Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Wireless Local Area Networks

Published byEmery Simpson Modified over 6 years ago

Similar presentations

Presentation on theme: "Security in Wireless Local Area Networks"— Presentation transcript:

1 Security in Wireless Local Area Networks

2 Basic Idea WLAN coverage has a radius of around 100 m typically. This covers several rooms or a small company with a few offices. Of course, actual coverage depends on where it is deployed, the material in the walls, the frequency range, other nearby radio sources, etc. WLANs offer a cheap alternative to running a wire to every office, allowing fast installation.

3 Many wireless access points (see below) work directly “out of the box,” requiring no configuration. The user simply plugs them into the network and a power outlet, and they work. The downside is that most devices default to being very open, with most security features disabled; these features often are overlooked for an “out of the box” installation. In addition, the users may not know that some of the security features are either limited or flawed.

4 The wireless station (WS) is the remote or mobile unit.
The access point (AP) or base station is the non mobile unit that connects the wireless network into a wire-based network. The AP acts as a bridge or router and usually has some protection mechanisms built in networks can be organized in two different ways: infrastructure or ad hoc.

5 A basic service set (BSS), identified by a 6-byte string, is a network formed by an AP and the wireless stations that are associated with it. An extended service set (ESS) is two or more BSSs that form a single logical network. As they move, wireless stations can switch seamlessly from one AP to another with no disruption of service. The APs coordinate the handoff among themselves, generally via an Ethernet connection.

6

7 Wireless Alphabet Soup
802.11a is a physical-layer standard that uses orthogonal frequency division multiplexing (OFDM) in the 5-GHz band, supporting speeds from 6 to 54 Mbps. 802.11a offers the highest speeds currently, although the range for the highest speeds I limited, and transmission rates drop to slower speeds beyond a short distance. 802.11a has leap-frogged over b as the fastest technology available, having a maximum speed of 54 Mbps. However, it faces competition from g, which provides similar speeds but with better signal propagation than a and is compatible with (soon to be legacy) b cards.

8 802. 11b uses DSSS in the 2. 4-GHz range to achieve faster speeds of 5
802.11b uses DSSS in the 2.4-GHz range to achieve faster speeds of 5.5 and 11 Mbps using complementary code keying (CCK) and is widely deployed. Wired-equivalent privacy (WEP) is the scheme to provide data protection. 802.11b is currently the most widely deployed version of cards for home and business but this will change rapidly as a and g become more widely available and less expensive.

9 802.11c provides required information to ensure proper bridging operations and is used when developing APs.

10 802. 11d provides “global harmonization
802.11d provides “global harmonization.” It defines physical-layer requirements to satisfy the different regulatory organizations in different parts of the world, e.g., United States, Japan, and Europe. This includes both the 2.4- and 5-GHz bands and only affects those developing products.

11 802. 11e extends the MAC layer of 802
802.11e extends the MAC layer of to provide quality-of-service (QoS) support for audio and video applications. These MAC-level changes will affect all operating frequencies (i.e., 2.4 and 5 GHz) and will be backwards-compatible with the existing protocol.

12 802.11f defines a standard so that different APs can communicate with each other. This “inter access point protocol” will allow wireless stations to “roam” from one AP to another. Currently, defines no standard, so each vendor can create its own incompatible means to implement roaming.

13 802. 11g specifies a higher-speed extension to the 2. 4- GHz band. 802
802.11g specifies a higher-speed extension to the 2.4- GHz band g extends b to support up to 54 Mbps. 802.11g uses OFDM rather than DSSS. Essentially, g is designed to make b compete with the bandwidth of a.

14 802. 11h provides “spectrum-managed 802
802.11h provides “spectrum-managed a” to address the requirements in Europe for use of the 5- GHz band. The functions provided include dynamic channel selection (DCS) and transmit power control (TPC), which will help to prevent any interference with satellite communications h eventually will replace a.

15 802.11i standardizes MAC enhancements for 802.11 security.
It is designed to address the problems and shortcomings of WEP, incorporating 802.1x and stronger encryption techniques, such as the advanced encryption standard (AES), the follow-on to DES. 802.11i updates the MAC layer to provide security for all protocols.

16 802.11j addresses 4.9- to 5.0-GHz operation in Japan (group formed on November 2002).
802.11k defines and exposes radio and network information to facilitate the management and maintenance of a wireless and mobile LAN. Also, it will enable new applications to be created based on this radio information, such as location-enabled services.

