Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless and Email Security CSCI 5857: Encoding and Encryption.

Published byEleanor Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless and Email Security CSCI 5857: Encoding and Encryption."— Presentation transcript:

1 Wireless and Email Security CSCI 5857: Encoding and Encryption

2 Outline Wireless network security –Wireless LAN structures –Authentication –Key management DKIM email security –Authentication between ISPs

3 Wireless LAN Structure

4 Wireless LAN Terminology Station: Device capable of IEEE 802.11 wireless connectivity (wireless laptop, etc.) Distribution System: Backbone system for long- distance communication (lines/satellite/etc.) Access point: Bridge between station and distribution system (or between stations in same BSS) Basic Service Set (BSS): Set of stations in range of access point

5 Wireless LAN Structure

6 Differences from LAN security: Any transmission may be listened to by any device in range of access point  All transmissions must be secured Other wireless devices in range of AP can attempt to connect to it  Any device wishing to communicate through access point must be authenticated

7 802.11i RSN Services Access control: –Preventing access to access point until authentication Authentication: –Mutual authentication between stations and access points, and key generation Privacy: –Encrypting/hashing/etc. of messages to insure confidentiality/information integrity/etc.

8 Authentication Server Authentication server –Contacted by AP when station requests access –Uses authentication protocol to establish station identity –AP blocks communication with rest of network until authentication complete

9 IEEE 802.11i Operation Phases

10 Discovery Phase Station contacts AP Station passes security suite to AP (like SSL) AP responds with chosen algorithms

11 Authentication Phase Station sends request to AP for connection to authentication server Extensible authentication protocol (EAP) used for mutual authentication

12 Authentication Phase Extensible Authentication Protocol: –Based on challenge-response –Station and AS share secret information (such as symmetric key) –AS sends challenge to station (via AP) –Station sends response –May repeat with multiple challenges (10 – 20) for added protection against replay attacks

13 Key Management Phase Possible methods: –Station and AP already share pre-shared key (PSK) previously installed on station –AS generates and sends master session key (MSK) to station as part of EAP challenge response Used to generate pairwise master key

14 Key Management Phase HMAC-SHA1 used to generate Pairwise transient key from –Pairwise master key –MAC address of station and AP (prevents replay attacks) PTK consists of –Key used for confirmation of other keys –Key used to encrypt other keys –Actual temporal key used to securely transmit data

15 Key Management Phase Handshake between station and AP used to establish and confirm keys used for secure transmission

16 Domain Keys Identified Mail Proposed Internet Standard RFC 4871, has been widely adopted Goal: Minimize fake email sent –Email purportedly from another user trusted by recipient –Spam, fraud, viruses, etc. Signing/validation done at provider level –Individual users do not need to be involved in process 16

17 Internet Mail Architecture 17 Sender composes mail in mail client software Mail client software sends email contents to sender’s ISP Email sent to mail server of recipient’s ISP Recipient retrieves email from their ISP’s server

18 DKIM Authentication Sender submits email to their ISP’s server Email signed by sending server using their public key 18

19 DKIM Authentication 19 Receiving ISP requests certificate from sending ISP Receiving ISP validates signature using sender’s public key Recipient only receives validated email

Download ppt "Wireless and Email Security CSCI 5857: Encoding and Encryption."

Similar presentations

Authentication.

Authentication.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Secure Socket Layer.

Secure Socket Layer.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Chapter 8 Web Security.

Chapter 8 Web Security.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Similar presentations

Ads by Google