Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless and Instant Messaging Katherine Morris 2-26-2004.

Published byLorena Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless and Instant Messaging Katherine Morris 2-26-2004."— Presentation transcript:

1 Wireless and Instant Messaging Katherine Morris 2-26-2004

2 Chapter Overview Wireless security issues Efforts of the IEEE to combat security problems 802.11x standards WAP, WEP, & WTLS Wireless site survey IM security issues

3 802.11x standards 802.11 group formed in 1990 as part of the IEEE standards body Soon groups ‘a’ thru ‘j’ were formed Now groups 802.15 and 802.16 are working on wireless PANs and MANs standards, respectively.

4 802.11x groups IEEE Working Group Primary Task Status of Work 802.11a Worked to establish specifications for wireless data transmissions in the 5 GHz band Approved 1999 802.11b Worked to establish specifications for wireless data transmission in the 2.4 GHz band Approved 1999 802.11c Worked to establish wireless MAC bridging functionality Folded into 802.11d 802.11d Working to determine requirements that will allow 802.11 to operate outside the US The work of this group is ongoing 802.11e Working to add multimedia and quality of service (QoS) capabilities to wireless MAC layer Proposal in draft form at the time of this writing 802.11f Working to allow for better roaming between multivendor access points and distribution systems The work of this group is ongoing 802.11g Working to provide raw data throughput over wireless networks at a rate of up to 54 Mbps Approved 802.11h Working to allow for European implementation requests regarding the 5 GHz band The work of this group is ongoing 802.11i Working to fix security flaws in WLANs by developing new security standards The work of this group is ongoing 802.11j Worked to create a global standard in the 5 GHz band by making high-performance LAN and 802.11a interoperable Disbanded

5 WAP 1.x Wireless Application Protocol Mobile phones, pagers, PDAs, two-way radios Mobile phones, pagers, PDAs, two-way radios Developed by WAP Forum Developed by WAP Forum Web content on computers vs. handhelds Web content on computers vs. handhelds

6 WAP 1.x Stack Same concept as the OSI Model for web/Internet More condensed, leaner Data transaction is as compressed as possible Layer WAP 1.x OSI/Web Application Wireless Application Environment (WAE) HTML JavaScript and others Session Wireless Session Protocol (WSP) HTTP Transaction Wireless Transaction Protocol (WTP) Security Wireless Transport Layer Security (WTLS) SSL/TLS Transport Wireless Datagram Protocol (WDP) TCP/IPTCP/UDP Lower Layer(s) Bearers (GPRS, TDMA, CDMA, etc.) IP Data Link Layer Physical Layer

7 WAP 1.x Stack WAP Gateway Wireless Application Layer (WAL) & WAE Wireless Session Protocol (WSP) Wireless Transaction Protocol (WTP) Wireless Datagram Protocol (WDP)

8 WAP 1.x stack WAP Device WAE WSP WTP WTLS WDP Bearer WAP Server HTTP SSL TCP IP WAP Gateway WSPHTTP WTP WTLSSSL WDPTCP BearerIP

9 WAP Gap WAP gateway Financial services companies Possibility of capturing data is very small

10 WAP 2.0 Stack Security enhancements Suite of utilities WTLS vs. TLS WAP 1.x stack replaced by standard Internet layers Elimination of the WAP Gap

11 WAP 2.0 Stack WAP Device WAE HTTP TLS TCP IP Wireless WAP Proxy TCPTCP IPIP WirelessWired Web Server WAE HTTP TLS TCP IP Wired

12 WAP 2.0 Stack Features WAP Push User Agent Profile Wireless Telephony Application External Functionality Interface (EFI) Multimedia Messaging Service (MMS)

13 Wireless Transport Layer Security Protocol (WTLS) Provides authentication, data encryption, and privacy for WAP 1.x Scaled-down version of TLS Less processing power, memory, and battery life

14 WTLS Cont. 3 authentication classes: Class 1: anonymous, client or gateway cannot authenticate each other Class 1: anonymous, client or gateway cannot authenticate each other Class 2: Only allows client to authenticate the gateway Class 2: Only allows client to authenticate the gateway Class 3: Both client and gateway allowed to authenticate (requires Wireless Identity Card such as Smart Card in device) Class 3: Both client and gateway allowed to authenticate (requires Wireless Identity Card such as Smart Card in device)

15 Class 2 Authentication 4 steps: 1. WAP device sends a request for authentication 1. WAP device sends a request for authentication 2. Gateway responds and sends its certificate with the public key 2. Gateway responds and sends its certificate with the public key 3. Receives certificate and public key then generates a unique random value 3. Receives certificate and public key then generates a unique random value 4. WAP gateway receives encrypted value and uses private key to decrypt it 4. WAP gateway receives encrypted value and uses private key to decrypt it

