IEEE 802.11 Wireless Local Area Networks (WLAN’s).

Slides:

Advertisements

Similar presentations

Web security: SSL and TLS

Advertisements

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Secure Socket Layer.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

WLAN What is WLAN? Physical vs. Wireless LAN

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Wireless Networking.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

SSL/TLS How to send your credit card number securely over the internet.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

Wireless security Wi–Fi (802.11) Security

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Wireless Network Security CSIS 5857: Encoding and Encryption.

WLAN Security1 Security of WLAN Máté Szalay

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Cryptography CSS 329 Lecture 13:SSL.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:

1. Introduction In this presentation, we will review ,802.1x and give their drawbacks, and then we will propose the use of a central manager to replace.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Wireless Protocols WEP, WPA & WPA2.

WEP & WPA Mandy Kershishnik.

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

IEEE i Dohwan Kim.

SSL (Secure Socket Layer)

Presentation transcript:

IEEE Wireless Local Area Networks (WLAN’s)

Two modes of operation: 2. Infrastructure Mode Clients and stations. Stations – Computers with NIC (Network Interface Cards) and Access Points (APs) 1. Ad-Hoc Mode The clients communicate directly with each other. No mediation is needed.

Communication With APs 3 stages: 1. Unauthenticated and Unassociated. 2. Authenticated and Unassociated. 3. Authenticated and Associated.

IEEE  WEP for security  Challenge/Response with symmetric key for authentication Wireless Protocols IEEE 802.1X  WEP for security  EAP for authentication

WEP- Wired Equivalent Privacy  Link layer security protocol.  Secures IEEE communications.  Based upon RC4 stream cipher encryption system, with symmetric key.

RC4 Shared Secret key Original text CRC32 Encrypted text IV clear IV Initialization vector RC4 Original text Shared Secret key IV Initialization vector Encrypted text IV clear CRC 40 bits64 bits 24 bits IV used 40 bits64 bits WEP protocol

Security problems in WEP  During the years, a lot of security problems have been discovered in WEP.  We will discuss the most important of those problems, which is known as the “IV Collisions” problem.

IV Collisions  Every once in a while, an IV gets reused.  C1 = P1  RC4(v,k)  C2 = P2  RC4(v,k)

IV Collisions (2) We get the following equation: C1  C2 = (P1  RC4(v,k))  (P2  RC4(v,k)) XOR is associative, and therefore: C1  C2 = P1  P2

WEP security is better than no security at all, but not by much The Bottom line

The Problem EAP assumes a secured connection to work with

Problems over an unsecured connection  Snooping the user ID  Forging / changing EAP packets  Denial of service  Offline dictionary attack  Man-in-the-middle  Authentication method downgrading attack  Breaking a weak key

Man-in-the-middle A B E MD5 EAP Request H(ID || KEY || R) EAP Failure H(ID || KEY || R) EAP Success

Possible Solutions  Mutual authentication  Cryptographic connection between authentication methods  Using a limited number of unsecured authentication methods  Preferring one strong method over a large number of weak ones.

Possible Solutions (2)  Using authentication method that derives a symmetric key, prevents replay attack and promises message integrity  The authentication method should be safe against dictionary attack

One method has all the above advantages:

Quick summary of TLS CCS Application Handshake protocol Alert Record Protocol TCP

Quick summary of TLS (2) Client Server TCP three-way handshake Client Hello Server Hello CA Certificate Server done Client Key Exchange Enc (Pub(s), ) Both sides perform a known calculation to derive the Master Key

Quick summary of TLS (3) Client Server CCS (ID) FIN MAC authentication of all former messages CCS (ID) FIN MAC authentication of all former messages Data transfer (encrypted by the Master Key)

EAP - TLS Code Identifier Length Type Flags TLS message length TLS Data

EAP –TLS (2) Peer Authenticator EAP Request EAP Response EAP Request, type = EAP-TLS EAP Response, type = EAP-TLS EAP Request, type = EAP-TLS

EAP-TLS (3) Peer Authenticator EAP Response, type = EAP-TLS EAP Request, type = EAP-TLS EAP Response, type = EAP-TLS EAP Success / EAP Failure

Session resumption  The SessionID field in the TLS Client Hello Message should be the same as the ID of the session to return to.  The authenticator sends EAP request with TLS Server Hello, TLS CCS (using the former session CCS ID), and TLS FIN.  The peer sends EAP response with TLS CCS using the same ID, and TLS FIN.  The protocol continues as in the standard EAP-TLS.

Session resumption (2) Advantages of session resumption:  Quick renewal of connections.  Handling roaming in WLAN.

Key Derivation PRF1 = PRF (Master Secret, "Client EAP Encryption", Random ) PRF2 = PRF ("", "Client EAP Encryption", Random) PRF1 is 128 bytes long. PRF2 is 64 bytes long.

Key Derivation (2) PRF1 Client’s ENC KeyServer’s ENC KeyClient’s Auth KeyServer’s Auth Key PRF2 Client’s IV Server’s IV

Fragmentation  The first fragment raises the L, M and S flags. The total TLS message length is also included.  All other fragments, except the last, raise the M flag. The identification field in the EAP header increases by 1 with each fragment.  Every EAP with a TLS fragment is responded by an EAP packet with no data as an Ack.