Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs.

Slides:

Advertisements

Similar presentations

Authentication.

Advertisements

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

802.1x EAP Authentication Protocols

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Protected Extensible Authentication Protocol

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.

Mobile and Wireless Security INF245 Guest lecture by Bjorn Jager Molde University College.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.

Mobile Computing - Security Issues - Advisor : Dr. Celeste Team Number : 張耕瑋黃峻亨楊銘鴻李昌諭吳政穎陳建廷.

Troubleshooting Mobile Connectivity Problems Lesson 4.

Network Security1 – Chapter 5 (B) – Using IEEE 802.1x Purpose: (a) port authentication (b) access control An IEEE standard

Mobile and Wireless Communication Security By Jason Gratto.

Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.

WIRELESS LAN SECURITY Using

Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:

Wireless and Security CSCI 5857: Encoding and Encryption.

Wireless Networking.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.

MAHARANA PRATAP COLLEGE OF TECHNOLOGY, GWALIOR

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Secure Authentication System for Public WLAN Roaming Ana Sanz Merino, Yasuhiko.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Wi-Fi Technology. Agenda Introduction Introduction History History Wi-Fi Technologies Wi-Fi Technologies Wi-Fi Network Elements Wi-Fi Network Elements.

20 November 2015 RE Meyers, Ms.Ed., CCAI CCNA Discovery Curriculum Review Networking for Home and Small Businesses Chapter 7: Wireless Technologies.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Lecture 24 Wireless Network Security

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

Wireless security Wi–Fi (802.11) Security

CO5023 Wireless Networks. Varieties of wireless network Wireless LANs: the main topic for this week. Consists of making a single-hop connection to an.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Networking Network Classification, by there: 3 Security And Communications software.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Wireless Network Security CSIS 5857: Encoding and Encryption.

Cisco Discovery Home and Small Business Networking Chapter 7 – Wireless Networking Jeopardy Review v1.1 Darren Shaver Kubasaki High School – Okinawa,

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.

Introduction to Port-Based Network Access Control EAP, 802.1X, and RADIUS Anthony Critelli Introduction to Port-Based Network Access Control.

Port Based Network Access Control

History and Implementation of the IEEE 802 Security Architecture

Robust Security Network (RSN) Service of IEEE

CompTIA Security+ Study Guide (SY0-401)

Presentation transcript:

Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs Bobrovskis Department of Computer Technologies and Natural Sciences Information Systems Management Institute (ISMA) Riga, Latvia 6th International Conference INNOVATIVE INFORMATION TECHNOLOGIES FOR SCIENCE, BUSINESS AND EDUCATION, IIT-2013 November 14-16, 2013, Vilnius, Lithuania

Work Objectives Motivation Topicality Mission Object of Study Methods of Analysis 2

Wireless communication basics Wireless communication Standards and amendments -Ad-hoc mode – wireless supplicants communicate directly in peer-to-peer way without any additional device (e.g. access point) -Infrastructure mode – wireless supplicants communication occurring through access point -Authentication -Association 3

Wireless security hazards Security Hazard Accidental AssociationMalicious AssociationMAC Spoofing Man-in-the-Middle (MiTM)Denial of Service (DoS)Network Injection MAC Piggy-BackingEavesdroppingUnintentional Interference Intentional interferenceDeathenticationDiassosication Illegal Channel BeaconingProbe Response FloodAssociation Flood Fake Access PointWireless HijackingEncryption Cracking Vendor Proprietary AttackPhysical Damage and TheftSocial Engineering 4

Wi-Fi Preservation Capability Wireless security standard used are: – WEP Wired Equivalence Privacy – WPA/WPAv2 Wi-Fi Protected Access 5

802.1x and EAP-Based Authentication Standard 802.1x – Supplicant – Authenticator – Authenticator server EAP - Extensible Authentication Protocol 6

Client-side Certificate issued to supplicants by PKI (VeriSign) Server-side Certificate issued to Authentication Server by PKI (VeriSign) 1. Supplicant System (Juniper Odyssey Access Client) EAPoL (frames) Authenticator System (Cisco AIR-CAP3602I-E- K9) EAPoR (frames) Authentication Server (Microsoft Windows Server 2012) Layer 2 Access 2. Layer 2 Association 3. EAPoL Start Process 4a. EAP-Request (Identity) 5. RADIUS Access Request (EAP-Response (Identity) – Bogus username 802.1X Uncontrolled port allows only authentication and key management data to pass 4b. EAP-Response (Identity)–Bogus username At this step AS is notified about supplicant who is requesting an authentication 5a. Server Certificate Server Certificate Validation 5b. Client Certificate Client Certificate Validation TLS Tunnel Mutual Authentication 6. RADIUS Access (or Reject) At this stage the following must be in place: Network Access Protection (NAP) Service; NAP Health Certificate; Windows System Update Service / Antivirus status/ Firewall status / Operating System Requirements / Spyware Definition Up-to-Date; Encryption used 7. EAP Success (or Failure) NAP Restricted Access For enterprises that requires extreme secure environment: at this stage Token, Biometric or SMS systems could be established. Token (One-Time-Pad) – every supplicant user must have a token which is synchronized with server. By using PIN+Token Number user gets authenticated; SMS System – requires Exchange Server, Blackberry and SMS System support. By applying username and password an SMS could be sent directly to the mobile phone of the user; Biometric authentication (finger print, retina scanning, facial recognition, iris scanning etc.). These three methods adds additional layer of security, but the main problem is COST, by sending each time an SMS. These methods could be used instead of BOGUS USERNAME, or during authentication inside the encrypted tunnel Way Handshake Pairwise Transient Key Creation (Unicast Frames Encryption) Group Transient Key Creation (Broadcast Frames Encryption) Encrypted Tunnel 802.1X Controlled port allows protected data to pass WIPS/WIDS/ Policies/Regulations/ Trainings Layer 3-7 Access 7 Scheme for RSN wireless authentication

Conclusion The realisation of intelligent wireless network communication system involves the use of: – 802.1x/EAP authentication scheme; – RSN capable Supplication software (native or proprietary); – RSN capable Authenticator (in most cases proprietary, Cisco/Juniper); – RSN or hybrid requirements Authenticator Server (Microsoft); – Check Point Server (for encryption of wireless devices like laptops hard drives, thumb drives, CDs, DVDs and etc.); – Antennas with configurable transmission signals; – WIDS/WIPS; – Faraday room (cage) for extreme security; – Other native or third-party software, like Microsoft Operations Manager, Microsoft Network Access Protection (NAP) etc. 8

Thanks for listening! Any questions? 9