Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Slides:



Advertisements
Similar presentations
SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Advertisements

Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 24: Wireless Network Security.
Wireless Network Security
Cryptography and Network Security
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
1 6/11/ :41 Chapter 10Wireless LANs1 Rivier College CS575: Advanced LANs Chapter 10: Wireless LANs.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
IEEE Wireless LAN Standard
Network and Internet Security
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
WIRELESS NETWORKING. What are the advantages to wireless networking? How has society changed?
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
Wireless Networking.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Chapter 5 WIRELESS NETWORK SECURITY
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
Guided by: Jenela Prajapati Presented by: (08bec039) Nikhlesh khatra.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
Network Security Lecture 8 Presented by: Dr. Munam Ali Shah.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
Security Standards. IEEE IEEE 802 committee for LAN standards IEEE formed in 1990’s – charter to develop a protocol & transmission specifications.
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
WLAN.
Wireless security Wi–Fi (802.11) Security
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Wireless Network Security CSIS 5857: Encoding and Encryption.
802.11: Introduction Reference: “IEEE : moving closer to practical wireless LANs”; Stallings, W.; IT Professional, Volume: 3 Issue: 3, May- June.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Wireless LAN Requirements (1) Same as any LAN – High capacity, short distances, full connectivity, broadcast capability Throughput: – efficient use wireless.
IEEE Wireless LAN Standard
Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.
1 Wireless Networks Lecture 26 Wireless LAN / IEEE Dr. Ghalib A. Shah.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Wireless LANs.
Understand Wireless Security LESSON Security Fundamentals.
Wireless Network Security
Wireless Protocols WEP, WPA & WPA2.
Lecture 24 Wireless Network Security
A Wireless LAN Security Protocol
Chapter 24 Wireless Network Security
Wireless LAN Security 4.3 Wireless LAN Security.
WLAN Security Antti Miettinen.
Antti Miettinen (modified by JJ)
Principles and Practice
Presentation transcript:

Wireless Network Security

Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless security are similar to those found in a wired environment security requirements are the same: security requirements are the same: confidentiality, integrity, availability, authenticity, accountability confidentiality, integrity, availability, authenticity, accountability most significant source of risk is the underlying communications medium most significant source of risk is the underlying communications medium

Wireless Networking Components

Wireless Network Threats accidental association malicious association ad hoc networks nontraditional networks identity theft (MAC spoofing) man-in-the middle attacks denial of service (DoS) network injection

Securing Wireless Transmissions principal threats are eavesdropping, altering or inserting messages, and disruption principal threats are eavesdropping, altering or inserting messages, and disruption countermeasures for eavesdropping: countermeasures for eavesdropping: signal-hiding techniques signal-hiding techniques encryption encryption the use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions the use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions

Securing Wireless Networks the main threat involving wireless access points is unauthorized access to the network the main threat involving wireless access points is unauthorized access to the network principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control the standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network the standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors

Wireless Network Security Techniques use encryption use anti-virus and anti-spyware software and a firewall turn off identifier broadcasting change the identifier on your router from the default change your router’s pre-set password for administration allow only specific computers to access your wireless network

IEEE Terminology

Wireless Fidelity (Wi-Fi) Alliance Wireless Fidelity (Wi-Fi) Alliance b b first standard to gain broad industry acceptance first standard to gain broad industry acceptance Wireless Ethernet Compatibility Alliance (WECA) Wireless Ethernet Compatibility Alliance (WECA) industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating later renamed the Wi-Fi Alliance later renamed the Wi-Fi Alliance term used for certified b products is Wi-Fi term used for certified b products is Wi-Fi has been extended to g products has been extended to g products Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) Wi-Fi Alliance certification procedures for IEEE security standards Wi-Fi Alliance certification procedures for IEEE security standards WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification

IEEE 802 Protocol Architecture

General IEEE 802 MPDU Format

IEEE Extended Service Set

IEEE Services

Distribution of Messages Within a DS the two services involved with the distribution of messages within a DS are: the two services involved with the distribution of messages within a DS are: distribution distribution integration integration the primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS distribution enables transfer of data between a station on an IEEE LAN and a station on an integrated IEEE 802x LAN service enables transfer of data between a station on an IEEE LAN and a station on an integrated IEEE 802.x LAN integration

Association-Related Services transition types, based on mobility: transition types, based on mobility: no transition no transition a station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS a station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS BSS transition BSS transition station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station ESS transition ESS transition station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by cannot be guaranteed station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by cannot be guaranteed

Services association establishes an initial association between a station and an APestablishes an initial association between a station and an AP reassociation enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to anotherenables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another disassociation a notification from either a station or an AP that an existing association is terminateda notification from either a station or an AP that an existing association is terminated

Wireless LAN Security Wired Equivalent Privacy (WEP) algorithm Wired Equivalent Privacy (WEP) algorithm privacy – contained major weaknesses privacy – contained major weaknesses Wi-Fi Protected Access (WPA) Wi-Fi Protected Access (WPA) set of security mechanisms that eliminates most security issues and was based on the current state of the i standard set of security mechanisms that eliminates most security issues and was based on the current state of the i standard Robust Security Network (RSN) Robust Security Network (RSN) final form of the i standard final form of the i standard Wi-Fi Alliance certifies vendors in compliance with the full i specification under the WPA2 program Wi-Fi Alliance certifies vendors in compliance with the full i specification under the WPA2 program

Elements of IEEE i

IEEE i Phases of Operation

802.1X Access Control

MPDU Exchange authentication phase consists of three phases: authentication phase consists of three phases: connect to AS connect to AS the STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS the STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS EAP exchange EAP exchange authenticates the STA and AS to each other authenticates the STA and AS to each other secure key delivery secure key delivery once authentication is established, the AS generates a master session key and sends it to the STA once authentication is established, the AS generates a master session key and sends it to the STA

IEEE i Key Hierarchies

IEEE i Keys for Data Confidentiality and Integrity Protocols

Phases of Operation

Temporal Key Integrity Protocol (TKIP) designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP provides two services: provides two services: message integrity adds a message integrity code to the MAC frame after the data field data confidentiality provided by encrypting the MPDU