Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.

Published byReginald Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop."— Presentation transcript:

1 Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop

2 Wireless link layer encryption ● Once people started puting data on the air the desire to protect that data became readily apparent. ● Multiple Goals – Restrict access to the wireless network – Protect the traffic from observation – Data integrity – Preclude man in the middle.

3 MAC filtering. ● Early approach – Preclude MAC address from associating with an AP – Provides no on-the-air protection – Does limit access to the network ● But only to really stupid hackers

4 WEP ● Wired Equivalent Privacy ● And approach to shared key encryption that was supposed to provide equivalent to wired protection for wireless traffic ● Turns out it wasn't... ● Built in the era of watered down encryption due to export restrictions. ● It turned out that 64bit wep keys were a bit more vulnerable to factoring (40 bits or less) than previously thought. With the result that the key can be recovered in a matter of minutes.

5 WPA and WPA2 ● WPA (Wifi Protected Access) was prepared by the IEEE as an immediate and intermediate setup to address the limitations in WEP. ● The full 802.11i standard when available was implemented by devices with WPA2 logo compliance ● Unfortunately there are a range of implementations. – Older devices that only support WEP, – Standard Windows XP machines that can support WEP or WPA – Systems with new drivers that support WPA2 – ETC

6 TWO flavors of WPA/WPA2 ● Enterprise – Uses an 802.1x authentication manager ● Personal – Supports the use of pre-shared keys. – One improvement over WEP is the use of Temporal Key Integrity Protocol (TKIP). Keys are changed dynamically as the system is used with the result that attacks against the keys used on the network become much more challenging.

7 WPA/WPA2 personal challenges ● The shared keys is known by other humans and generally has to be stored. So... – It can be lost and re-keying means distributing a new key – If you have the key you can create a rogue access point because there's no convenient way to authenticate the access point to the client.

8 WPA/WPA2 Enterprise ● WPA has an incomplete pre-standard implementation of the enterprise profile so WPA2 enterprise really should be the only serious consideration if pre-shared key is inadequate. – Cisco didn't help the situation any by implementing an early incomplete and not very secure variant in Cisco CCX (Cisco certified extensions) based on mschap called Cisco LEAP. ● WPA2 uses the IETF EAP (Extensible Authentication Protocol) for which there are an number of plugin authentication modules.

9 WPA2 eap methods ● Most relevant methods: – EAP TLS, based on a secure sockets layer key exchange. Allows for strong mutual authentication (client to network and network to client). Perversely while it may be the strongest method, it's seldom implemented because the certificate management and distribution is considered onerous (users certificated need to be installed on each system they use).

10 WPA2 EAP methods ● EAP PEAP – The protected extensible authentication protocol – Uses server side certificates to authenticate the server. – Authentication on the client side is done via mschapv2 (ie username and password)

11 802.1x EAP 1) The authenticator sends out the EAP-Request identity to the connecting supplicant the supplicant responds with the EAP- response packet 2) The authenticator forwards to the authenticating server. The authenticating server accepts the request, the authenticator sets the port to the "authorized" mode and 3) Normal traffic is allowed

12 WPA2 data ● In WEP and WPA once the shared key was defined the rc4 stream cipher was used to secure the data on the wire. ● With WPA2 the AES block cipher is now used.

13 EAP and FreeRadius ● One of the reference implementations of eap authentication is in Free Radius. ● Naturally that make it an attractive target for deployment as an authentication server. ● Leveraging a centralized store of authentication credentials can be an attractive way to deploy multiple services. – Might end up with a model such an ldap backend and a Free Radius front-end for authentication and perhaps accounting.

14 About the exercise. ● It is common for equipment where both ends are controlled by the same party (a network operator) for the equipment to be configured using a mutually shared secret. (tcp md5 for example, radius clients nad servers for another) ● We are going to configure both ends of our radio link to use the same wpa2-tkip shared secret. ● We're also going to lock the mac addresses on both ends of the link not so much as a security feature but rather to prevent the APs from roaming if another radio with the same ssid came online.

15 Bibliography ● EAP PEAP authentication setup on ubuntu http://ubuntuforums.org/showthread.php?t=478804 http://ubuntuforums.org/showthread.php?t=478804 ● EAP PEAP setup in freeradius wiki ● http://ubuntuforums.org/showthread.php?t=478804 http://ubuntuforums.org/showthread.php?t=478804

Download ppt "Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)

Wireless Router Setup. Internet Cable Internet Cable (Blue) Machine Cable (Yellow) Power Plug (Black) Reset Button (Red)
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Similar presentations

Ads by Google