The final form of the
802.11i standard is referred to as Robust Security Network (RSN) . The Wi-Fi
Alliance certifies vendors in compliance with the full 802.11i specification under
the WPA2 program.
The RSN specification is quite complex, and occupies 145 pages of the 2012
IEEE 802.11 standard. In this section, we provide an overview.
32
Figure 7.6 Elements of I E E E 802.11
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The 802.11i RSN security specification defines the following services.
• Authentication: A protocol is used to define an exchange between a user and
an AS that provides mutual authentication and generates temporary keys to
be used between the client and the AP over the wireless link.
• Access control: This function enforces the use of the authentication function,
routes the messages properly, and facilitates key exchange. It can work with a
variety of authentication protocols.
• Privacy with message integrity: MAC-level data (e.g., an LLC PDU) are encrypted
along with a message integrity code that ensures that the data have
not been altered.
Figure 7.6a indicates the security protocols used to support these services,
while Figure 7.6b lists the cryptographic algorithms used for these services.
33
Figure 7.7 I E E E 802.11i Phases of Operation
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The operation of an IEEE 802.11i RSN can be broken down into five distinct phases
of operation. The exact nature of the phases will depend on the configuration and
the end points of the communication. Possibilities include (see Figure 7.5):
1. Two wireless stations in the same BSS communicating via the access point
(AP) for that BSS.
2. Two wireless stations (STAs) in the same ad hoc IBSS communicating directly
with each other.
3. Two wireless stations in different BSSs communicating via their respective
APs across a distribution system.
4. A wireless station communicating with an end station on a wired network via
its AP and the distribution system.
IEEE 802.11i security is concerned only with secure communication between
the STA and its AP. In case 1 in the preceding list, secure communication is assured
if each STA establishes secure communications with the AP. Case 2 is similar, with
the AP functionality residing in the STA. For case 3, security is not provided across
the distribution system at the level of IEEE 802.11, but only within each BSS. Endto-
end security (if required) must be provided at a higher layer. Similarly, in case 4,
security is only provided between the STA and its AP.
With these considerations in mind, Figure 7.7 depicts the five phases of operation
for an RSN and maps them to the network components involved. One new
component is the authentication server (AS). The rectangles indicate the exchange
of sequences of MPDUs. The five phases are defined as follows.
• Discovery: An AP uses messages called Beacons and Probe Responses to advertise
its IEEE 802.11i security policy. The STA uses these to identify an AP
for a WLAN with which it wishes to communicate. The STA associates with
the AP, which it uses to select the cipher suite and authentication mechanism
when the Beacons and Probe Responses present a choice.
• Authentication: During this phase, the STA and AS prove their identities to
each other. The AP blocks non-authentication traffic between the STA and
AS until the authentication transaction is successful. The AP does not participate
in the authentication transaction other than forwarding traffic between
the STA and AS.
• Key generation and distribution: The AP and the STA perform several operations
that cause cryptographic keys to be generated and placed on the AP and
the STA. Frames are exchanged between the AP and STA only.
• Protected data transfer: Frames are exchanged between the STA and the end
station through the AP. As denoted by the shading and the encryption module
icon, secure data transfer occurs between the STA and the AP only; security is
not provided end-to-end.
• Connection termination: The AP and STA exchange frames. During this
phase, the secure connection is torn down and the connection is restored to
the original state.
34
Figure 7.8 I E E E 802.11i Phases of Operation: Capability Discovery, Authentication, and Association (1 of 2)
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
We now look in more detail at the RSN phases of operation, beginning with the
discovery phase, which is illustrated in the upper portion of Figure 7.8. The purpose
of this phase is for an STA and an AP to recognize each other, agree on a set
of security capabilities, and establish an association for future communication using
those security capabilities.
