Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Published byFay Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some."— Presentation transcript:

1 WLAN Security Condensed Version

2 First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some WLANs controlled access by entering the media access control (MAC) address of each client into the wireless access points. Neither option was secure, since wireless sniffing could reveal both valid MAC addresses and the SSID.

3 AP: "Allow any SSID" Most access points have options like "SSID broadcast" and "Allow any SSID". These features are usually enabled by default and make it easy to set up a wireless network. The "Allow any SSID" option permits the access point to allow access to a client with a blank SSID. The "SSID broadcast" sends beacon packets that advertise the SSID. Disabling these two options does not secure the network, since a wireless sniffer can easily capture a valid SSID from normal WLAN traffic. SSIDs should not be considered a security feature.

4 AP: "Allow any SSID" Set Guest Mode SSID If you want the access point to allow associations from client devices that do not specify an SSID in their configurations, you can set up a guest SSID. The access point includes the guest SSID in its beacon. By default, the access point's default SSID, tsunami, is set to guest mode. However, to keep your network secure, you should disable the guest mode SSID on most access points. AP Default No Client SSID, but Associated!

5 Wired equivalent privacy (WEP) The IEEE 802.11 standard includes WEP to protect authorized users of a WLAN from casual eavesdropping. The IEEE 802.11 WEP standard specified a 40-bit key, so that WEP could be exported and used worldwide. Most vendors have extended WEP to 128 bits or more. When using WEP, both the wireless client and the access point must have a matching WEP key. WEP is based upon an existing and familiar encryption type, Rivest Cipher 4 (RC4). 128 bit WEP is sometimes referred to, and more accurately, as 104 bit WEP. Also, be sure that Transmit Key numbers match, I.e. Key 1 on both AP and ACU. AP ACU

6 Open Authentication Typical Open Authentication on both AP and Client with No WEP keys

7 Open Authentication and WEP A client can associate with an AP, but use WEP to send the encrypted data packets. Authentication and data encryption are two different things. –Authentication – Is the client allowed to associate with this AP? –Encryption – Encrypts the data (payload) and ICV (Integrity Check Value) fields of the 802.11 MAC –So a client could Associate with the AP, using Open Authentication (basically no authentication), but use WEP to encrypt the data frames sent after its associated.

8 Authentication Process – Shared-Key Shared key requires the client and the access point to have the same WEP key. An access point using Shared Key Authentication sends a challenge text packet to the client. If the client has the wrong key or no key, it will fail this portion of the authentication process. The client will not be allowed to associate to the AP.

9 Encryption Modes Indicates whether clients should use data encryption when communicating with the device. The three options are: None - The device communicates only with client devices that are not using WEP. WEP Encryption - Choose Optional or Mandatory. If optional, client devices can communicate with this access point or bridge with or without WEP. If mandatory, client devices must use WEP when communicating with the access point. Devices not using WEP are not allowed to communicate. WEP (Wired Equivalent Privacy) is an 802.11 standard encryption algorithm originally designed to provide with a level of privacy experienced on a wired LAN. The standard defines WEP base keys of size 40 bits or 104 bits.

10 Secure 802.11 WLANs WLAN industry recognized the vulnerabilities of 802.11 authentication and data privacy. Changes are being incorporated into the 802.11i draft standard. 802.11i has passed on June 25, 2004. Wi-Fi Alliance has put together a subset of the components of 802.11i called Wi-Fi Protected Access (WPA). This part of the presentation explains 802.11i and WPA.

11 Secure 802.11 WLANs Many mistakenly believe WEP to be the only component to WLAN security. Wireless security consists of four facets: 1.The Authentication Framework – The mechanism that accommodates the authentication algorithm by securely communicating messages between the client, AP, and authentication Server. 2.The Authentication Algorithm – Algorithm that validates the user credentials. 3.The Data Privacy Algorithm – Algorithm that provides data privacy across the wireless medium for data frames. 4.The Data Integrity Algorithm – Algorithm that provides data integrity across the wireless medium to ensure to the receiver that the data frame was not tampered with.

