802.11 Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

Slides:



Advertisements
Similar presentations
Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Security. Why is it important? Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. Over.
Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Securing a Wireless Network. Wireless networks are rapidly becoming pervasive. How many of you have web-enabled cell phones? How many of you have web-enabled.
Wireless LAN Security CS391. Overview  Wireless LAN Topology  Standards  Simple Security  WEP  802.1x  WPA  i.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
WIRELESS NETWORKING. What are the advantages to wireless networking? How has society changed?
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless Networking & Security Greg Stabler Spencer Smith.
WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
Encryption Protocols used in Wireless Networks Derrick Grooms.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
CSE 5/7349 – April 5 th 2006 Wireless Networking.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Giuseppe Bianchi Warm-up example WEP. Giuseppe Bianchi WEP lessons  Good cipher is far from being enough  You must make good USAGE of cipher.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
WLAN Security1 Security of WLAN Máté Szalay
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.
1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.
ANALYSIS OF WIRED EQUIVALENT PRIVACY
IEEE i Dohwan Kim.
Wireless Network Security
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Security Issues with Wireless Protocols
Intercepting Mobile Communications: The Insecurity of
Presentation transcript:

Wireless Insecurity By: No’eau Kamakani Robert Whitmire

Outline  Background  Security Features  Attacks  Demonstrations  Conclusion

Background

Wireless Definitions  = LANs (Local Area Network)802 = LANs (Local Area Network) 11 = Wireless11 = Wireless  WiFi Wireless FidelityWireless Fidelity  Hotspots Connection point for a WiFi network hardwired to the InternetConnection point for a WiFi network hardwired to the Internet

How Does It Work?  Transmits over radio frequency 2.4 – GHz2.4 – GHz 5 GHz range5 GHz range  Channels (for B and G) Direct Sequence Spread SpectrumDirect Sequence Spread Spectrum USA 1-11USA 1-11 Europe 1-13Europe 1-13 Japan 1-14Japan 1-14

Protocols

Products

Why go wireless  Infrastructure easy Goes thru walls, no wiringGoes thru walls, no wiring  Portability and Flexibility Access from anywhereAccess from anywhere  Interoperability Compatible with all WiFi products certified by Wireless Ethernet Compatibility Alliance (WECA)Compatible with all WiFi products certified by Wireless Ethernet Compatibility Alliance (WECA)  Increased Productivity Endless connectivityEndless connectivity

Security

WEP  Wired Equivalent Privacy  Secret Key for encrypting data Shared between mobile card and access pointShared between mobile card and access point bits (includes IV) bits (includes IV)  Initialization Vector (IV) 24 bit, randomly generated24 bit, randomly generated Sent in clear textSent in clear text FiniteFinite

RC4 Encryption Algorithm  Stream cipher Generates infinite pseudo-random keystreamGenerates infinite pseudo-random keystream  Keystream generated with key and IV XOR’ed with message and Checksum to generate ciphertextXOR’ed with message and Checksum to generate ciphertext Receiver generates same keystream and XOR’s with ciphertext to get message and checksumReceiver generates same keystream and XOR’s with ciphertext to get message and checksum

Visualizing RC4

CRC-32 Checksum  Linear Checksum algorithm Integrity checkingIntegrity checking A bit in message correlates directly to set of checksum bitsA bit in message correlates directly to set of checksum bits

WEP Vulnerabilities  Relies on flawed encryption method RC4 is crackable through statistical analysisRC4 is crackable through statistical analysis  IV’s collisions, calculate key from this Checksum is predictableChecksum is predictable  IV implemented incorrectly  Better than nothing Not on as defaultNot on as default Not end all security measureNot end all security measure  Easily Crackable (AirSnort)

WPA  WiFi Protected Access  Latest snapshot of i Explained laterExplained later  Rotating Keys Temporal Key Integrity ProtocolTemporal Key Integrity Protocol  Increased IV (24-48 bits)  Checksum  Order of magnitude harder to crack

802.1X  User not Machine Authentication  Supposed to provide a vendor- independent way to control access  Authentication through EAP (Extensible Authentication Protocol) Tokens, Kerberos, one-time passwords, certificates, etc..Tokens, Kerberos, one-time passwords, certificates, etc..

Other Security Attempts  i IEEE attempt to provide strong securityIEEE attempt to provide strong security Dynamically updating WEP KeyDynamically updating WEP Key Not completeNot complete  VPN Providing security through VPN tunneling protocolsProviding security through VPN tunneling protocols Compatibility issues, better than WEP but not universal solutionCompatibility issues, better than WEP but not universal solution  MAC Filtering MAC addresses sent in clearMAC addresses sent in clear Easy to sniffEasy to sniff Easy to spoofEasy to spoof

Attacks  Passive attack to decrypt traffic Waits for keystream collisionWaits for keystream collision Gets XORGets XOR Statistically reveals plain textStatistically reveals plain text  Active attack to inject traffic RC4(X) xor X xor Y = RC4(Y)RC4(X) xor X xor Y = RC4(Y)  Unauthorized Access Points on a Network Attacker set up own access point on network effectively circumventing security measuresAttacker set up own access point on network effectively circumventing security measures Resetting access points to defaultResetting access points to default

Fun Demonstrations

War Driving

War Driving Silicon Valley

War Spying  Also called Warviewing  2.4 GHz wireless Cameras  Gear

Conclusion  WEP is better than nothing  Never settle for default settings  Base protection level on sensitivity of data  Provide backup network protection  Remember, anyone can sniff your wireless network.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.