Wireless Security Chi-Shu Ho, Raymond Chi CS265 Cryptography and Computer Security SJSU November 18, 2003.

Slides:



Advertisements
Similar presentations
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Advertisements

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
1 MD5 Cracking One way hash. Used in online passwords and file verification.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE Wireless Local Area Networks (WLAN’s).
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Networks Olga Agnew Bryant Likes Daewon Seo.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
WLAN What is WLAN? Physical vs. Wireless LAN
IE 419/519 Wireless Networks Lecture Notes #4 IEEE Wireless LAN Standard Part #2.
Wireless Versus Wired Network Components By: Steven R. Yasoni & Dario Strazimiri.
Wireless LANs Ethernet and all its enhancements is the major wired LAN architecture today Beyond Ethernet, the fastest growing LAN architecture is wireless.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless Networking.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Chapter 8 Connecting Wirelessly
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Wireless Insecurity By: No’eau Kamakani Robert Whitmire.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Wireless Networks Standards and Protocols & x Standards and x refers to a family of specifications developed by the IEEE for.
Dependability in Wireless Networks By Mohammed Al-Ghamdi.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Module 48 (Wireless Hacking)
Instructor Materials Chapter 6 Building a Home Network
Wireless Technologies
Wireless Protocols WEP, WPA & WPA2.
Wireless LAN Security 4.3 Wireless LAN Security.
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Presentation transcript:

Wireless Security Chi-Shu Ho, Raymond Chi CS265 Cryptography and Computer Security SJSU November 18, 2003

Wireless Networks  According to PC Magazine, 14 million American household equipped with PC based data networks by end of 2003  40% are wireless networks  Growing in popularity due to –Convenience compare to traditional wired networks –price cuts of wireless networking components, full setup for under $200  Commercial establishments offering wireless access as ways to attract customers.  They are everywhere! Parents have filed lawsuits against some (elementary) schools for putting up wireless access points!

Standards  IEEE formed 802 working group in 1980s –Researchers, academics, and industrial professionals working toward the development of an industry standard  Adopted 802 standard as the ground level networking standard in –802.3 for Ethernet networking – for wireless networking in 1997  Incremental enhancements of –802.11a, b, g

Basics  Operating Frequency  US: Ghz  Europe: Ghz  Japan: Ghz  France: Ghz  Spain: Ghz  Transfer Rate: 1.2mbps  Mechanism:  Direct Sequence Spread Spectrum (DSSS)   Frequency Hopped Spread Spectrum (FHSS) 

The Big Three  b –A Great Leap Forward First major revision of , approved in 1999 –Frequency: 2.4Ghz –Transfer Rate (theoretical): 1, 2, 5.5, 11Mbps –Transfer Rate (throughput): 4Mbps (average) –Mechanism: Direct Sequence Spread Spectrum (DSSS) –Channels Available: 11 (3 non-overlapping) –Maximum Range: 175ft (average) –Pros: Cost, Range –Cons: 2.4Ghz is unlicensed, overcrowded, microwave oven, cordless phone, bluetooth device…

The Big Three  a –Faster and Faster Approved and ratified by IEEE in in 2001 –Frequency: 5.8Ghz –Transfer Rate (theoretical): up to 54Mbps –Transfer Rate (throughput): 20-30Mbps (average) –Mechanism: Orthogonal Frequency Division Multiplexing (OFDM) –Channels Available: 12 (all non-overlapping) –Maximum Range: 80ft (average) –Pros: increased data rate, less interference –Cons: short range, lack of backward compatibility with b

The Big Three  g –New Guy on the Block –Frequency: 2.4Ghz –Transfer Rate (theoretical): up to 54Mbps –Transfer Rate (throughput): 20-30Mbps (average) –Mechanism: Complimentary Code Keying (CCK), backward compatible with DSSS –Channels Available: 3 (1, 6, 11) –Maximum Range: 175ft (average) –Pros: compatible with b, speed –Cons: relatively new

Security Mechanism  Authentication –Between stations and access points (AP)  Data Encryption –Wired Equivalent Privacy (WEP)

Authentication  Ad-Hoc Mode –Direct station to station connection  Infrastructure Mode –Connection through Access Point (AP) –Process of finding an access point and establish connection has the following 3 states 1: Unauthenticated and unassociated 2: Authenticated and unassociated 3: Authenticated and associated

State 1  Unauthenticated and unassociated  In this state when a wireless station is searching for an access point.  Finds AP by –Listen for AP’s beacon management frame –Knowing AP’s Service Set Identifiers (SSID) Sending out probe request to locate desired access point

