5 RF Transport Spread Spectrum –Expand the initial bandwidth and “spread” it in order to use a portion of the bandwidth for portion of the message. FHSS - Frequency Hopping Spread Spectrum –Non-consecutive portions of the spread spectrum are used to transmit portions of the message DSSS - Direct Sequence Spread Spectrum –each bit of the message contains additional bits for error correction purposes - the message bit along with its redundant bits is called the “Chip Code”
6 IR Transport Diffused –Reflect signal off of existing surfaces –e.g. ceiling –Try this with TV remote Point-to-Point –Signal sent as beam to IR Switch –IR Switch relays to next IR Switch –Ring topology
7 RF and IR Transport I-Band 902 MHz 928 MHz 2.48GHz 5.85GHz 5.725GHz 2.4GHz M-Band S-Band ISM Frequencies IR Spectrum: 850 to 950 nanometers
8 802.11 Standards 802.11a (WiFi5) –operates in the 5GHz RF band –Max link rate of 54Mbps 802.11b (WiFi) –operates in the 2.4GHz RF band –max link rate of 11Mbps 802.11g (Not Yet Standard) –Max link rate of 54Mbps –operates in 2.4GHz RF band 802.11i –improved WEP Others –802.11d –802.11e –802.11f –802.11h
9 WLAN Architecture Basic Service Set - BSS Extended Service Set - ESS Access Point - AP Station Types –No-Transition Mobility but portable –BSS-Transition Mobility –ESS-Transition Mobility
10 BSS PC with WNIC PC with WNIC PC with WNIC PC with WNIC BSS without AP PC with WNIC PC with WNIC PC with WNIC PC with WNIC AP BSS with an AP
11 ESS BSS PC with WNIC PC with WNIC PC with WNIC AP BSS PC with WNIC PC with WNIC PC with WNIC AP PC with WNIC AP Gateway Distribution System (e.g. Ethernet) Server
13 WLAN Security Exploits Insertion Attacks –Unauthorized Clients or AP Interception and Unauthorized Monitoring –Packet Analysis –Broadcast Analysis AP connected to hub rather than switch –AP Clone Jamming –Denial of Service - using cordless phones, baby monitors, leaky microwave oven, etc.
14 WLAN Security Exploits Client-to-Client Attacks –DOS - duplicate MAC or IP addresses –TCP/IP Service Attacks against wireless client providing these services Brute Force Attacks Against AP Passwords –Dictionary Attacks Against SSID Encryption Attacks –Compromised WEP Misconfigurations –APs ship in an unsecured configuration
15 Secure AP Access Service Set Identifier - SSID Media Access Control (MAC) Address Filtering Wired Equivalent Privacy - WEP
16 SSID Mechanism Used to Segment Wireless Networks Each AP is programmed with a SSID that corresponds to its network Client computer presents correct SSID to access AP Security Compromises –AP can be configured to “broadcast” its SSID –SSID may be shared among users of the wireless segment
17 MAC Filtering Each client identified by its 802.11 NIC Mac Address Each AP can be programmed with the set of MAC addresses it accepts Combine this filtering with the AP’s SSID Overhead of maintaining list of MAC addresses
18 WEP-Based Security Employs RC4 PRNG to Encrypt/Decrypt data RC4 PRNG –Symmetric Algorithm –40 bit encryption key + 24 bit initialization vector –64 bit string is used as seed to PRNG to generate a “key sequence” ICV (integrity check value) is computed for plaintext (CRC-32) ICV is appended to plaintext to make data bit string Key Sequence is XORéd to data bit string to create ciphertext. Ciphertext and IV are sent to receiver.
19 WEP Authentication Access request by client Challenge text sent to client by AP Challenge text encoded by client using shared secret then sent to AP If challenge text encoded properly AP allows access else denied
20 WEP Security Weaknesses All clients and AP’s in wireless network share the same encryption key No protocol for encryption key distribution IV transmitted in the clear default “Open System” authentication
21 WLANs and VPNS VPN provides secure “tunnel” through an “untrusted” network Requires VPN Client and Server software Wireless path considered the “untrusted” network Alternative to MAC filtering and WEP
22 Best Practices for WiFi Security Use WEP –change default key –change WEP key frequently Password Protect Client Drives and Folders Change Default SSID Use Sessions Keys If Available Use MAC Filtering If Available Use A VPN –Requires VPN Server –VPN Client Maybe Included With Op Sys
23 Wireless Local Loops (Wide Area Networks)
24 WAP Protocol Wireless Application Protocol –used with small low-powered devices –low bandwidth devices –e.g. cell phones Layered Protocol –Two versions of protocol stack WAP1.x Protocol Stack WAP2.0 Protocol Stack –Used with WAP Devices clients - cell phones gateways - –translate wireless protocols into Internet protocols –located near Mobile Telephone Exchange –Provide Security
28 WAE WP-HTTP WP-TLS WP-TCP IP Wireless WAP Device WAP Proxy WP-TCP IP Wireless TCP IP Wired WAE HTTP TLS TCP IP Wired Web Server WAP 2.0 Proxy
29 Transport Layer Security Use of cipher suites Certificates of authentication Digital Signatures Session Resume Provides for TLS tunneling –end-to-end transport layer security
30 Bibliography Dornan, Andy (2002) "LANs with No Wires, but Strings Still Attached", Network Magazine, (17) 2, pp. 44-47. Dornan, Andy (2002) "Fast Forward to 4G?", Network Magazine, (17) 3, pp. 34-39. Fratto, Mike (2001) "Tutorial: Wireless Security", Network Computing, Jan. 22, 2001, 3 pages, http://www.networkcomputing.com/1202/1202f1d1.html http://www.networkcomputing.com/1202/1202f1d1.html Garber, Lee (2002) "Will 3G Really Be the Next Big Wireless Technology?", IEEE Computer, (35) 1, pp.26-32. Gast. Matthew S. 802.11 Wireless Networks: The Definitive Guide O’Reilly & Associates Inc., Sebastopol, CA (2002). Kapp, Steve (2002) "802.11: Leaving the Wire Behind", IEEE Internet Computing Online", January/February 2002, http://www.computer.org/internet/v6n1/w102wire2.htm. http://www.computer.org/internet/v6n1/w102wire2.htm Internet Security Systems, (2001) "Wireless LAN Security: 802.11b and Corporate Networks", http://www.iss.net/support/documentation/otherwhitepapers.php Macphee, Allan (2001), "Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)", Entrust Whitepaper, http://www.entrust.com/resources/whitepapers.htmhttp://www.entrust.com/resources/whitepapers.htm Nichols, Randall K., and Lekkas, Panos C., Wireless Security: Models, Threats, and Solutions, McGraw-Hill, New York, NY, 2002. Varshney, Upkar and Vetter, Ron (2000) "Emerging Mobile and Wireless Networks", Communications of the ACM, (43) 6, pp. 73-81.
31 These slides will be available on August 12, 2002 on the web site www.washburn.edu/cas/cis/boncella follow the link: Wireless Security Presentation AMCIS 2002