Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

Published byAlicia Peters Modified over 8 years ago

Similar presentations

Presentation on theme: "A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat."— Presentation transcript:

1 A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat

2 Outline ► Introduction ► Explanation of Terms ► Evaluation Methodology ► Analysis of WEP, WPA, and RSN ► Graphical Results ► Conclusion

3 Introduction ► Difference properties of wireless network comparing to wired network ► Two lines of defense in wireless network security  Preventive approach  Intrusion Detection and Response approach ► WEP WPA RSN

4 Explanation of Terms ► WEP – Wired Equivalent Protocol (attempt #1) ► WPA – Wi-Fi Protected Access (attempt #2) ► RSN – Robust Secure Network (attempt #3) ► ► EAP – Extensible Authentication Protocol ► ► TKIP – Temporal Key Integrity Protocol ► ► AES – Advanced Encryption Standard

5 Explanation of Terms (cont.) ► ► CCMP – Counter mode with Cipher block Chaining Message authentication code Protocol ► ► ICV – Integrity Check Value ► ► MIC – Message Integrity Check ► ► RADIUS – Remote Authentication Dial in User Service ► ► IV – Initialization Vector

6 Evaluation Methodology ► Authentication Capability ► Encryption Strength ► Integrity Guarantees ► Prevention of Attacks ► Identity Protection ► Ease and Cost of Implementation ► Power Consumption ► Novel Ideas

7 Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * 3 + 1 Use of new authentication mechanisms None-Use of EAP (802.11X)[tec h-faq] Known MITM attacks One or more-None

8 Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

9 Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

10 Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them Minimizes damageNo-Yes

11 Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

12 Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged 300303 Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

13 Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low- power mode No-Yes

14 Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

15 Analysis of WEP

16 Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * 3 + 1 Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

17 Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

18 Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

19 Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

20 Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

21 Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged 300303 Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

22 Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

23 Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

24 Scores of WEP ► Authentication Capability (0/8) ► Encryption Strength (0/16) ► Integrity Guarantees (0/4) ► Prevention of Attacks (0/6) ► Identity Protection (4/4) ► Ease and Cost of Implementation (17/18) ► Power Consumption (2/4) ► Novel Ideas (0/2) Total Score = 2.44/8 = 30.56 %

25 Analysis of WPA

26 Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * 3 + 1 Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

27 Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

28 Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

29 Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

30 Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

31 Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged 300303 Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

32 Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

33 Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

34 Scores of WPA ► Authentication Capability (6/8) ► Encryption Strength (14/16) ► Integrity Guarantees (2/4) ► Prevention of Attacks (4/6) ► Identity Protection (0/4) ► Ease and Cost of Implementation (5/18) ► Power Consumption (1/4) ► Novel Ideas (0/2) Total Score = 3.32/8 = 41.49 %

35 Analysis of RSN

36 Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * 3 + 1 Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

37 Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

38 Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

39 Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

40 Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

41 Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged 300303 Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

42 Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

43 Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

44 Scores of RSN ► Authentication Capability (6/8) ► Encryption Strength (15/16) ► Integrity Guarantees (4/4) ► Prevention of Attacks (4/6) ► Identity Protection (0/4) ► Ease and Cost of Implementation (4/18) ► Power Consumption (2/4) ► Novel Ideas (0/2) Total Score = 4.08/8 = 50.95 %

45 Graphical Results

46 Comparison of categorical performance

47 Main contributors to each protocol’s success

48 Conclusion ► We have defined specific metrics for protocol evaluation. ► We evaluate different wireless security protocol based on these metrics. ► Questions ?

Download ppt "A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google