Monday, January 30, 2012

IEEE 802.11i, IEEE 802.11r, IEEE 802.11k and IEEE 802.11w

IEEE802.11i

IEEE 802.11i defines protocols to protect data transfer. These protocols are:
  • CCMP (Cipher Block Chaining Message Authentication Code Protocol: A Encryption Protocol based upon AES and is more advance than WRAP)
  • WRAP (Wireless Robust Authentication Protocol: A Encryption Protocol based upon AES)
  • TKIP (Temporal Key Integrity Protocol, For Legacy Devices Only)

IEEE 802.11i utilizes Extensible Authentication Protocol as the end-to-end authentication methods
The data transfer of 802.11i will never send or receive unprotected packets. Two EAPOL-key exchanges are defined in IEEE802.11i. First is the 4-way handshake and the second is the group key handshake.
802.11i data protocols provide confidentiality, data origin authenticity, replay protection. These protocols require a new key on every session.


IEEE 802.11r

IEEE802.11r strengthens wireless voice by speed up the handoffs between access points or cells in a wireless LAN. This protocol allows a wireless client to establish a security and QoS state at a new access point before make a transition. This minimizes the connectivity loss as well as application disruption.

When an 802.11r compliant station enters a mobility zone, it will perform authentication using EAP. This 802.11r standard applies to a 3-tier reference architecture that divides the access network into mobility zones. During the initial association in a mobility zone, 802.11r capable STA and AP will perform an Open system Authentication exchange followed by a FT Re-association Exchange.




 
Diagram: How 802.11r works


 
IEEE 802.11k

802.11k defines and exposes radio and network information so as to facilitate radio resource management of a mobile wireless LAN. Works on the stand began in late 2002. Some of the measurements 802.11k defines are:

  • Roaming decisions
  • RF channel knowledge
  • Hidden nodes
  • Client statistics
  • Transmit Power Control (TCP)

802.11k is designed to be implemented in software and existing WLAN equipment can be upgraded to support it. And for the standard to be effective, both clients and infrastructure will need to support the standard.



IEEE 802.11w

IEEE802.11w will improve wireless security. It builds on the 802.11i framework to protect against subtle attacks on wireless LAN (WLAN) management frames. It aims to mitigate certain types of WLAN DoS attacks such as de-authentication attack and dis-association attack. IEEE802.11w extends strong cryptographic protection to only some specified management frames such as de-authentication frames, disassociation frames and action management frames. 802.11w is a good first line of dense in mitigating WLAN DoS attacks and should be complemented by a DoS detection and mitigation strategy based on a Wireless Intrusion Prevention System (WIPS).





Reference

http://www.tech-faq.com/80211i.html
http://csrc.nist.gov/archive/wireless/S10_802.11i%20Overview-jw1.pdf
http://www.networkworld.com/news/tech/2005/082205techupdate.html
http://www.codealias.info/_media/technotes/80211r-key.jpeg?w=450&h=&cache=cache
http://www.intel.com/standards/case/case_802_11.htm
http://www.networkworld.com/news/tech/2004/0329techupdate.html
http://www.networkworld.com/graphics/2004/0329tu.gif
http://www.networkworld.com/columnists/2006/052906-wireless-security.html
http://www.cwnp.com/cwnp_wifi_blog/wireless-lan-security-and-ieee-802-11w



Posted by at No comments:
Labels: , , , ,

Monday, January 9, 2012

Microsoft’s Active Directory Security Feature

Active Directory helps to manage corporate identities, credentials, information protection, and system and application settings through different technologies. It is an adoption of the IEEE X.500. An enterprise-class directory service that is scalable, built from the ground using Internet-standard technologies, with fully integrated at the operating-system level. It can simplify administration and makes it easier for users to find resources. Microsoft’s Active Directory has a wide range of features and capabilities. Some of the features of Microsoft’s Active Directory is a centralized data storage, scalability, extensibility, manageability, security integration and signed and encrypted LDAP traffic.



Security Features of Microsoft’s Active Directory 
Authentication & Authorization  
Replication and trust monitoring

    Authentication & Authorization
    Active Directory supports multiple authentication protocols such as Kerberos V5 protocol, Secure Sockets Layer (SSL) v3, and Transport Layer Security (TLS) using X.509 v3 certificates, and security groups that span domains efficiently. These ensure that the clients are authorized and authenticated before allowing to access.

