Wireless Security.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module XV Hacking Wireless Networks.
Advertisements

Overview How to crack WEP and WPA
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
1 Wireless Security. 2 Why Wireless is not secure ? Wireless LANs are inherently insecure because they transmit data as electromagnetic waves through.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
How To Not Make a Secure Protocol WEP Dan Petro.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Wireless Security With a focus on Security Dr. Tulin Mangir Partially sponsored by NSF Grant No:
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
WLAN What is WLAN? Physical vs. Wireless LAN
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Wireless Insecurity By: No’eau Kamakani Robert Whitmire.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Wireless Network Hacking.  Authentication Techniques  1. Open System: no security techniques  2. Shared-Key: uses hashed string challenge with WEP.
20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Hacking Wireless Networks (Part II – WEP & WPA)
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Solving the Security Risks of WLAN Tuukka Karvonen
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
CSE 5/7349 – April 5 th 2006 Wireless Networking.
Slide 1 Vitaly Shmatikov CS 378 (In)Security of b.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Wireless Hacking Lesson 13. Reminder As a reminder, remember that the tools and techniques that you learn this semester are only to be used on systems.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Understand Wireless Security LESSON Security Fundamentals.
Wireless Protocols WEP, WPA & WPA2.
Wireless Security.
Wireless Hacking.
Wireless Network Security
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Presentation transcript:

Wireless Security

ECE 4112 - Internetwork Security Agenda Basics of an Attack 802.11b Overview WEP Other security measures Future of Wireless Security Basics & 802.11 Overview – Blake WEP – Varun Sec. Measures & Future of Wireless – T. Matt Guinn Lab Overview – Matt Condit ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Step 1: War Driving Materials needed: Laptop w/ 802.11b card and GPS, Netstumbler, Airsnort, Ethereal, and the car of your choice An attacker would first use Netstumbler to drive around and map out active wireless networks Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map AP’s ECE 4112 - Internetwork Security

Step 2: Cracking Using Airsnort At this point, the attacker has chosen his target; most likely a business Netstumbler can tell you whether or not the network is encrypted If encrypted, park the car, start up Airsnort, and leave it be for a few hours Airsnort, given enough time, will passively listen to traffic and figure out the encryption key ECE 4112 - Internetwork Security

Step 3: Listening to the Network Once the encryption key is compromised, it is a trivial process to connect to the network, and if there wasn’t an encryption key at all, well then …. An attacker would next use Ethereal to listen to the network traffic, analyze, and plan further attacks ECE 4112 - Internetwork Security

That’s it…the network is compromised Most wireless networks are no more secure than this, many are less secure Hundreds of business’s, schools, airports, and residences use wireless technology as a major point of access to their networks Growth of demand for Wireless LANs (WLAN) is increasing dramatically ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Basic 802.11b Overview 802.11b was IEEE approved in 1999 Infrastructure Mode or Ad Hoc Utilizes 2.4GHz band on 15 different channels (only 11 in US) 11mbit shared among all users on access point Cheap!!! ECE 4112 - Internetwork Security

Built in Security Features Service Set Identifier (SSID) Differentiates one access point from another SSID is sent in ‘beacon frames’ every few seconds. Beacon frames are in plain text! ECE 4112 - Internetwork Security

Do’s and Don'ts for SSID’s Default SSID’s are well known (Linksys AP’s default to linksys, CISCO defaults to tsunami, etc) so change them immediately. Don’t set your SSID to something that will give away information. Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame. ECE 4112 - Internetwork Security

Associating with the AP Access points have two ways of initiating communication with a client Shared Key or Open Key authentication Open key allows anyone to start a conversation with the AP Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates ECE 4112 - Internetwork Security

How Shared Key Auth. works Client begins by sending an association request to the AP AP responds with a challenge text (unencrypted) Client, using the proper WEP key, encrypts text and sends it back to the AP If properly encrypted, AP allows communication with the client ECE 4112 - Internetwork Security

Is Open or Shared Key more secure? Ironically enough, Open key is the answer in short Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text Simply plugging these two values into the RC4 equations will yield the WEP key! ECE 4112 - Internetwork Security

