Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security & Authentication in WLAN

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security & Authentication in WLAN"— Presentation transcript:

1 Security & Authentication in WLAN
State of the Art and Evolution Network Architecture and Design

2 Organizations and Groups
WECA The Wireless Ethernet Compatibility Alliance certifies compliance with the IEEE standards. Awards the WiFi (Wireless Fidelity). IEEE 802.1X defines changes to the MAC Bridge in order to provide Port based network access control capability. IEEE i defining MAC enhancements to provide enhanced security for This is a work in progress, and 802.1X is an important part of this. (end of 2002) IEEE 802.1X provides so called Port based network access control capability because, for example, an AP blocks all its ports until client can authenticate itself. Network Architecture and Design

3 First Generation WLAN Security
Virtual Private Network-VPN Ensures privacy through encryption. Runs transparently over a WLAN Use of a VPN is independent of any native WLAN security scheme, thus is not mentioned here. This is a way that a network administrator can use to improve security. This uses internet security protocols as SSL and others encrypting the message from the client. This is not part of the protocol. Network Architecture and Design

4 First Generation WLAN Security
Service Set Identifier-SSID Analogous to a common network name. Serves to logically segment users and APs. Is a piece of information advertised or preconfigured at the station. SSID may be requested when joining a WLAN. SSID is not secure, because an AP advertises its SSID in its beacons. in order for an AP to be operating in b compliant mode it is typically set to "Broadcast-SSID mode“ first generation WLAN networks resort to nothing more secure than using secret SSIDs as a means to deny access to unauthorized users. Network Architecture and Design

5 First Generation WLAN Security
Wired Equivalent Privacy-WEP Optional implementation for IEEE b. A WECA requirement of at least 40 bit encryption for WiFi certification. Goals Deny access to users that do not possess the appropriate WEP key. Prevent the decoding of traffic that is WEP encrypted without the possession of the WEP key. WEP is the core for the first generation WLAN security. Is call Wired Equivalent Privacy because this scheme attempts just to achieve a security level comparable with those in a wired network as Ethernet. Network Architecture and Design

6 First Generation WLAN Security
Wired Equivalent Privacy-WEP WEP is a symmetric encryption mechanism. IEEE b has chosen 40-bit keys. Some vendors use 128-bit WEP encryption. Key distribution or negotiation is not mentioned in the standard. Symmetric because the same process to encrypt and decrypt. The missing of the process for key distribution or negotiation was the root of the problem because now, each vendor implements its own method. Network Architecture and Design

7 First Generation Process
Authentication: Is the process of verifying the credentials of a client desiring to join a WLAN. Open System Authentication: Process in clear text. Shared Key Authentication: Uses a key to encrypt a challenge text. Association: Is the process of associating a client with a given AP in the WLAN. Network Architecture and Design

8 First Generation Process Probe Phase
2.- The APs that hear this packet send a probe response packet back to the station. This probe response packet contains some information such as SSID, which is used to determine which AP associate. 1.- When initialization, the client sends a probe request packet out on all the channels. Network Architecture and Design

9 First Generation Process Authentication Phase
Shared key mode. Both the client and the AP must be set-up to the same authentication scheme (open or shared) for this phase to perform properly. Because the authentication process must begin from the AP, the authentication request serves to AP begins the process. The WEP key is already configured in the client. Network Architecture and Design

10 First Generation Process Association Phase
After being authenticated, the client sends an association request to the AP. Network Architecture and Design

11 IEEE 802.11WEP Key Management
Key distribution or negotiation is not mentioned in the standard. The standard provides two mechanisms to select a key to encrypt a frame. Four default keys shared by all clients. Secure communication between users with default keys. Once keys become widely distributed, they are more compromised. “Key mapping” relationship with another station. More secure operation since fewer stations have the keys. Distribution of such unicast keys is problematic as group increases. Network Architecture and Design

12 Network Architecture and Design
WEP Deficiencies WEP uses RC4; using a shared secret key, generates an arbitrarily long sequence of bytes from a pseudorandom number. This stream is XORed with the plaintext to produce the encrypted ciphertext. It works well in SSL. 802.11b uses 40-bit keys Hackers can crack them in hours, but takes so much to crack 104-bit keys. But…Easy to break RC4 encryption with keystream reuse. Key reuse is a big deal, because two messages encrypted with same IV and key, reveal info of both, also these two ciphertexts XORed between them produce the plain text XORed. Network Architecture and Design