    Replication and trust monitoring
    Active Directory provides Windows Management Instrumentation (WMI) classes to monitor domain controllers are successfully replicating Active Directory information and that trusts are functioning properly. Since domain controllers control the keys to the Windows kingdom. Therefore, requires it to be more secure than other servers.

    Reference
    http://www.microsoft.com/en-us/server-cloud/windows-server/active-directory-overview.aspx
    http://microsoftguru.com.au/2011/05/28/microsoft-active-directory-best-practice/
    http://technet.microsoft.com/en-us/library/cc737139%28WS.10%29.aspx
    http://www.persiadeveloper.net/index.php/tutorials/windows-server/active-directory/47-active-directory-services-features.html
    Posted by at 4 comments:

    LDAP Security Feature

    Lightweight Directory Access Protocol (LDAP) is a scaled-down implementation of X.500 standard.
    A network protocol for querying and modifying directory services running over TCP/IP. The LDAP Directory usually follows the x.500 model. The deployments of LDAP today tends to use Domain Name System (DNS) names for structuring the hierarchy.  With LDAP, a client can access the directory services through a LDAP-to-DAP gateway. By default, it is on TCP port 389. It has gained wide support from vendors such as Apache, AT & T, IBM and Apple. It can be implemented on servers such as Apache Directory Server and Red Hat Directory Server.



    Security Features of LDAP 
    Simple Authentication and Security Layer (SASL)  
    Secure Sockets Layer (SSL)

      Simple Authentication and Security Layer (SASL)
      LDAP uses NT LAN Manager (NTLM) or Basic authentication to limit access to known users only. NTLM is a suite of authentication and session security protocols to authenticate the clients. Clients are able to prove their identities without sending a password to the server.

      Secure Sockets Layer (SSL)
      SSL protocol can protect data from sniffing by anyone with physical access to the network.
      It uses a program layer located between the HTTP and TCP layers. SSL uses the public and private key encryption system from Rivest-Shamir-Adleman (RSA), an internet encryption and authentication system.

      Reference
      http://www.slideshare.net/aierano/technical-background-overview-ppt
      http://www.zytrax.com/books/ldap/ch15/
      http://msdn.microsoft.com/en-us/library/aa913688.aspx
      http://searchsecurity.techtarget.com/definition/Secure-Sockets-Layer-SSL
      Posted by at 1 comment:

      X.500 Security Feature

      X.500 protocol was developed as a directory service standard by the International Organization for Standardization (ISO) and International Telegraph and Telephone Consultative Committee (CCITT). It is not widely deployed even though X.500 was a comprehensive standard. First approved in 1988 and enhanced in 1993. X.500 protocol architecture consists of a Client-Server communicating via the Open Systems Interconnection (OSI) networking model. Client is called Directory Service Agent (DUA) and the Server is called Directory System Agent (DSA). Two sub protocols is used to communicate between systems.

      Client (DUA) to Server (DSA) – Directory Access Protocol (DAP)
      Server (DSA) to Server (DSA) – Directory System Protocol (DSP) 



      A typical X.500 session may proceed like the following: 
      Client: Connects and requests access to the server, this is called the Binding operation.  
      Server: Server authenticates the client and completes the binding operation.  
      Client: Requests a service from the server, such as search for an entry in the directory, and presents any parameter data.  
      Server: Performs service and may connect to another X.500 server then communicates a response. 
      Client: Receives response and unbinds or terminates the connection.
        Security Features of X.500   
        X.509 Public Key Infrastructure (PKI) 
          X.509 Public Key Infrastructure (PKI)
          A widely used standard for defining digital certificates. It verifies the identity of a server when using Secure Sockets Layer (SSL). The browser will check that the certificate presented by a server has been issued such as digitally signed by one of a list of trusted certificate authorities.

          Reference
          http://cis.sc4.edu/profs/wpilkey/CIS121Chap11.ppt
          http://www.collectionscanada.gc.ca/iso/ill/document/ill_directory/X_500andLDAP.pdf
          http://static.springsource.org/spring-security/site/docs/2.0.x/reference/x509.html
          http://www.javvin.com/protocolX500.html 
           
          Posted by at 2 comments:

          Wednesday, January 4, 2012

          GPRS Security Feature, Threats and Solution


          General packet radio services, also known as “GPRS” or “2.5G”, is a packet oriented mobile data service on both the 2G and 3G global system for mobile communications. It was standardized by European Telecommunications Standards Institute (ETSI) and was now maintained by the 3rd Generation Partnership Project (3GPP). The usage is charged based on volume of data.

