Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 29 Security in IEEE Dr. Ghalib A. Shah

Published byCandace Mason Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 29 Security in IEEE Dr. Ghalib A. Shah"— Presentation transcript:

1 Lecture 29 Security in IEEE 802.11 Dr. Ghalib A. Shah
Wireless Networks Lecture 29 Security in IEEE Dr. Ghalib A. Shah

2 Outlines Types of Attack Goals of 802.11 Security WEP Protocol
WEP Authentication Security flaws in original 802.1x Security AKM Operations with AS AKM operations with PSK IBSS Security model

3 Last Lecture Introduction Routing Protocol What is Ad hoc networks?
Characteristic (Heterogeneous, Self-creating, self-organizing, self-adminstrating, on-the-fly) Ad hoc vs. cellular networks Challenges (Spectrum allocation, Self-configuration, Medium access control (MAC), Energy efficiency, TCP Performance, Mobility management, Security & privacy, Routing protocols, Multicasting, QoS, Service Location, Provision, Access) Routing Protocol Expected Properties of Ad-hoc Routing Protocols A taxonomy for routing protocols in Mobile ad Some common protocols (DSDV, AODV, DSR, ZRP, TORA)

4 Types of Attacks Passive attacks Active attacks
to decrypt traffic based on statistical analysis Active attacks To inject new traffic from authorized mobile stations, based on known plaintext To decrypt traffic, based on tricking the access point Dictionary building attacks Allows real-time automated decryption of all traffic

5 802.11 Security Goals of 802.11 security
Access Control Ensure that your wireless infrastructure is not used. Data Integrity Ensure that your data packets are not modified in transit. Confidentiality Ensure that the contents of your wireless traffic is not learned security consists of two subsystems A data encapsulation technique called Wired Equivalent Privacy (WEP) An authentication algorithm called Shared Key Authentication

6 WEP Wireless connections has important security issues to keep the intruders from accessing, reading and modifying the network traffic. But mobile systems need to be connected. We need an algorithm which provides the same level of security that physical wire does. WEP is used to Protect wireless communication from eavesdropping. Prevent unauthorized access to wireless network (feature of WEP, but not an explicit goal in the standard)

7 Secret Key is used to encrypt packets before they are transmitted
WEP relies on a secret key which is shared between the sender and the receiver. SENDER: Mobile station (e.g. Labtop with a wireless ethernet card) RECEIVER: Access Point (eg. base station) Secret Key is used to encrypt packets before they are transmitted Integrity Check is used to ensure packets are not modified in transit. The standard does not discuss how shared key is established In practice, most installations use a single key which is shared between all mobile stations and access points.

8 WEP Protocol To send a message M: When received a message M
Compute a checksum c(M) (is not depend on secret key k) Pick an IV v and generate a keystream RC4(v,k) XOR <M, c(M)> with the keystream to get the ciphertext Transmit v and ciphertext over a radio link When received a message M Use transmitted v and the shared key k to generate the keystream RC4(v,k) XOR the ciphertext with RC4(v,k) to get <M’,c’> Check is c’=c (M’) If it is, accept M’ as the message transmitted

9 WEP Encapsulation WEP Encapsulation Summary:
Hdr Data Encapsulate Decapsulate Hdr Data IV ICV WEP Encapsulation Summary: Encryption Algorithm = RC4 Per-packet encryption key = 24-bit IV concatenated to a pre-shared key WEP allows IV to be reused with any frame Data integrity provided by CRC-32 of the plaintext data (the “ICV”) Data and ICV are encrypted under the per-packet encryption key

10 Defense of WEP Integrity Check(IC) field Initialization Vector(IV)
Used to ensure that packet has not been modified in transit Initialization Vector(IV) Used to avoid encrypting two ciphertexts with the same key stream Used to argument the shared key and produce a different RC4 key for each packet to avoid statistical attacks

11

12 WEP Authentication AP STA 802.11 Authentication Summary:
Shared secret distributed out of band Challenge (Nonce) Response (Nonce RC4 encrypted under shared key) Decrypted nonce OK? Authentication Summary: Authentication key distributed out-of-band Access Point generates a “randomly generated” challenge Station encrypts challenge using pre-shared secret

13 Security Flaws Physical threat: user loses NIC, doesn’t report it Attacker with physical possession of NIC may be capable of accessing the network Impersonation: User Identification does not identify users, only NICs Problems MAC may represent more than one user Multi-user machines becoming common; which user is logged on with which MAC? Users may move between machines Machine may allow logins by other users within the domain

14 Mutual Authentication
shared authentication not mutual Client authenticates to Access Point but Access Point does not authenticate to client Enables rogue access points Denial of service attacks possible Solution Mutual authentication: Require both sides to demonstrate knowledge of key Known Plaintext Attack WEP supports per-packet encryption, integrity, but not per-packet authentication Given a known packet (ARP, DHCP, TCP ACK, etc.), possible to recover RC4 stream Enables spoofing of packets until IV changes Can insert a packet, calculate ICV, encrypt with known RC4 stream Add a keyed message integrity check Change the IV every packet

