New Encryption System Design that works with wireless drivers.
jkmaline at cc.hut.fi
Sat Feb 19 13:33:29 EST 2005
On Sat, Feb 19, 2005 at 12:11:56PM -0600, Robert Denier wrote:
> On Sat, 2005-02-19 at 09:44 -0800, Jouni Malinen wrote:
> > Would you be willing to write something that compares this to IEEE
> > 802.11i with CCMP (mainly from the security and privacy view point)?
> Lets see very briefly. From a security point of view in closed mode.
> This is right off the top of my head.
> 1) Its impossible to fake any station.
IEEE 802.11i/CCMP validates send and received MAC address.
> 2) In general, Its impossible even to determine who is sending packets
> to whom. (Note as soon as you add a mac address, even the fake ones
> this uses, then this point is severly weakened, but it has to work on
> real hardware that exists.)
Well, in case of IEEE 802.11 you do need to use the correct source MAC
address (which could be randomized, though) to get ACK packets working
correctly, so I don't see much difference here.
> 3) Routers only need to know where the packet came from and where its
> going, and not the entire route so again secrecy is maintained.
I don't know how this would differ from IEEE 802.11i.
> 4) Entropy is added into packet creation to prevent even identical
> packets from ever being identical once encrypted.
CCMP uses packet numbers both to do this and replay protection.
> 5) It should be impossible to piece together a valid packet from
> pieces of invalid packets.
Likewise for CCMP.
> 6) Protection against replay attacks is included.
Same for CCMP.
> To be honest I haven't looked at 802.11i recently. This is can work
> with wired or wireless. My main recall on 802.11i was it was based on
> the earlier 802.11 with some improvements to make it somewhat more
> secure. This is different in that its implementation is completely
> from scratch and attempts to solve every problem I could think of.
IEEE 802.11i is quite a bit more than something to make 802.11 somewhat
more secure.. CCMP is using AES in Counter mode with CBC-MAC. I would
assume your solution would be close to this as far as encrypting frames
is concerned. I did not go through the key negotiation, but like I said,
I would believe that the mechanism you used would fit IEEE 802.11i which
allows key management suite to be negotiated.
If the ECC mechanism you use is considered more secure or requires less
computation without dropping security, it could be useful addition on
top of what is currently available in IEEE 802.11i. Based on the list
above, it does not look like the encryption part would provide
additional benefit on top of what CCMP includes now.
> I will most likely release a approximately 10 page summary of the
> technology behind the system in a few days.
OK, that would be helpful in understanding what is there without having
to go through all the source code ;-).
> See previous comment. It is a filter on standard ethernet packets.
> Personally I found 802.11 in general to be a complete mess which is
> why I didn't use it at all. Often if you want to do something right,
> its best not to start on the to start from scratch and question
> everything. Sometimes compatibility comes at way too high a price
> especially from a security prospective when the more complex something
> is the harder it is to be sure its secure.
In this case, incompatibility may be too high a price.. Sure, a
proprietary solution could be used for a separate network, but if it
does not interoperate with whatever else is there, it is likely to be of
Jouni Malinen PGP id EFC895FA
More information about the HostAP