Page 251 - Handout Computer Network.
P. 251

Computer Network                                                             2026


                    networks) that the authentication server and the mobile device already have a shared
                    common secret before starting mutual authentication. In this step, the device and the
                    authentication  server  will  use  this  shared  secret  along  with  nonces (to prevent  relay
                    attacks) and cryptographic hashing (to ensure message integrity) in authenticating each
                    other. They will also derive the shared session key to be used by the mobile device and
                    the AP to encrypt frames transmitted over the 802.11 wireless link.
                3.  Shared symmetric session key distribution.
                    Since  the  symmetric  encryption  key  is  derived  at  the  mobile  device  and  the
                    authentication server, a protocol will be needed for the authentication server to inform
                    the AP of the shared symmetric session key. While this is rather straightforward, it still is
                    a necessary step.
                4.  Encrypted communication between mobile device and a remote host via the AP.
                    This,  with  the  link-layer  frames  sent  between  the  mobile  device  and  the  AP  being
                    encrypted using the shared session key created and distributed by Steps 2 and 3.

            AES  symmetric  key  cryptography,  which  we  covered  Earlie,  is  typically  used  in  practice  for
            encrypting/decrypting 802.11 frame data. Mutual Authentication and Shared Symmetric Session
            Key Derivation The topics of mutual authentication and shared symmetric session key derivation
            are the central components of 802.11 security.

            Since  it  is  here  that  security  flaws  in  various  earlier  versions  of  802.11  security  have  been
            discovered,  let’s  tackle  these  challenges  first.  The  issue  of  802.11security  has  attracted
            considerable attention in both technical circles and in the media.
            While there has been considerable discussion, there has been little debate—there is universal
            agreement that the original 802.11security specification known collectively as Wired Equivalent
            Privacy (WEP) contained a number of serious security flaws [Fluhrer 2001; Stubblefield 2002].
            Once these flaws were discovered, public domain software was soon available exploiting these
            holes, making users of WEP-secured 802.11 WLANs as open to security attacks as users who used
            no security features at all. Readers interested in learning about WEP can consult the references,
            as well as earlier editions of this textbook, which covered WEP.

            As  always,  retired  material  from  this  book  is  available  on  the  Companion  Website.  Wi-Fi
            Protected Access (WPA1) was developed in 2003 by the Wi-Fi Alli acne [Wi-Fi 2020] to overcome
            WEP’s security flaws. The initial version of WPA1 improved on WEP by introducing message
            integrity checks, and avoiding attacks that allowed a user to infer encryption keys after observing
            the stream of encrypted messages for a period of time.

            WPA1 soon gave way to WPA2, which mandated the use of AES symmetric key encryption. At
            the heart of WPA is a four-way handshake protocol that performs both mutual authentication
            and shared symmetric session-key derivation. The handshake protocol in simplified form. Note
            that both the mobile device (M) and the authentication server (AS) begin knowing a shared secret
            key KAS-M













                                                         291
   246   247   248   249   250   251   252   253   254