Security Capabilities
During this phase, the STA and AP decide on specific techniques
in the following areas:
• Confidentiality and MPDU integrity protocols for protecting unicast traffic
(traffic only between this STA and AP)
• Authentication method
• Cryptography key management approach
Confidentiality and integrity protocols for protecting multicast/broadcast traffic
are dictated by the AP, since all STAs in a multicast group must use the same
protocols and ciphers. The specification of a protocol, along with the chosen key
length (if variable) is known as a cipher suite . The options for the confidentiality and
integrity cipher suite are
• WEP, with either a 40-bit or 104-bit key, which allows backward compatibility
with older IEEE 802.11 implementations
• TKIP
• CCMP
• Vendor-specific methods
The other negotiable suite is the authentication and key management (AKM)
suite, which defines (1) the means by which the AP and STA perform mutual authentication
and (2) the means for deriving a root key from which other keys may
be generated. The possible AKM suites are
• IEEE 802.1X
• Pre-shared key (no explicit authentication takes place and mutual authentication
is implied if the STA and AP share a unique secret key)
• Vendor-specific methods
The discovery phase consists of three exchanges.
• Network and security capability discovery: During this exchange, STAs discover
the existence of a network with which to communicate. The AP either
periodically broadcasts its security capabilities (not shown in figure), indicated
by RSN IE (Robust Security Network Information Element), in a specific
channel through the Beacon frame; or responds to a station’s Probe Request
through a Probe Response frame. A wireless station may discover available
access points and corresponding security capabilities by either passively monitoring
the Beacon frames or actively probing every channel.
• Open system authentication: The purpose of this frame sequence, which
provides no security, is simply to maintain backward compatibility with the
IEEE 802.11 state machine, as implemented in existing IEEE 802.11 hardware.
In essence, the two devices (STA and AP) simply exchange identifiers.
• Association: The purpose of this stage is to agree on a set of security capabilities
to be used. The STA then sends an Association Request frame to the AP.
In this frame, the STA specifies one set of matching capabilities (one
authentication and key management suite, one pairwise cipher suite, and one
group-key cipher suite) from among those advertised by the AP. If there
is no match in capabilities between the AP and the STA, the AP refuses
the Association Request. The STA blocks it too, in case it has associated
with a rogue AP or someone is inserting frames illicitly on its channel. As
shown in Figure 7.8, the IEEE 802.1X controlled ports are blocked, and no
user traffic goes beyond the AP. The concept of blocked ports is explained
subsequently.
As was mentioned, the authentication phase enables mutual authentication between
an STA and an authentication server (AS) located in the DS. Authentication
is designed to allow only authorized stations to use the network and to provide the
STA with assurance that it is communicating with a legitimate network.
35
I E E E 802.1X Access Control Approach (1 of 2)
Port-Based Network Access Control
The authentication protocol that is used, the Extensible Authentication Protocol (E A P), is defined in the I E E E 802.1X standard
802.1X uses:
Controlled ports
Allows the exchange of P D Us between a supplicant and other systems on the L A N only if the current state of the supplicant authorizes such an exchange
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
IEEE 802.11i makes use of another standard
that was designed to provide access control functions for LANs. The standard
is IEEE 802.1X, Port-Based Network Access Control. The authentication protocol
that is used, the Extensible Authentication Protocol (EAP), is defined in the
IEEE 802.1X standard. IEEE 802.1X uses the terms supplicant , authenticator , and
authentication server (AS). In the context of an 802.11 WLAN, the first two terms
correspond to the wireless station and the AP. The AS is typically a separate device
on the wired side of the network (i.e., accessible over the DS) but could also reside
directly on the authenticator.
Before a supplicant is authenticated by the AS using an authentication protocol,
the authenticator only passes control or authentication messages between the
supplicant and the AS; the 802.1X control channel is unblocked, but the 802.11 data
channel is blocked. Once a supplicant is authenticated and keys are provided, the
authenticator can forward data from the supplicant, subject to predefined access
control limitations for the supplicant to the network. Under these circumstances,
the data channel is unblocked.
As indicated in Figure 5.5, 802.1X uses the concepts of controlled and uncontrolled
ports. Ports are logical entities defined within the authenticator and refer to
physical network connections. For a WLAN, the authenticator (the AP) may have
only two physical ports: one connecting to the DS and one for wireless communication
within its BSS. Each logical port is mapped to one of these two physical ports.
