E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Slides:

Advertisements

Similar presentations

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Implementing Wireless LAN Security

Security+ Guide to Network Security Fundamentals, Third Edition

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

IEEE Wireless Local Area Networks (WLAN’s).

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

WLAN What is WLAN? Physical vs. Wireless LAN

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Mobile and Wireless Communication Security By Jason Gratto.

Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless and Security CSCI 5857: Encoding and Encryption.

Wireless Networking.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

WEP Case Study Information Assurance Fall or Wi-Fi IEEE standard for wireless communication –Operates at the physical/data link layer –Operates.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.

IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004

Lecture 24 Wireless Network Security

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Wireless security Wi–Fi (802.11) Security

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)

Authentication and handoff protocols for wireless mesh networks

Wireless Protocols WEP, WPA & WPA2.

We will talking about : What is WAP ? What is WAP2 ? Is there secure ?

WEP & WPA Mandy Kershishnik.

IEEE i Dohwan Kim.

Presentation transcript:

E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11 Security - 2 Dr. Kemal Akkaya E-mail: kemal@cs.siu.edu Wireless & Network Security 1

How about using Virtual Private Networking (VPN) for better Security? Deploying a secure VPN over a wireless network can greatly increase the security of your data Idea behind this is to treat the wireless network the same as an insecure wired network (the internet). Any user get authenticates through a server Can use the network as if he/she is on the network Campus network, business etc. Not a good solution: Overhead Deployment Performance Susceptible to denial of service (DOS) attacks, along with any attack against the specific VPN Wireless & Network Security 2

Solutions for better IEEE 802.11 Security IEEE 802.1x Per-user authentication Key distribution mechanism Wi-Fi Protected Access (WPA) Proposed in 2003 Subset of 802.11i Two forms: 802.1x + EAP + TKIP + MIC Pre-shared Key + TKIP + MIC IEEE 802.11i – WPA2 802.1x + EAP + AES + CCM But WEP is still in wide use Wireless & Network Security 3

IEEE 802.1X 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks. Uses EAP (Extensible Authentication Protocol) for implementation It works along with the 802.11 protocol to manage authentication for WLAN clients Centralized authentication All clients go through APs Interoperability: Can work along with NICs running WEP Three main components: Supplicant Authenticator Authentication Server Wireless & Network Security 4

IEEE 802.1X Authentication Process Client makes an association with AP AP places client in an unauthenticated holding area; AP sends an authentication request to client Client sends user ID to AP, which forwards it to server Server sends challenge via AP to client Challenge type up to vendor Secret info is not sent over air in plaintext Client responds to challenge Server verifies response, provides fresh session keys Wireless & Network Security 5

IEEE 802.1X Authentication Process Authentication session Auth Server “RADIUS” AP Client Let me in! What’s your ID? ID = xxx@yyy.local Is xxx@yyy.local OK? Prove to me that you are xxx@yyy.local The answer is “xxx” Let him in. Here is the session key. Come in. Here is the session key. http://www.yahoo.com network EAP Challenge/ Authentication Encrypted session Wireless & Network Security 6

WPA (Wi-Fi Protected Access) Pre-standard subset of IEEE 802.11i Interim solution to run on existing wireless hardware Uses Temporal Key Integrity Protocol (TKIP) for data encryption and confidentiality On October 31, 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA). TKIP Changes Still uses RC4, 128 bits for encryption Key mixing function for combining the secret root key with the IV Merely concatenation in WEP Provisions for changing base keys Secret part of encryption key changed in every packet Avoids weak keys IV acts as a sequence counter Starts at 0, increments by 1 Against replay attacks Packets received out of order will be rejected by the AP Wireless & Network Security 7

WPA Changes for Integrity Includes Michael: a Message Integrity Code (MIC) 64 bits Replaces the CRC Different keys for MIC and encryption Observer cannot create new MIC to mask changes to data Computationally Efficient Increases IV from 24 bits to 64 bits 900 years to repeat an IV at 10k packets/sec For WEP this is done in 30 mins Authentication 2 forms based on 802.1X: Per-user based: Public key Pre-shared key: same key – WPA-PSK Wireless & Network Security 8

Final Standard: 802.11i The long-awaited security standard for wireless Ratified in June 2004 Also known as WPA2 for the market Another name is Robust Security Network (RSN) Hardware manufactured before 2002 is likely to be unsupported AES requires a new dedicated chip From March 2006, WPA2 certification is mandatory for all new devices Addresses the main problems in WEP Components: 802.1X based Authentication CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) RSN based associations Wireless & Network Security 9

More WPA2 CCMP Key Caching Pre-authentication Uses Advanced Encryption Standard (AES) Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key and a 128-bit block. Uses CCM Encrypts data and MIC Key Caching Skips re-entering of the user credential by storing the host information on the network APs can store keys Fast re-connection Pre-authentication If previously authenticated Allows client to become authenticated with an AP before moving to it Uses previous authentication info Useful in encrypted VoIP over Wi-Fi Fast Roaming Wireless & Network Security 10

802.11i Summary Wireless & Network Security 11