Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Similar presentations


Presentation on theme: "Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman."— Presentation transcript:

1 Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman

2 Background  Network security is one of the most challenging aspects of the data communication area, especially in wireless networks  A rapid growth in the number of wireless networks in the last few years The importance of taking measurements in order to secure the wireless networks is very high  A need for a tool which reports:  Diagnosis of security properties of nearby wireless networks  Offers recommendations for security improvement  Offers general recommendations about the wireless infrastructure (Bonus)

3 Project Definitions & Goals  Getting familiar with 802.11 protocol and its security mechanisms  Determine network properties and current security status  Recommend on security improvements  Gaining programming experience in.NET 3.5 environment (C#)  Object Oriented Design  Developing a GUI

4 802.11 Protocol  Wireless Modes: Infrastructure Peer to Peer (Ad-Hoc)  Three types of frames: 1. Data frames 2. Control frames: ○ Request To Send ○ Clear To Send ○ Acknowledgment ○ Etc… 3. Management frames: ○ Beacon ○ Probe Request ○ Probe Response ○ Association Request ○ Etc…

5 802.11 Security Authentication  Joining an infrastructure unsecured network  Old standard defines two authentication mechanisms: 1. Open System 2. Shared Key Authentication (WEP)  Open System is better than Shared Key Authentication if data encryption exists

6 802.11 Security – cont.  802.1X Authentication (EAP-TLS for mutual authentication)  Firewalls, VPNs, OTP systems – higher layer authentication techniques

7 802.11 Security Encryption  WEP – Wired Equivalent Privacy (40/ 104 bits key) Uses static keys – statistical attacks can reveal the key rapidly Doesn’t use cryptographic integrity protection  TKIP (WPA) Solves the problems of WEP: - Uses temporal keys - Implements message integrity check (MICHAEL) WPA is used in two authentication methods: - WPA Pre Shared Key (WPA Personal) - 802.1X + WPA (WPA Enterprise)  CCMP (WPA2) Strongest security mechanism available today Based on Advanced Encryption Standard (AES) as its block cipher WPA2 is used in two authentication methods: - WPA2 Pre Shared Key (WPA2 Personal) - 802.1X + WPA2 (WPA2 Enterprise)

8 Modes of NIC Operation  Local Mode: NIC receives only packets which are targeted to its address. This mode doesn’t require an association with an AP.  Promiscuous Mode: Allows the user to view all wireless packets on a network to which he has been associated.  Monitor Mode (RFMON): Allows to monitor all traffic in the air, transmitted in all wireless networks.

9 Local Mode  Local Mode: NIC receives only packets which are targeted to its address. This mode doesn’t require an association with an AP.  Restrictions: No MAC filtering discovery No “trigger-packets” for hidden networks  But…Using CommView drivers for future extensions for the project (When the drivers API will be exposed)

10 Wireless Security Analyzer (WSA)  Reflects our 802.11 security study  Targeted at standard users, with basic computer skills but without previous knowledge in security  Can also be helpful for system administrators  Software engineering considerations were taken into account (GUI)

11

12

13 WSA Architecture  Based on Managed Wi-Fi library  A.NET class library allows you to control wireless network adapters installed on your Windows machine  The library wraps the “Native Wi-Fi API”, which: Contains functions, structures, and enumerations that support wireless network connectivity and wireless profile management Designed for C/C++ developers  Available since Windows Vista and Windows XP SP2 (only after applying a hotfix provided in KB article 918997)KB article 918997

14 WSA Architecture – Cont.  Four classes are used to implement WSA

15 DSSecurity Dataset  Two basic tables define the authentication and encryption algorithms  Only relevant combinations are held in two dedicated tables  Only one recommendation table will be used according to the user’s input – different recommendations for different user types  Easy updating

16 Future Development Assuming monitor mode is available in Windows: 1. MAC filtering detection 2. Discover hidden networks (by packet injection) 3. “Attack and Defense” – Disassociation/Deauthentication packets, nonstandard drivers 4. WEP/WPA-PSK cracking

17 Demo


Download ppt "Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman."

Similar presentations


Ads by Google