Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,"— Presentation transcript:

1 WLAN Security:PEAP Sunanda Kandimalla

2 Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication, preferably on a per packet basis. 2. Enough flexibility to provide different levels of security for different environments 3. Ubiquitous security for roaming users, independent of their physical location. 4. Strong confidentiality and protection from eavesdroppers 5. Scalability to support varying number of users and network complexity.

3 802.11 Standard Wireless LANs are technically referred to by their IEEE Standard Number - 802.11. IEEE 802.11 wireless LAN standard specifies how to achieve wireless connectivity for fixed, portable, and moving stations in a local area. operates on two modes of authentication Open System Authentication and Shared Key Authentication.

4 WEP and it’s limitations Shared Key Authentication uses security mechanism called wired equivalent privacy. authentication of the station is done by the AP using shared private keys. Privacy of data is ensured by encryption of the MAC payload using a combination of the shared key and a sequence generated on the fly as the encryption key.

5 Limitations of WEP keys are cumbersome to change. In order to use different keys, you must manually configure each access point and radio NIC.

6 802.1x security Authentication takes place in upper layers. It uses extensible authentication protocol (EAP). allows mutual authentication and session key generation to take place at higher layers, using any suitable Extensible Authentication Protocol (EAP) mechanism.

7 802.1x authentication Process

8 EAP In EAP to establish communications over a point-to-point link, each end of the PPP link must first send LCP packets to configure the data link during Link Establishment phase. After the Link Establishment phase is complete,authentication is done using any of the different EAP types.

9 Types of authentication in EAP EAP-TLS (Transport Layer Security). EAP- TLS - the security method used in the 802.1X client in Windows XP - provides for certificate-based, mutual authentication of the client and the network. EAP-TTLS is an extension of EAP-TLS. Unlike EAP-TLS, however, EAP-TTLS requires only server-side certificates, eliminating the need to configure certificates for each WLAN client.

10 Contd.. Protected EAP (PEAP) is an authentication protocol that uses TLS to enhance the security of other EAP authentication methods. PEAP for Microsoft 802.1X Authentication Client provides support for EAP-TLS, which uses certificates for both server authentication and client authentication

11 802.1x and EAP framework

12 PEAP RSA, Microsoft, and Cisco have developed a new EAP mechanism that is well suited for these authentication purposes. Any EAP method running within PEAP is provided with built-in support for key exchange, session resumption and fragmentation and reassembly. include support for fragmentation and reassembly, individual methods need to include this capability. PEAP supports roaming of users capability by leveraging the TLS session resumption facility.

13 Protocol Overview Protected EAP (PEAP) is comprised of a two-part conversation: [1] In Part 1, a TLS session is negotiated, with server authenticating to the client and optionally the client to the server. The negotiated key is then used to encrypt the rest of the conversation. [2] In Part 2, within the TLS session, a complete EAP conversation is carried out, unless part 1 provided client authentication.

14 Conclusion Selection of an authentication method is the key decision in securing a wireless LAN deployment. PEAP is a two-stage protocol that establish security in stage one and then exchange authentication in stage two. PEAP still use certificates to authenticate the wireless network to the user, but only a few certificates will be required, so it is much more manageable.

15 References http://www.surfnet.nl/innovatie/wlan/ http://www.drizzle.com/~aboba/IEEE/ http://www.ietf.org/internet-drafts/draft- josefsson-pppext-eap-tls-eap-05.txthttp://www.ietf.org/internet-drafts/draft- josefsson-pppext-eap-tls-eap-05.txt http://www.drizzle.com/~aboba/IEEE/dr aft-ietf-pppext-eap-ttls-01.txthttp://www.drizzle.com/~aboba/IEEE/dr aft-ietf-pppext-eap-ttls-01.txt http://www.nwfusion.com/news/tech/200 1/0924tech.html

Download ppt "WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,"

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.

PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Doc.: IEEE 802.11-00/275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE 802.11 David Halasz, Stuart Norman, Glen.

Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP 802.3802.5802.11 802.1x EAP API.

Wireless LAN Security Framework Backend AAA Infrastructure RADIUS, TACACS+, LDAP, Kerberos TLSLEAPTTLSPEAPMD5 VPN EAP PPP x EAP API.

Similar presentations

Ads by Google