Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.11 Networks: known attacks: technical review Nguyen Dinh Thuc University of Science, HCMC

Published byAngela Owen Modified over 8 years ago

Similar presentations

Presentation on theme: "802.11 Networks: known attacks: technical review Nguyen Dinh Thuc University of Science, HCMC"— Presentation transcript:

1 802.11 Networks: known attacks: technical review Nguyen Dinh Thuc University of Science, HCMC ndthuc@fit.hcmus.edu.vn

2 Introduction wireless LAN01010101 10010101 Wired LAN Wireless LAN Laptop Laptop Access Point Mobile Pocket PC Palm Internet

3 01010101 10010101 Introduction wireless securityAuthentication Privacy Integrity

4 solutions Hotspot Express ( Concurrency License ) xPossible ( Concurrency License ) DOCOMO Inter-Touch Nokia Ovi VPN (Checkpoint, D-Link) …

5 Solutions access controlmember member Access Point New member access authentication

6 Solutions VPN Internet VPN Client No VPN Client hotspot Main Office VPN Server

7 A solution Access PointWireless Clients Internet Local Content Remote User Authentication Server Hotspot Controller Wireless Clients Access Point

8 Dis’ing attacks on 802.11 networks: letter-envelop protocol Initially, the client randomly generates primes p1 and q1, then computes N1 = p1 q1. Similarly, the AP generates p2, q2 and computes N2 = p2 q2. During the authentication process between the client and the AP, the client sends an “envelop” that contains N1 to the AP, and AP sends an “envelop” containing N2 to the client When the client wants to disconnect from the AP, it sends either the de-authentication or the disassociation frame to the AP, together with p1 to the AP; we call this number “letter”. If this “letter” corresponds to the “envelop” previously sent, i.e. p1|N1 ( p1 divides N1) then the frame is authenticated and will be processed accordingly. Otherwise, the frame is rejected Similarly, if the AP wants to disconnect from the client, it sends the disassociation/de-authentication frame together with p2. The STA disconnects itself from the AP if p2|N2.

9 Dis’ing attacks on 802.11 networks: implementation of letter-envelop protocol Thuc D. Nguyen, Duc H. M. Nguyen, Bao N. Tran†,Hai Vu, Neeraj Mittal, A lightweight solution for defending against de-authentication/disassociation attacks on 802.11 networks, In IEEE 17th International Conference on Computer Communication and Networks (ICCCN), St. Thomas, US Virgin Islands, August 2008

10 Dis’ing attacks on 802.11 networks: implementation of letter-envelop protocol After the authentication is finished, the client randomly generates two large primes number p1 and q1, computes N1 = p1 q1 and includes N1 in the Association Request frame (by putting the number in the frame body) sending to the AP On receiving the Association Request frame, the AP checks whether the Association ID (AID) of the client exists in the memory. There are two cases: Case 1: if the AID does not exist, then the STA has not been associated with the AP. The AP then stores N1 in the memory corresponding to the client’s record. If this is the first client associating to the AP, then the AP randomly generates two large primes p2 and q2, computes N2 = p2 q2 and includes it in the Association Response frame sending to the client. If there are clients already associated to the AP, then the AP just send the value ofN2 that has been previously sent to other clients. Note that the AP just needs one value of N2 for all the STAs associated to it. Whenever the AP wants to disconnect with all STAs, it just needs to broadcast a single disassociation frame containing N2. On receiving the Association Response frame, the client stores N2 in the memory corresponding to the AP it is associating with. When the AP receives the de-authentication frame or disassociation frame with a value of “letter” k from a client, it checks in the memory the values of N1 corresponding to that client. If k|N1 then the AP clears the information related to that client in the memory

Download ppt "802.11 Networks: known attacks: technical review Nguyen Dinh Thuc University of Science, HCMC"

Similar presentations

802.11 Networks: hotspot security Nguyen Dinh Thuc University of Science, HCMC

Networks: hotspot security Nguyen Dinh Thuc University of Science, HCMC
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Analysis and Improvements over DoS Attacks against IEEE 802.11i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
An Introduction to Internetworking. Why distributed systems - Share resources (devices & CPU) - Communicate people (by transmitting data)

An Introduction to Internetworking. Why distributed systems - Share resources (devices & CPU) - Communicate people (by transmitting data)
802.11 Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.

Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
Computer Networking Devices Seven Different Networking Components.

Computer Networking Devices Seven Different Networking Components.
IEEE Wireless LAN Standard

IEEE Wireless LAN Standard
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Autoimmunity Disorder in Wireless LANs By Md Sohail Ahmad J V R Murthy, Amit Vartak AirTight Networks.

Autoimmunity Disorder in Wireless LANs By Md Sohail Ahmad J V R Murthy, Amit Vartak AirTight Networks.

Similar presentations

Ads by Google