Module-8 Wireless LAN Security ,Vulnerabilities and Attack Methods

Slides:



Advertisements
Similar presentations
CWSP Guide to Wireless Security
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals, Third Edition
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
IEEE Wireless Local Area Networks (WLAN’s).
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Networking Wireless Vulnerabilities and Attacks Module-10 Jerry Bernardini Community College of Rhode Island 6/24/20151Wireless Networking J.
The Final Nail in WEP’s Coffin Andrea Bittau, Mark Handley – University College London Joshua Lackey - Microsoft CPS372 Gordon College.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Security – Wired Equivalent Privacy (WEP) By Shruthi B Krishnan.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
WLAN What is WLAN? Physical vs. Wireless LAN
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)
CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
CWNA Guide to Wireless LANs, Second Edition Chapter Eight Wireless LAN Security and Vulnerabilities.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
1 Wireless Threats 1 – Cracking WEP Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
How To Not Make a Secure Protocol WEP Dan Petro.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
CWNA Guide to Wireless LANs, Third Edition Chapter 9: Wireless LAN Security Vulnerabilities.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Wireless LAN Security Daniel Reichle Seminar Security Protocols and Applications SS2003.
Wireless Protocols WEP, WPA & WPA2.
WEP & WPA Mandy Kershishnik.
Wireless Security Ian Bodley.
CSE 4905 WiFi Security I WEP (Wired Equivalent Privacy)
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Presentation transcript:

Module-8 Wireless LAN Security ,Vulnerabilities and Attack Methods CWNA Guide to Wireless LANs, Second Edition Chapter Eight CWNA Official Study Guide, Fourth Edition Chapter Nine

Objectives Define information security Explain the basic security protections for IEEE 802.11 WLANs List the vulnerabilities of the IEEE 802.11 standard Describe the types of wireless attacks that can be launched against a wireless network

Security Principles: What is Information Security? Information security: Task of guarding digital information Information must be protective -on the devices that store, manipulate, and transmit the information through products, people, and procedures. Information that must be protected are CIA Confidentiality Only authorized parties can view information Integrity Information is correct and unaltered Availability Authorized parties must be able to access at all times

Security Principles: What is Information Security?

Challenges of Securing Information Trends influencing increasing difficultly in information security: Speed of attacks Sophistication of attacks Faster detection of weaknesses Day zero attacks Distributed attacks The “many against one” approach Impossible to stop attack by trying to identify and block source

Categories of Attackers Six categories of attackers: Hackers - Not malicious; expose security flaws, “ethical attackers” Crackers – Violates system security with malicious intent Script kiddies- Break into computers to create damage Spies – Hired to break in and steal information Employees-Unhappy employees that steal, damage and change information Cyber-terrorists- Steal, damage and change information for ideology or extreme beliefs

Security Attackers Profiles

Categories of Attackers Based Upon Skill Three categories of attackers: Wannabees – Script kiddies Gonnabees – Moderate to high level of skill Killerbees –Gonnabees with very good human engineering (Social Engineering) knowledge

Social Engineering Threats Social Engineering - The technique of persuading people to give you something that they should not give you (passwords, pins, codes, accounts, etc….) One of the most dangerous and most successful methods of hacking The potential of rendering even the most sophisticated security solution useless Sources The Help Desk On-site Contractors Employees(end users)

Eavesdropping vs. Hacking Eavesdropping - reading frames but not deciphering MacStumbler KisMac NetStumbler KisMet Easy Wi-Fi Radar Hacking – Understanding the frames Wireshark OmniPeek AiroPeek AirMagnet Javvin Comm View

Security Organizations Many security organizations exist to provide security information, assistance, and training Computer Emergency Response Team Coordination Center (CERT/CC) Forum of Incident Response and Security Teams (FIRST) InfraGard Information Systems Security Association (ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS) Institute

Basic IEEE 802.11 Security Protections Data transmitted by a WLAN could be intercepted and viewed by an attacker Important that basic wireless security protections be built into WLANs Three categories of WLAN protections: Access control Wired equivalent privacy (WEP) Authentication Some protections specified by IEEE, while others left to vendors

Access Control Security Intended to guard one of the CIA’s Availability of information Wireless access control: Limit user’s access to AP by Filtering MAC addresses Media Access Control (MAC) address filtering: Based on a node’s unique MAC address Can be defeated by Spoofing a MAC address

Access Control Filtering MAC address filtering considered to be a basic means of controlling access Requires pre-approved authentication Difficult to provide temporary access for “guest” devices

Wired Equivalent Privacy (WEP) Guard the Confidentiality of CIA Ensure only authorized parties can view it Used in IEEE 802.11 to encrypt wireless transmissions “Scrambling Cryptography: Science of transforming information so that it is secure while being transmitted or stored scrambles” data Encryption: Transforming plaintext to ciphertext Decryption: Transforming ciphertext to plaintext Cipher: An encryption algorithm Given a key that is used to encrypt and decrypt messages Weak keys: Keys that are easily discovered

