Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified."— Presentation transcript:

1 Wireless Security In wireless networks

2 Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified only by authorized processes Availability Service request is completed in an acceptable period of time Timely response to requests Confidentiality Only authorized people or systems can access protected data.

3 Threats, Vulnerabilities and Controls Threats circumstances that have the potential to cause harm Interception Interruption Modification fabrication Vulnerabilities weaknesses in a security system Controls protective measures

4 Security Needs for Mobile Networks Basic security services provided by a wireless communication system Encryption Confidentiality of user message transferred over the wireless channel Session key establishment Between Home Network and a Mobile Station Between two different Mobile Stations Authentication For the validation of the identity of the mobile user

5 Cryptosystems Cryptosystems are employed to cover up the content of the message exchanged between two parties Two major types of Cryptosystems: Public-Key (Asymmetric-Key) Ex. RSA (Rivest, Shamir, and Adleman) Symmetric-Key Ex. DES (Data Encryption Standard)

6 Public-Key Cryptosystems Public-key P.txt = D(k PRIV, E(k PUB, P.txt)). (Asymmetric-Key) systems are easy to manage: Download the recipients public key. Encrypt the message. Send it. The recipient uses the private key to decrypt. Public-Key requires more computation (RSA is 1000 times slower than DES). Modular Square Root (MSR) is a variant of RSA that requires only one modular multiplication, which is acceptable for a MS Authentication Problem You have to know who you are talking to Sender  E(kpubR, E(kprivS, P.txt))  Receiver

7 Symmetric-Key Cryptosystems Strengths of Symmetric-Keys is based on:  Secrecy of the key  Difficulty of guessing the key  Difficulty of inverting the encryption (i.e., breaking the algorithm)  Computations needed are negligible compared to Public-Key

8 Mobile Network Environment Network VN MS Network HN Communication between a HN and VN

9 Analysis of Protocol 1 Symmetric-Key Encryption 1. MS  HN: r 2. MS  HN: ID MS, f(k, r) An identity of each party is denoted by ID f() is a symmetric key encryption function such as DES The Home Network (HN) broadcasts systems information including a random number r MS sends ID MS & f(k,r) to the HN k is the secret key shared between MS and HN HN find’s MS’s secret key – database – completes authentication to the MS by verifying f(k,r)

10 Analysis of Protocol 1 Symmetric-Key Encryption (contd.) The advantage of this protocol is that computation of f() can be easily performed by the MS having the low computational power. The disadvantage, well…., do you think it will be easy to protect and maintain the database containing the secret keys of MS? PROBABALY NOT!!!

11 Analysis of Protocol 2 Public Key Certificate Assume a universally trusted certificate authority (CA) – run by a single, large SP Each MS is provided with a certificate which contains: MS’s identity The current expiration date Certificate authority’s signature Certificate authority’s private key (s CA ) The MS and HN have the following certificates cert HN = {ID HN,p HN,date HN,[h(ID HN,p HN,date HN )]s CA } cert MS = {ID MS,date MS,[h(ID MS,date MS )]s CA } date denotes the expiration of the certificate p HN means the public key of the HN […] s CA means signing […] using a private key of the CA

12 Analysis of Protocol 2 Public Key Certificate (contd.) 1. MS  HN: cert HN 2. MS  HN: [k s ]p HN, f(k s,cert MS ) 3. MS  HN: f(k s,[ID MS, ID HN ]) The home network HN broadcasts its certificate cert HN The MS can authenticate the HN by verifying the signature with the p CA corresponding to s CA Session key k s randomly chosen by MS – encrypted with p HN and the encrypted session key [k s ]p HN is sent to the HN with the cert MS encrypted with k s HN decrypts [k s ]p HN with its secret key s HN MS can also be authenticated based on its secret certificate Since anyone who obtains cert MS, can impersonate MS, it should be protected – k s encrypts the message

13 ServerServer ServerServer ServerServer HNHN WorkstationWorkstation MS KerberosDatabase Certificate Granting Granting Server ServerCertificate Granting Granting Server Server Authentication Authentication Kerberos Key Distribution Service

14 Protocol 1 -vs- Protocol 2 cert HN = {ID HN,p HN,date HN,[h(ID HN,p HN,date HN )]s CA } cert MS = {ID MS,date MS,[h(ID MS,date MS )]s CA } Protocol 1 1. MS  HN: r 2. MS  HN: ID MS, f(k, r) Protocol 2 1. MS  HN: cert HN 2. MS  HN: [k s ]p HN, f(k s,cert MS ) 3. MS  HN: f(k s,[ID MS, ID HN ])

15 Strengths & Weaknesses of Protocols 1-3 Protocol 1: Symmetric-Key Negligible computation compared to Public-key Difficult to maintain and protect database of secret keys Protocol 2: Public Key Computationally higher, although this is reduced by MSR Does not protect against impersonation of the MS

16 WEP key encryption WEP key is used as a standard mode of encryption for the wireless lans. It is a symmetric key encryption used to prevent eavesdropping. It also prevents unauthorized users from accessing the lan. 40- bit and 128- bit WEP keys are available.

17 Working of WEP key User and the Access point have a shared WEP key. RC4 algorithm expands a short key into infinite pseudo- random key streams. Checks to see if the key is from an authorized user.

18 RC4(streamcypher) encryption and decryption State 40-bytekey Initialization Vector XOR Key-stream Plaintext Cipher-text Encryption box One-time pad & XORD with plain text

19 Problems in WEP key Encryption Decrypt using statistical analysis. Active attack to inject traffic. Active attack to decrypt packets Modify destination IP Send a packet to a remote known computer.

20 Problems in WEP key encryption Dictionary attack Initialization vector Man in the middle attacks Intercepts authentication messages to gain access to the network Message Integrity Check (Interceptor)

21 Conclusion It is not easy to achieve complete security but reasonable security of wireless network can be achieve if we integrate all the security techniques available.

Download ppt "Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified."

Similar presentations

KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Chapter 11: Cryptography

Chapter 11: Cryptography
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Key Establishment Protocols for Secure Mobile Communications A. Aziz and W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE.

Key Establishment Protocols for Secure Mobile Communications A. Aziz and W. Diffie, “Privacy and Authentication for Wireless Local Area Networks”, IEEE.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Similar presentations

Ads by Google