Doc.: IEEE 802.11-11-1250-00-00ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:

Slides:



Advertisements
Similar presentations
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Doc.: IEEE /1448 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide Privacy Date: Authors: November 2013.
Time Passes, Security Changes… Christian Huitema Monday, August 1, 2005 IETF, Application Area Meeting.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
Security+ Guide to Network Security Fundamentals
Chapter 12 Network Security.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
How to Secure a Home Wi-Fi S. Roy. Acknowledgement In preparing the presentation slides and the lab setup, I received help from Professor Simon Ou Professor.
Demonstration of Wireless Insecurities Presented by: Jason Wylie, CISM, CISSP.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN
Securing a Wireless Network
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Securing Information Systems
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
Wireless Networking.
Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Doc.: IEEE ai Submission Paul Lambert, Marvell TGai Discovery Proposal Author: Abstract Short high-level proposal for discovery techniques.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Doc.: IEEE /0888 r00 Submission Paul A. Lambert, Marvell SemiconductorSlide 1 Security and Privacy Enhancements for Date: Authors:
Wireless Networking & Security Greg Stabler Spencer Smith.
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Lecture 24 Wireless Network Security
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Doc.: IEEE /1164 r00 Submission September 2013 Paul A. Lambert, Marvell SemiconductorSlide 1 Some Par and 5C Requirements Date: Authors:
PwC Making Wireless Networks Secure Computerworld 30 Nov 2004 Mark Vos.
Security fundamentals Topic 10 Securing the network perimeter.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 24 “Wireless Network Security”.
Computer Security By Duncan Hall.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.
CWNA Guide to Wireless LANs, Third Edition Chapter 9: Wireless LAN Security Vulnerabilities.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
 Two wireless gateways for home use that I choose are : - Linksys Wireless-G ADSL Home Gateway WAG354G - WAG160N Wireless-N ADSL2+ Gateway  The wireless.
 Things you may not know…  Why should we be secure?  How to secure your computer  Security Types.
Security in Networking
Wireless Security.
September 2011 April 2009 doc.: IEEE /xxxxr0
Presentation transcript:

doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author: Abstract A preliminary security review of vulnerabilities and threats of networks with a focus on ai recommendations. September 2011 Slide 1

doc.: IEEE ai Submission Security and 11ai - Overview Risk Analysis for Network Security Identifying the Threats Wi-Fi Vulnerabilities and Fast Initial Link Setup –Sniffing –Evil Twin APs –Active Attacks –Peer User Attacks Preliminary Recommendations September 2011 Slide 2 Paull Lambert - Marvell

doc.: IEEE ai Submission Risk Analysis for Networks Risk = Vulnerability x Threat x Cost Vulnerability: is the probability of success of an attack for a particular threat category. The “value” of vulnerability in the risk equation can vary depending on the type of attacker, for example a government may have more resources to be successful than a single hacker. Threat: is the likelihood of an adverse event. It is based on a particular threat category (hacker, disgruntle employee, government agency) Cost: is the impact of an attack against the vulnerability by the particular threat. Breaking into an online banking account typically has a higher cost than a denial of service attack against a single user. September 2011 Slide 3 Paull Lambert - Marvell

doc.: IEEE ai Submission Going from Risks to Recommendations Mitigating vulnerabilities is the easiest way to reduce Risk and improve security. –Technical mechanisms that we put in the Knowing the Risk of specific scenarios allows a balanced analysis to determine which vulnerabilities need to be fixed.. –Not all vulnerabilities need to be addressed for a particular market Example – denial of service attacks September 2011 Paull Lambert - Marvell Slide 4

doc.: IEEE ai Submission Attack Vectors for Network Communications The location and capabilities of an attacker in the network is a useful way to categorize vulnerabilities. September 2011 Slide 5 Paull Lambert - Marvell

