Presentation is loading. Please wait.

Presentation is loading. Please wait.

WIRELESS LAN SECURITY AND LABORATORY DESIGNS

Published byAlvin Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "WIRELESS LAN SECURITY AND LABORATORY DESIGNS"— Presentation transcript:

1 WIRELESS LAN SECURITY AND LABORATORY DESIGNS
Yasir Zahur T. Andrew Yang University of Houston – Clear Lake 17th CCSC Southeastern Conference Georgia Perimeter College - Dunwoody, GA CCSCSE 2003

2 Agenda Introduction Standards & Specifications Vulnerabilities
Alternate Security Solutions Laboratory Setup CCSCSE 2003

3 Where Does WLAN Fit ? CCSCSE 2003

4 Source: http://www. jiwire. com/. cid=95&kw=802. 11&se=google (Nov
Source: (Nov. 6, 2003) Traveler's Quick Finder Browse by location    Free Hotspots  510 hotspots   Hotels  5,910 hotspots   Airports  432 hotspots   Cafes  5,344 hotspots CCSCSE 2003

5 Growth of WLAN CCSCSE 2003

6 Infrastructure Mode of WLAN
CCSCSE 2003

7 Typical WLAN Architecture
CCSCSE 2003

8 IEEE 802.11 Standards Standard Description Current Status CCSCSE 2003
Standard for WLAN operations at data rates up to 2 Mbps in the 2.4-GHz ISM band Approved in July 1997 IEEE a Standard for WLAN operations at data rates up to 54 Mbps in the 5-GHz UNII band Approved in Sept End-user products began hipping in early 2002 IEEE b Standard for WLAN operations at data rates up to 11 Mbps in the 2.4-GHz ISM band Sept End-user products began shipping in early 2000 IEEE g High-rate extension to b allowing for data rates up to 54 Mbps in the 2.4-GHz ISM band Draft standard adopted Nov 2001. Full ratification expected late 2002 or early 2003 IEEE e Enhance the MAC to improve and manage Quality of Service, provide classes of service, and enhanced security and authentication mechanisms. These enhancements should provide the quality required for services such as IP telephony and video streaming Still in development, i.e., in the task group (TG) stage IEEE f Develop recommended practices for an Inter- access Point Protocol (IAPP) which provides the necessary capabilities to achieve multi-vendor AP interoperability across a DS supporting IEEE P Wireless LAN Links IEEE i Enhance the Medium Access Control (MAC) to enhance security and authentication mechanisms CCSCSE 2003

9 Interferences (802.11b) 2.4GHz Cordless Phone Some other
wireless network Microwave oven Access Point CCSCSE 2003

10 IEEE 802.11b Specifications (a brief overview)
Transmission of approximately 11 Mbps of data Half Duplex protocol Use of CSMA/CA (collision avoidance) instead of CSMA/CD (collision detection) Total of 14 frequency channels. FCC allows channels 1 through 11 within the U.S in 2.4 GHz ISM band Only channels 1, 6 and 11 can be used without causing interference between access points Wired Equivalent Privacy (WEP) based on Symmetric RC4 Encryption algorithm Use of Service Set Identifier (SSID) as network identifier CCSCSE 2003

11 General WLAN Vulnerabilities
Eavesdropping Invasion and Resource Stealing Traffic Redirection Denial Of Service Attack Rogue Access Point No per packet authentication No central authentication, authorization, and accounting (AAA) support CCSCSE 2003

12 802.11b Vulnerabilities MAC address based authentication
One-Way authentication SSID Static WEP Keys WEP key vulnerabilities Manual Key Management Key Size Initialization Vector Decryption Dictionaries CCSCSE 2003

13 WEP Encryption CCSCSE 2003

14 IEEE 802.1x IEEE 802.1x is a port based authentication protocol.
It forms the basis for IEEE i standard. There are three different types of entities in a typical 802.1x network including a supplicant, an authenticator, and an authentication server. In an un-authorized state, the port allows only DHCP and EAP (Extensible Authentication Protocol) traffic to pass through. CCSCSE 2003

15 EAPOL Exchange CCSCSE 2003

16 IEEE 802.1x – Pros / Cons Dynamic Session Key Management
Open Standards Based Centralized User Administration User Based Identification Absence Of Mutual Authentication Lack of clear communication between and i state machines and message authenticity CCSCSE 2003

17 Absence Of Mutual Authentication
Supplicant always trusts the Authenticator but not vice versa This opens the door for “MAN IN THE MIDDLE ATTACK” CCSCSE 2003

18 Session Hijack Attack 802.11 State Machine 802.11i State Machine
CCSCSE 2003

19 Session Hijack Attack (…cont)
CCSCSE 2003

20 Alternate Solutions Virtual Private Networks (VPN) Cisco LEAP
User Authentication Encryption Cisco LEAP Mutual Authentication Per Session based Keys Secure Socket Layer (SSL) Digital Certificates CCSCSE 2003

21 WEP Attack CCSCSE 2003

22 Man In The Middle & Session Hijack Attacks
CCSCSE 2003

23 LEAP Enabled Access Point
Cisco LEAP Setup LEAP Enabled Client LEAP Enabled Access Point AAA Server CCSCSE 2003

24 Pass Through Access Point
VPN Setup VPN Client Pass Through Access Point VPN Server CCSCSE 2003

25 Pass Through Access Point
SSL Setup SSL Client Pass Through Access Point SSL Server CCSCSE 2003

26 A Specialized Computer Security Lab
NSF CCLI A&I grant: Two Focuses: DCSL: Distributed Computer Security Lab Between UHCL and UHD Possibly extended to other small or medium-sized colleges Customizable testbed for various security-related experiments/projects Module-based Computer Security Courseware Design On-going Looking for collaborators, courseware developers, users, … CCSCSE 2003

27 CCSCSE 2003

28 Computer Security Courseware
Module-based Computer Security Courseware Design Units: Modules, submodules, artifacts, … CCSCSE 2003

29 References John Pescatore, “Wireless Networks: Can Security Catch Up With Business?” Arunesh Mishra, William A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1x Standard”, Department Of Computer Science, University Of Maryland, Feb WLAN Association, “Wireless Networking Standards and Organizations”, WLANA Resource Center, April Cisco Networks, “Cisco Aironet Response to University of Maryland’s paper” John Vollbrecht, David Rago, and Robert Moskowitz. “Wireless LAN Access Control and Authentication”, White Papers at Interlink Networks Resource Library, 2001 Nikita Borisov, Ian Goldberg, and David Wagner “Security of WEP Algorithm”, ISAAC, Computer Science Department, University Of California Berkely CCSCSE 2003

Download ppt "WIRELESS LAN SECURITY AND LABORATORY DESIGNS"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
802.11 Networks Olga Agnew Bryant Likes Daewon Seo.

Networks Olga Agnew Bryant Likes Daewon Seo.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.

Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.

EAP Overview (Extensible Authentication Protocol) Team Golmaal: Vaibhav Sharma Vineet Banga Manender Verma Lovejit Sandhu Abizar Attar.
Wireless Networks: Personal, Local, Metropolitan Speedups, Security, Power John Schafer University of Michigan Ann Arbor CSG 10 May 2000

Wireless Networks: Personal, Local, Metropolitan Speedups, Security, Power John Schafer University of Michigan Ann Arbor CSG 10 May 2000
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN

Similar presentations

Ads by Google