Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN."— Presentation transcript:

1 Wireless Security

2 Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN Regional Wireline Regional Voice Cell Cable Modem LAN Premises- based WLAN Premises- based Operator- based H.323 Data RAS Analog DSLAM H.323

3 How can it affect cell phones? r Cabir worm can infect a cell phone m Infect phones running Symbian OS m Started in Philippines at the end of 2004, surfaced in Asia, Latin America, Europe, and later in US m Posing as a security management utility m Once infected, propagate itself to other phones via Bluetooth wireless connections m Symbian officials said security was a high priority of the latest software, Symbian OS Version 9. r With ubiquitous Internet connections, more severe viruses/worms for mobile devices will happen soon …

4 Outlines r 802.11 Basics r Security in 802.11b: WEP r WPA and WPA2

5 IEEE 802.11 Wireless LAN r 802.11b m 2.4-5 GHz unlicensed radio spectrum m up to 11 Mbps m widely deployed, using base stations r 802.11a m 5-6 GHz range m up to 54 Mbps r 802.11g m 2.4-5 GHz range m up to 54 Mbps r All use CSMA/CA for multiple access r All have base-station and ad-hoc network versions

6 Base station approch r Wireless host communicates with a base station m base station = access point (AP) r Basic Service Set (BSS) (a.k.a. “cell”) contains: m wireless hosts m access point (AP): base station r BSS’s combined to form distribution system (DS)

7 Ad Hoc Network approach r No AP (i.e., base station) r wireless hosts communicate with each other m to get packet from wireless host A to B may need to route through wireless hosts X,Y,Z r Applications: m “laptop” meeting in conference room, car m interconnection of “personal” devices m battlefield

8 Outlines r 802.11 Basics r Mobile link access: CDMA/CA r Security in 802.11b r Example and more attacks r Trend: 802.16 Wireless MAN

9 802.11b: Built in Security Features r Service Set Identifier (SSID) r Differentiates one access point from another r SSID is cast in ‘beacon frames’ every few seconds. r Beacon frames are in plain text!

10 Associating with the AP r Access points have two ways of initiating communication with a client r Shared Key or Open Key authentication r Open key: need to supply the correct SSID m Allow anyone to start a conversation with the AP r Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

11 How Shared Key Auth. works r Client begins by sending an association request to the AP r AP responds with a challenge text (unencrypted) r Client, using the proper WEP key, encrypts text and sends it back to the AP r If properly encrypted, AP allows communication with the client

12 Wired Equivalent Protocol (WEP) r Primary built security for 802.11 protocol r Uses 40bit RC4 encryption r Intended to make wireless as secure as a wired network r Unfortunately, since ratification of the 802.11 standard, RC4 has been proven insecure, leaving the 802.11 protocol wide open for attack

13 Case study of a non-trivial attack r Target Network: a large, very active university based WLAN r Tools used against network: m Laptop running Red Hat Linux v.7.3, m Orinoco chipset based 802.11b NIC card m Patched Orinoco drivers m Netstumbler Netstumbler can not only monitor all active networks in the area, but it also integrates with a GPS to map AP’s m Airsnort Passively listen to the traffic r NIC drivers MUST be patched to allow Monitor mode (listen to raw 802.11b packets)

14 Wi-Fi Protected Access (WPA) r Flaws in WEP known since January 2001 - flaws include weak encryption (keys no longer than 40 bits), static encryption keys, lack of key distribution method. r In April 2003, the Wi-Fi Alliance introduced an interoperable security protocol known as WiFi Protected Access (WPA), AKA the IEEE 802.11i. r WPA was designed to be a replacement for WEP networks without requiring hardware replacements. r WPA provides stronger data encryption (weak in WEP) and user authentication (largely missing in WEP).

15 WPA Security Enhancements r WPA includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms. r The combination of these two mechanisms provides dynamic key encryption and mutual authentication r TKIP adds the following strengths to WEP: m Per-packet key construction and distribution: WPA automatically generates a new unique encryption key periodically for each client. In fact, WPA uses a unique key for each 802.11 frame. This avoids the same key staying in use for weeks or months as they do with WEP. m Message integrity code: guard against forgery attacks. m 48-bit initialization vectors, use one-way hash function instead of XOR

16 WPA2 r In July 2004, the IEEE approved the full IEEE 802.11i specification, which was quickly followed by a new interoperability testing certification from the WiFi Alliance known as WPA2. r Strong encryption and authentication for infrastructure and ad-hoc networks (WPA1 is limited to infrastructure networks) r Support for the CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) encryption mechanism based on the AES as an alternative to the TKIP protocol m AES is the equivalent of the RC4 algorithm used by WPA. m CCMP is the equivalent of TKIP in WPA. Changing even one bit in a message produces a totally different result.

17 WPA2 r TKIP was designed as an interim solution for wireless security, with the goal of providing sufficient security for 5 years while organizations transitioned to the full IEEE 802.11i security mechanism. r As of March 2006, the WPA2 certification became mandatory for all new equipment certified by the Wi-Fi Alliance, ensuring that any reasonably modern hardware will support both WPA1 and WPA2.

18 Quiz on Tech Integration r Select technology from the following list to satisfy the PCI compliance requirements m Basically use the Cisco table in the pdf slides.

19 Project Part III Presentation r Summary of the problem statement and related work r Your technical solution and comparison w/ existing work r Property analysis of your solution m the cost/risk analysis: Both the system purchase and maintenance cost. Compared with existing work. m feasibility analysis: Is it easy to be adopted by the IT and other users of your company/institute? Is it incrementally deployable or require complete tear- down? m business/legal consequence. r Every team will have a time limit of 20 minutes for presentation which will be strictly enforced.

20 Backup Slides

21 Assessing the Network r Using Netstumbler, the attacker locates a strong signal on the target WLAN r WLAN has no broadcasted SSID r Multiple access points r Many active users r Open authentication method r WLAN is encrypted with 40bit WEP

22 Cracking the WEP key r Attacker sets NIC drivers to Monitor Mode r Begins capturing packets with Airsnort r Airsnort quickly determines the SSID r Sessions can be saved in Airsnort, and continued at a later date so you don’t have to stay in one place for hours r A few 1.5 hour sessions yield the encryption key r Once the WEP key is cracked and his NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN

23 Summary of MAC protocols r What do you do with a shared media? m Channel Partitioning, by time, frequency or code Time Division,Code Division, Frequency Division m Random partitioning (dynamic), ALOHA, CSMA, CSMA/CD carrier sensing: easy in some technologies (wire), hard in others (wireless) CSMA/CD used in Ethernet

24 Solution

Download ppt "Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Comp 361, Spring 20056:Basic Wireless 1 Chapter 6: Basic Wireless (last updated 02/05/05) r A quick intro to CDMA r Basic 802.11.

Comp 361, Spring 20056:Basic Wireless 1 Chapter 6: Basic Wireless (last updated 02/05/05) r A quick intro to CDMA r Basic
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.

Overview r Ethernet r Hubs, bridges, and switches r Wireless links and LANs.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless Security.

Wireless Security.

Similar presentations

Ads by Google