17 Wired-Equivalent Privacy (WEP)
WEP is the security scheme provided with b. Since wireless communication presents an easy target for casual eavesdropping. WEP was designed to raise the baseline security level to be comparable with standard wired Ethernet. Sniffing packets off a wired network requires a user to physically tap into the network; the WEP designers wanted to make sniffers go through a similar level of effort to get similar information from a wireless network.

18 WEP goals WEP was designed originally to support a few criteria. First, it had to be “reasonably strong.” Second, it had to be self-synchronizing. Stations must be able to resynchronize with the AP without requiring user intervention, such as a password, because the stations may go in and out of coverage frequently. Third, it must be computationally efficient so that it can be performed in either hardware or software because some processors may be low-power, low-speed devices. Fourth, it had to be exportable. Although the United States relaxed some of the encryption restrictions in January of as part of the “Wassenaar arrangement,” [wassenaar] other countries still tightly restrict encryption technology.

19 WEP consists of a secret key of either 40 or 104 bits (5 or 13 bytes)
and an initialization vector (IV) of 24 bits. Thus the total protection, as it is sometimes called, is 64 or 128 bits (often mistakenly referred to as 64- or 128-bit “keys” even though the keys are 40 or 104 bits). The key plus the IV is used to seed an RC4-based pseudorandom-number generator (PRNG). This sends a stream of pseudorandom numbers that is XORed with the data stream to produce the ciphertext. In addition, an integrity check value (ICV) indicates if the data stream was corrupted. The ICV is a simple CRC-32 checksum.

20

21 WEP data frame The WEP data frame, consists of an IV of 4 bytes, the data or protocol data unit (PDU) of 1 or more bytes, and the ICV of 4 bytes. The IV can be further divided into 3 bytes (24 bits) of the actual initialization vector plus 1 byte that uses 2 bits to specify a key and 6 bits of padding. With the 2 bits, the device can store up to four different secret keys (recall that the keys are not transmitted but are local to the device).

22

23 WEP encryption Compute the ICV using CRC-32 over the plaintext message. Concatenate the ICV to the plaintext message. Choose a random IV and concatenate it to the secret key, and use it as input to the RC4 PRNG to produce the pseudorandom key sequence. Encrypt the plaintext and the ICV by doing a bitwise XOR with the key sequence from the PRNG to produce the ciphertext. 5. Append the IV to the front of ciphertext.

24 WEP authentication

25 The wireless station (WS) sends an authentication request to the AP.
The AP sends a (random) challenge text T back to the WS. The WS sends the challenge response, which is text T, encrypted with a shared secret key. The AP sends an acknowledgment (ACK) if the response is valid and a NACK if it is invalid.

26 WPA Wi-Fi protected access (WPA) was created as an interim measure to increase the security of b networks. Recognizing that WEP has too many flaws but that it will still be some time before the IEEE adopts the i protocol for security. Instead of 40-bit keys, as used in WEP, WPA uses 128-bit keys for encryption and hashing to generate new “random” keys for each use. This key protocol is called the Temporal Key Integrity Protocol (TKIP). The Extensible Authentication Protocol (EAP) allows network administrators to select the method to use for authentication, such as biometric.

27 Encryption protocols The Temporal Key Integrity Protocol (TKIP) and the Counter Mode with CBC-MAC Protocol (CCMP) are two encryption algorithms supported by the i standard. TKIP. is a short-term fix for the weaknesses of WEP that maintains compatibility with existing hardware. TKIP requires four new algorithms: a message integrity code (MIC) called “Michael”; IV sequencing, a new per packet key construction; and a key distribution. TKIP was designed to fix the biggest flaws in WEP and provide protection against collision, weak key, forgery, and replay attacks.

28 TKIP extends the 24-bit IV to 48 bits, referred to as the TKIP sequence counter (TSC). While WEP never specified how often the IV should change, TKIP requires that the TSC be updated with every packet. The TSC is constructed from the first and second bytes of the WEP IV and adds 4 extra bytes as the extended IV. The initialization vectors are now required to be a strictly increasing sequence that starts at 0 when the base key is set.

Download ppt "Security in Wireless Local Area Networks"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
IE 419/519 Wireless Networks Lecture Notes #4 IEEE 802.11 Wireless LAN Standard Part #2.

IE 419/519 Wireless Networks Lecture Notes #4 IEEE Wireless LAN Standard Part #2.
Wireless LANs Ethernet and all its enhancements is the major wired LAN architecture today Beyond Ethernet, the fastest growing LAN architecture is wireless.

Wireless LANs Ethernet and all its enhancements is the major wired LAN architecture today Beyond Ethernet, the fastest growing LAN architecture is wireless.
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Wireless Networking.

Wireless Networking.

Similar presentations

Ads by Google