Presentation is loading. Please wait.

Presentation is loading. Please wait.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Published byMillicent Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests."— Presentation transcript:

1 WiFi Security

2 What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests Currently Wi-Fi means wireless networks in general Wireless networks are usually based on the IEEE 802.11 standards. –802.11b2.4Ghz, 11Mbps –802.11g2.4Ghz, 54 Mbps

3 Wireless networking 2 different network modes –Ad-hoc –Infrastructure Medium is shared to channels In infrastruce mode, everything goes through the access point Before data can be transmitted, the access point and the client must establish a connection –Authentication and association

4 Security Threats Wireless technology doesn’t remove any old security issues, but introduces new ones –Viruses, Trojans and stuff like that are still there –Eavesdropping –Man-in-the-middle attacks –Denial of Service

5 Eavesdropping Easy to perform, almost impossible to detect By default, everything is transmitted in clear text –Usernames, passwords, content... –No security offered by the transmission medium Different tools available on the internet –Network sniffers, protocol analysers... –Password collectors With the right equipment, it’s possible to eavesdrop traffic from few kilometers away

6 Man in the middle attacks Allows data analysis and manipulation –Tools available on the internet Can target secure higher level protocols MITM attacks are also possible in wired networks In a MITM attack, the attacker funnels victim’s traffic through a point controlled by the attacker

7 Man in the middle attacks The attacker can terminate victim’s SSL/TSL session at her host and reconnect to the actual site. This allows the attacker to see everything in clear text

8 Wireless MITM Attack 1.Attacker spoofes a disassociate message from the victim 2.The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address 3.The attacker connects to the real AP using victim’s MAC address

9 Denial of Service Frequency jamming –Not very technical, but works Spoofed deauthentication / disassociation messages –can target one specific user Attacks on higher levels –SYN Flooding –Ping of death –...

10 Wi-Fi Security Techniques At the moment –Wired Equivalent Privacy (WEP) –802.1X Access Control –Wireless Protected Access (WPA) In the future –802.11i

11 Wired Equivalent Privacy (WEP) Original security solution offered by the IEEE 802.11 standard Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors Flawed design, easily broken –IV reuse causes problems –Tools to break WEP available on the internet Offers very little security at all

12 802.1x Access Control Designed as a general purpose network access control mechanism –Not Wi-Fi specific Access to network is controlled by switches (Access points in the Wi-Fi domain) User management with RADIUS –Extensible Authentication Protocol (EAP) used in authentication process –Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not Doesn’t affect data transmissions, only authentication messages are encrypted if used EAP method is encrypting

13 802.1x Access Control

14 Wireless Protected Access (WPA) 802.1x Access Control –Pre-shared key setup available for SOHO environments TKIP (Temporal Key Integrity Protocol) encryption –RC4, dynamic encryption keys (session based) 48 bit IV, key mixing function –Fixes all issues found from WEP Uses Message Integrity Code (MIC) Michael –Ensures data integrity Old hardware should be upgradeable to WPA

15 WPA and Security Threats Data is encrypted –Protection against eavesdropping and man-in- the-middle attacks Denial of Service –As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute –Only two packets a minute enough to completely stop a wireless network

16 802.11i WPA and the IEEE 802.11i share features –TKIP, the use of 802.1x for access control Standard is not yet ready, ratification is expected Q1/2004 Will require new hardware –AES used for encryption...

17 Conclusions The are various risks affecting the wireless user Good Wi-Fi security technologies exist, but they are not used –According to some studies, only 40 % of wireless networks use WEP –Therefore, it is important to understund the risks Higher level security protocols should be used when possible –After all, users have little control on technologies used in networks they use

Download ppt "WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests."

Similar presentations

BZUPAGES.COM BSIT 07-11. BZUPAGES.COM BSIT 07-11 ON.

BZUPAGES.COM BSIT BZUPAGES.COM BSIT ON.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Similar presentations

Ads by Google