Um Mecanismo de Autenticação Baseado em ECDH para Redes IEEE 802.11
Resumo
Em redes que utilizam os protocolos WPA, WPA2 ou IEEE 802.11i e esses dois protocolos com a emenda IEEE 802.11w, as chaves que compõem a PTK (Pairwise Transient Key) permitem que os clientes da rede possam trocar mensagens com a devida criptografia e verificação de integridade. Devido a sua importância, a PTK deve ser mantida em completo sigilo pelo protocolo. Porém, nos protocolos mencionados, o 4-Way Handshake é falho quando o método de autenticação pessoal é usado, permitindo que entidades maliciosas que possuam a PSK (Pre-Shared Key) da rede possam reproduzir o processo de derivação da chave PTK de todos os clientes autenticados. Este artigo propõe e avalia experimentalmente um novo processo de handshake. Ele é baseado no protocolo Diffie-Hellman sobre Curvas Elípticas (ECDH) e resolve o problema de derivação indevida da PTK. Além disso, também é apresentada uma solução para prover autenticação automática em redes abertas, permitindo o tráfego criptografado de informações na rede sem a necessidade do fornecimento de chaves pelos usuários.Referências
Ahmad, T., Hu, J., and Han, S. (2009). An Efficient Mobile Voting System Security Scheme Based on Elliptic Curve Cryptography. In Proceedings of Third International Conference on Network and System Security, pages 474–479, Australia.
Diffie, W. and Hellman, M. E. (1976). New Directions in Cryptography.
Fogie, S. (2005). Cracking Wi-Fi Protected Access (WPA), Part 2. http://www.fermentas.com/techinfo/nucleicacids/maplambda.htm.
Gupta, V., Gupta, S., and Chang, S. (2002). Performance Analysis of Elliptic Curve Cryptography for SSL. In Proceedings of Workshop on Wireless Security 2002, pages 87–94.
Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer Verlag.
IEEE 802.1X (2004). IEEE Standard for Local and Metropolitan Area Networks – Port- Based Network Access Control.
IEEE Standard 802.11 (1999). IEEE Standards for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Network – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
IEEE Standard 802.11i (2004). IEEE Standard for Information Technology – Telecommunications and Information Exchange between System – Local and Metropolitan Area Networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications – Amendment 6: Medium Access Control (MAC) Security Enhancements Interpretation.
IEEE Standard 802.11w (2009). IEEE Standard for Information technology – Telecommunications and Information Exchange between System – Local and Metropolitan area networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 4: Protected Management Frames.
Lederer, C., Mader, R., Koschuch, M., Groszschaedl, J., Szekely, A., and Tillich, S. (2009). Energy-Efficient Implementation of ECDH Key Exchange forWireless Sensor Networks. In Proceedings of Workshop on Information Security Theory and Practices, pages 112–127.
Lehembre, G. (2005). Wi-Fi security – WEP, WPA and WPA2. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking.
Malinen, J. and contributors (2010). Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant. http://hostap.epitest.fi/.
Mano, C. D. and Striegel, A. (2006). Resolving WPA Limitations in SOHO and Open Public Wireless Networks. In Proceedings of IEEE Wireless Communications and Networking Conference 2006, Las Vegas.
Moskowitz, R. (2003). Weakness in Passphrase Choice in WPA Interface. [link].
National Institute of Standards and Technology (2009). FIPS PUB 186-3. In Digital Signature Standard.
OpenSSL (2010). The OpenSSL Project. http://www.openssl.org/.
Souza, E. F. and Gonçalves, P. A. S. (2009). Um Mecanismo de Proteção de Nonces para a Melhoria da Segurança de Redes IEEE 802.11i. In Proceedings of WTICG/SBSeg, pages 291–300, Campinas.
Tate, J. T. (1973). The Arithmetic of Elliptic Curves. In Inventiones Mathematicae, volume 23, pages 179–206.
