Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1

 IEEE Wireless LAN Overview  IEEE i Wireless LAN Security  Wireless Application Protocol Overview  Wireless Transport Layer Security

 IEEE is a standard for wireless LANs and referred to as Wi-Fi  IEEE i specifies security standards for IEEE LANs, including authentication, data integrity, data confidentiality, and key management  Wireless Application Protocol (WAP) gateway is a standard providing mobile users(wireless phones and other wireless terminals) access to telephony and information services (Internet & Web)  Wireless Transport Layer Security (WTLS) provides security services between mobile device and WAP gateway to the Internet

 IEEE 802 is a committee developed standards for a wide range of local area networks (LANs)  IEEE is a committee developed a protocol and transmission specifications for wireless LANs (WLANs) 1990 in

 Physical layer (lowest layer of the IEEE 802 reference model)  Physical layer functions are:  Encoding/decoding of signals  Bit transmission/reception  Specification of transmission medium  Defines frequency bands and antenna characteristics  IEEE specifies five distinct frequency ranges: 2.4 GHZ, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz  Each range is divided into a multitude of channels  IEEE specifies five distinct frequency ranges: 2.4 GHZ, 3.6 GHz, 4.9 GHz, 5 GHz, and 5.9 GHz  Each range is divided into a multitude of channels

ChannelChannel width –2.423 GHz –2.428 GHz –2.433 GHz –2.438 GHz –2.443 GHz –2.448 GHz –2.453 GHz –2.458 GHz –2.463 GHz –2.468 GHz –2.473 GHz –2.478 GHz –2.483 GHz –2.495 GHz

 Media Access Control (MAC) is an access controller to the transmission medium  MAC layer receives data from Logical Link Control (LLC) layer in form of a block of data known as MAC service data unit (MSDU)  MAC layer functions are: 1. On transmission, assemble data into a frame MAC protocol data unit (MPDU) with address and error- detection fields 2. On reception, disassemble frame, perform address recognition, error detection and discarding any frames containing errors 3. Govern access to LAN transmission medium

 MAC Control: contains any protocol control information needed for functioning of MAC protocol (priority level)  Destination MAC Address: The destination physical address on LAN  Source MAC Address: The source physical address on LAN  MAC Service Data Unit: The data from the next higher layer  CRC (cyclic redundancy check field) also known as Frame Check Sequence (FCS) field is an error-detecting code

 LOGICAL LINK CONTROL (LLC) (higher layer of the IEEE 802 reference model)  LLC layer functions are:  Preserve successfully received frames  Retransmit unsuccessful frames

BSS: Basic Service Set DS: Distribution system AP: Access Point IBSS: I ndependent BSS ESS: Extended Service Set consists of two or more BSS interconnected by a distribution system

 Association: establishes an initial association between a station and an AP  Reassociation: establishes an association between one AP to another, allowing a mobile station to move from one BSS to another  Disassociation: A notification from a station or an AP for a terminated association

 Integration service enables transfer of data between a station on an IEEE LAN and a station on an integrated IEEE 802.x LAN  Distribution is used by stations to exchange MPDUs  Deauthentication frame is send by AP or a Station when all communications are terminated

wired LANwireless LAN to transmit over a wired LAN, a station must be physically connected to the LAN any station within radio range can transmit to receive over a wired LAN, a station must be physically connected to the LAN any station within radio range can receive Increased need for robust security services and mechanisms for wireless LANs

IEEE i Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Robust Security Network (RSN )

 Authentication: A protocol provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link  Access control: A protocol enforces using authentication function, routes messages properly, and facilitates key exchange  Privacy with message integrity: MPDU are encrypted along with a message integrity code that ensures that the data have not been altered

 Wireless Application Protocol (WAP) is standard developed by WAP forum to provide mobile users of wireless phones and other wireless terminals access to telephony and information services (Internet & Web)

1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation

 Cryptographic techniques: provides services for signing of data for integrity and non-repudiation purposes  Authentication: provides mechanisms for client and server authentication. Transport Services layer (TLS) handshakes may be used to authenticate clients and servers  Identity: provides functions to process information needed for user identification  Public key infrastructure (PKI) supports distribution and identification of public encryption keys

 WTLS provides security services between the mobile device (client) and the WAP gateway  WTLS Security services 1. Data integrity: uses message authentication to ensure that data sent between client and gateway are not modified 2. Privacy: uses encryption to ensure that data cannot be read by third party 3. Authentication: uses digital certificates to authenticate two parties 4. Denial-of-service protection: detects and rejects messages that are replayed or not successfully verified

22

1. nnetworks-wlan-security-and-analysis nnetworks-wlan-security-and-analysis 2. hannels hannels