13 Network Architecture and Design
Security Weaknesses Physical Hardware loss, without user identification, Authentication, Accounting and Auditing. Impersonation Does not identify users, just hardware. No mutual authentication, enables Rogue AP’s. Integrity WEP supports per packet encryption but not authentication. Possibility to recover the RC4 stream. This is a summary of the weaknesses in a practical point of view. This serves to design what a solution must address. Physical and Impersonation weaknesses are related with the pre-programmed static WEP keys. If just hardware is identified by means of MAC address, includes the same problems that static keys. Integrity is related to the possibility of data modification. RC4 recovery can be done if encrypted packets are known, (as TCP or Ack’s). Network Architecture and Design

14 Network Architecture and Design
Security Weaknesses Disclosure Can be obtained both MAC address, time of association/disassociation. Problems with static global keys. Secret by more than two is not a secret Enables rogue AP attacks. Permits that anyone into the network to decrypt other conversations. Dictionary attacks. Denial of Service Disassociation attacks. Disclosure refers to an unintended exposure of data. Dictionary attack is to use a list of words to guess a password. Disassociation attack enables session hijacking. Network Architecture and Design

15 Network Architecture and Design
IEEE 802.1X Security in can be broken in Authentication framework Authentication algorithm/protocol Encryption IEEE 802.1X Is a standard Scalable. Centralized Framework for Authentication. Deploys a variety of authentication protocols. Still in development. Network Architecture and Design

16 How 802.1X Addresses 802.11 Security Issues
Extensible Authentication Protocol-EAP framework. User ID and strong authentication. Dynamic key derivation. Mutual authentication. Per-packet authentication. Dynamic key refers to the creation of one key for each user at each session. Mutual authentication is that client authenticates itself with the AP, but also AP must authenticate itself with the client. Network Architecture and Design

17 Network Architecture and Design
EAP Framework EAP provides a flexible link layer security framework Simple encapsulation protocol for IETF authentication standards Transport Level Security–TLS (Windows). Internet Key Exchange–IKE (Certicom-Lucent). GSS_API (Kerberos). Other mutual authentications schemes (Cisco LEAP). Run over lossy or lossless media and any link layer (PPP,802.3) Does not assume physical secure link. EAP is not a authentication technique, but is a flexible link layer security framework where encapsulates common authentication standards in. In the EAP frame there’s a field called TYPE, where is specified the type of authentication procedure used. Network Architecture and Design

18 Network Architecture and Design
EAP Architecture APIs refers to Application Program Interface NDIS = Network Driver Interface Specific. 802.3=Ethernet Protocol. 802.5=Token Ring Protocol. Network Architecture and Design

19 Identification & Authentication
Users identified by usernames, not MAC addresses. Supports extended authentication. Non password based authentication. Public key certificates and smartcards. IKE Biometrics Token cards Password based One-time passwords Any GSS_API (Kerberos) Network Architecture and Design

20 Per-User Per-Session Keys
802.1X enables secure derivation of per-user session key. Provides ability to securely change global keys. WEP keys are dynamically derived at the client when log-on. Global key, such as broadcast WEP key, is sent from AP to client, encrypted using the unicast session key. Makes per-user WEP keys easy to administer. The derivation of per-user session key depends on the authentication method used in the implementation (TLS=Windows, Cisco – Username, Password; IKE=Certicom-Lucent – Digital Certificate). The client and AP have the WEP key, is not necessary the transmission over the air; with this, the client can decrypt the multicast key which will be used to encrypt all the communication during the session. Easy to administer because is not needed anymore to store this keys. Network Architecture and Design

21 Mutual Authentication
802.1X needs EAP methods supporting mutual authentication. Guarantees right key transfers Prevents Man-in-the-middle, Rogue Server attacks Mutual Authentication EAP methods. TLS: Supply certificate, prove possession of private key. IKE: Server demonstrates possession of pre-shared key or private key. GSS_API (Kerberos):server must demonstrate knowledge of the session key. The attacks can be defeated with mutual authentication because the rogue AP can’t authenticate as an real AP with the client, in the past it didn’t need authenticate with the client; for MiM the hacker can’t authenticate as a valid AP to the client neither as a valid client with the AP. Network Architecture and Design

22 Per-Packet Authentication
EAP supports per packet authentication & integrity. But not to all messages TLS, IKE derive session key, with this the negotiations are authenticated and integrity protected. Using WEP, session key can be used to encrypt, authenticate and integrity protect some messages as: Success & Failure. Network Architecture and Design

23 WLAN Security Topics Coming
Temporal Key Integrity Protocol – TKIP Initially referred as WEP2. Solve the key reuse in WEP. 128-bit shared temporal key. Combines Temporal key Client’s MAC address Adds 16-octet initialization vector. To produce a key to encrypt the data. Temporal key change every 10,000 packets. Network Architecture and Design

