Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless and Instant Messaging

Published byClara Parker Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireless and Instant Messaging"— Presentation transcript:

1 Wireless and Instant Messaging
Katherine Morris

2 Chapter Overview Wireless security issues
Efforts of the IEEE to combat security problems 802.11x standards WAP, WEP, & WTLS Wireless site survey IM security issues

3 802.11x standards group formed in 1990 as part of the IEEE standards body Soon groups ‘a’ thru ‘j’ were formed Now groups and are working on wireless PANs and MANs standards, respectively.

4 802.11x groups IEEE Working Group Primary Task Status of Work 802.11a
Worked to establish specifications for wireless data transmissions in the 5 GHz band Approved 1999 802.11b Worked to establish specifications for wireless data transmission in the 2.4 GHz band 802.11c Worked to establish wireless MAC bridging functionality Folded into d 802.11d Working to determine requirements that will allow to operate outside the US The work of this group is ongoing 802.11e Working to add multimedia and quality of service (QoS) capabilities to wireless MAC layer Proposal in draft form at the time of this writing 802.11f Working to allow for better roaming between multivendor access points and distribution systems 802.11g Working to provide raw data throughput over wireless networks at a rate of up to 54 Mbps Approved 802.11h Working to allow for European implementation requests regarding the 5 GHz band 802.11i Working to fix security flaws in WLANs by developing new security standards 802.11j Worked to create a global standard in the 5 GHz band by making high-performance LAN and a interoperable Disbanded

5 WAP 1.x Wireless Application Protocol
Mobile phones, pagers, PDAs, two-way radios Developed by WAP Forum Web content on computers vs. handhelds

6 WAP 1.x Stack Same concept as the OSI Model for web/Internet
More condensed, leaner Data transaction is as compressed as possible Layer WAP 1.x OSI/Web Application Wireless Application Environment (WAE) HTML JavaScript and others Session Wireless Session Protocol (WSP) HTTP Transaction Wireless Transaction Protocol (WTP) Security Wireless Transport Layer Security (WTLS) SSL/TLS Transport Wireless Datagram Protocol (WDP) TCP/IP TCP/UDP Lower Layer(s) Bearers (GPRS, TDMA, CDMA, etc.) IP Data Link Layer Physical Layer

7 WAP 1.x Stack WAP Gateway Wireless Application Layer (WAL) & WAE
Wireless Session Protocol (WSP) Wireless Transaction Protocol (WTP) Wireless Datagram Protocol (WDP)

8 WAP 1.x stack WAP Device WAP Server WAE WSP WTP WTLS WDP Bearer
WAP Gateway WSP HTTP WTP WTLS SSL WDP TCP Bearer IP WAP Server HTTP SSL TCP IP

9 WAP Gap WAP gateway Financial services companies
Possibility of capturing data is very small

10 WAP 2.0 Stack Security enhancements Suite of utilities WTLS vs. TLS
WAP 1.x stack replaced by standard Internet layers Elimination of the WAP Gap

11 WAP 2.0 Stack WAP Device WAE HTTP TLS TCP IP Wireless Web Server WAE
Wired WAP Proxy TCP IP Wireless Wired

12 WAP 2.0 Stack Features WAP Push User Agent Profile
Wireless Telephony Application External Functionality Interface (EFI) Multimedia Messaging Service (MMS)

13 Wireless Transport Layer Security Protocol (WTLS)
Provides authentication, data encryption, and privacy for WAP 1.x Scaled-down version of TLS Less processing power, memory, and battery life

14 WTLS Cont. 3 authentication classes:
Class 1: anonymous, client or gateway cannot authenticate each other Class 2: Only allows client to authenticate the gateway Class 3: Both client and gateway allowed to authenticate (requires Wireless Identity Card such as Smart Card in device)

15 Class 2 Authentication 4 steps:
1. WAP device sends a request for authentication 2. Gateway responds and sends its certificate with the public key 3. Receives certificate and public key then generates a unique random value 4. WAP gateway receives encrypted value and uses private key to decrypt it

