J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II.

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE Wireless Local Area Networks (WLAN’s).
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part I.
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IWD2243 Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL1.
1/17 Bluetooth Security Ain Shams University Faculty of Engineering Integrated Circuits Lab Presented by: Mohammed Abdelsattar Ismail Sameh Talal Magd-El-Din.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
Wireless Networking.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
IWD2243 Wireless & Mobile Security Chapter 4 : Security in Wireless Ad Hoc Network Prepared by : Zuraidy Adnan, FITM UNISEL1.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
WEP Protocol Weaknesses and Vulnerabilities
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Wireless security Wi–Fi (802.11) Security
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
Wireless Network Security CSIS 5857: Encoding and Encryption.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Module 48 (Wireless Hacking)
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Chapter 6 Wireless Network Security
Wireless Protocols WEP, WPA & WPA2.
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
Wireless Security Ian Bodley.
IEEE i Dohwan Kim.
Wireless Network Security
Mobile and Wireless Network Security
Presentation transcript:

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Wireless Network Security Part II

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and WLAN Standards 6.2 WEP: Wired Equivalent Privacy 6.3 WPA: Wi-Fi Protected Access 6.4 IEEE i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

J. Wang. Computer Network Security Theory and Practice. Springer 2008 WPA:  A rush solution to the security problems of WEP WPA2:  Based on i (official version) Encrypt and authenticate MSDUs: counter mode-CBC MAC protocol with AES-128 Authenticate STAs: 802.1X  Initialization vectors transmitted in plaintext are no longer needed to generate per-frame keys  But most of the existing Wi-Fi WPA cards cannot be upgraded to support i WPA 2 Overview

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Key Generation Same key hierarchy as WPA  256-bit pairwise master key (PMK)  Four 128-bit pairwise transient keys (PTKs)  384-bit temporal key for CCMP in each session Pseudorandom number generated based on SMAC, SNonce, AMAC, Anonce Exchanged following the 4-way handshake protocol Divided into three 128-bit transient keys:  Two for connection between STA and AP  One as a session key for AES-128

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Encryption: Ctr = Ctr 0 C i = AES-128 K (Ctr + 1)  M i i = 1, 2, …, k Authentication and integrity check: C i = C i = AES-128 K (C i–1  M i ) i = 1, 2, …, k CCMP Encryption and MIC

J. Wang. Computer Network Security Theory and Practice. Springer i Security Strength and Weakness Cryptographic algorithms and security mechanism are superior to WPA and WEP However, still vulnerable to DoS attacks:  Rollback Attacks RSN devices can communicate with pre-RSN devices Attacker tricks an RSN device to roll back to WEP Let RSN APs decline WEP or WPA connections???

J. Wang. Computer Network Security Theory and Practice. Springer i Security Weakness  RSN IE Poisoning Attacks Against 4-way handshake protocol Attacker can forge message with wrong RSN IE and disconnects STA from AP  De-Association Attacks Break an existing connection between an STA and an AP using forged MAC-layer management frames

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and WLAN Standards 6.2 WEP 6.3 WPA 6.4 IEEE i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Proposed in 1998 as an industrial standard For building ad hoc wireless personal area networks (WPANs) IEEE standard is based on Bluetooth Wireless devices supported:  Different platforms by different vendors can communicate with each other  Low power, limited computing capabilities and power supplies Implemented on Piconets Overview

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Self-configured and self-organized ad-hoc wireless networks Dynamically allow new devices to join in and leave ad- hoc network  Up to 8 active devices are allowed to use the same physical channel  All devices in piconet are peers  One peer is designated as master node for synchronization  The rest are slave nodes  MAX 255 devices connected in a piconet  Node’s state: parked, active, and standby  A device an only belong to one piconet at a time Bluetooth: Piconets

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Scatternet schematic Scatternets: Overlapped Piconets

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Nodes in the same piconet share the same personal identification number (PIN) Nodes generate share secret key for authentication  Generates a 128-bit initialization key based on the PIN  Generates a 128-bit link key (combination key) to authenticate and create encryption key Uses a stream cipher E 0 to encrypt payload Uses a block cipher SAFER+ to construct three algorithms E 1, E 21, and E 22 for generating subkeys and authenticating devices Secure Pairings

J. Wang. Computer Network Security Theory and Practice. Springer 2008 To Authenticate Bluetooth device An enhancement of SAFER (Secure And Fast Encryption Routine) A Fiestel cipher with a 128-bit block size Two components:  Key scheduling component  Encryption component Eight identical rounds (two subkeys for each round) An output transformation (one subkey) SAFER+ Block Ciphers

J. Wang. Computer Network Security Theory and Practice. Springer 2008 K = k 0 k 1 …k 15, a 128-bit encryption key. k 16 = k 0  k 1  …  k bit subkeys K 1, K 2, …, K 17 : SAFER+ Subkeys K 1  k 0 k 2 k 3 …k 15 for j = 0,1,…,16 do k j <- LS 3 (k j ) K 2  k 1 k 2 k 3 …k 16 xor 8 B 2 for i = 3, 4, …, 17 do for j = 0,1,…,16 do k j  LS 3 (k j ) K i  k i-1 k i k i+1 …k 16 k 0 k 1 …k i-3 xor 8 B i-3 B i : a bias vector B i [j] = ( i+j+i mode 257 ) mod 257) mod 256 j = 0,1,….,15, B i = B i [0] B i [1] … B i [15] i = 2,3,….17,