An uncontrolled port allows the exchange of PDUs between the supplicant and the
other AS, regardless of the authentication state of the supplicant. A controlled port
allows the exchange of PDUs between a supplicant and other systems on the LAN
only if the current state of the supplicant authorizes such an exchange. IEEE 802.1X
is covered in more detail in Chapter 5.
The 802.1X framework, with an upper-layer authentication protocol, fits
nicely with a BSS architecture that includes a number of wireless stations and an AP.
However, for an IBSS, there is no AP. For an IBSS, 802.11i provides a more
complex solution that, in essence, involves pairwise authentication between stations
on the IBSS.
36
I E E E 802.1X Access Control Approach (2 of 2)
Uncontrolled ports
Allows the exchange of P D Us between the supplicant and the other A S, regardless of the authentication state of the supplicant
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
IEEE 802.11i makes use of another standard
that was designed to provide access control functions for LANs. The standard
is IEEE 802.1X, Port-Based Network Access Control. The authentication protocol
that is used, the Extensible Authentication Protocol (EAP), is defined in the
IEEE 802.1X standard. IEEE 802.1X uses the terms supplicant , authenticator , and
authentication server (AS). In the context of an 802.11 WLAN, the first two terms
correspond to the wireless station and the AP. The AS is typically a separate device
on the wired side of the network (i.e., accessible over the DS) but could also reside
directly on the authenticator.
Before a supplicant is authenticated by the AS using an authentication protocol,
the authenticator only passes control or authentication messages between the
supplicant and the AS; the 802.1X control channel is unblocked, but the 802.11 data
channel is blocked. Once a supplicant is authenticated and keys are provided, the
authenticator can forward data from the supplicant, subject to predefined access
control limitations for the supplicant to the network. Under these circumstances,
the data channel is unblocked.
As indicated in Figure 5.5, 802.1X uses the concepts of controlled and uncontrolled
ports. Ports are logical entities defined within the authenticator and refer to
physical network connections. For a WLAN, the authenticator (the AP) may have
only two physical ports: one connecting to the DS and one for wireless communication
within its BSS. Each logical port is mapped to one of these two physical ports.
An uncontrolled port allows the exchange of PDUs between the supplicant and the
other AS, regardless of the authentication state of the supplicant. A controlled port
allows the exchange of PDUs between a supplicant and other systems on the LAN
only if the current state of the supplicant authorizes such an exchange. IEEE 802.1X
is covered in more detail in Chapter 5.
The 802.1X framework, with an upper-layer authentication protocol, fits
nicely with a BSS architecture that includes a number of wireless stations and an AP.
However, for an IBSS, there is no AP. For an IBSS, 802.11i provides a more
complex solution that, in essence, involves pairwise authentication between stations
on the IBSS.
37
Figure 7.8 I E E E 802.11i Phases of Operation: Capability Discovery, Authentication, and Association (2 of 2)
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The lower part of Figure 7.8 shows the MPDU exchange dictated
by IEEE 802.11 for the authentication phase. We can think of authentication
phase as consisting of the following three phases.
• Connect to AS: The STA sends a request to its AP (the one with which it has
an association) for connection to the AS. The AP acknowledges this request
and sends an access request to the AS.
• EAP exchange: This exchange authenticates the STA and AS to each other. A
number of alternative exchanges are possible, as explained subsequently.
• Secure key delivery: Once authentication is established, the AS generates
a master session key (MSK), also known as the Authentication,
Authorization, and Accounting (AAA) key and sends it to the STA. As
explained subsequently, all the cryptographic keys needed by the STA
for secure communication with its AP are generated from this MSK.
IEEE 802.11i does not prescribe a method for secure delivery of the MSK
but relies on EAP for this. Whatever method is used, it involves the transmission
of an MPDU containing an encrypted MSK from the AS, via
the AP, to the AS.