16 Notes on Class 2 Authentication
TLS and WTLS distinguish between a connection and a session-session can exist over several connections In WAP 1.x, WTLS is optional In WAP 1.x, WTLS only encrypts data between the client and the gateway, WAP gap still exists Unsafe use of service set identifiers (SSIDs) Weak keys

17 WLAN Connects clients to each other or network resources using radio signals to pass data through the ether Access Points act as broadcast stations WNICs connect clients to the network

18 Wired Equivalent Privacy (WEP)
Optional security specified by protocol Used to encrypt data passed between the client and the APs Used to authenticate clients that request access to network resources Not considered adequate security

19 WEP Cont. Uses a symmetric key to authenticate wireless devices, not users Encrypts the transmissions of data APs and clients need to share the same key Client requests to send data or use the network Client then begins and challenge-and-response authentication process

20 WEP Weaknesses Initialization vector Sequence of random bytes
Appended to the front of data Sent in plaintext across the WLAN Only 24 bits long Reused on a regular basis

21 WEP Weaknesses Cont. Doesn’t require asymmetric authentication, in which each wireless device would use its own secret key More likely for the shared key to get into unauthorized hands more likely Keys are manually configured Critical information could get into the wrong authorized hands intentionally or unintentionally Rekeying should be done regularly, or chance of hacking is increased

22 General WLAN Security Holes
Easier for people to detect WLANs and jump on to the network War driving: most WLANs do not use WEP or any other form of encryption DoS attacks much easier/more likely WEP authenticates clients, not users

23 Conducting a wireless site survey
Conduct a needs assessment Obtain site’s blueprints Do a walk-through of the site Identify possible AP locations Verify AP locations Document your findings

24 Instant Messaging Real-time communications model
Either peer-to-peer or peer-to-network configuration Peer-to-peer: Clients talk directly to one another Does not rely on a central server Could expose each client’s IP address of machine Peer-to-network Central server DoS talks are becoming more frequent AOL Instant Messenger, MSN Messenger, Yahoo! Messenger, ICQ, and Internet Relay Chat (IRC)

25 IM Security Issues Messages are sent in plaintext, no inherent encryption unless user enables it Makes sessions vulnerable to packet sniffing, especially if the connection is not encrypted Solutions: Enabling private channel communication (MS NetMeeting) Enterprise AIM and Trillian both use encryption to protect messages

26 Social Engineering Obtaining of sensitive data by social means: pretending to be someone who has access Username/Password authentication makes IM moderately secure Unmonitored terminals are susceptible to social engineering Not like , which allows for greater response time, IM demands an instant response/decision Informal nature

27 Technical IM Issues File transfers: Application sharing:
Files cannot be scanned as they arrive, requires antivirus package on the local machine Application sharing: Allows users to remotely control another computer Lots of security issues

28 Legal IM Issues If wrong message is sent or overheard, litigation and criminal indictment could result Either all or nothing in terms of allowing IM Difficult to control, but easy to block IM ports SMS (Simple Messaging Service): IM client provided by most cell phone carriers

29

Download ppt "Wireless and Instant Messaging"

Similar presentations

Secure Socket Layer.

Secure Socket Layer.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.

CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Wireless Application Protocol (WAP) Reference: Chapter 12, section 2, Wireless Communications and Networks, by William Stallings, Prentice Hall.

Wireless Application Protocol (WAP) Reference: Chapter 12, section 2, Wireless Communications and Networks, by William Stallings, Prentice Hall.
Network and Internet Security

Network and Internet Security
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Wireless and Instant Messaging

Wireless and Instant Messaging
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
BY MOHAMMED ALQAHTANI (802.11) Security. What is 802.11 ? IEEE 802.11 is a set of standards carrying out WLAN computer communication in frequency bands.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Lectured By: Vivek Dimri Assistant Professor, CSE Dept. SET, Sharda University, Gr. Noida.

Lectured By: Vivek Dimri Assistant Professor, CSE Dept. SET, Sharda University, Gr. Noida.

Similar presentations

Ads by Google