Cryptography Reference
In-Depth Information
AES. This, in itself, may mean that no actual upgrading of firmware
9.15
will suLce, that is, the complexity of RSN may mean that it will not be
interoperable with anythingbut the very latest in WLAN hardware. Also,
this will mean that certain (AP)s
9.16
will not be RSN-capable (as defined
in the IEEE publication, “Wireless LAN Security and IEEE 802.11i” by
Chen, Jiang, and Liu — see:
http://wire.cs.nthu.edu.tw/wire1x/
.
2. It uses a 48-bit initialization vector,
v
.
3. Integrity is achieved via the CBC-MAC in counter mode (see page 262).
Since AES replaces RC4, and the counter mode (see page 136) of CBC-
MAC is the method of applyingit, then this is more suitable for the packet
realm than stream data.
4. Since the sequence for
v
changes as keys change, replay attacks are thwarted.
5. Key management is based upon
Extensible Authentication Protocol
(EAP).
Now we look at the EAP in detail. This protocol is defined in [33] (a docu-
ment that replaces the one formerly known as RFC 2284bis, and which renders
obsolete RFC 2284). RSN employs EAP for authentication of wireless devices
to a network, and for provision of dynamic keys as needed. EAP supports
numerous authentication schemes.
EAP Authentication Schemes
1. MD5 (see page 255).
2. TLS (see page 219).
3. TTLS
,
sometimes called
EAP-TLS
, developed by Microsoft. This was ac-
cepted as RFC 2716 (see [221]). TTLS, a challenge-response protocol,
requires only server-side certificates, and these are used for one-way TLS
authentication (network to user). Once a secure channel is established,
EAP may be used inside of the TLS tunnel for any other authentication.
4. LEAP,
Lightweight Extensible Authentication Protocol
, developed by Cisco,
but they are replacingit (eventually) with the following.
5. PEAP,
Protected Extensible Authentication Protocol
, or Protected EAP,
which was developed by Cisco and RSA Security. This is a rival challenge-
response protocol to that of TTLS.
9.15
Firmware typically refers to (permanently stored) software embedded in a hardware de-
vice. For instance, firmware may be a program embedded in a ROM-integrated chip. ROM is
Read Only Memory
, memory that may be accessed and read but not altered. The term
Ran-
dom Access Memory
(RAM) refers to memory space that is basically used to store dynamic
data (data that changes during execution of a program).
9.16
An
access point
is a (base) station that transmits and receives data, and whose function
is to both interconnect users on the networkas well as interface the WLAN with a wired
network. Sometimes, in the WLAN context, an AP is called a
transceiver
.
Search WWH ::
Custom Search