As mentioned, there are a number of possible EAP exchanges that
can be used during the authentication phase. Typically, the message flow between
STA and AP employs the EAP over LAN (EAPOL) protocol, and the message
flow between the AP and AS uses the Remote Authentication Dial In User Service
(RADIUS) protocol, although other options are available for both STA-to-AP and
AP-to-AS exchanges. [FRAN07] provides the following summary of the authentication
exchange using EAPOL and RADIUS.
1. The EAP exchange begins with the AP issuing an EAP-Request/Identity
frame to the STA.
2. The STA replies with an EAP-Response/Identity frame, which the AP receives
over the uncontrolled port. The packet is then encapsulated in RADIUS over
EAP and passed on to the RADIUS server as a RADIUS-Access-Request
packet.
3. The AAA server replies with a RADIUS-Access-Challenge packet, which is
passed on to the STA as an EAP-Request. This request is of the appropriate
authentication type and contains relevant challenge information.
4. The STA formulates an EAP-Response message and sends it to the AS. The
response is translated by the AP into a Radius-Access-Request with the response
to the challenge as a data field. Steps 3 and 4 may be repeated multiple
times, depending on the EAP method in use. For TLS tunneling methods, it is
common for authentication to require 10 to 20 round trips.
5. The AAA server grants access with a Radius-Access-Accept packet. The AP
issues an EAP-Success frame. (Some protocols require confirmation of the
EAP success inside the TLS tunnel for authenticity validation.) The controlled
port is authorized, and the user may begin to access the network.
Note from Figure 7.8 that the AP controlled port is still blocked to general
user traffic. Although the authentication is successful, the ports remain blocked
until the temporal keys are installed in the STA and AP, which occurs during the
4-Way Handshake.
38
Figure 7.9 I E E E 802.11i Key Hierarchies
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
During the key management phase, a variety of cryptographic keys are generated
and distributed to STAs. There are two types of keys: pairwise keys used for communication
between an STA and an AP and group keys used for multicast communication.
Figure 7.9, based on [FRAN07], shows the two key hierarchies.
39
Table 7.3 I E E E 802.11i Keys for Data Confidentiality and Integrity Protocols (1 of 3)
| Abbreviation | Name | Description / Purpose | Size (bits) | Type |
| A A A | Authentication, Accounting, and Authorization Key | Used to derive the P M K. Used with the I E E E 802.1X authentication and key management approach. Same as M M S K. | ≥ 256 | Key generation key, root key |
| P S K | Pre-shared Key | Becomes the P M K in pre-shared key environments. | 256 | Key generation key, root key |
| P M K | Pairwise Master Key | Used with other inputs to derive the P T K. | 256 | Key generation key |
| G M K | Group Master Key | Used with other inputs to derive the G T K. | 128 | Key generation key |
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Table 7.3 defines the individual keys.
Table can be found on page 229 in textbook.
40
Table 7.3 I E E E 802.11i Keys for Data Confidentiality and Integrity Protocols (2 of 3)
| Abbreviation | Name | Description / Purpose | Size (bits) | Type |
| P T K | Pair-wise Transient Key | Derived from the P M K. Comprises the E A P O L K C K, E A P O L-K E K, and T K and (for T K I P) the M I C key. | 512 (T K I P ) 384 (C C M P) | Composite key |
| T K | Temporal Key | Used with T K I P or C C M to provide confidentiality and integrity protection for unicast user traffic. | 256 (T K I P) 128 (C C M P) | Traffic key |
| G T K | Group Temporal Key | Derived from the G M K. Used to provide confidentiality and integrity protection for multicast/broadcast user traffic. | 256 (T K I P) 128 (C C M P) 40,104 (W E P) | Traffic key |
| M I C Key | Message Integrity Code Key | Used by T K I P’s Michael M I C to provide integrity protection of messages. | 64 | Message integrity key |
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Table 7.3 defines the individual keys.
Table can be found on page 229 in textbook.
