IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

Slides:

Advertisements

Similar presentations

Chapter 07 Designing and Implementing Security for WLAN

Advertisements

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Security+ Guide to Network Security Fundamentals, Third Edition

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.

WLAN What is WLAN? Physical vs. Wireless LAN

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo.

Wireless and Security CSCI 5857: Encoding and Encryption.

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

A History of WEP The Ups and Downs of Wireless Security.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Security in Wireless Networks IEEE i Presented by Sean Goggin March 1, 2005.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

Measuring of the time consumption of the WLAN’s security functions Jaroslav Kadlec, Radek Kuchta, Radimír Vrba Dept. of Microelectronics.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)

Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN

 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Wireless security Wi–Fi (802.11) Security

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Module 48 (Wireless Hacking)

CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)

Wireless Protocols WEP, WPA & WPA2.

We will talking about : What is WAP ? What is WAP2 ? Is there secure ?

WEP & WPA Mandy Kershishnik.

Wireless LAN Security 4.3 Wireless LAN Security.

IEEE i Dohwan Kim.

Wireless Network Security

Presentation transcript:

IEEE i IT443 Broadband Communications Philip MacCabe October 5,

Overview ● Introduction – The Need for a New Standard – WEP, WPA, TKIP and other alphabet soup ● Wi-Fi Protected Access 2 (WPA2) – Four Way Handshake – Group Key Handshake

Obsolete Wireless Security ● Wired Equivalent Privacy (WEP) – Stream Cipher RC4 for Confidentiality – CRC-32 Checksum for Integrity – 64 bit WEP = 40 bit key + 24 bit Initialization Vector (IV) – Exploits can recover key in a few hours from more than a mile away – Is optional, therefore not always turned on – Has no Key Management, rather a single shared key – 2005, FBI demonstrated cracking WEP in less than 3 min.

Stopgap Security ● Wi-Fi Protected Access (WPA) – Runs on legacy hardware – Wi-Fi Alliance's solution until a standard could be formed, and new hardware made ● Temporal Key Integrity Protocol (TKIP) – Per Packet Key Mixing – Message Integrity Code – Re-keying Mechanism – Hashes IV to prevent related key attack ● This was intended to be replaced by IEEE i (WPA2)

IEEE i ● Draft Standard Approved on 24 July 2004 ● Uses Advanced Encryption Standard (AES) block cipher ● Designed for use on top of 802.1X authentication i.e. Extensible Authentication Protocol (EAP) and an authentication server ● Robust Security Network (RSN) ● Counter-Mode/CBC-Mac Protocol (CCMP) is AES-based encyption providing confidentiality, integrity, and origin authentication

Counter-Mode Encryption

Cipher Block Chaining

Attacks & Errors

Four Way Handshake ● After EAP authentication the AP still needs to authenticate itself to the client station (STA). ● Keys still need to be derived ● EAP provides Pairwise Master Key (PMK) ● This handshake creates a Pairwise Transient Key (PTK) ● PMK+Anonce+Snonce+AP MAC Address+STA MAC Address  Hash Algorithm  PTK ● Nonce are random throwaway numbers

Four Way Handshake

PTK is split into 3 keys ● EAPOL-Key Confirmation Key (KCK) – For generating MIC for packets ● EAPOL-Key Encryption Key (KEK) – Provides confidentiality for packets ● Temporal Key (TK) – Used to encrypt actual wireless traffic

Group Key Handshake ● Group Transient Key (GTK) is used by all devices on network ● Updated after a certain time limit or when a device leaves the network ● Allows devices to receive broadcast and multicast packets ● Update Process – AP sends out new GTK using each station's PTK – STA acknowledges the new GTK and responds – A MIC is used to prevent tampering

Pre-Shared Key Mode ● Designed for home and small office use ● Replaces 802.1X EAP server with a passphrase used to access the network ● Susceptible to password cracking