Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Technology 802.11x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003.

Published byBuck Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Technology 802.11x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003."— Presentation transcript:

1 Wireless Technology 802.11x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003

2 3Com University Live December 2002 Session ID: 110 Rev. page 2 Home Hotel Airport Wireless Local Area Network Office Wireless Personal Area Network Wireless Wide Area Network Small Business Leadership in Wireless Connectivity 3Com Proprietary and Confidential

3 3Com University Live December 2002 Session ID: 110 Rev. page 3 Technology and Standards Evolution Today New network services being added (QoS, IAPP, WEP2, etc.) 2000 Bluetooth Products Available (802.15) 1997 Original 802.11 spec ratified by the IEEE 1999 802.11a and 802.11b ratified by the IEEE WECA formed Future 54Mbps extn. to 802.11b 5Ghz band (up to 54 Mpbs) 802.11b & Bluetooth co-existence

4 New Standards What are they? 3Com Proprietary and Confidential

5 3Com University Live December 2002 Session ID: 110 Rev. page 5 The A,B,G’s of WLANs Background The IEEE finalized the initial standard for WLANs, IEEE 802.11 in June 1997 The original standard specified a 2.4GHz operating frequency with data rates of 1 and 2Mbps There are two categories of specifications The first category defines complete wireless LAN systems 3 main specifications 802.11a, b, and g The second category defines enhancements that mitigate weaknesses in the existing protocols. These are not new systems, but rather extensions that will be applied to the systems specifications. There are currently 6 specifications in this category 802.11d, e, f, h, i, j

6 3Com University Live December 2002 Session ID: 110 Rev. page 6 802.11 Systems Overview 802.11a802.11b802.11g Standard Ratified 20021999Not Yet Ratified Radio Band 5GHz2.4GHz Data Rates Up to 54MbpsUp to 11MbpsUp to 54Mbps Coverage Area Up to 50 MetersUp to 100 Meters Pros Less potential for interference Good support for multimedia apps and densely populated user environments Certified compatibility through Wi-Fi Most widely deployed system today Compatible with 802.11b High data rates and broad coverage area Cons Requires hardware upgrade Less coverage area Slower data rate Interference in 2.4GHz band Will not be widely available until late 2003

7 3Com University Live December 2002 Session ID: 110 Rev. page 7 Recommending the Right WLAN System Recommend 802.11b if your customer: Doesn’t have a need for high-bandwidth Isn’t price sensitive Wants a large choice of providers/manufacturers Wants to give users access to public WLAN hot- spots Wants guaranteed compatibility Wants to implement a complete WLAN solution today

8 3Com University Live December 2002 Session ID: 110 Rev. page 8 Recommending the Right WLAN System Recommend 802.11a if your customer: Has a dense user base confined to one coverage area Wants to run high-bandwidth applications Voice/video over the wireless network Needs to transfer large data files CAD files, pre-print publishing documents, other large graphics files Does not need a wide coverage range Is not price sensitive (in the short term) It will cost twice as much to cover the same area as 802.11b or g

9 3Com University Live December 2002 Session ID: 110 Rev. page 9 Recommending the Right WLAN System Recommend 802.11g if your customer: Is willing to wait for the standard to arrive and for products to hit the market Wants backward compatibility with an existing 802.11b WLAN Wants to maximize current investment Needs high-bandwidth Has a large coverage area

10 Quality Of Service 802.11e 3Com Proprietary and Confidential

11 3Com University Live December 2002 Session ID: 110 Rev. page 11 IEEE P802.11 TGe Purpose: To enhance the 802.11 Medium Access Control (MAC) to improve and manage Quality of Service (QoS) Cannot be supported in current chip design Requires new Radio Chips Can do basic Qos in MAC layer

12 Inter Access Point Protocol 802.11f 3Com Proprietary and Confidential

13 3Com University Live December 2002 Session ID: 110 Rev. page 13 IEEE P802.11 TGf Purpose: To develop a set of requirements for Inter-Access Point Protocol (IAPP), including operational and management aspects 3Com’s Role: As chair of this group, drive the work of IAPP towards development of a “Distribution System” consisting of IEEE 802 LAN components supporting an IETF IP environment

14 Security Today 3Com Proprietary and Confidential

15 3Com University Live December 2002 Session ID: 110 Rev. page 15 Local Authentication Options Local Access Point Authentication/Encryption Authentication is done at each Access Point Encryption options No security (encryption) 40-bit encryption shared key 128-bit encryption shared key Dynamic Security Link (128-bit) Username/Password Authentication with 128bit Dynamic Session key encryption

16 3Com University Live December 2002 Session ID: 110 Rev. page 16 3Com Access Point 8000 Dynamic Security Link Dynamic Security Link Per user, per session dynamic key with 128-bit Encryption Unique key automatically generated between the AP & wireless client each session Keys are done in the background, automatically, not entered manually Internal database supports 1000 username/password Provide a superior security solution when AP is deployed in networks without a centralized authentication server

17 3Com University Live December 2002 Session ID: 110 Rev. page 17 LEAP Lightweight Extensible Authentication Protocol (Cisco) Cisco only Protocol - used to fix WEP Requires Cisco or Funk RADIUS Server Requires Cisco AP’s Requires Cisco or 3Com X jack client cards Is only Dynamic Session Keys (Like DSL) Very Expensive solution for not being Dynamic Encryption Keys

18 3Com University Live December 2002 Session ID: 110 Rev. page 18 IEEE 802.1x – Port-Based Network Access Control 802.1x is a standard for authenticating Wireless Clients onto an wireless 802.11 network It is a key feature in Microsoft’s Windows XP operating system Needs to be implemented in conjunction with a centralized RADIUS authentication server supporting EAP-MD5 or EAP-TLS Scalable to large enterprise networks Authentication is central, rather than in each Access Point