41
Table 7.3 I E E E 802.11i Keys for Data Confidentiality and Integrity Protocols (3 of 3)
| Abbreviation | Name | Description / Purpose | Size (bits) | Type |
| E A P O L-K C K | E A P O L-Key Confirmation Key | Used to provide integrity protection for key material distributed during the 4-Way Handshake. | 128 | Message integrity key |
| E A P O L-K E K | E A P O L-Key Encryption Key | Used to ensure the confidentiality of the G T K and other key material in the 4-Way Handshake. | 128 | Traffic key / key encryption key |
| W E P Key | Wired Equivalent Privacy Key | Used with W E P. | 40,104 | Traffic key |
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Table 7.3 defines the individual keys.
Table can be found on page 229 in textbook.
42
Pairwise Keys (1 of 2)
Used for communication between a pair of devices, typically between a S T A and an A P
These keys form a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time
Pre-shared key (P S K)
A secret key shared by the A P and a S T A and installed in some fashion outside the scope of I E E E 802.11i
Master session key (M S K)
Also known as the A A A K, and is generated using the I E E E 802.1X protocol during the authentication phase
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Pairwise keys are used for communication between a pair of devices,
typically between an STA and an AP. These keys form a hierarchy beginning
with a master key from which other keys are derived dynamically and used for a
limited period of time.
At the top level of the hierarchy are two possibilities. A pre-shared key (PSK)
is a secret key shared by the AP and a STA and installed in some fashion outside
the scope of IEEE 802.11i. The other alternative is the master session key (MSK) ,
also known as the AAAK, which is generated using the IEEE 802.1X protocol during
the authentication phase, as described previously. The actual method of key
generation depends on the details of the authentication protocol used. In either case
(PSK or MSK), there is a unique key shared by the AP with each STA with which
it communicates. All the other keys derived from this master key are also unique
between an AP and an STA. Thus, each STA, at any time, has one set of keys, as
depicted in the hierarchy of Figure 7.9a, while the AP has one set of such keys for
each of its STAs.
The pairwise master key (PMK) is derived from the master key. If a PSK is
used, then the PSK is used as the PMK; if a MSK is used, then the PMK is derived
from the MSK by truncation (if necessary). By the end of the authentication phase,
marked by the 802.1X EAP Success message (Figure 7.8), both the AP and the
STA have a copy of their shared PMK.
The PMK is used to generate the pairwise transient key (PTK) , which in fact
consists of three keys to be used for communication between an STA and AP after
they have been mutually authenticated. To derive the PTK, the HMAC-SHA-1
function is applied to the PMK, the MAC addresses of the STA and AP, and nonces
generated when needed. Using the STA and AP addresses in the generation of the
PTK provides protection against session hijacking and impersonation; using nonces
provides additional random keying material.
43
Pairwise Keys (2 of 2)
Pairwise master key (P M K)
Derived from the master key
If a P S K is used, then the P S K is used as the P M K; if a M S K is used, then the P M K is derived from the M S K by truncation
Pairwise transient key (P T K)
Consists of three keys to be used for communication between a S T A and A P after they have been mutually authenticated
Using the S T A and A P addresses in the generation of the P T K provides protection against session hijacking and impersonation; using nonces provides additional random keying material
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Pairwise keys are used for communication between a pair of devices,
typically between an STA and an AP. These keys form a hierarchy beginning
with a master key from which other keys are derived dynamically and used for a
limited period of time.
At the top level of the hierarchy are two possibilities. A pre-shared key (PSK)
is a secret key shared by the AP and a STA and installed in some fashion outside
the scope of IEEE 802.11i. The other alternative is the master session key (MSK) ,
also known as the AAAK, which is generated using the IEEE 802.1X protocol during
the authentication phase, as described previously. The actual method of key
generation depends on the details of the authentication protocol used. In either case
(PSK or MSK), there is a unique key shared by the AP with each STA with which
it communicates. All the other keys derived from this master key are also unique
between an AP and an STA. Thus, each STA, at any time, has one set of keys, as
depicted in the hierarchy of Figure 7.9a, while the AP has one set of such keys for
each of its STAs.
