1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

Slides:

Advertisements

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

Advertisements

Network Security.

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.

Implementing Wireless LAN Security

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Protected Extensible Authentication Protocol

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

IEEE Wireless Local Area Networks (WLAN’s).

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

WLAN What is WLAN? Physical vs. Wireless LAN

Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,

Michal Rapco 05, 2005 Security issues in Wireless LANs.

1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless and Security CSCI 5857: Encoding and Encryption.

Secure connections.

Wireless Networking.

A History of WEP The Ups and Downs of Wireless Security.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Network Security7-1 Today r Reminder Ch7 HW due Wed r Finish Chapter 7 (Security) r Start Chapter 8 (Network Management)

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

Lecture 24 Wireless Network Security

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.

WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.

Wireless security Wi–Fi (802.11) Security

CSE 5/7349 – April 5 th 2006 Wireless Networking.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

Wireless Network Security CSIS 5857: Encoding and Encryption.

WLAN Security1 Security of WLAN Máté Szalay

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.

Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?

History and Implementation of the IEEE 802 Security Architecture

History and Implementation of the IEEE 802 Security Architecture

Wireless Protocols WEP, WPA & WPA2.

IEEE i Dohwan Kim.

Presentation transcript:

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

2 Outline l Threats to LANs & Wireless LANs l Wireless LAN Security Techniques l Summary

3 Fundamental Premise l Security cannot be considered in isolation and to be effective must consider the entire system l That is, network and LAN security must be: l Consistent with other security mechanisms l E.g. application, data, hardware, and physical l Supportive of other security mechanisms

4 Threats

5 LAN Threats Network Traffic Protecting Integrity Protecting Secrecy Protecting Availability

6 Specific LAN Threats l Availability l Worms/Virus DoS l Errant applications creating lots of traffic/malformed traffic l Authentication l Spying devices on LAN l For example, a contractor connecting to LAN l Secrecy l Sniffers being connected to the LAN to collect passwords, etc.

7 Authentication

8 Current State of LAN Authentication l Usually none! l If in the building can plug in to the LAN l Can cause severe problems: l Using LAN for illegal purposes (company/person may be liable) l Can more easily compromise servers l For example, send spam from your mail servers l Wireless LANs are bringing issue out

9 Authentication services l 802.1X – IEEE standard for LAN authentication l Can use PKI certificate-based authentication l Kerberos (closed environment) l Single login (once per session) l To multiple servers/domains l ‘Ticket’ for each server l X.509 (open environment) l Based on public key infrastructure l Used in SSL, IPSEC, S/MIME, SET… l One-way, two-way or three-way authentication

10 Kerberos

11 X.509 Authentication [Ta, Ra, B, EkpubB(Kab) ] sgnA [Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB [Rb] sgnA One-way authentication Two-way authentication Three-way authentication [Ta, Ra, B, EkpubB(Kab) ] sgnA [Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB AB

12 IEEE 802.1X Terminology Controlled port Uncontrolled port Supplicant Authentication Server Authenticator 802.1X created to control access to any 802 LAN used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)

X Model Associate EAP Identity Request EAP-Success STA AP Authentication Server EAP Auth Response EAP Auth Request EAP Identity Response Authentication traffic Normal Data Port Status: EAP-Success

14 Wireless LAN Security

15 Introduction l standard specifies the operating parameters of wireless local area networks (WLAN) l History: , b, a, g, i l Minimal security in early versions l Original architecture not well suited for modern security needs l i attempts to address security issues with WLANs

b l Wired Equivalent Privacy (WEP) l Confidentiality l Encryption l 40-bit keys (increased to 104-bit by WEP2) l Based on RC4 algorithm l Access Control l Shared key authentication + Encryption l Data Integrity l Integrity checksum computed for all messages

b l Vulnerabilities in WEP l Poorly implemented encryption l Key reuse, small keys, no keyed MIC l Weak authentication l No key management l No interception detection

b l Successful attacks on b l Key recovery - AirSnort l Man-in-the-middle l Denial of service l Authentication forging l Known plaintext l Known ciphertext

i l Security Specifications l Improved Encryption l CCMP (AES), TKIP, WRAP l 2-way authentication l Key management l Ad-hoc network support l Improved security architecture

i Authentication Source: Cam-Winget, Moore, Stanley and Walker

Encryption Source: Cam-Winget, Moore, Stanley and Walker

i – Potential Weaknesses l Hardware requirements l Hardware upgrade needed for AES support l Strength of TKIP and Wrap questionable in the long term l Authentication server needed for 2-way authentication l Complexity l The more complex a system is, the more likely it may contain an undetected backdoor l Patchwork nature of “fixing” b

23 No Control over WLAN? l Often you want to connect to a wireless LAN over which you have no control l Options: l If you can, connect securely (WPA2, i, etc.) l If unsecured, connect to your secure systems securely: l VPN – Virtual Private Network l SSL connections to secure systems l Be careful not to expose passwords l Watch for direct attacks on untrusted networks

24 WLAN Security - Going Forward l i appears to be a significant improvement over b from a security standpoint l Vendors are nervous about implementing i protocols due to how quickly WEP was compromised after its release l Only time will tell how effective i actually will be l Wireless networks will not be completely secure until the standards that specify them are designed from the beginning with security in mind

25 Summary l Wireless LAN Security is not independent of the greater network security and system security l Threats to the Wireless LAN are largely in terms of being available and in providing a means to attack systems on the network l That is, not many folks attack routers (yet)

26 References l ftp://ftp.prenhall.com/pub/esm/web_marketing /ptr/pfleeger/ch07.pdf - Charles & Shari Pfleeger’s chapter on network security ftp://ftp.prenhall.com/pub/esm/web_marketing /ptr/pfleeger/ch07.pdf l - To request the Computer Security Institute/FBI yearly survey results (widely referenced)