          Similar to the GSM security features, the security features for GPRS network includes:
          • GPRS User Identity Confidentiality
          • GPRS Authentication
          • GPRS Ciphering

          When Mobile Station (MS) initiates a connection to GPRS network, it has to be authenticated before allow to have access. The authentication process is initiated and controlled by Serving GPRS Support Node (SGSN), having the same functions as Mobile Station Controller (MSC). Therefore, they are usually co-located.

          GPRS network will need this GPRS Confidentiality feature. The ciphering scope is between GSM and GPRS is different. GSM scope is between BTS and MS while GPRS scope is between SGSN and MS. The new ciphering algorithm GPRS-A5 is used because of the nature of GPRS traffic.

          One of the threats of GPRS is that the connections are easily tapped as proven by a crypto specialist. As GPRS uses the GPRS-A5 encryption algorithm, which is a variant of the A5 algorithm designed for packet-oriented connections.

          Some of the solutions are using VPN firewalls for company with GPRS users and set up POP server for internet based email so email will not be received from GPRS network.


          Reference
          http://en.wikipedia.org/wiki/General_Packet_Radio_Service
          http://www.sans.org/reading_room/whitepapers/wireless/security-path-gprs-3g-mobile-telephone-network-data-services_165
          http://www.tml.tkk.fi/Opinnot/Tik-110.501/2000/papers/peng.pdf
          http://www.h-online.com/security/news/item/GPRS-connections-easily-tapped-1321018.html
          http://www.emo.org.tr/ekler/fedcaffc4aba6e5_ek.pdf
          Posted by at 4 comments:
          Labels: , , ,

          GSM Security Feature, Threats and Solution


          Global System for Mobile Communications, also known as “GSM”, is a international standard set developed by the European Telecommunications Standard Institute (ETSI) to describe the technology for 2G. In the security aspect, there is this 2nd Generation (2G) and the 3rd Generation (3G).

          For 2G GSM Security, the private key will encrypts message to server. The server will generate random number for session key. The process for the security consists of A3 Key Negotiation, A8 Key Generation and A5 Encryption. A3 means the algorithm used by a GSM network to authenticate a GSM mobile phone. While A8 means the algorithm used to exchange a session key so that it can be used to encrypt voice and data calls. And A5 means the algorithm used for encryption in GSM mobile phones.

          The security features can come from many components such as:
          • User
          • Subscriber
          • Terminal equipment
          • Network operator
          • Service provider

          And when we talk about User Security Features, we need to consider these:
          • “Location, Identity, and Traffic” Confidentiality
          • Access control
          • Traffic integrity

          In addition, for Subscriber Security Features, there is a need for integrity of charging data, charging limitation, privacy of charging data, user action authorization when required and the subscriber access to service profile. This is to ensure that the subscriber of the landline is charge correctly for his/her usages. For terminal equipment like the mobile phone, the location should be confidential.

          Also, network operator security can have blacklisting of users, tracing of users/terminal equipment in case of emergency etc.

          Some of the threats are the software developed to decrypt GSM faster than before. This is a video on the breaking of GSM phone privacy.


          This is a long duration video, so if you have the time. Go and watch it!

          Some other threats include eavesdropping, where important information like credit card, banking information is eavesdropped. The hacker can record the calls and decode them later for sourcing out important information. They can also eavesdropped SMS and web authentication. Other threats like man-in-the-middle and impersonation of a user/network

          A solution to GSM phone privacy is to have stronger cryptography, by using stronger encryption and the security of the secret keys used to unlock the encryption. Having a strong end-to-end encryption will be harder for hackers to eavesdrop your calls. However, more research is needed on the security aspect of GSM. The recent A5 version 3 encryption prove that it can still be cracked although it is a stronger version of A5 encryption presented by 3rd Generation Partnership Project (3GPP). Anyway, the bad thing is it had not been used yet, largely due to the massive overhead, computations and other requirements.


          Reference
          http://en.wikipedia.org/wiki/GSM
          http://srg.cs.uiuc.edu/MobilSec/posted_docs/Motorola_Slides.ppt
          http://www.cellcrypt.com/gsm-cracking#BlackHat2010
          http://www.talkandroid.com/wp-content/uploads/2010/12/gsm.jpeg?3995d3
          http://www.dreamstime.com/encryption-key-thumb7785717.jpg
          Posted by at 4 comments:
          Labels: , , ,
          Subscribe to: Posts (Atom)