16 Notes on Class 2 Authentication TLS and WTLS distinguish between a connection and a session-session can exist over several connections In WAP 1.x, WTLS is optional In WAP 1.x, WTLS only encrypts data between the client and the gateway, WAP gap still exists Unsafe use of service set identifiers (SSIDs) Weak keys

17 WLAN Connects clients to each other or network resources using radio signals to pass data through the ether Access Points act as broadcast stations WNICs connect clients to the network

18 Wired Equivalent Privacy (WEP) Optional security specified by 802.11 protocol Used to encrypt data passed between the client and the APs Used to authenticate clients that request access to network resources Not considered adequate security

19 WEP Cont. Uses a symmetric key to authenticate wireless devices, not users Encrypts the transmissions of data APs and clients need to share the same key Client requests to send data or use the network Client then begins and challenge-and- response authentication process

20 WEP Weaknesses Initialization vector Sequence of random bytes Sequence of random bytes Appended to the front of data Appended to the front of data Sent in plaintext across the WLAN Sent in plaintext across the WLAN Only 24 bits long Only 24 bits long Reused on a regular basis Reused on a regular basis

21 WEP Weaknesses Cont. Doesn’t require asymmetric authentication, in which each wireless device would use its own secret key More likely for the shared key to get into unauthorized hands more likely More likely for the shared key to get into unauthorized hands more likely Keys are manually configured Keys are manually configured Critical information could get into the wrong authorized hands intentionally or unintentionally Critical information could get into the wrong authorized hands intentionally or unintentionally Rekeying should be done regularly, or chance of hacking is increased Rekeying should be done regularly, or chance of hacking is increased

22 General WLAN Security Holes Easier for people to detect WLANs and jump on to the network War driving: most WLANs do not use WEP or any other form of encryption DoS attacks much easier/more likely WEP authenticates clients, not users

23 Conducting a wireless site survey Conduct a needs assessment Obtain site’s blueprints Do a walk-through of the site Identify possible AP locations Verify AP locations Document your findings

24 Instant Messaging Real-time communications model Either peer-to-peer or peer-to-network configuration Peer-to-peer: Clients talk directly to one another Clients talk directly to one another Does not rely on a central server Does not rely on a central server Could expose each client’s IP address of machine Could expose each client’s IP address of machinePeer-to-network Central server Central server DoS talks are becoming more frequent DoS talks are becoming more frequent AOL Instant Messenger, MSN Messenger, Yahoo! Messenger, ICQ, and Internet Relay Chat (IRC)

25 IM Security Issues Messages are sent in plaintext, no inherent encryption unless user enables it Makes sessions vulnerable to packet sniffing, especially if the connection is not encrypted Solutions: Enabling private channel communication (MS NetMeeting) Enabling private channel communication (MS NetMeeting) Enterprise AIM and Trillian both use encryption to protect messages Enterprise AIM and Trillian both use encryption to protect messages

26 Social Engineering Obtaining of sensitive data by social means: pretending to be someone who has access Username/Password authentication makes IM moderately secure Unmonitored terminals are susceptible to social engineering Not like email, which allows for greater response time, IM demands an instant response/decision Informal nature

27 Technical IM Issues File transfers: Files cannot be scanned as they arrive, requires antivirus package on the local machine Files cannot be scanned as they arrive, requires antivirus package on the local machine Application sharing: Allows users to remotely control another computer Allows users to remotely control another computer Lots of security issues Lots of security issues

28 Legal IM Issues If wrong message is sent or overheard, litigation and criminal indictment could result Either all or nothing in terms of allowing IM Difficult to control, but easy to block IM ports SMS (Simple Messaging Service): IM client provided by most cell phone carriers

29

Download ppt "Wireless and Instant Messaging Katherine Morris 2-26-2004."

Similar presentations

Security+ All-In-One Edition Chapter 10 – Wireless Security

Security+ All-In-One Edition Chapter 10 – Wireless Security
Network Security.

Network Security.
Mobile Communication MMS.

Mobile Communication MMS.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University.

1 Wireless Security Presented at AMCIS 2002 Dallas, Texas By Dr. Robert J. Boncella Professor of CIS School of Business Washburn University.
Secure Socket Layer.

Secure Socket Layer.
 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.

 WAP WAP  Foundation Of WAP Foundation Of WAP  Benefits… Benefits…  Architecture… Architecture…  Layers of WAP protocol stack Layers of WAP protocol.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
CSC8530 Distributed Systems, Summer 2002 1 WAP Overview Amarnath Chitti.

"CSC8530 Distributed Systems", Summer WAP Overview Amarnath Chitti.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.

CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.

WAP: Wireless Application Protocol Mike Mc Ardle ACSG April, 2005.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Similar presentations

Ads by Google