Wired Equivalent Protocol (WEP) Primary built security for 802.11 protocol Uses 40bit RC4 encryption Intended to make wireless as secure as a wired network Unfortunately, since ratification of the 802.11 standard, RC4 has been proven insecure, leaving the 802.11 protocol wide open for attack ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security A closer look at WEP Weakness in RC4 lies within the Initialization Vector (IV) The IV is a random 24bit number (2^24) Packets sent over the network contain the IV followed by the encrypted data RC4 combines the IV and the 40bit key to encrypt the data Two known attacks against this! ECE 4112 - Internetwork Security

Numerical Limitation Attack IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s A busy network will repeat IV’s often By listening to the encrypted traffic and picking out the duplicate IV’s, it is possible to infer what parts of the WEP key are Enough duplicate IV’s and you can figure out the whole WEP key ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security The Weak IV attack Some IV’s do not work well with RC4 Using a formula, one can take a weak IV and infer part of the WEP key Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key ECE 4112 - Internetwork Security

Taking a look back on WEP WEP is flawed by a technology weakness, and there is no simple solution to fix it Increasing key length will only help against a brute force attack (trying to guess the key). The IV is the weakness in this protocol, so increasing key length is pointless Attacks against WEP are passive and extremely difficult to detect ECE 4112 - Internetwork Security

Security beyond 802.11 specifications For a secure wireless network, you MUST go above and beyond the 802.11b security measures. At this point, there are many measures you can take to secure a wireless network. All have their pro’s and con’s, and of course some work better than others The Goal: a secure network that is easy to deploy and maintain. ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Hiding the SSID As stated earlier, the SSID is by default broadcast every few seconds. Turning it off makes it harder to figure out a wireless connection is there Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text Increases deployment difficulty ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security MAC address filtering MAC address filtering works by only allowing specific hardware to connect to the AP Management on large networks unfeasible Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted May be good for small networks ECE 4112 - Internetwork Security

Counter measures that could have prevented this! Only allow users to connect to servers on the wired LAN with secure protocols. If that is not an option, use a firewall to block insecure connections to servers on the wired LAN Use of 802.1X and a secure EAP if possible If convenient, a VPN would greatly increases security of data ECE 4112 - Internetwork Security

Things to keep in mind when securing a WLAN All WLAN should be considered insecure, and thus should be treated that way Never put a WLAN within the perimeter of your wired LAN’s firewall Use WEP, it will deter most would be trespassers Do not leave default WEP key Implement 802.1X with key rotation every 5 to 10 minutes Combine security mechanisms. ECE 4112 - Internetwork Security

Future of wireless security 802.11i is in progress, and addresses security issues in 802.11b 802.11i will in essence be a standardized way for 802.11b and 802.1X to be coupled, and introduce new ciphers TKIP cipher should be able to be used on existing hardware with new firmware New ciphers based on AES encryption will require new hardware ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Lab Goals Examine Unencrypted Wireless Traffic Circumventing MAC Address Filtering Cracking WEP using AirSnort ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Network Layout D-Link Wireless AP 192.168.1(2).144 WindowsXP2 FTP Server 192.168.1(2).150 WindowsXP1 FTP Client 192.168.1(2).100 Evil RedHat Linux 8.0 Sniffer 192.168.1(2).50 ECE 4112 - Internetwork Security

Unencrypted Wireless Traffic ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security MAC Address Filtering Use Kismet to find a valid MAC Address Spoof your MAC address With no encryption, full access should be granted ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Cracking WEP Cracking using AirSnort can take a considerable amount of time, so you will be provided with a nearly complete log file ECE 4112 - Internetwork Security

Links to the tools used: Airsnort http://airsnort.shmoo.com Netstumbler http://www.netstumbler.com Ethereal http://www.ethereal.com ECE 4112 - Internetwork Security

Papers and Wireless Security Web Pages Weaknesses in the Key Scheduling Algorithm of RC4 The Unofficial 802.11 Security Web Page Wireless Security Blackpaper The IEEE 802.11 specifications (includes WEP spec) Paper on detecting Netstumbler and similar programs Further reading on upcoming 802.11 variations Assorted 802.11 related crypto algorithms written in ANSI C ECE 4112 - Internetwork Security

ECE 4112 - Internetwork Security Acknowledgements Brian Lee authored most of these slides. ECE 4112 - Internetwork Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.