Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University.

Similar presentations


Presentation on theme: "1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University."— Presentation transcript:

1 1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University

2 2 Overview Wireless LAN –Physical Transport – Standards –WLAN Architecture –WLAN Security Wireless Local Loops (Wireless WAN) –Physical Transport –WAP Protocol 1.x –WAP Protocol 2.0 –WAP Security

3 3 Wireless Local Area Networks

4 4 Physical Transport RF (Radio Frequency) –Frequency Hopping Spread Spectrum (FHSS) –Direct Sequence Spread Spectrum (DSSS) IR (Infrared Radiation) –Point-to-Point –Diffused

5 5 RF Transport Spread Spectrum –Expand the initial bandwidth and “spread” it in order to use a portion of the bandwidth for portion of the message. FHSS - Frequency Hopping Spread Spectrum –Non-consecutive portions of the spread spectrum are used to transmit portions of the message DSSS - Direct Sequence Spread Spectrum –each bit of the message contains additional bits for error correction purposes - the message bit along with its redundant bits is called the “Chip Code”

6 6 IR Transport Diffused –Reflect signal off of existing surfaces –e.g. ceiling –Try this with TV remote Point-to-Point –Signal sent as beam to IR Switch –IR Switch relays to next IR Switch –Ring topology

7 7 RF and IR Transport I-Band 902 MHz 928 MHz 2.48GHz 5.85GHz 5.725GHz 2.4GHz M-Band S-Band ISM Frequencies IR Spectrum: 850 to 950 nanometers

8 Standards a (WiFi5) –operates in the 5GHz RF band –Max link rate of 54Mbps b (WiFi) –operates in the 2.4GHz RF band –max link rate of 11Mbps g (Not Yet Standard) –Max link rate of 54Mbps –operates in 2.4GHz RF band i –improved WEP Others –802.11d –802.11e –802.11f –802.11h

9 9 WLAN Architecture Basic Service Set - BSS Extended Service Set - ESS Access Point - AP Station Types –No-Transition Mobility but portable –BSS-Transition Mobility –ESS-Transition Mobility

10 10 BSS PC with WNIC PC with WNIC PC with WNIC PC with WNIC BSS without AP PC with WNIC PC with WNIC PC with WNIC PC with WNIC AP BSS with an AP

11 11 ESS BSS PC with WNIC PC with WNIC PC with WNIC AP BSS PC with WNIC PC with WNIC PC with WNIC AP PC with WNIC AP Gateway Distribution System (e.g. Ethernet) Server

12 12 WLAN Security Requirements –authentication –confidentiality –integrity

13 13 WLAN Security Exploits Insertion Attacks –Unauthorized Clients or AP Interception and Unauthorized Monitoring –Packet Analysis –Broadcast Analysis AP connected to hub rather than switch –AP Clone Jamming –Denial of Service - using cordless phones, baby monitors, leaky microwave oven, etc.

14 14 WLAN Security Exploits Client-to-Client Attacks –DOS - duplicate MAC or IP addresses –TCP/IP Service Attacks against wireless client providing these services Brute Force Attacks Against AP Passwords –Dictionary Attacks Against SSID Encryption Attacks –Compromised WEP Misconfigurations –APs ship in an unsecured configuration

15 15 Secure AP Access Service Set Identifier - SSID Media Access Control (MAC) Address Filtering Wired Equivalent Privacy - WEP

16 16 SSID Mechanism Used to Segment Wireless Networks Each AP is programmed with a SSID that corresponds to its network Client computer presents correct SSID to access AP Security Compromises –AP can be configured to “broadcast” its SSID –SSID may be shared among users of the wireless segment

17 17 MAC Filtering Each client identified by its NIC Mac Address Each AP can be programmed with the set of MAC addresses it accepts Combine this filtering with the AP’s SSID Overhead of maintaining list of MAC addresses

18 18 WEP-Based Security Employs RC4 PRNG to Encrypt/Decrypt data RC4 PRNG –Symmetric Algorithm –40 bit encryption key + 24 bit initialization vector –64 bit string is used as seed to PRNG to generate a “key sequence” ICV (integrity check value) is computed for plaintext (CRC-32) ICV is appended to plaintext to make data bit string Key Sequence is XORéd to data bit string to create ciphertext. Ciphertext and IV are sent to receiver.