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Schematic of SAFER+ subkey generation

J. Wang. Computer Network Security Theory and Practice. Springer 2008 SAFER+ Encryption Encryption Rounds Let X = x 1 x 2 …x 2k-1 x 2k, where x i is a byte Pseudo Hadamard Transform (PHT): PHT(X) = PHT(x 1, x 2 )||…||PHT(x 2k-1, x 2k ) PHT(x,y) = (2x+y) mod 2 8 || (x+y) mod 2 8 Armenian Shuffles (ArS): ArS (X) = x 8 x 11 x 12 x 15 x 2 x 1 x 6 x 5 x 10 x 9 x 14 x 13 x 0 x 7 x 4 x 3 where X is a 16-byte string  Table look up on two S-boxes for e and l : e(x) = (45 x mod ( )) mod 2 8 l is e -1 : l(y) = x if e(x) = y   and  8 with two subkeys  The i -th round in SAFER+:

J. Wang. Computer Network Security Theory and Practice. Springer 2008  Output Transformation:  After eight rounds, the output transformation component applies K 17 and Y 9 as applying K 2i-1 to Y i without using S-box and generate ciphertext block C.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Algorithm E 1 E 1 takes the following parameters as input:  K : 128-bit key   : 128-bit random string   : 48-bit address and outputs a 128-bit string: A r is original SAFER+ is modified SAFER+, which combines the input of round 1 to the input of round 3 to make the algorithm non- invertible is obtained from K using  and  8 (see p. 238) E(  ) =  ||  ||  [0:3]

J. Wang. Computer Network Security Theory and Practice. Springer 2008 E 21 takes  and  as input: E 21 (ρ, α) = A’ r (ρ’, E(α)) ρ’= ρ[0:14]|| (ρ[15]  ) Bluetooth Algorithm E21

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Algorithm E22

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Initialize Key: K init = E 22 (PIN, In_RAND A, BD_ADDR B ) D A and D B create link key: D A sends (LK_RAND A  K init ) to D B D B sends (LK_RAND B  K init ) to D A K AB = E 21 (LK_RAND A, BD_ADDR A )  E 21 (LK_RAND B, BD_ADDR B ) D A authenticates D B : D A sends AU_RAND A to D B D B sends SRES A to D A where SRES A = E ( K AB, AU_RAND A, BD_ADDR B ) [0:3] D A verifies SRES A Bluetooth Authentication

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Bluetooth Authentication Diagram

J. Wang. Computer Network Security Theory and Practice. Springer 2008 PIN Cracking Attack Malice intercepts an entire pairing and authentication session between devices D A and D B

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Malice cracks the PIN by brute force: Enumerate all 2 48 possible values of PIN Use IN_RAND A from Message 1 and BD_ADDR B to compute a candidate: K’ init = E 22 (PIN’, In_RAND A, BD_ADDR B ) Use K’ init to XOR Message 2 and Message 3 to obtain LK_RAND’ A and LK_RAND’ B. Then compute K’ AB = E 21 (LK_RAND’ A, BD_ADDR A )  E 21 (LK_RAND’ B, BD_ADDR B ) Use AU_RAND A from Message 4, K’ AB, and BD_ADDR B to compute SRES’ A = E 1 (AU_RAND A, K’ AB, BD_ADDR B ) [0:3] Verify if SRES’ A = SRES A using Message 5 May use Messages 6 and 7 to confirm the PIN code PIN Cracking Attack

J. Wang. Computer Network Security Theory and Practice. Springer 2008 A new pairing protocol to improve Bluetooth security Secure simple pairing (SSP) protocol:  Use elliptic-curve Diffie-Hellman (ECDH) key exchange algorithm to replace PIN To resist PIN cracking attack  Use public key certificates for authentication. To prevent man-in-the-middle attack. Bluetooth Secure Simple Pairing

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 6 Outline 6.1 Wireless Communications and WLAN Standards 6.2 WEP 6.3 WPA 6.4 IEEE i/WPA2 6.5 Bluetooth Security 6.6 Wireless Mesh Network Security

J. Wang. Computer Network Security Theory and Practice. Springer 2008 An AP may or may not connect to a wired network infrastructure Each STA is connected to one AP WMNs vs. WLANs:  WLANs: star networks  WMNs: multi-hop networks A region:  An AP and all the STAs connected to it  Can be viewed as a WLAN  Can apply the i/WPA2 security standard Wireless Mesh Network (WMN)

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Blackhole Attack.  Impersonate a legitimate router and drop packet instead of forwarding it  Coax users to use his router Wormhole Attack  Reroute packets from one region to another Rushing Attacks  Target at on-demand routing protocols: Router must forward the 1st route request packet and drop the subsequent packets from the same source to reduce clutter  Rush an impersonated route request before the legitimate one arrives Router-Error-Injection Attacks  Injecting certain forged route-error packets to break normal communication Security Holes in WMNs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.