WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Slides:



Advertisements
Similar presentations
Chapter 07 Designing and Implementing Security for WLAN
Advertisements

CN8816: Network Security 1 Security in Wireless LAN i Open System Authentication Security Wired Equivalent Privacy (WEP) Robust Security Network.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
MIS Week 12 Site:
P Security Survey and Recommendations By: Ryon Coleman October 16, 2003.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
WLAN What is WLAN? Physical vs. Wireless LAN
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo.
Wireless and Security CSCI 5857: Encoding and Encryption.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
IEEE MEDIA INDEPENDENT HANDOVER DCN: srho
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Security in Wireless Networks IEEE i Presented by Sean Goggin March 1, 2005.
Wireless Networking & Security Greg Stabler Spencer Smith.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:
History and Implementation of the IEEE 802 Security Architecture
1 /24 May Systems Architecture WPA / WPA 2(802.11i) Burghard Güther, Tim Hartmann
Module 48 (Wireless Hacking)
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Authentication and handoff protocols for wireless mesh networks
Wireless Protocols WEP, WPA & WPA2.
Lecture 29 Security in IEEE Dr. Ghalib A. Shah
WEP & WPA Mandy Kershishnik.
Wireless LAN Security CSE 6590.
IEEE i Dohwan Kim.
Wireless Network Security
Security Issues with Wireless Protocols
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Presentation transcript:

WPA2 By Winway Pang

Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication 802.1x  Personal – AES Pre-Shared Key  Full implementation of i

Bit of History   First wireless networking standard  Security via WEP  Wired Equivalent Privacy  WEP shown to have weaknesses in 2001 involving its use of RC4-Stream Cipher  Today it can be cracked in several minutes using standard hardware and freeware software.

Bit of History  i – WPA  Draft implementation  WPA implemented a subset of i specifications.  Replaced WEP with WPA-TKIP in 2003  Most wireless cards easily upgraded via firmware  Most pre-2003 routers could not be upgraded  Weakness has been discovered  Involved TKIP algorithm use of RC4 cipher.

WPA2  i – WPA2  Full implementation  Adopted in September, 2004  Replaced WPA with WPA2-AES in 2004  Backwards compatible with WPA  Uses AES-CCMP  Advanced Encryption Standard – Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (Very Strong)  Provides RSN (Robust Security Network)

Robust Security Network via 802.1X  IEEE 802.1X is the standard defined by IEEE for port based network access control.  Basically a protocol to make sure only legitimate clients can use a network secured by WPA2

Robust Security Network via 802.1X  Three players are needed to run the 802.1X protocol which uses EAP or Extensive Authentication Protocol  A client (STA/Supplicant)  A wireless access point (AP STA/Authenticator)  An authentication server (AS)

Robust Security Network via 802.1X

 PMK – Pairwise Master Key  Sent from the AS to the Authenticator  Both the Supplicant and Authenticator now have the same PMK  PMK is permanent for the entire session  Must generate a Pairwise Transient Key for encryption of data.  Done using 4-way handshake

Robust Security Network via 802.1X  4-Way Handshake  Confirm that the client holds the PMK.  Confirm that the PMK is correct and up-to-date.  Create pairwise transient key (PTK) from the PMK.  Install the pairwise encryption and integrity keys into IEEE  Transport the group temporal key (GTK) and GTK sequence number from Authenticator to Supplicant and install the GTK and GTK sequence number in the STA and, if not already installed, in the AP.  Confirm the cipher suite selection.

Robust Security Network via 802.1X

 Nonce  A value that shall not be reused with a given key, including over all reinitializations of the system through all time.

Robust Security Network via 802.1X  PTK (Pairwise Transient Key – 64 bytes)  16 bytes of EAPOL-Key Confirmation Key (KCK)– Used to compute MIC on WPA EAPOL Key message  16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the 'Key Data' field) to the client (for example, the RSN IE or the GTK)  16 bytes of Temporal Key (TK) – Used to encrypt/decrypt Unicast data packets  8 bytes of Michael MIC Authenticator Tx Key – Used to compute MIC on unicast data packets transmitted by the AP  8 bytes of Michael MIC Authenticator Rx Key – Used to compute MIC on unicast data packets transmitted by the station  Last two only used when TKIP is used.

WPA2-PSK  Pre-Shared Key Mode  Network traffic encrypted using a 256 bit PMK  User enters key (Pairwise Master Key)  64 hex digits  8-63 Printable ASCII characters  Takes the passphrase, salts it with SSID of AP, then runs it through 4096 iterations of HMAC-SHA-1

WPA2-PSK  Authentication, Connection, Establishment of PTK and GTK.  Similar process as when an AS is present except the PSK is used as the PMK.  Creation of PTK and GTK is the same as in Enterprise mode.

Data Encryption via AES-CCMP  From PC-Mag:  (AES-Counter Mode CBC-MAC Protocol) The encryption algorithm used in the i security protocol. It uses the AES block cipher, but restricts the key length to 128 bits. AES-CCMP incorporates two sophisticated cryptographic techniques (counter mode and CBC-MAC) and adapts them to Ethernet frames to provide a robust security protocol between the mobile client and the access point.  AES itself is a very strong cipher, but counter mode makes it difficult for an eavesdropper to spot patterns, and the CBC-MAC message integrity method ensures that messages have not been tampered with.

References:    i-2004.pdf i-2004.pdf i-2004.pdf    pedia.com/WPA+WPA2+WiFi+protected+access pedia.com/WPA+WPA2+WiFi+protected+access pedia.com/WPA+WPA2+WiFi+protected+access  2,t=AES-CCMP&i=37582,00.asp 2,t=AES-CCMP&i=37582,00.asp 2,t=AES-CCMP&i=37582,00.asp

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.