Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Networking.

Published byDelilah Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Networking."— Presentation transcript:

1 Wireless Networking

2 Outline Wireless Network Communications Background Security Issues
WEP / WPA cs490ns - cotter

3 Hardening Wireless Local Area Networks (WLAN)
By 2007, >98% of all notebooks will be wireless-enabled Serious security vulnerabilities have also been created by wireless data technology: Unauthorized users can access the wireless signal from outside a building and connect to the network Attackers can capture and view transmitted data Employees in the office can install personal wireless equipment and defeat perimeter security measures Attackers can crack wireless security with kiddie scripts cs490ns - cotter

4 4/21/2017 IEEE Standards A WLAN shares same characteristics as a standard data-based LAN with the exception that network devices do not use cables to connect to the network RF is used to send and receive packets In September 1999, a new b High Rate was amended to the standard. It added two higher speeds, 5.5 and 11 Mbps to original speeds of 1, 2 Mbps Communications distance varies with bandwidth to a maximum range of up to 300 ft. With faster data rates, b quickly became the standard for WLANs cs490ns - cotter cs490ns-cotter

5 IEEE 802.11 Standards At same time, the 802.11a standard was released
802.11a has a maximum rated speed of 54 Mbps and also supports 48, 36, 24, 18, 12, 9, and 6 Mbps transmissions at 5 GHz 802.11g added in It adds transmission rates of 18, 36, and 54 Mbps to the rates available under b. 802.11n draft product in 2007, standardized in Added rates up to 600 mbps cs490ns - cotter

6 Data Rates / Range 802.11b 1 Mbps / 90+ m. 2 Mbps / 75 m.
All of b 18 Mbps / 50 m. 36 Mbps / 35 m. 54 Mbps / 20 m. 802.11n – per stream (4 streams max) 20 MHz band 7.2, 14.4 … 72.2 Mbps 40 MHz band 15, 30 … 150 Mbps “Twice the distance of g” Typical configurations 2 transmit / receive streams Can transmit on 2.4 or 5 GHz cs490ns - cotter

7 WLAN Components Each network device must have a wireless network interface card installed Wireless NICs are available in a variety of formats: Type II PC card – Mini PCI CompactFlash (CF) card – USB device USB stick cs490ns - cotter

8 WLAN Components (cont)
An access point (AP) consists of three major parts: An antenna and a radio transmitter/receiver to send and receive signals An RJ-45 wired network interface that allows it to connect by cable to a standard wired network Special bridging software cs490ns - cotter

9 Basic WLAN Security Two areas:
Enterprise WLAN security Basic WLAN security uses two new wireless tools and one tool from the wired world: Service Set Identifier (SSID) beaconing MAC address filtering Wired Equivalent Privacy (WEP) cs490ns - cotter

10 Service Set Identifier (SSID) Beaconing
A service set is a technical term used to describe a WLAN network Three types of service sets: Independent Basic Service Set (IBSS) Basic Service Set (BSS) Extended Service Set (ESS) Each WLAN is given a unique SSID cs490ns - cotter

11 MAC Address Filtering Another way to harden a WLAN is to filter MAC addresses The MAC address of approved wireless devices is entered on the AP A MAC address can be spoofed When wireless device and AP first exchange packets, the MAC address of the wireless device is sent in plaintext, allowing an attacker with a sniffer to see the MAC address of an approved device cs490ns - cotter

12 MAC Address Filtering cs490ns - cotter

13 Wired Equivalent Privacy (WEP)
4/21/2017 Wired Equivalent Privacy (WEP) Optional configuration for WLANs that encrypts packets during transmission to prevent attackers from viewing their contents Uses shared keys―the same key for encryption and decryption must be installed on the AP, as well as each wireless device Keys: 40 bit (5 byte) key + 24 bit IV = 64 bits 104 bit (13 byte) key + 24 bit IV = 128 bit No data integrity function cs490ns - cotter cs490ns-cotter

14 WEP - Shared Key Authentication
Client Access Point Authentication Request Challenge Text Encrypt Challenge w/key Compare Authentication Frame cs490ns - cotter

15 WEP Encryption 1 Text CRC = Text ICV 2 Secret Key PRNG = Keystream IV
+ 3 4 XOR Ciphertext IV 5 ICV = Integrity Check Value IV = initialization Vector

16 WEP Frame layout IV Data >=1 ICV Inititialization Vector Key ID
encrypted IV Data >=1 ICV 4 bytes Inititialization Vector Key ID 3 bytes 1 byte ICV = Integrity check value (CRC)

17 (WEP) (cont) cs490ns - cotter

18 WEP Weaknesses IV sent as cleartext. Since key never changes, once we know two packets share the same IV, we know their keys are identical XOR the two ciphertext messages XOR of plaintext will have same value as XOR of ciphertext! We will know some of the transmitted data ARP requests DNS Etc.