State 2  Authenticated and unassociated  After station finds AP, a series of message is exchanged to authenticate each other’s identity  Open System Authentication –Station sends message, AP determines whether to grant access or not  Shared key Authentication –Uses WEP to determine if a station has access authentication –AP and station shares a secret key –AP sends a 128bit generated challenge text –Station encrypts and sends data back to AP –Grant access if AP can decrypt it using the shared key

State 3  Authenticated and associated  After both parties have been authenticated, the station is in state 2.  It then sends an association request, and AP accepts the request.  Useful for roaming

Wired Equivalent Privacy  Encryption standard defined by the IEEE Standard  Uses a shared secret key for both encryption and decryption  Distribution of shared secret key to stations is not standardized.  Based on RC4 stream cipher  has built-in defense against known attacks  Initialization Vector (24-bit) concatenated with 40-bit shared secret key to produce different RC4 key for each packet  Integrity Check (IC) field to protect content

WEP Encryption

WEP Frame IVDataIC Header WEP Only Protects DATA Not Physical Layer Transmissions

Good Guy vs Bad Guy

How to make your wireless network secure?  SSID –Configure AP not to broadcast SSID, station has to know SSID in advance to connect.

SSID Weakness!  SSID is sent across the wireless network in plaintext! –Not difficult to configure off the shelf equipment to sniff for wireless traffic  Imposter Access point can easily be set up –How do you know you’ve connected to the right AP?

SSID Map

Network Stumbler

How to make your wireless network secure?  Access Control Lists –Base on MAC address –Configure AP to only allow connection from ‘trusted’ stations with the right MAC address –Most vendors support this, although not in the standard

MAC Weakness  MAC address can be sniffed by an attacker because they are again sent in the clear!  MAC addresses can be easily changed via software (no guarantee of uniqueness!)

How to make your wireless network secure?  Use WEP encryption/decryption as authentication mechanism  Use WEP to encrypt data transmitted to guard against eavesdropping

WEP Weakness  WAP’s security mechanism not implemented correctly!!!  IC field is to protect data integrity, but CRC-32 is linear (flipping a bit in the message causes a set number of bits to flip in the IC)!  IV is 24-bit, too short! Easily capture ciphertext with the same IV. Same IV => same encryption key => attacker can obtain multiple key/ciphertext pair for statistical analysis.  Secret Key is too short, 40 bits, shared, cannot be updated frequently!  AirSnort (  AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

WEP Conclusion  Existing security mechanism of is very weak and can only provide protection against incompetent “script kiddy”  Unless other security mechanism are used, determined hackers will be able to break all the security measures in  Example of designing security features without consulting experts!!  Ok for home use, insufficient for company to use  What can you do? –Hide (good/random) SSID, MAC list –Increase secret key length, change frequently –WPA, i

WPA (Wi-Fi Protected Access)  Improved data encryption through the temporal key integrity protocol (TKIP). –48-bit initialization vector –Per packet key mixing function, automatically generates a new unique encryption key periodically for each client –Message integrity check (Michael) Calculates an 8-byte MIC, placed between the data portion of frame and the IV, encrypted –Dynamic key encryption  Enterprise level User authentication via 802.1x and EAP –Utilize a central authentication server (such as RADIUS) to authenticate user on the network before they join in –Mutual authentication, station doesn’t join rogue network that might steal its network credentials. –For SOHO environment, operates in Pre-Shared Key mode  Forward compatible with i (subset of i that are ready for market today), Designed to run on existing hardware as a software upgrade  Interim standard that will be replaced with the IEEE’s i standard upon its completion (potential DOS attack?)

802.11i  Currently in draft form includes an Enhanced Security Network (ESN) that uses 802.1x to deliver its authentication and key management services  i will also provide key distribution, data origin authentication and replay detection.  All stations and access points in an ESN must contain an 802.1x port entity and an i authentication agent.  An authentication server that participates in the authentication of all mobile devices and access points. It may authenticate these devices itself or it may provide information that the devices can use to authenticate each other.

References  –Contains many excellent links to  Security (problems) of the WEP algorithm ( –Group that published the WEP weakness  Fi_Protected_Access_Overview.pdf Fi_Protected_Access_Overview.pdf  Schwartz, Ephraim. Researchers Crack New Wireless security Spec. InfoWorld hnwifispec.xml 214hnwifispec.xml  WPA Security Enhancements ( fiplanet.com/tutorials/article.php/ )