12 1. The Authentication Framework IEEE has addressed the shortcomings of 802.11 authentication by incorporating 802.1X authentication framework. 802.1X itself is an IEEE standard that provides all 802 link layer topologies with extensible authentication, normally seen in higher layers. 802.1X is based on a Point-to-Point (PPP) authentication framework known as Extensible Authentication Protocol (EAP). 802.11i incorporates the 802.1X authentication framework requiring its use for user-based authentication. 802.11i 802.1X (EAP) User-based authentication Mutual authentication Dynamic Key Generation WPA is a subset

13 1. The Authentication Framework EAP (RFC 2284) and 802.1X do not mandate the use of any specific authentication algorithm. Network administrator can use any EAP-compliant authentication type for either 802.1X or EAP authentication. The only requirement is that both the 802.11 client (known as the supplicant) and the authentication server support the EAP authentication algorithm. This open and extensible architecture lets you use one authentication framework in differing environments, each environment may use a different authentication type. 802.1X/EAP EAP-CiscoEAP-TLSEAP-PEAP 802.3802.5802.11 Authen. Method Authen. Framework Access Mechanism Differing environments Any EAP-compliant authentication type 802.1X

14 1. The Authentication Framework 802.1X requires three entities –Supplicant – Resides on WLAN client –Authenticator – Resides on AP –Authentication Server – Resides on RADIUS server

15 3. Data Privacy The encryption vulnerabilities in WEP present 802.11 vendors and the IEEE with a predicament: –How can you fix 802.11 encryption without requiring a complete replacement of AP hardware or client NICs? The IEEE answered this question with Temporal Key Integrity Protocol (TKIP) as part of 802.11i (and WPA). TKIP uses many key functions of WEP to maintain client investment of existing 802.11 equipment and infrastructure, but fixes several of the vlnerabilities to provide effective data-frame encryption.

16 3. Data Privacy The key enhancements with TKIP are: –Per-frame keying – The WEP key is quickly changed on a per- frame basis. –Message integrity check (MIC) – A check provides effective data- frame integrity to prevent frame tampering and frame replay. Solves statistical attacks such as Airsnort and the IV vulnerability. (FYI – To be included at a later date.) Changes WEP key used between client and AP before an attacker can collect enough frames to derive key bytes.

17 Broadcast key rotation (BKR) The Broadcast Key Rotation (BKR) feature, is also a TKIP enhancement. BKR protects the multicast traffic of the access point from being exploited by dynamically changing the multicast encryption key. The access point rotates the broadcast key after a configured broadcast WEP key timer expires. This process should generally be in sync with the timeouts configured on the RADIUS servers for user re-authentication. Broadcast key rotation is an excellent alternative to WEP key hashing. This is true if the WLAN supports wireless client devices that are not Cisco devices or that cannot be upgraded to the latest firmware for Cisco client devices. It is recommended that broadcast key rotation be enabled when the access point services an 802.1x exclusive wireless LAN. It is not necessary to enable broadcast key rotation if WEP key hashing is enabled. Use of both key rotation and key hashing provides unnecessary protection. When broadcast key rotation is enabled, only wireless client devices using LEAP or EAP- TLS authentication can use the access point. Client devices using static WEP with open, shared key, or EAP-MD5 authentication cannot use the access point when broadcast key rotation is enabled.

18 Advanced Encryption Standard (AES) WEP encryption and 802.11 authentication are known to be weak. IEEE and WPA are enhancing WEP with TKIP and providing robust authentication options with 802.1x. At the same time, IEEE is also looking to stronger encryption mechanisms. IEEE has adopted AES to the data-privacy section of the proposed 802.11i standard. WPA does not include support for AES encryption. Later versions of WPA are likely to be released to align with 802.11i for interoperable AES support. AES is the next generation encryption function approved by the National Institute of Standards and Technology (NIST).

19 Second generation encryption One issue is that AES requires a coprocessor or additional hardware to operate. This means that companies need to replace existing access points and client NICs to implement AES. Based on marketing reports, the currently installed base is relatively small compared to predicted future deployments. As a result, there will be a very large percentage of new WLAN implementations that will take advantage of AES when it becomes part of 802.11. On the other hand, companies that have already installed WLANs will need to determine whether it is worth the costs of upgrading for better security.

20 Second generation encryption AES specifies three key sizes, which are 128, 192, and 256 bits. It uses the Rijndael Algorithm. If someone where to build a machine that could recover a Data Encryption Standard (DES) key in a second, then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.

21 Cipher “Suite” Cipher suites are sets of encryption and integrity algorithms. Suites provide protection of WEP and allow use of authenticated key management. Suites with TKIP provide best security. Must use a cipher suite to enable: –WPA – Wi-Fi Protected Access –CCKM – Cisco Centralized Key Management

22 Security Levels

Download ppt "WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Review of Wireless LAN Security Chapter-9

Review of Wireless LAN Security Chapter-9
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Similar presentations

Ads by Google