Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Published byAmbrose Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication."— Presentation transcript:

1 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication methods Encryption and integrity checking WPA (WiFi Protected Access) IEEE 802.1X authentication framework Practical example using SSL/TLS SIM/AuC authentication

2 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks2 WLAN security solutions Wired Equivalent Privacy (WEP): Part of the original 802.11 standard. No key management, also several other weaknesses. WiFi Protected Access (WPA): Interim solution offers key management using the 802.1X authentication framework, plus improved encryption and integrity checking. IEEE 802.11i (WPA2): Same as WPA, except improved encryption (AES). 1. 2. 3.

3 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks3 WLAN security using WEP Authentication ("shared key" user authentication) Confidentiality (RC4 stream cipher encryption) Integrity checking (CRC-32 integrity mechanism) No key management No protection against replay attacks IEEE 802.11 specifies as an option usage of WEP which can take care of the following security mechanisms:

4 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks4 No key management in WEP AP Key A No key management in WEP  every wireless station and AP has the same "preshared" key that is used during authentication and encryption. This key is distributed manually (=> insufficient for enterprise applications).

5 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks5 Problems with preshared keys Manual key management is not very flexible Same key for everybody: In a large network, users may wish to have independent secure connections. Just a single non-honest WLAN user can break the security. Static key: Since it is relatively easy to crack WEP encryption in a reasonably short time, the keys should be changed often, but the preshared key concept does not support this.

6 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks6 WLAN authentication methods Open system authentication (specified in WEP) actually no authentication at all Shared key authentication (specified in WEP) weak due to non-existing key management Authentication using SSID of AP MAC address filtering IEEE 802.1X authentication (specified in WPA) SIM/AuC authentication (in operator-based network) 1. 2. 3. 4. 5. 6.

7 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks7 Open system authentication AP 1: MAC address 2: Status code Status codes are defined in IEEE 802.11 Status codeMeaning 0 1 : 15 : Successful Unspecified failure : Authentication rejected (cause x) :

8 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks8 Shared-key authentication AP 1: MAC address 2: Challenge text (128 octets, clear) 3: Response text (WEP encrypted) 4: Status code WEP Encryption Authentication is successful, if WEP decryption gives original challenge text Authentication successful / failure

9 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks9 Authentication using SSID of AP AP Probe request message transmitted from WS includes SSID of AP SSID = Service Set Identifier Not very secure: SSID is transmitted unencrypted over the wireless network and can be easily captured by an attacker. Access ok

10 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks10 MAC address filtering AP MAC address 2 Accepted MAC addresses: MAC address 1 MAC address 2 MAC address 3 MAC address 4 : Not very secure: Attacker can read MAC address of a wireless station attached to the WLAN and replace own MAC address with this stolen MAC address. Access ok

11 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks11 WEP encryption WEP encryption is based on the RC4 stream cipher. First the preshared key (40 bits) is combined with a 24 bit initialization vector (IV) that should change from packet to packet (WEP does not specify how to select the IV). The combined key (preshared key + IV) is fed to the RC4 algorithm that generates a continuous keystream. The plaintext information (+ ICV, see future slide) is bit- wise combined with the keystream by employing the XOR operation, thus producing the encrypted information.

12 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks12 WEP encryption and decryption RC4 algorithm RC4 algorithm Preshared key (40 bits) + Init. vector (24 bits) Plaintext information RC4 algorithm RC4 algorithm Preshared key (40 bits) + Init. vector (24 bits) Plaintext information Encrypted information RC4 keystream TransmitterReceiver RC4 keystream

13 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks13 WEP key lengths Standard solution: Enhanced solution: 24 bit IV40 bit key 104 bit key Initialisation vector (IV) is sent unencrypted over the wireless interface to the receiving end. 24 bit IV

14 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks14 WEP integrity check InformationAltered information TxRxRogue station Integrity checking prevents man-in-the-middle attacks: Integrity check is implemented in WEP by appending an integrity check value (ICV) bit sequence after the plaintext information before encryption at the transmitter.

15 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks15 WEP integrity check Plaintext information ICV Integrity check value (ICV) Plaintext information WEP encryption Transmitter Receiver Integrity algorithm ICVPlaintext information WEP decryption Integrity algorithm ICV’ Integrity ok if ICV’ = ICV

16 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks16 WEP operation: transmitter ICVEncrypted payloadFCSIV headerMAC header WEP encryption 40 bit WEP key 24 bit initialisation vector (IV) RC4 algorithm Plaintext information Integrity algorithm ICV

17 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks17 WEP operation: receiver ICVEncrypted payloadFCSIV headerMAC header WEP encrypted 40 bit WEP key 24 bit initialisation vector (IV) RC4 algorithm Plaintext information Integrity algorithm ICV’ ICV ICV’ = ICV?

18 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks18 WEP summary Security measure Features Key management WEP does not support key management Authentication Shared key authentication Encryption RC4 stream cipher, 40 bit key length is rather weak Integrity protection Rather weak in WEP Replay attacks No protection.