19 Untrusted Network The basic WLAN security of SSID beaconing, MAC address filtering, and WEP encryption is not secure enough for an organization to use One approach to securing a WLAN is to treat it as an untrusted and unsecure network Requires that the WLAN be placed outside the secure perimeter of the trusted network cs490ns - cotter

20 Untrusted Network (continued)
cs490ns - cotter

21 4/21/2017 Trusted Network It is still possible to provide security for a WLAN and treat it as a trusted network Wi-Fi Protected Access (WPA) Developed by WECA in 2002 as interim solution Intended to be a software upgrade for WEP (use RC4) WPA-2 – standard Has two Domains: Personal Wireless Security Enterprise Wireless Security WECA (Wireless Ethernet Compatibility Alliance) cs490ns - cotter cs490ns-cotter

22 Personal Wireless Security WPA -1
Authentication – Based on Pre-Shared Key Encryption – Temporal Key Integrity Protocol Mixes IV and Extended IV with secret key EIV includes sequence counter Adds 8 byte Message Integrity Check Uses RC4 as encryption mechanism Includes ICV for backward compatibility encrypted MAC h. IV EIV Data >=1 MIC ICV FCS

23 Personal Wireless Security WPA -2
Authentication – Based on Pre-Shared Key Encryption – AES – CCMP Counter mode-CBC MAC Protocol Mixes IV and Extended IV with secret key EIV includes sequence counter Adds Message Integrity Check Uses AES as encryption mechanism encrypted MAC h. IV EIV Data >=1 MIC FCS

24 Enterprise Wireless Security
Network supporting the 802.1x protocol consists of three elements: Supplicant: client device, such as a desktop computer or personal digital assistant (PDA), which requires secure network access Authenticator: serves as an intermediary device between supplicant and authentication server Authentication server: receives request from supplicant through authenticator cs490ns - cotter

25 4/21/2017 IEEE 802.1x cs490ns - cotter cs490ns-cotter

26 Enterprise Authentication
Extensible Authentication Protocol Used to pass information from supplicant to AS WN AP AS Security Capabilities Discovery Authentication Key management Key Distribution Data protection

27 IEEE 802.1x (cont) Several variations of EAP can be used with 802.1x:
4/21/2017 IEEE 802.1x (cont) Several variations of EAP can be used with 802.1x: EAP-Transport Layer Security (EAP-TLS) Lightweight EAP (LEAP) EAP-Tunneled TLS (EAP-TTLS) Protected EAP (PEAP) Flexible Authentication via Secure Tunneling (FAST) cs490ns - cotter cs490ns-cotter

28 Enterprise Wireless Security
Data Encryption – WPA 1 TKIP Data Encryption – WPA 2 AES - CCMP

29 Wireless Security Summary
Broadcast nature of Wireless LAN makes communication more vulnerable than wired networks Several mechanisms can be used to limit access Encryption used to protect data transmission (and access). cs490ns - cotter

30 References: Wireless Security 802.1x - tldp.org/HOWTO/802.1X-HOWTO
IPSec – tldp.org/IPSec-HOWTO cs490ns - cotter

31 Summary Wireless Network Communications Background Security Issues
WEP / WPA cs490ns - cotter

Download ppt "Wireless Networking."

Similar presentations

CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Wireless Security Chi-Shu Ho, Raymond Chi CS265 Cryptography and Computer Security SJSU November 18, 2003.

Wireless Security Chi-Shu Ho, Raymond Chi CS265 Cryptography and Computer Security SJSU November 18, 2003.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
& WEP Tzachy Reinman System and Network Security Course

& WEP Tzachy Reinman System and Network Security Course
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Similar presentations

Ads by Google