• No se han encontrado resultados

ANÁLISIS DE RESULTADOS Y DISCUSIÓN

ZNNN SISTEMA DE ESCAPE

4.2.6. ANÁLISIS Y CONSTRUCCIÓN DE PROTOTIPO FINAL

4.2.6.1. Circuito electrónico para el sistema termoeléctrico

The model of authentication in IEEE 802.11i was borrowed from the IEEE 802.1X stan- dard [30] as shown in Figure 2.19. IEEE 802.1X was originally intended for wired local area networks (LANs), but it turned out that the same concepts can be used in wireless LANs. The IEEE 802.1X model involves three entities in the authentication procedure: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (e.g., a laptop) that wishes to connect to the network. The authenticator is a network device, such as a wireless access point. The authentication server is a process, which can run on the access point in smaller networks, or on a dedicated server machine in larger networks.

Figure 2.19: 802.1x

is not allowed access through the authenticator to the protected side of the network until the supplicants identity has been validated and authorized. With 802.1X port-based authentication, the supplicant provides credentials, such as a digital certificate, to the authenticator. The authenticator forwards the user’s credentials to the authentication server for verification. If the authentication server determines that the credentials are valid, the supplicant is allowed to access resources located on the protected side of the network.

Thus, a client must be authenticated before it can gain access to a network, which involves three steps as shown in Figure 2.20.

(1) When a client requests access to a network, an access point requests the client’s identity. The client responds to the authenticator (access point) with the client’s identity, which is forwarded to the authentication server.

(2) The authentication process is in step (2). The complete process of an IEEE 802.11i authentication consists of messages exchanged between the client and the authenti- cation server.

EAP-TLS [31] is a default authentication standard adopted in IEEE 802.11i WLANs. EAP-TLS is a certificate-based mutual authentication protocol. An authentication server provides its certificate to a user and requests the user’s certificate. The user validates the authentication server’s certificate to authenticate the authentication server. The user then responds to the server with its certificate. After verifying the user’s certificate, the authentication server successfully authenticates the client.

During the authentication process, the access point relays packets between the client and the authentication server.

(3) When the authentication process finishes, the authentication server sends a successful message (or, a failure message if the authentication has failed) to the user through the access point. The client is then granted access to the network.

Figure 2.20: EAP-TLS

2.5.2 Key Management and Group Key Management in IEEE 802.11i

The result of the authentication process in IEEE 802.11i not only allows a client to connect to an access point, but also provides several keys for further communication between the

client and the access point. There are three types of keys generated in the IEEE 802.11i key management scheme as discussed below.

Pairwise Master Key (PMK): PMKs are the highest order keys in the IEEE 802.11i standard. A PMK is computed by a client and an authentication server through the IEEE 802.11i authentication protocol. The PMK is encrypted using a key shared by the authentication server and the access point. The authentication server then sends the encrypted PMK to the authenticator (the access point). The PMK is known only to the client and the authenticator. It is a master key, because it is not used directly for encryption or integrity protection of messages, but rather used to derive encryption keys.

Pairwise Transient Key (PTK): PTKs are derived from a PMK, generated and updated through a 4-way handshake protocol [31]. After confirming the existence of a PMK and the liveness of a client and an authentication server, the client and the authentication server generates a pairwise transient key (PTK) for each subsequent communication, and synchronizes the installation of the PTK on both machines. Group Temporal Key (GTK): GTK is used to protect multicast data.

Figure 2.21 shows the messages exchanged through a 4-way handshake protocol.

An access point sends a nonce value ANonce to a client. The client generates a nonce SNonce, and computes a PTK using the PMK shared with the authenticator as follows.

Figure 2.21: The 4-way handshake protocol

P T K=f(P M K, AN oncekSN oncekMAkMC),

whereMC andMAare the physical addresses of the client and the AP, respectively. The operator|| denotes a concatenation. f is a pseudo-random number generation function.

As soon as the PTK is generated, it is divided into three separate keys as shown in Figure 2.22: the key encryption key (KEK), the key conformation key (KCK), and the temporal encryption key (TEK).

– Key encryption key (KEK): Used to encrypt the GTK as discussed below;

– Key confirmation key (KCK): Used to compute a message authentication code as discussed below;

Figure 2.22: 802.11i key hierarchy

– Temporal encryption key (TEK): Used to encrypt or decrypt unicast data packets as shown below.

The client sends a nonce value SNonce and aM AC value of SNonce to the access point. KCK is the MAC key used to generate the M AC value. The access point then computes the same PTK according to the above formula.

The access point uses the KCK to verify theM AC value sent by the client. If the verification is successful, the access point generates a GTK and encrypts it using the KEK. The access point then sends the encrypted GTK and the MAC value of GTK to the client.

value in the message is valid, the client sends a confirmation message to the access point.

Both PMKs and PTKs need to be updated after their lifetimes expire. The GTK needs to be updated periodically. In addition, when a device leaves the network, the GTK needs to be updated as well. This is to prevent the device from receiving further multicast or broadcast messages from the access point.

To update the group key update, IEEE 802.11i defines a two-way handshake protocol as follows [31]. First, an access point generates a new GTK, encrypts the GTK using a KEK assigned to each client, then unicasts each client the encrypted KEK along with a MAC value derived from the KCK. The MAC value in the message protects the data from modification. Second, after receiving the new GTK, each client replies to the access point with an acknowledgment.