The pairwise master key (PMK) is derived from the master key. If a PSK is
used, then the PSK is used as the PMK; if a MSK is used, then the PMK is derived
from the MSK by truncation (if necessary). By the end of the authentication phase,
marked by the 802.1X EAP Success message (Figure 7.8), both the AP and the
STA have a copy of their shared PMK.
The PMK is used to generate the pairwise transient key (PTK) , which in fact
consists of three keys to be used for communication between an STA and AP after
they have been mutually authenticated. To derive the PTK, the HMAC-SHA-1
function is applied to the PMK, the MAC addresses of the STA and AP, and nonces
generated when needed. Using the STA and AP addresses in the generation of the
PTK provides protection against session hijacking and impersonation; using nonces
provides additional random keying material.
44
P T K Parts (1 of 2)
The three parts of the P T K are:
E A P Over L A N (E A P O L) Key Confirmation Key (E A P O L-K C K)
Supports the integrity and data origin authenticity of S T A-to-A P control frames during operational setup of an R S N
It also performs an access control function: proof-of-possession of the P M K
An entity that possesses the P M K is authorized to use the link
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The three parts of the PTK are as follows.
EAP Over LAN (EAPOL) Key Confirmation Key (EAPOL-KCK): Supports
the integrity and data origin authenticity of STA-to-AP control frames during
operational setup of an RSN. It also performs an access control function:
proof-of-possession of the PMK. An entity that possesses the PMK is authorized
to use the link.
• EAPOL Key Encryption Key (EAPOL-KEK): Protects the confidentiality of
keys and other data during some RSN association procedures.
• Temporal Key (TK): Provides the actual protection for user traffic.
45
P T K Parts (2 of 2)
E A P O L Key Encryption Key (E A P O L-K E K)
Protects the confidentiality of keys and other data during some R S N association procedures
Temporal Key (T K)
Provides the actual protection for user traffic
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The three parts of the PTK are as follows.
EAP Over LAN (EAPOL) Key Confirmation Key (EAPOL-KCK): Supports
the integrity and data origin authenticity of STA-to-AP control frames during
operational setup of an RSN. It also performs an access control function:
proof-of-possession of the PMK. An entity that possesses the PMK is authorized
to use the link.
• EAPOL Key Encryption Key (EAPOL-KEK): Protects the confidentiality of
keys and other data during some RSN association procedures.
• Temporal Key (TK): Provides the actual protection for user traffic.
46
Group Keys
Group keys are used for multicast communication in which one S T A sends M P D Us to multiple S T As
Group master key (G M K)
Key-generating key used with other inputs to derive the G T K
Group temporal key (G T K)
Generated by the A P and transmitted to its associated S T As
I E E E 802.11i requires that its value is computationally indistinguishable from random
Distributed securely using the pairwise keys that are already established
Is changed every time a device leaves the network
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Group keys are used for multicast communication in which one STA
sends MPDUs to multiple STAs. At the top level of the group key hierarchy is the
group master key (GMK) . The GMK is a key-generating key used with other inputs
to derive the group temporal key (GTK) . Unlike the PTK, which is generated using
material from both AP and STA, the GTK is generated by the AP and transmitted
to its associated STAs. Exactly how this GTK is generated is undefined. IEEE
802.11i, however, requires that its value is computationally indistinguishable from
random. The GTK is distributed securely using the pairwise keys that are already
established. The GTK is changed every time a device leaves the network.
47
Figure 7.10 I E E E 802.11i Phases of Operation: Four-Way Handshake and Group Key Handshake
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
The upper part of Figure 7.10 shows the MPDU
exchange for distributing pairwise keys. This exchange is known as the 4-way handshake .
The STA and AP use this handshake to confirm the existence of the PMK,
verify the selection of the cipher suite, and derive a fresh PTK for the following data
session.