doc.: IEEE ai Submission Internet Based Active Attacks A Wi-Fi network connected to the Internet will be the target of network attacks. Vulnerabilities - Default passwords - Open ports - Password cracking/guessing - Stack Exploits Prevention - Unique OOB passwords - TLS for Management - Strong unique authentication - Hardened protocol stack - Intrusion Detection Vulnerabilities - Default passwords - Open ports - Password cracking/guessing - Stack Exploits Prevention - Unique OOB passwords - TLS for Management - Strong unique authentication - Hardened protocol stack - Intrusion Detection Vulnerabilities - Default passwords - Open ports - Password cracking/guessing - Stack Exploits - viruses - trojan horse programs Prevention (in AP) - Firewall in AP - Intrusion Detection - virus checking Vulnerabilities - Default passwords - Open ports - Password cracking/guessing - Stack Exploits - viruses - trojan horse programs Prevention (in AP) - Firewall in AP - Intrusion Detection - virus checking Not in scope for IEEE Recommendations on vulnerabilities to wired interface of AP - Firewall recommendations for Internet traffic - Intrusion detection Not in scope for IEEE Recommendations on vulnerabilities to wired interface of AP - Firewall recommendations for Internet traffic - Intrusion detection September 2011 Slide 6 Paull Lambert - Marvell

doc.: IEEE ai Submission Physical Attacks on Network Equipment. Physical access to network equipment allows the device to be reset or modified. Vulnerabilities - Device reset - WPS unauthorized join - Disclosure of device PW or PIN on labels - insertion of monitoring device Prevention - safe location - restrict access to reset - secure reset process Vulnerabilities - Device reset - WPS unauthorized join - Disclosure of device PW or PIN on labels - insertion of monitoring device Prevention - safe location - restrict access to reset - secure reset process Not in scope for IEEE September 2011 Slide 7 Paull Lambert - Marvell

doc.: IEEE ai Submission Passive Sniffing Attacks Sniffing of “open” wireless communications or poorly encrypted communications (like WEP) is the most visible wireless vulnerability. Vulnerabilities - Wireless Sniffing - WEP Cracking - RSN Password Cracking - Management Frame Monitoring - credential capture (e.g. Firesheep) Prevention - Use RSN Enterprise - Use Management Frame Protection Vulnerabilities - Wireless Sniffing - WEP Cracking - RSN Password Cracking - Management Frame Monitoring - credential capture (e.g. Firesheep) Prevention - Use RSN Enterprise - Use Management Frame Protection Vulnerabilities - Backhaul or Internet Based Monitoring> modification or spoofing Prevention - Use end-to-end security for STA traffic of value (TLS, IPsec, or other VPN) - Use end-to-end security for AP Management Traffic (TLS, IPsec, or other VPN) Vulnerabilities - Backhaul or Internet Based Monitoring> modification or spoofing Prevention - Use end-to-end security for STA traffic of value (TLS, IPsec, or other VPN) - Use end-to-end security for AP Management Traffic (TLS, IPsec, or other VPN) Threat: Governments, Service Providers, IT Department personal, but NOT usually an average hacker. Threat: Anyone with a computer and bad intent IEEE Recommendations : - RSN Required - Management Frame Protection Optional IEEE Recommendations : - RSN Required - Management Frame Protection Optional September 2011 Slide 8 Paull Lambert - Marvell Not in scope for IEEE

doc.: IEEE ai Submission ai and Passive Sniffing Attacks Sniffing of “open” wireless communications or poorly encrypted communications (like WEP) is the most visible wireless vulnerability. Is device identity or location privacy a Risk? September 2011 Slide 9 Paull Lambert - Marvell IEEE Recommendations : - STA/AP-to-Authentication Server traffic must be secure from modification or impersonation Is there any risk to exposing the existence of specific services? Authentication traffic needs protetion.

doc.: IEEE ai Submission Evil Twin APs A rogue AP tricks a user into connecting to a network controlled by the attacker. Vulnerabilities Prevention - SSID Confusion - intrusion detection - open network - strong authentication - weak or no authentication Vulnerabilities Prevention - SSID Confusion - intrusion detection - open network - strong authentication - weak or no authentication Vulnerabilities Prevention - Weak Authenticaiton - STAs MUST authenticate and validate server and AP - SSID confusion - STA UI must be clear on connection type - activity monitoring / intrusion detection - binding of expected service to authentication Vulnerabilities Prevention - Weak Authenticaiton - STAs MUST authenticate and validate server and AP - SSID confusion - STA UI must be clear on connection type - activity monitoring / intrusion detection - binding of expected service to authentication IEEE Recommendations: - RSN Required - STA authentication of AP/Network - STA must authenticate and validate server - binding of network/AP to expected service required Authentication is TBD in ai IEEE Recommendations: - RSN Required - STA authentication of AP/Network - STA must authenticate and validate server - binding of network/AP to expected service required Authentication is TBD in ai September 2011 Slide 10 Paull Lambert - Marvell

