1. Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1

2.  IEEE 802.11 Wireless LAN Overview  IEEE 802.11i Wireless LAN Security  Wireless Application Protocol Overview  Wireless Transport Layer Security

3.  IEEE 802.11 is a standard for wireless LANs and referred to as Wi-Fi  IEEE 802.11i specifies security standards for IEEE 802.11 LANs, including authentication, data integrity, data confidentiality, and key management  Wireless Application Protocol (WAP) gateway is a standard providing mobile users(wireless phones and other wireless terminals) access to telephony and information services (Internet & Web)  Wireless Transport Layer Security (WTLS) provides security services between mobile device and WAP gateway to the Internet

4.  IEEE 802 is a committee developed standards for a wide range of local area networks (LANs)  IEEE 802.11 is a committee developed a protocol and transmission specifications for wireless LANs (WLANs) 1990 in

6.  Physical layer (lowest layer of the IEEE 802 reference model)  Physical layer functions are:  Encoding/decoding of signals  Bit transmission/reception  Specification of transmission medium  Defines frequency bands and antenna characteristics  IEEE 802.11 specifies five distinct frequency ranges: 2.4 GHZ, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz  Each range is divided into a multitude of channels  IEEE 802.11 specifies five distinct frequency ranges: 2.4 GHZ, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz  Each range is divided into a multitude of channels

7. ChannelChannel width 12.401–2.423 GHz 22.406–2.428 GHz 32.411–2.433 GHz 42.416–2.438 GHz 52.421–2.443 GHz 62.426–2.448 GHz 72.431–2.453 GHz 82.436–2.458 GHz 92.441–2.463 GHz 102.446–2.468 GHz 112.451–2.473 GHz 122.456–2.478 GHz 132.461–2.483 GHz 142.473–2.495 GHz

8.  Media Access Control (MAC) is an access controller to the transmission medium  MAC layer receives data from Logical Link Control (LLC) layer in form of a block of data known as MAC service data unit (MSDU)  MAC layer functions are: 1. On transmission, assemble data into a frame MAC protocol data unit (MPDU) with address and error- detection fields 2. On reception, disassemble frame, perform address recognition, error detection and discarding any frames containing errors 3. Govern access to LAN transmission medium

9.  MAC Control: contains any protocol control information needed for functioning of MAC protocol (priority level)  Destination MAC Address: The destination physical address on LAN  Source MAC Address: The source physical address on LAN  MAC Service Data Unit: The data from the next higher layer  CRC (cyclic redundancy check field) also known as Frame Check Sequence (FCS) field is an error-detecting code

10.  LOGICAL LINK CONTROL (LLC) (higher layer of the IEEE 802 reference model)  LLC layer functions are:  Preserve successfully received frames  Retransmit unsuccessful frames

11. BSS: Basic Service Set DS: Distribution system AP: Access Point IBSS: I ndependent BSS ESS: Extended Service Set consists of two or more BSS interconnected by a distribution system

13.  Association: establishes an initial association between a station and an AP  Reassociation: establishes an association between one AP to another, allowing a mobile station to move from one BSS to another  Disassociation: A notification from a station or an AP for a terminated association

14.  Integration service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN  Distribution is used by stations to exchange MPDUs  Deauthentication frame is send by AP or a Station when all communications are terminated

15. wired LANwireless LAN to transmit over a wired LAN, a station must be physically connected to the LAN any station within radio range can transmit to receive over a wired LAN, a station must be physically connected to the LAN any station within radio range can receive Increased need for robust security services and mechanisms for wireless LANs

16. IEEE 802.11i Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Robust Security Network (RSN )

17.  Authentication: A protocol provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link  Access control: A protocol enforces using authentication function, routes messages properly, and facilitates key exchange  Privacy with message integrity: MPDU are encrypted along with a message integrity code that ensures that the data have not been altered

18.  Wireless Application Protocol (WAP) is standard developed by WAP forum to provide mobile users of wireless phones and other wireless terminals access to telephony and information services (Internet & Web)

19. 1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation

20.  Cryptographic techniques: provides services for signing of data for integrity and non-repudiation purposes  Authentication: provides mechanisms for client and server authentication. Transport Services layer (TLS) handshakes may be used to authenticate clients and servers  Identity: provides functions to process information needed for user identification  Public key infrastructure (PKI) supports distribution and identification of public encryption keys

21.  WTLS provides security services between the mobile device (client) and the WAP gateway  WTLS Security services 1. Data integrity: uses message authentication to ensure that data sent between client and gateway are not modified 2. Privacy: uses encryption to ensure that data cannot be read by third party 3. Authentication: uses digital certificates to authenticate two parties 4. Denial-of-service protection: detects and rejects messages that are replayed or not successfully verified

22. 22

23. 1. http://enterprise.netscout.com/content/eyeo nnetworks-wlan-security-and-analysis http://enterprise.netscout.com/content/eyeo nnetworks-wlan-security-and-analysis 2. https://en.wikipedia.org/wiki/List_of_WLAN_c hannels https://en.wikipedia.org/wiki/List_of_WLAN_c hannels