48
Protected Data Transfer Phase
I E E E 802.11i defines two schemes for protecting data transmitted in 802.11 M P D Us:
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
IEEE 802.11i defines two schemes for protecting data transmitted in 802.11 MPDUs:
the Temporal Key Integrity Protocol (TKIP), and the Counter Mode-CBC MAC
Protocol (CCMP).
TKIP is designed to require only software changes to devices that are implemented
with the older wireless LAN security approach called Wired Equivalent
Privacy (WEP). TKIP provides two services:
• Message integrity: TKIP adds a message integrity code (MIC) to the 802.11
MAC frame after the data field. The MIC is generated by an algorithm, called
Michael, that computes a 64-bit value using as input the source and destination
MAC address values and the Data field, plus key material.
• Data confidentiality: Data confidentiality is provided by encrypting the
MPDU plus MIC value using RC4.
The 256-bit TK (Figure 7.9) is employed as follows. Two 64-bit keys are used
with the Michael message digest algorithm to produce a message integrity code.
One key is used to protect STA-to-AP messages, and the other key is used to protect
AP-to-STA messages. The remaining 128 bits are truncated to generate the
RC4 key used to encrypt the transmitted data.
For additional protection, a monotonically increasing TKIP sequence counter
(TSC) is assigned to each frame. The TSC serves two purposes. First, the TSC is
included with each MPDU and is protected by the MIC to protect against replay
attacks. Second, the TSC is combined with the session TK to produce a dynamic encryption
key that changes with each transmitted MPDU, thus making cryptanalysis
more difficult.
CCMP is intended for newer IEEE 802.11 devices that are equipped with
the hardware to support this scheme. As with TKIP, CCMP provides two services:
• Message integrity: CCMP uses the cipher block chaining message authentication
code (CBC-MAC), described in Chapter 3.
• Data confidentiality: CCMP uses the CTR block cipher mode of operation
with AES for encryption. CTR is described in Chapter 2.
The same 128-bit AES key is used for both integrity and confidentiality.
The scheme uses a 48-bit packet number to construct a nonce to prevent replay
attacks.
49
I E E E 802.11I Pseudorandom Function (P R F)
Used at a number of places in the I E E E 802.11i scheme (to generate nonces, to expand pairwise keys, to generate the G T K)
Best security practice dictates that different pseudorandom number streams be used for these different purposes
Built on the use of H M A C-S H A-1 to generate a pseudorandom bit stream
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
At a number of places in the IEEE 802.11i scheme, a pseudorandom function (PRF)
is used. For example, it is used to generate nonces, to expand pairwise keys, and
to generate the GTK. Best security practice dictates that different pseudorandom
number streams be used for these different purposes. However, for implementation
efficiency, we would like to rely on a single pseudorandom number generator
function.
The PRF is built on the use of HMAC-SHA-1 to generate a pseudorandom
bit stream. Recall that HMAC-SHA-1 takes a message (block of data) and a key of
length at least 160 bits and produces a 160-bit hash value. SHA-1 has the property
that the change of a single bit of the input produces a new hash value with no apparent
connection to the preceding hash value. This property is the basis for pseudorandom
number generation.
50
Figure 7.11 I E E E 802.11i Pseudorandom Function
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
Figure 7.11 illustrates the function PRF(K , A , B , Len ).
51
Summary
Wireless network security
Network threats
Security measures
Mobile device security
Security threats
Security strategy
I E E E 802.11 wireless L A N overview
Wi-Fi Alliance
I E E E 802 protocol architecture
I E E E 802.11 network components and architectural model
I E E E 802.11 services
I E E E 802.11i wireless L A N security
I E E E 802.11i services
I E E E 802.11i phases of operation
Discovery phase
Authentication phase
Key management phase
Protected data transfer phase
The I E E E 802.11i pseudorandom function
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
52
Chapter 7 summary.
Copyright
Copyright © 2016, 2012, 2009 by Pearson Education, Inc.
All Rights Reserved
Medical Law and Ethics, Fifth Edition
Bonnie F. Fremgen
Copyright © 2017 Pearson Education, Inc. All Rights Reserved
53
