Presentation is loading. Please wait.

Presentation is loading. Please wait.

Antti Miettinen (modified by JJ)

Published byConrad Scott Modified over 5 years ago

Similar presentations

Presentation on theme: "Antti Miettinen (modified by JJ)"— Presentation transcript:

1 Antti Miettinen (modified by JJ)
WLAN Security Antti Miettinen (modified by JJ)

2 What is WLAN? A wireless data communication system implemented as an extension to, or alternative for, a wired local area network. Operates at uncontrolled ISM (Industrial, Scientific and Medical) band

3 What is WLAN? (cont.) Standards by IEEE for 802.11
First standard, up to 802.11a Accepted standard, up to 802.11b Accepted standard, up to 802.11d MAC Enhancements for wider use of

4 What is WLAN? (cont.) Standards by IEEE for 802.11 (cont.)
802.11e MAC Enhancements for Quality of Service 802.11f Recommended Practice for Inter Access Point Protocol = Roaming & hand over 802.11g Accepted standard, up to 802.11i Improved WEP and EAP (802.1X)

5 What is WLAN? (cont.) Standards by ETSI HiperLAN/1 23,5Mbps@5GHz
published 1999 HiperLAN/2 ( Asynchronous data communication Support for QoS (real-time voice & video) support Transmit Power Control and Dynamic Frequency Selection (required in Europe at 5GHz) Uses 56 bit to 168 bit key encryption (DES)

6 WLAN structure Two possibility, either ad-hoc or Access Point
BSS or ESS ad-hoc network IBSS IBSS: Independent Basic Service Set (ad hoc BSS: (Infrastructure) Basic Service Set ESS: Extended Service Set AP: Access Point Access Point network Fix to:

7 802.11 WLAN security features
DSSS (Direct sequence Spread Spectrum) Isn’t very secure, although theoretically it could be a good security feature. AP transmits the hop sequence in plain. ESSID (Extended Service Set Identifier) By default all stations are broadcasting ESSID Can be passively received, when legitimate user associates with Access Point WEP (Wired Equivalent Privacy) By default is turned off Includes flaws (AirSnort attack: collect weak initialization vectors) MAC-address controlled authorization to Access Point MAC-address is easy to spoof (command line)

8 WEP Goals Includes security flaws!
Access control: To prevent unauthorized users who lack a correct WEP key from gaining access to the network. Privacy: To protect wireless LAN data streams by encrypting them and allowing decryption only by users with the correct WEP keys. Includes security flaws!

9 WEP Authentication Access request by client
Challenge text sent to client by AP Challenge text encoded by client using a shared secret then sent to AP If challenge text encoded properly AP allows access else denied

10 WEP (cont.) Based on symmetric RC4-encryption algorithm
Support 40bit and 104bit encryption All clients and AP’s in wireless network share the same encryption key (weakness) No protocol for encryption key distribution (weakness) Initialization Vector (IV) transmitted in the clear (weakness)

11 WEP overview A master key k0 (either 40 or 104 bits) is shared between two parties wishing to communicate a priori. Each packet (header|data) is then protected by: An integrity check field IC = h(header|data) A random initialization vector (IV) The master key and IV are used to generate a keystream using RC4 in stream cypher mode k = RC4(k0, IV) The data and IC are then encrypted by this keystream Ek(m) = m  k

12 WEP packet header data IC RC4 generated keystream header IV encrypted
random packet = header | IV | Ek(data | IC)

13 Possible Attacks War-driving, war-walking etc. Monitoring
Moving around the city and scanning the WLANs Many of the WLANs are without protection! (about in 50% of present WLANs WEP isn’t enabled) Usually used to find networks, not to penetrate them Monitoring Just listening the traffic

14 Possible Attacks (cont.)
DOS-attack Use high power 2,45Ghz (or 5GHz) signal generator for instance, a microwave oven Send continuous streams of CLS (clear-to-send) frames to a fictitious user Legitimate users won’t be able to access the medium Send deassociate frame in name of others (MAC-address can be faked) It is possible! Take the Access Point down!

15 Possible Attacks (cont.)
Man-in-the-middle attack If WEP is used, the secret key must first be solved Set up fake Access Point No authentication required (from Access Points) Legitimate users change their Access Point to yours, if it has better SNR. You can e.g. deassociate them from the real Access Point.

16 Why is WLAN still used? It is fast and easy to set up
It supports mobility Reduced installation time and costs compared with cable Broadband connection, up to 54Mbps

17 Transmission rate (kbit/s)
WLAN is fast Fixed LAN 50 000 802.11a, g and HiperLAN2 10 000 802.11b/WiFi Transmission rate (kbit/s) 1000 500 Bluetooth Bluetooth UMTS GPRS 50 GSM Walking speed Driving speed Stationary Source: Public Wireless LAN Access: A Threat to Mobile Operators, Analysys Research, 2001

18 How to check security of your WLAN-network?
AirSnort ( For Linux and Windows Recovers encryption keys Operates by passively WEPCrack ( Open source tool for breaking WEP secret keys For Linux only

19 How to check security of your WLAN-network?
Other software: Netstumbler ( Only for Windows Dstumbler ( Only for Linux Kismet (

20 WLAN security To Be Continued…

Download ppt "Antti Miettinen (modified by JJ)"

Similar presentations

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs

Chaper 11-Wireless LANS Wireless LAN Concepts Deploying WLANs
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WLAN 802.11b 802.11a Johan Montelius

WLAN b a Johan Montelius
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Network Security Wireless LAN. Network Security About WLAN  IEEE 802.11 standard  Use wireless transmission medium such as radio, microwave, infrared.

Network Security Wireless LAN. Network Security About WLAN  IEEE standard  Use wireless transmission medium such as radio, microwave, infrared.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 50 – The Wireless LAN.
Wireless Networking.

Wireless Networking.
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google