Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN Security Antti Miettinen.

Published byElisabeth Andreasson Modified over 5 years ago

Similar presentations

Presentation on theme: "WLAN Security Antti Miettinen."— Presentation transcript:

1 WLAN Security Antti Miettinen

2 What is WLAN? A wireless data communication system implemented as an extension to, or alternative for, a wired local area network. Operates at uncontrolled ISM (Industrial, Scientific and Medical) band

3 What is WLAN? (cont.) Standards by IEEE for 802.11
First standard, up to 802.11a Accepted standard, up to 802.11b Accepted standard, up to 802.11d MAC Enhancements for wider use of

4 What is WLAN? (cont.) Standards by IEEE for 802.11 (cont.)
802.11e MAC Enhancements for Quality of Service 802.11f Recommended Practice for Inter Access Point Protocol = Roaming & hand over 802.11g Accepted standard, up to 802.11i Improved WEP

5 What is WLAN? (cont.) Standards by ETSI HiperLAN/1 23,5Mbps@5GHz
published 1999 HiperLAN/2 ( Asynchronous data communication Support for QoS (real-time voice & video) support Transmit Power Control and Dynamic Frequency Selection (required in Europe at 5GHz) Uses 56 bit to 168 bit key encryption (DES)

6 WLAN structure Two possibility, either ad-hoc or Access Point
ad-hoc network BSS: Basic Service Set ESS: Extended Service Set AP: Access Point Access Point network Source:

7 802.11 WLAN security features
DSSS (Direct sequence Spread Spectrum) Isn’t very secure, although theoretically it could be a good security feature ESSID (Extended Service Set Identifier) By default all stations are broadcasting ESSID Can be passively received, when legitimate user associates with Access Point WEP (Wired Equivalent privacy) By default is turned off Includes flaws MAC-address controlled authorization to Access Point MAC-address is easy to spoof (command line)

8 WEP Goals Includes security flaws!
Access control: To prevent unauthorized users who lack a correct WEP key from gaining access to the network. Privacy: To protect wireless LAN data streams by encrypting them and allowing decryption only by users with the correct WEP keys. Includes security flaws!

9 WEP Authentication Access request by client
Challenge text sent to client by AP Challenge text encoded by client using shared secret then sent to AP If challenge text encoded properly AP allows access else denied

10 WEP (cont.) Based on symmetric RC4-encryption algorithm
Support 40bit and 104bit encryption All clients and AP’s in wireless network share the same encryption key (weakness) No protocol for encryption key distribution (weakness) Initialization Vector (IV) transmitted in the clear (weakness)

11 WEP overview A master key k0 (either 40 or 104 bits) is shared between two parties wishing to communicate a priori. Each packet (header|data) is then protected by: An integrity check field IC = h(header|data) A random initialization vector (IV) The master key and IV are used to generate a keystream using RC4 in stream cypher mode k = RC4(k0, IV) The data and IC are then encrypted by this keystream Ek(m) = m  k

12 WEP packet header data IC RC4 generated keystream header IV encrypted
random packet = header | IV | Ek(data | IC)

13 Possible Attacks War-driving, war-walking etc. Monitoring
Moving around the city and scanning the WLANs Many of the WLANs are without protection! (about in 50% of present WLANs WEP isn’t enabled) Usually used to find networks, not to penetrate them Monitoring Just listening the traffic

14 Possible Attacks (cont.)
DOS-attack Use high power 2,45Ghz (or 5GHz) signal generator for instance, microwave oven Send continuous streams of CLS (clear-to-send) frames to a fictitious user Legitimate users won’t be able to access the medium Send deassociate frame in name of others (MAC-address can be faked) It is possible! Take the Access Point down!

15 Possible Attacks (cont.)
Man-in-the-middle attack If WEP is used, the secret key must first be solved Set up fake Access Point No authentication required (from Access Points) Legitimate users change their Access Point to yours, if it has better SNR. You can e.g. deassociate them from the real Access Point.

16 Why is WLAN still used? It is fast and easy to set up
It supports mobility Reduced installation time and costs compared with cable Broadband connection, up to 54Mbps

17 Transmission rate (kbit/s)
WLAN is fast Fixed LAN 50 000 802.11a, g and HiperLAN2 10 000 802.11b/WiFi Transmission rate (kbit/s) 1000 500 Bluetooth Bluetooth UMTS GPRS 50 GSM Walking speed Driving speed Stationary Source: Public Wireless LAN Access: A Threat to Mobile Operators, Analysys Research, 2001

18 How to check security of your WLAN-network?
AirSnort ( For Linux and Windows Recovers encryption keys Operates by passively WEPCrack ( Open source tool for breaking WEP secret keys For Linux only

19 How to check security of your WLAN-network?
Other software: Netstumbler ( Only for Windows Dstumbler ( Only for Linux Kismet (

20 WLAN security To Be Continued…

Download ppt "WLAN Security Antti Miettinen."

Similar presentations

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WLAN 802.11b 802.11a Johan Montelius

WLAN b a Johan Montelius
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Network Security Wireless LAN. Network Security About WLAN  IEEE 802.11 standard  Use wireless transmission medium such as radio, microwave, infrared.

Network Security Wireless LAN. Network Security About WLAN  IEEE standard  Use wireless transmission medium such as radio, microwave, infrared.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.

Similar presentations

Ads by Google