Tews, E. (2007). Attacks on the WEP Protocol. Cryptology ePrint Archive, Report 2007/471.
Vanstone, S. A. (2003). Next Generation Security for Wireless: Elliptic Curve Cryptography. In Computers and Security, volume 22.
Wi-Fi Alliance (2003). Wi-Fi Protected Access: Strong, Standards-based, Interoperable Security for Today’s Wi-Fi Networks.
Diffie, W. and Hellman, M. E. (1976). New Directions in Cryptography.
Fogie, S. (2005). Cracking Wi-Fi Protected Access (WPA), Part 2. http://www.fermentas.com/techinfo/nucleicacids/maplambda.htm.
Gupta, V., Gupta, S., and Chang, S. (2002). Performance Analysis of Elliptic Curve Cryptography for SSL. In Proceedings of Workshop on Wireless Security 2002, pages 87–94.
Hankerson, D., Menezes, A., and Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Springer Verlag.
IEEE 802.1X (2004). IEEE Standard for Local and Metropolitan Area Networks – Port- Based Network Access Control.
IEEE Standard 802.11 (1999). IEEE Standards for Information Technology – Telecommunications and Information Exchange between Systems – Local and Metropolitan Area Network – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
IEEE Standard 802.11i (2004). IEEE Standard for Information Technology – Telecommunications and Information Exchange between System – Local and Metropolitan Area Networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications – Amendment 6: Medium Access Control (MAC) Security Enhancements Interpretation.
IEEE Standard 802.11w (2009). IEEE Standard for Information technology – Telecommunications and Information Exchange between System – Local and Metropolitan area networks – Specific Requirements – Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications – Amendment 4: Protected Management Frames.
Lederer, C., Mader, R., Koschuch, M., Groszschaedl, J., Szekely, A., and Tillich, S. (2009). Energy-Efficient Implementation of ECDH Key Exchange forWireless Sensor Networks. In Proceedings of Workshop on Information Security Theory and Practices, pages 112–127.
Lehembre, G. (2005). Wi-Fi security – WEP, WPA and WPA2. In Proceedings of the 7th Annual International Conference on Mobile Computing and Networking.
Malinen, J. and contributors (2010). Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant. http://hostap.epitest.fi/.
Mano, C. D. and Striegel, A. (2006). Resolving WPA Limitations in SOHO and Open Public Wireless Networks. In Proceedings of IEEE Wireless Communications and Networking Conference 2006, Las Vegas.
Moskowitz, R. (2003). Weakness in Passphrase Choice in WPA Interface. [link].
National Institute of Standards and Technology (2009). FIPS PUB 186-3. In Digital Signature Standard.
OpenSSL (2010). The OpenSSL Project. http://www.openssl.org/.
Souza, E. F. and Gonçalves, P. A. S. (2009). Um Mecanismo de Proteção de Nonces para a Melhoria da Segurança de Redes IEEE 802.11i. In Proceedings of WTICG/SBSeg, pages 291–300, Campinas.
Tate, J. T. (1973). The Arithmetic of Elliptic Curves. In Inventiones Mathematicae, volume 23, pages 179–206.
Tews, E. (2007). Attacks on the WEP Protocol. Cryptology ePrint Archive, Report 2007/471.
Vanstone, S. A. (2003). Next Generation Security for Wireless: Elliptic Curve Cryptography. In Computers and Security, volume 22.
Wi-Fi Alliance (2003). Wi-Fi Protected Access: Strong, Standards-based, Interoperable Security for Today’s Wi-Fi Networks.
Publicado
11/10/2010
Como Citar
SOUZA, Eduardo Ferreira de; GONÇALVES, Paulo André da S..
Um Mecanismo de Autenticação Baseado em ECDH para Redes IEEE 802.11. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 10. , 2010, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2010
.
p. 119-131.
DOI: https://doi.org/10.5753/sbseg.2010.20582.