15 Denial of Service: Disassociation Attacks
associate/disassociate messages unencrypted and unauthenticated Enables forging of disassociation messages Creates vulnerability to denial of service attacks Dictionary Attacks WEP keys are derived from passwords that makes it much easier to break keys by brute force Attacker uses a large list of words to try to guess a password and derive the key

16 How to address these issues
Addition of new authentication methods Hardware changes needed for each new method Creates incentive to limit number of authentication methods supported, make new methods optional Result: No upgrade path to extended authentication “Hard coding” authentication methods makes it difficult to respond to security vulnerabilities The solution: a flexible security framework Implement security framework in upper layers Enable plug-in of new authentication, key management methods without changing NIC or Access Point

17 How 802.1x Address Security Issues of 802.11
EAP Framework User Identification & Strong authentication Dynamic key derivation Mutual authentication Per-packet authentication Dictionary attack precautions

18 system setup and operation of an RSN, in two cases: when an IEEE 802
system setup and operation of an RSN, in two cases: when an IEEE 802.1X AS is used and when a PSK is used For an ESS, the AP includes an Authenticator, and each associated STA includes a Supplicant.

19 Authentication Server
IEEE 802.1X Terminology Authenticator Authentication Server Supplicant Controlled port Uncontrolled port 802.1X created to control access to any 802 LAN used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)

20 AKM Operation with AS Prior to any use of IEEE 802.1X, IEEE assumes that the Authenticator and AS have established a secure channel. A STA discovers the AP’s security policy through passively monitoring Beacon frames or through active probing If IEEE 802.1X authentication is used, the EAP authentication process starts when the AP’s Authenticator sends the EAP-Request or the STA’s Supplicant sends the EAPOL-Start message. EAP authentication frames pass between the Supplicant and AS via the Authenticator and Supplicant’s Uncontrolled Ports. The Supplicant and AS authenticate each other and generate a PMK. The PMK is sent from the AS to the Authenticator over the secure channel.

21

22 A 4-Way Handshake utilizing EAPOL-Key frames is initiated by the Authenticator to do the following:
Confirm that a live peer holds the PMK. Confirm that the PMK is current. Derive a fresh pairwise transient key (PTK) from the PMK. Install the pairwise encryption and integrity keys into IEEE Transport the group temporal key (GTK) and GTK sequence number from Authenticator to Supplicant and install the GTK and GTK sequence number in the STA and, if not already installed, in the AP. Confirm the cipher suite selection.

23 Upon successful completion of the 4-Way Handshake,
the Authenticator and Supplicant have authenticated each other; and the IEEE 802.1X Controlled Ports are unblocked to permit general data traffic.

24 Operation of AKM with PSM
The following AKM operations are carried out when the PMK is a PSK: A STA discovers the AP’s security policy through passively monitoring Beacon frames or through active probing A STA associates with an AP and negotiates a security policy. The PMK is the PSK. The 4-Way Handshake using EAPOL-Key frames is used just as with IEEE 802.1X authentication, when an AS is present. The GTK and GTK sequence number are sent from the Authenticator to the Supplicant just as in the AS case.

25 IBSS Key usage Model In an IBSS, the unicast data frames between two STAs are protected with a pairwise key. The key is part of the PTK, which is derived during a 4-Way Handshake. In an IBSS, the broadcast/multicast data frames are protected by a key, e.g., named B1, that is generated by the STA transmitting the broadcast/multicast frame. To allow other STAs to decrypt broadcast/multicast frames, B1 must be sent to all the other STAs in the IBSS. B1 is sent in an EAPOL-Key frame, encrypted under the EAPOL-Key encryption key (KEK) portion of the PTK, and protected from modification by the EAPOL-Key confirmation key (KCK) portion of the PTK. In an IBSS, a STA’s SME responds to Deauthentication frames from a STA by deleting the PTK SA associated with that STA.

26 Summary Types of Attack Goals of 802.11 Security WEP Protocol
WEP Authentication Security flaws in original 802.1x Security AKM Operations with AS AKM operations with PSK IBSS Security model Next Lecture QoS in WLAN and Mobile IP

Download ppt "Lecture 29 Security in IEEE Dr. Ghalib A. Shah"

Similar presentations

Doc.: IEEE 802.11-04/1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,

Doc.: IEEE /1186r0 Submission October 2004 Aboba and HarkinsSlide 1 PEKM (Post-EAP Key Management Protocol) Bernard Aboba, Microsoft Dan Harkins,
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Your 802.11 Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.

Your Wireless Network has No Clothes CS 395T William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Similar presentations

Ads by Google