19 3Com University Live December 2002 Session ID: 110 Rev. page 19 RADIUS Authentication Support RADIUS Centralized User Authentication Authentication is provided between the wireless client and the RADIUS server, in conjunction with the IEEE 802.1x standard-based network log-in Any RADIUS supporting EAP-MD5, EAP-TLS, EAP- TTLS Implemented in conjunction with 802.1x to provide a secure authentication solution for Wireless clients For an even more secure solution, 3Com’s Universal Client Certificate supporting EAP-TLS enables RADIUS servers that support EAP-TLS to achieve Dynamic Key Distribution – Per-User / Per-Session key RADIUS Accounting Username, start time, stop time, packet input/output

20 3Com University Live December 2002 Session ID: 110 Rev. page 20 EAP-MD5 Authentication Never sends password in clear text Uses MD-5 HMAC 128 bit HASH of password comparison Most RADIUS Servers support this today Cisco Funk Microsoft

21 3Com University Live December 2002 Session ID: 110 Rev. page 21 EAP-TLS Authentication Authenticates device and user Device by digital cert User by Username/Password Requires Digital Cert Can store Phase one encryptions on it 3Com incorporates 128 Dynamic Key encryption with it. Key changes every 15 minutes Supported in High End RADIUS Servers, ie Microsoft, Funk Steel Belted Radius, Cisco

22 3Com University Live December 2002 Session ID: 110 Rev. page 22 3Com Universal Client Certificate Supports EAP-TLS Certificate is required for mutual-authentication Used by any 3Com WLAN client in EAP-TLS authentication mode Required for serial authentication 3Com developed to fully utilize the power of EAP-TLS authentication Public Key for client is generally expensive to deploy Free to 3Com wireless clients

23 3Com University Live December 2002 Session ID: 110 Rev. page 23 Hotel Lobby Basic RADIUS (EAP-MD5) (Public Areas) Airport  RADIUS client built into the AP8000  Provides upper layer authentication through RADIUS supporting EAP-MD5 (Microsoft, Funk, Cisco)  One-way authentication for the wireless client to be authenticated by the RADIUS server Mgmt. Console RADIUS Server (EAP-MD5) ATM SuperStack 3 Firewall SuperStack Switch NT or Netware Server  Encryption capability can be provided between the client and the AP using 40-bit or 128-bit shared key  Static key generated in the AP and manually entered in all clients and APs WLAN  Ideal for enterprise networks with legacy RADIUS deployments, requiring centralized user management and basic level of encryption capability

24 3Com University Live December 2002 Session ID: 110 Rev. page 24 Student Dormitory Main Campus Library Standard EAP-TLS and 802.1x, with XP Clients and Existing PKI (University Campus)  802.1x is native to the Windows XP Operating System only Mgmt. Console RADIUS Server (EAP-MD5) Registration Office SuperStack 3 Firewall SuperStack Switch NT or Netware Server  Disable Microsoft’s 802.1x agent and deploy Serial Authentication using 3Com’s 802.1x agent and achieve: WLAN  With PKI, each client has a “unique” certificate, issued by an external CA (very expensive to implement)  The TLS server also needs its own certificate, issued by an external CA RADIUS EAP-TLS Login for 802.1X Username: 3Com Password: ********  3Com’s next generation 802.1x agent will work with 3rd party CA  Certificate-based mutual authentication using 3Com’s own Universal Client Certificate  Support for standards based RC4 encryption algorithm (40-bit and 128-bit)  Dynamic key management supported in the AP8000  Secure username/password authentication on top of certificate based authentication

25 3Com University Live December 2002 Session ID: 110 Rev. page 25 EAP-TTLS Tunneled EAP-TLS Still requires Digital Cert But can use MS-Chap for password checking Supported right now only in Funk Software Odyssey Server

26 3Com University Live December 2002 Session ID: 110 Rev. page 26 PEAP - Protected EAP Competes with EAP-TTLS Uses TLS and Digital Certs Two Phase TLS authentication Uses TLS encryption Allows for support of Token Cards

27 3Com University Live December 2002 Session ID: 110 Rev. page 27 TKIP - Temporal Key Integrity Protocol Uses RC4 encryption - stream cipher Phase I Uses MAC address mixed with TK to produce Phase I key Phase 2 Phase 1 key mixed with IV (initialization vector) to derive per-packet keys. Each key is used to encrypt one and only one data packet

28 3Com University Live December 2002 Session ID: 110 Rev. page 28 WPA - Wi-Fi Protected Access Requires Authentication and Encryption Authentication Requires EAP Mutual Authentication Protects the user from accidentally joining a rogue AP Encryption Requires TKIP - use of a temporal key We do not support WPA Home/Soho mode Use of a shared key

29 Security 802.11i 3Com Proprietary and Confidential

30 3Com University Live December 2002 Session ID: 110 Rev. page 30 IEEE P802.11 TGi Purpose: To enhance the current 802.11 MAC to provide improvements in security and authentication mechanisms Will be based on New Federal Encryption Standard AES (Advanced Encryption Standard) Will replace DES Requires hardware acceleration Today's AP’s cannot support it yet Rijndael algorithm Symmetric block cipher Keys 128, 192, 256 bits

31 Simple Sets You Free

Download ppt "Wireless Technology 802.11x: Wi-Fi Standards - Cutting Through The Confusion Rob Karnbach Wireless ME May 2003."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Similar presentations

Ads by Google