19 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks19 WLAN security using WPA Key management (using the 802.1X framework, it is also possible to use preshared keys) Authentication (using the 802.1X framework) Confidentiality (TKIP encryption) Integrity checking ("Michael" protocol) Protection against replay attacks. WPA is basically a pre-standard version of IEEE 802.11i as accepted by the WiFi alliance. WPA offers:

20 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks20 Temporal Key Integrity Protocol (TKIP) TKIP encryption is also based on the RC4 stream cipher, just like WEP encryption, with the following differences: The length of the initialization vector is 48 bit (instead of 24 bit in WEP) TKIP uses 104-bit per-packet keys, derived from a master secret and different for each packet (instead of a 40-bit or 104-bit static preshared key in WEP). Note that AES (Advanced Encryption Standard) encryption used in IEEE 802.16i is significantly different.

21 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks21 IEEE 802.1X authentication framework The 802.1X authentication framework protects wired and wireless networks from unauthorised use in open environments (such as university campus). 802.1X uses EAP (Extensible Authentication Protocol) to handle authentication requests. As the name implies, EAP is extensible and therefore should be future proof. 802.1X also uses RADIUS (Remote Authentication Dial- in User Service) for handling secure signalling between AP and authentication server.

22 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks22 802.1X architecture 802.1X defines three network entities: Supplicant (the wireless client in the wireless station), authenticator (in a WLAN usually the AP) and authentication server (containing user-related authentication information). SupplicantAuthenticatorAuthentication server (AS) EAP over LAN (EAPoL) RADIUS AS

23 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks23 802.1X authentication procedure (1) With 802.1X, authentication occurs after association. However, prior to successful authentication, a wireless client is only allowed access to the AS. All other traffic is blocked at the AP. Other network resources AS AP Wireless client

24 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks24 802.1X authentication procedure (2) AS AP After successful authentication, the wireless client is granted access to other network resources by the AP. Wireless client Other network resources

25 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks25 802.1X authentication procedure (3) AS AP The authenticator (AP) can also perform authentication based on MAC address filtering (for preventing denial- of-service = DoS attacks) before starting the 802.1X authentication. Wireless client Other network resources Sorry, MAC address not acceptable

26 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks26 Example: EAP-TLS As an example, SSL/TLS is one of the various options defined to be used over EAP. The next two slides show how the SSL/TLS handshake sequence is embedded into a corresponding EAP sequence. (The RADIUS part of the signalling is not shown.) ASAP Wireless client EAP-TLSRADIUS

27 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks27 Basic SSL/TLS handshake sequence Client Server 1. Supported security algorithms 2. Chosen security algorithms + certificate 3. Encrypted pre-master secret Compute keys 4. and 5. MAC of handshake messages Secure data transport

28 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks28 EAP-TLS signalling sequence WS AP EAP request: ID EAP response: ID EAP request: TLS start EAP response: TLS client hello (1) EAP request: TLS server hello (2) EAP response: Key + MAC info (3 and 4) EAP request: MAC info (5) EAP response: Null data

29 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks29 Authentication in operator-based network 802.11 networks offer new possibilities when the wireless station includes a SIM (Subscriber Identity Module) that is provided by a certain network operator / service provider. SIM Through the SIM, operators can offer WLAN users added value applications such as secure authentication, nation- wide or worldwide roaming, and user- tailored charging solutions. Let us next see how SIM-based authentication works.

30 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks30 SIM/AuC authentication (1) SIM/AuC authentication is based on storing a user-specific authentication key in two safe places: the authentication center (safely stored in the operator’s premises) and the SIM in the user terminal. Authentication Center (AuC) Authentication Center (AuC) Network SIM

31 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks31 SIM/AuC authentication (2) SIM/AuC authentication uses the challenge - response method. A challenge is sent to the SIM, where it is encrypted using the authentication key, and the result (response) is returned to the network (e.g. the AP). Authentication Center (AuC) Authentication Center (AuC) Challenge Response SIM

32 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks32 SIM/AuC authentication (3) The challenge is also encrypted in the AuC using the same authentication key, and the result (which should be identical to the response from the SIM) is sent to the network (e.g. the AP). Result Authentication Center (AuC) Authentication Center (AuC) Challenge Response SIM

33 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks33 SIM/AuC authentication (4) If the result is the same, authentication was successful. Result Authentication Center (AuC) Authentication Center (AuC) Challenge Response Same result => authentication successful Different result => either the authentication key or encryption algorithm was different in SIM and AuC SIM

34 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks34 SIM/AuC authentication (5) The high security of this scheme is based on two facts: The authentication key stored in the SIM can never be read from the SIM. The encryption algorithm is also running inside the SIM. 1. Authentication Center (AuC) Authentication Center (AuC) SIM

35 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks35 SIM/AuC authentication (6) The high security of this scheme is based on two facts: The authentication key is never removed from the AuC and the algorithm is running in the AuC. As long as there is no access to the AuC, security is assured. 2. Authentication Center (AuC) Authentication Center (AuC) SIM

36 WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks36 Operator services If operators want to offer new services or applications, distribution of SIM cards is not the only issue they must consider. In order to implement the services, various network resources must also be implemented (like AuC in the previous example). Obviously, all this is not without cost, so there must be some way of charging subscribers (again requiring new network elements => charging center, etc.) for the services. Future will tell if operator services will ever be successful as far as 802.11 networks are concerned.

Download ppt "WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication."

Similar presentations

Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Similar presentations

Ads by Google