24 WLAN Security Topics Coming
Advanced Encryption Standard – AES AES offers much stronger encryption. Replaces the aging Data Encryption Standard (DES) in NIST. Solves the problem of stronger encryption needed by AES requires a coprocessor (additional hardware). Companies need to replace existing access points and client NICs. 802.11i standard will likely include AES. Network Architecture and Design

25 Network Architecture and Design
Cisco Implementation EAP describes an extensible packet exchange to allow the passing of authentication information between the client and the PPP server. WLAN is not a PPP X EAP over LAN (EAPOL) defines how encapsulate EAP in Ethernet or token ring packets. EAPOW – EAP over Wireless LAN, is EAPOL but when used in wireless networks. Is also used EAP over Radius to encapsulate within RADIUS packets. Network Architecture and Design

26 Network Architecture and Design
Protocols used to encapsulate EAP Network Architecture and Design

27 Cisco Implementation - LEAP
Cisco-Lightweight Extensible Authentication Protocol. Aironet client adapters that supports EAP-LEAP authentication (FW 4.10). Cisco Aironet Series APs supporting 802.1x EAP authenticator (Ver 11.0). Secure Access Control Server used for AAA and EAP RADIUS services (Ver 2.6 running in Win NT/2000 server). Lightweight because: Minimal support from client CPU while mutual authentication. Supports embedded systems (printers). Runs on OS without support for native EAP authentication. Support popular OS (Windows, Linux, MacOS). Network Architecture and Design

28 Network Architecture and Design
Cisco Implementation The entire authentication and key distribution process is accomplished in three phases: Start, Authenticate, and Finish Network Architecture and Design

29 Network Architecture and Design
Start Phase Network Architecture and Design

30 Network Architecture and Design
Authenticate Phase The authenticate sequence varies based on the mutual authentication method chosen. If we were using Transport Level Security (TLS) to transfer certificates in a PKI implementation, then EAP-TLS messages would be used. PKI public key infrastructure is a system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction Network Architecture and Design

31 Network Architecture and Design
Authenticate Phase AP is in the middle acting solely as a transport vehicle Network Architecture and Design

32 Network Architecture and Design
Finish Phase Network Architecture and Design

33 Network Architecture and Design
Finish Phase Both derive the session key from the user's password. AP sends an EAPOW-KEY message to the client supplying the key length. The key value (or actual WEP key) is not sent since the client has already derived it on its own. AP encrypts with the session key (unicast) a full-length derived multicast key and sends to client. The client and AP activate WEP and use this session multicast WEP key for all communications. Network Architecture and Design

34 Tentative Applications
Handoff Client is assumed authenticated. Just update multicast key on the adjacent AP. Ad Hoc Mode 802.1x can be used. User credentials are stored in each station. New EAP method for this purpose must be designed. Network Architecture and Design

35 Network Architecture and Design
References Mishra A, Arbaugh W.; “An Initial Security Analysis of the IEEE 802.1X Standard”. This article shows some weaknesses of the 802.1X protocol. William A. Arbaugh, Narendar Shankar, and Y.C. Justin Wan, "Your Wireless Network Has No Clothes“; one of the first articles that shows the b security problems Nikita Borisov, Ian Goldberg, and David Wagner, "Intercepting Mobile Communications: The Insecurity of “ D.Simon, B. Aboba, T. Moore; IEEE Security and 802.1X. This presentation explains the security problems on and how 802.1X helps to fix them. Steinke Steve; “Security and Wireless Networks”; this article explains WEP deficiencies. Security for Next Generation Wireless LANs; A Cisco paper that describes the first generation WLAN security. Network Architecture and Design

36 Network Architecture and Design
References Scott Fluhrer, Itsik Mantin and Adi Shamir; Weaknesses in the Key Scheduling Algorithm of RC4 , this paper presents several weaknesses in the key scheduling algorithm of RC4 and describes their cryptanalytic significance. AirSnort one of the best-known WEP cracking tools, which employs the RC4 weaknesses to attack WLAN networks. AirSnort recovers encryption keys, operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Wireless LAN at Risk: An article that tells how easy can be to access a WLAN if even the minimal wireless security basics and precautions are not taken into account. Sean Whalen, Analysis of WEP and RC4 Algorithms; This paper explains briefly the WEP encryption mechanism and some ways to crack it. Network Architecture and Design

37 Network Architecture and Design
End of Ninth Lecture Network Architecture and Design

Download ppt "Security & Authentication in WLAN"

Similar presentations

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.

Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
Wireless Insecurity.

Wireless Insecurity.

Similar presentations

Ads by Google