doc.: IEEE ai Submission Active Wireless Attacks without Network Membership The Attacker does NOT have keys for a secure connection, but can still cause problems. Vulnerabilities Prevention - Management Frame Spoofing - Use 11w (DoS generally used to help bump STA to Rogue device) - Wi-Fi Firmware Attacks - Vendor specific patches - Active key cracking - Use RSN - 11u/GAS/ANQP Unprotected -? Is this a Risk? Vulnerabilities Prevention - Management Frame Spoofing - Use 11w (DoS generally used to help bump STA to Rogue device) - Wi-Fi Firmware Attacks - Vendor specific patches - Active key cracking - Use RSN - 11u/GAS/ANQP Unprotected -? Is this a Risk? Vulnerabilities Prevention - Management Frame Spoofing - Use Management Frame Prot - Wi-Fi Firmware Attacks - Vendor specific patches - WPS 1.0 Cracking - Use WPS ANQP Unprotected Vulnerabilities Prevention - Management Frame Spoofing - Use Management Frame Prot - Wi-Fi Firmware Attacks - Vendor specific patches - WPS 1.0 Cracking - Use WPS ANQP Unprotected IEEE Recommendations: - RSN required - Management Frame Protection optional IEEE Recommendations: - RSN required - Management Frame Protection optional September 2011 Slide 11 Paull Lambert - Marvell

doc.: IEEE ai Submission Attacks from Wi-Fi Users on the Same Secure BSS This is a Hotspot specific attack vector. In homes, you trust your peer devices and users. In a Hotspot there is no way to prevent malicious users from connecting to the network. Vulnerabilities - Attack from WLAN User - from hacker or computer worms - Traffic Monitoring - ARP and DNS spoofing, MIM attacks - credential capture (e.g. Firesheep) - IPv6 neighbor discovery Prevention - Access network isolation of users traffic (prevent inter-BSS communications) - Use proxy ARP Vulnerabilities - Attack from WLAN User - from hacker or computer worms - Traffic Monitoring - ARP and DNS spoofing, MIM attacks - credential capture (e.g. Firesheep) - IPv6 neighbor discovery Prevention - Access network isolation of users traffic (prevent inter-BSS communications) - Use proxy ARP September 2011 Slide 12 Paull Lambert - Marvell Not in scope for IEEE

doc.: IEEE ai Submission Attacks on the Same Secure BSS with AP Isolation Even when a AP isolates users on a BSS there are still know vulnerabilities for Hotspots. Vulnerabilities - STA accepts unicast IP frame encrypted in RSN broadcast key (aka Hole 196) Allows spoofing of ARP and DNS which leads to Man-in middle attacks Prevention (at STA) - STA checking of key usage (not easy) (broadcast key only for broadcast traffic) Vulnerabilities - STA accepts unicast IP frame encrypted in RSN broadcast key (aka Hole 196) Allows spoofing of ARP and DNS which leads to Man-in middle attacks Prevention (at STA) - STA checking of key usage (not easy) (broadcast key only for broadcast traffic) Vulnerabilities - Broadcast key shared by all users Prevention (at AP) - Don’t distribute a shared broadcast key Vulnerabilities - Broadcast key shared by all users Prevention (at AP) - Don’t distribute a shared broadcast key Threat: Anyone with a computer and bad intent anywhere on the Internet (and an accomplice at the Hotspot) 1 2 IEEE Recommendations: - AP optionally may NOT distribute a shared broadcast key - STA should check broadcast key usage IEEE Recommendations: - AP optionally may NOT distribute a shared broadcast key - STA should check broadcast key usage September 2011 Slide 13 Paull Lambert - Marvell

doc.: IEEE ai Submission Preliminary IEEE ai Recommendations Support only encrypted (RSN) traffic Consider application of 11w management frame protection (mandate if risks identified) Strong authentication must prevent spoofing of –AP, STA and Authentication Server –Must provide some binding to expected “service” Use of all unprotected frames should be examined for risks when 11ai has stable draft Task group should determine if they wish to address risks associated with “discovery”. –Device / person identity and location privacy –Service request or availability sensitivities Analysis did not look at denial of sevice – cursory review is required after 11ai draft to ensure there is no leveraged attack September 2011 Paull Lambert - Marvell Slide 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.