A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat.

Slides:



Advertisements
Similar presentations
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Advertisements

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Implementing Wireless LAN Security
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
WLAN What is WLAN? Physical vs. Wireless LAN
By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.
Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless Networking.
A History of WEP The Ups and Downs of Wireless Security.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
IEEE i WPA2. IEEE i (WPA2) IEEE i, is an amendment to the standard specifying security mechanisms for wireless networks. The.
WEP Protocol Weaknesses and Vulnerabilities
WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.
WEP, WPA, and EAP Drew Kalina. Overview  Wired Equivalent Privacy (WEP)  Wi-Fi Protected Access (WPA)  Extensible Authentication Protocol (EAP)
Measuring of the time consumption of the WLAN’s security functions Jaroslav Kadlec, Radek Kuchta, Radimír Vrba Dept. of Microelectronics.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
 Houses  In businesses  Local institutions  WEP – Wired Equivalent Privacy -Use of Initialization Vectors (IVs) -RC4 Traffic Key (creates keystreams)
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Wireless security Wi–Fi (802.11) Security
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
IEEE Security Specifically WEP, WPA, and WPA2 Brett Boge, Presenter CS 450/650 University of Nevada, Reno.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
By Billy Ripple.  Security requirements  Authentication  Integrity  Privacy  Security concerns  Security techniques  WEP  WPA/WPA2  Conclusion.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 21 – Network Security.
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
OSA vs WEP WPA and WPA II Tools for hacking
Wireless Protocols WEP, WPA & WPA2.
Methods of Securing LANs
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
WEP & WPA Mandy Kershishnik.
Wireless LAN Security 4.3 Wireless LAN Security.
IEEE i Dohwan Kim.
Wireless Network Security
Presentation transcript:

A Methodology for Evaluating Wireless Network Security Protocols David Rager Kandaraj Piamrat

Outline ► Introduction ► Explanation of Terms ► Evaluation Methodology ► Analysis of WEP, WPA, and RSN ► Graphical Results ► Conclusion

Introduction ► Difference properties of wireless network comparing to wired network ► Two lines of defense in wireless network security  Preventive approach  Intrusion Detection and Response approach ► WEP WPA RSN

Explanation of Terms ► WEP – Wired Equivalent Protocol (attempt #1) ► WPA – Wi-Fi Protected Access (attempt #2) ► RSN – Robust Secure Network (attempt #3) ► ► EAP – Extensible Authentication Protocol ► ► TKIP – Temporal Key Integrity Protocol ► ► AES – Advanced Encryption Standard

Explanation of Terms (cont.) ► ► CCMP – Counter mode with Cipher block Chaining Message authentication code Protocol ► ► ICV – Integrity Check Value ► ► MIC – Message Integrity Check ► ► RADIUS – Remote Authentication Dial in User Service ► ► IV – Initialization Vector

Evaluation Methodology ► Authentication Capability ► Encryption Strength ► Integrity Guarantees ► Prevention of Attacks ► Identity Protection ► Ease and Cost of Implementation ► Power Consumption ► Novel Ideas

Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * Use of new authentication mechanisms None-Use of EAP (802.11X)[tec h-faq] Known MITM attacks One or more-None

Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them Minimizes damageNo-Yes

Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low- power mode No-Yes

Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

Analysis of WEP

Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

Scores of WEP ► Authentication Capability (0/8) ► Encryption Strength (0/16) ► Integrity Guarantees (0/4) ► Prevention of Attacks (0/6) ► Identity Protection (4/4) ► Ease and Cost of Implementation (17/18) ► Power Consumption (2/4) ► Novel Ideas (0/2) Total Score = 2.44/8 = %

Analysis of WPA

Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

Scores of WPA ► Authentication Capability (6/8) ► Encryption Strength (14/16) ► Integrity Guarantees (2/4) ► Prevention of Attacks (4/6) ► Identity Protection (0/4) ► Ease and Cost of Implementation (5/18) ► Power Consumption (1/4) ► Novel Ideas (0/2) Total Score = 3.32/8 = %

Analysis of RSN

Authentication capability Consideration0(bad)1(fair)2(good) Type of authentication Key with challenge response Key with challenge response and MAC address Credentials based Number of authentication servers OneThree(# faults permitted) * Use of new authentication mechanisms None-Use of EAP (802.11X)[tech- faq] Known MITM attacks One or more-None

Encryption Strength Consideration0(bad)1(fair)2(good) Key typeStatic key-Dynamic key Cipher key typeRC4-AES Cipher key length40 or 104 bit encryption 128 bit encryption128 bit encryption + 64 bit authentication Key lifetime24-bit IV-48-bit IV Time used to crackFew hoursFew daysCenturies Encrypted packet needed to crack Few millions-Few trillions Can be recovered by cryptanalysis Yes-No Key management used NoneStaticEAP

Integrity Guarantees Consideration0(bad)1(fair)2(good) Integrity of message header NoneMichaelCCM Integrity of the data CRC-32MichaelCCM

Prevention of Attacks Consideration0(bad)1(fair)2(good) Replay attack prevention None-IV sequence, Per- packet key mixing DoS cookieNo-Yes Number of known attacks prevented NoneSome of themAll of them

Identity Protection Consideration0(bad)1(fair)2(good) Group identity revealed to Entire networkAll partiesSpecific parties Specific identity revealed to Entire networkAll partiesSpecific parties

Ease and Cost of Implementation Consideration0(bad)1(fair)2(good) Computation costHighMediumLow Incremental installationNo-Yes Number of messages exchanged Number of actors involved Many actors-Few actors Packet keyMixing functionConcatenatedNo need Additional server hardware Yes-No Additional network infrastructure Yes-No Number of gates in client device High-Low Lines of CodeHigh-Low

Power Consumption Consideration0(bad)1(fair)2(good) Clients use low power No-Yes Client can detect attacks and enter low-power mode No-Yes

Novel Ideas Consideration0(bad)1(fair)2(good) Determines physical location No-Yes

Scores of RSN ► Authentication Capability (6/8) ► Encryption Strength (15/16) ► Integrity Guarantees (4/4) ► Prevention of Attacks (4/6) ► Identity Protection (0/4) ► Ease and Cost of Implementation (4/18) ► Power Consumption (2/4) ► Novel Ideas (0/2) Total Score = 4.08/8 = %

Graphical Results

Comparison of categorical performance

Main contributors to each protocol’s success

Conclusion ► We have defined specific metrics for protocol evaluation. ► We evaluate different wireless security protocol based on these metrics. ► Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.