WEP Cryptography

WEP Implementation IEEE 802.11 cryptography objectives: Efficient Exportable Optional Reasonably strong Self-synchronizing WEP relies on secret key “shared” between a wireless device and the AP Same key installed on device and AP A form of Private key cryptography or symmetric encryption

WEP Symmetric Encryption

WEP Characteristics WEP shared secret keys must be at least 40 bits Most vendors use 104 bits Options for creating WEP keys: 40-bit WEP shared secret key (5 ASCII characters or 10 hexadecimal characters) 104-bit WEP shared secret key (13 ASCII characters or 16 hexadecimal characters) Passphrase (16 ASCII characters) APs and wireless devices can store up to four shared secret keys Default key one of the four stored keys Default key used for all encryption Default key can be different for AP and client

WEP Keys - Key order must be the same for all devices - Default Keys can be different for each device

WEP Encryption Process Step-1 CRC ( Text) = ICV CRC= Cyclic Redundancy Check ICV = Integrity Check Value IV = Initialization Vector 24-bit changes for each encryption Step-2 IV + Secrete Key =“seed” PRNG = Pseudo-Random Number Step-3 PRNG (seed) = “Keystream” Step-4 (Text+ICV) XOR (Keystream) =Ciphertext Step-5 IV + Ciphertext = Transmission A B XOR 0 0 0 1 0 1 0 1 1 1 1 0

WEP Stream Cipher When encrypted frame arrives at destination: Receiving device separates IV from ciphertext Combines IV with appropriate secret key Create a keystream Keystream used to extract text and ICV Text run through CRC Ensure ICVs match and nothing lost in transmission Generating keystream using the PRNG is based on the RC4 cipher algorithm Stream Cipher

Authentication IEEE 802.11 authentication: Process in which AP accepts or rejects a wireless device Open system authentication: Wireless device sends association request frame to AP Carries info about supported data rates and service set identifier (SSID) AP compares received SSID with the network SSID If they match, wireless device authenticated Shared key authentication: Uses WEP keys AP sends the wireless device the challenge text Wireless device encrypts challenge text with its WEP key and returns it to the AP AP decrypts returned result and compares to original challenge text If they match, device accepted into network

Vulnerabilities of IEEE 802.11 Security IEEE 802.11 standard’s security mechanisms for wireless networks have fallen short of their goal Vulnerabilities exist in: Authentication Address filtering WEP

Open System Authentication Vulnerabilities Inherently weak Based only on match of SSIDs SSID beaconed from AP during passive scanning Easy to discover Vulnerabilities: Beaconing SSID is default mode in all APs Not all APs allow beaconing to be turned off Or manufacturer recommends against it SSID initially transmitted in plaintext (unencrypted) Vulnerabilities -If an attacker cannot capture an initial negotiation process, can force one to occur SSID can be retrieved from an authenticated device Many users do not change default SSID Several wireless tools freely available that allow users with no advanced knowledge of wireless networks to capture SSIDs

Open System Authentication Vulnerabilities (continued)

Shared Secret Key Authentication Vulnerabilities Attackers can view key on an approved wireless device (i.e., steal it), and then use on own wireless devices Brute force attack: Attacker attempts to create every possible key combination until correct key found Dictionary attack: Takes each word from a dictionary and encodes it in same way as passphrase Compare encoded dictionary words against encrypted frame AP sends challenge text in plaintext Attacker can capture challenge text and device’s response (encrypted text and IV) Mathematically derive keystream

Shared Secret Key Attacks

Address Filtering Vulnerabilities

WEP Vulnerabilities Uses 40 or 104 bit keys Shorter keys easier to crack WEP implementation violates cardinal rule of cryptography Creates detectable pattern for attackers APs end up repeating IVs Collision: Two packets derived from same IV Attacker can use info from collisions to initiate a keystream attack

WEP XOR Operation

Capturing packets

WEP Attacks PRNG does not create true random number Pseudorandom First 256 bytes of the RC4 cipher can be determined by bytes in the key itself

Other Wireless Attacks: Man-in-the-Middle Attack Makes it seem that two computers are communicating with each other Actually sending and receiving data with computer between them Active or passive

Other Wireless Attacks: Man-in-the-Middle Attack (continued) Figure 8-16: Wireless man-in-the-middle attack

Other Wireless Attacks: Denial of Service (DoS) Attack Standard DoS attack attempts to make a server or other network device unavailable by flooding it with requests Attacking computers programmed to request, but not respond Wireless DoS attacks are different: Jamming: Prevents wireless devices from transmitting Forcing a device to continually dissociate and re-associate with AP

Summary Information security protects the confidentiality, integrity, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures Significant challenges in keeping wireless networks and devices secure Six categories of attackers: Hackers, crackers, script kiddies, computer spies, employees, and cyberterrorists

Summary (continued) Three categories of default wireless protection: access control, wired equivalent privacy (WEP), and authentication Significant security vulnerabilities exist in the IEEE 802.11 security mechanisms Man-in-the-middle attacks and denial of service attacks (DoS) can be used to attack wireless networks