Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

IPsec Internet Headquarters Branch Office SA R1 R2

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

WLAN What is WLAN? Physical vs. Wireless LAN

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

25-1 Last time □ Firewalls □ Attacks and countermeasures □ Security in many layers ♦ PGP ♦ SSL ♦ IPSec.

Wireless Networking.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Chapter 5 WIRELESS NETWORK SECURITY

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 5: Mobile security,

Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Lecture 24 Wireless Network Security

Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Wireless security Wi–Fi (802.11) Security

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Lecture Notes Thursday Sue B. Moon.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

WLAN Security1 Security of WLAN Máté Szalay

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

Chapters 6 & 8 WiFi and Its Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:

Real Security Protocols 1. Securing 2. Securing TCP connections: SSL 3. Network layer security: IPsec 4. Securing wireless LANs Computer Networking:

CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)

Wireless Protocols WEP, WPA & WPA2.

Lecture 29 Security in IEEE Dr. Ghalib A. Shah

Wireless LAN Security CSE 6590.

Chapter 8 roadmap 8.1 What is network security?

Security Review of Wi-Fi Sniffing Wi-Fi WEP i

CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)

Mobile and Wireless Network Security

Presentation transcript:

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized at the same time, as if the two were holding a conversation Researchers and scholars who have studied the data on avian communication carefully write the (a) the communication code of birds such has crows has not been broken by any means; (b) probably all birds have wider vocabularies than anyone realizes; and (c) greater complexity and depth are recognized in avian communication as research progresses. —The Human Nature of Birds, Theodore Barber

 IEEE 802 committee for LAN standards  IEEE formed in 1990’s ◦ charter to develop a protocol & transmission specifications for wireless LANs (WLANs)  since then demand for WLANs, at different frequencies and data rates, has exploded  hence seen ever-expanding list of standards issued

 b first broadly accepted standard  Wireless Ethernet Compatibility Alliance (WECA) industry consortium formed 1999 ◦ to assist interoperability of products ◦ renamed Wi-Fi (Wireless Fidelity) Alliance ◦ created a test suite to certify interoperability ◦ initially for b, later extended to g ◦ concerned with a range of WLANs markets, including enterprise, home, and hot spots

 wireless traffic can be monitored by any radio in range, not physically connected  original spec had security features ◦ Wired Equivalent Privacy (WEP) algorithm ◦ but found this contained major weaknesses  i task group developed capabilities to address WLAN security issues ◦ Wi-Fi Alliance Wi-Fi Protected Access (WPA) ◦ final i Robust Security Network (RSN)

 Symmetric key crypto ◦ Confidentiality ◦ Station authorization ◦ Data integrity  Self synchronizing: each packet separately encrypted ◦ Given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost ◦ Unlike Cipher Block Chaining (CBC) in block ciphers  Efficient ◦ Can be implemented in hardware or software 9

 Combine each byte of keystream with byte of plaintext to get ciphertext  m(i) = ith unit of message  ks(i) = ith unit of keystream  c(i) = ith unit of ciphertext  c(i) = ks(i)  m(i) (  = exclusive or)  m(i) = ks(i)  c(i)  WEP uses RC4 10 keystream generator key keystream

 Recall design goal: each packet separately encrypted  If for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted ◦ Need to know where we left off for packet n  WEP approach: initialize keystream with key + new IV for each packet: 11 keystream generator Key+IV packet keystream packet

 Sender calculates Integrity Check Value (ICV) over data ◦ four-byte hash/CRC for data integrity  Each side has 104-bit shared key  Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key  Sender also appends keyID (in 8-bit field)  128-bit key inputted into pseudo random number generator to get keystream  data in frame + ICV is encrypted with RC4: ◦ Bytes of keystream are XORed with bytes of data & ICV ◦ IV & keyID are appended to encrypted data to create payload ◦ Payload inserted into frame 12 encrypted dataICVIV MAC payload Key ID

13 New IV for each frame

 Receiver extracts IV  Inputs IV and shared secret key into pseudo random generator, gets keystream  XORs keystream with encrypted data to decrypt data + ICV  Verifies integrity of data with ICV ◦ Note that message integrity approach used here is different from the MAC (message authentication code) and signatures (using PKI). 14 encrypted dataICVIV MAC payload Key ID

15 Nonce: number (R) used only once –in-a-lifetime How: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

16 AP authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce Not all APs do it, even if WEP is being used. AP indicates if authentication is necessary in beacon frame. Done before association.

security hole:  24-bit IV, one IV per frame, -> IV’s eventually reused  IV transmitted in plaintext -> IV reuse detected  attack: ◦ Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 … ◦ Trudy sees: c i = d i XOR k i IV ◦ Trudy knows c i d i, so can compute k i IV ◦ Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV … ◦ Next time IV is used, Trudy can decrypt!

 numerous (stronger) forms of encryption possible  provides key distribution  uses authentication server separate from access point

AP: access point AS: Authentication server wired network STA: client station 1 Discovery of security capabilities 3 STA and AS mutually authenticate, together generate Master Key (MK). AP servers as “pass through” 2 3 STA derives Pairwise Master Key (PMK) AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity

wired network EAP TLS EAP EAP over LAN (EAPoL) IEEE RADIUS UDP/IP  EAP: end-end client (mobile) to authentication server protocol  EAP sent over separate “links” ◦ mobile-to-AP (EAP over LAN) ◦ AP to authentication server (RADIUS over UDP)