19 19 WEP Authentication Access request by client Challenge text sent to client by AP Challenge text encoded by client using shared secret then sent to AP If challenge text encoded properly AP allows access else denied

20 20 WEP Security Weaknesses All clients and AP’s in wireless network share the same encryption key No protocol for encryption key distribution IV transmitted in the clear default “Open System” authentication

21 21 WLANs and VPNS VPN provides secure “tunnel” through an “untrusted” network Requires VPN Client and Server software Wireless path considered the “untrusted” network Alternative to MAC filtering and WEP

22 22 Best Practices for WiFi Security Use WEP –change default key –change WEP key frequently Password Protect Client Drives and Folders Change Default SSID Use Sessions Keys If Available Use MAC Filtering If Available Use A VPN –Requires VPN Server –VPN Client Maybe Included With Op Sys

23 23 Wireless Local Loops (Wide Area Networks)

24 24 WAP Protocol Wireless Application Protocol –used with small low-powered devices –low bandwidth devices –e.g. cell phones Layered Protocol –Two versions of protocol stack WAP1.x Protocol Stack WAP2.0 Protocol Stack –Used with WAP Devices clients - cell phones gateways - –translate wireless protocols into Internet protocols –located near Mobile Telephone Exchange –Provide Security

25 25 WAP 1.x Protocol Stack Wireless Application Environment Wireless Session Protocol Wireless Transaction Protocol Wireless Transport Layer Security Wireless Datagram Protocol WAE WSP WTP WTLS WDP Bearer GSM, TDMA, CDMA, CDPD, et al WAP Device

26 26 WAE WSP WTP WTLS WDP Bearer WAP Device WSP WTP WTLS WDP Bearer HTML SSL TCP IP WAP Gateway WAE WEB Server HTML SSL TCP IP WAP 1.x Gateway

27 27 WAP 2.x Protocol Stack Wireless Application Environment Wireless Profiled HTTP Wireless Profiled TLS (SSL) Wireless Profiled TCP Internet Protocol 2.5G and 3G WAE WP-HTTP WP-TLS WP-TCP IP Wireless WAP Device

28 28 WAE WP-HTTP WP-TLS WP-TCP IP Wireless WAP Device WAP Proxy WP-TCP IP Wireless TCP IP Wired WAE HTTP TLS TCP IP Wired Web Server WAP 2.0 Proxy

29 29 Transport Layer Security Use of cipher suites Certificates of authentication Digital Signatures Session Resume Provides for TLS tunneling –end-to-end transport layer security

30 30 Bibliography Dornan, Andy (2002) "LANs with No Wires, but Strings Still Attached", Network Magazine, (17) 2, pp Dornan, Andy (2002) "Fast Forward to 4G?", Network Magazine, (17) 3, pp Fratto, Mike (2001) "Tutorial: Wireless Security", Network Computing, Jan. 22, 2001, 3 pages, Garber, Lee (2002) "Will 3G Really Be the Next Big Wireless Technology?", IEEE Computer, (35) 1, pp Gast. Matthew S Wireless Networks: The Definitive Guide O’Reilly & Associates Inc., Sebastopol, CA (2002). Kapp, Steve (2002) "802.11: Leaving the Wire Behind", IEEE Internet Computing Online", January/February 2002, Internet Security Systems, (2001) "Wireless LAN Security: b and Corporate Networks", Macphee, Allan (2001), "Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)", Entrust Whitepaper, Nichols, Randall K., and Lekkas, Panos C., Wireless Security: Models, Threats, and Solutions, McGraw-Hill, New York, NY, Varshney, Upkar and Vetter, Ron (2000) "Emerging Mobile and Wireless Networks", Communications of the ACM, (43) 6, pp

31 31 These slides will be available on August 12, 2002 on the web site follow the link: Wireless Security Presentation AMCIS 2002


Download ppt "1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University."

Similar presentations


Ads by Google