Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660."— Presentation transcript:

1 1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660

2 2 Agenda Overview of WLAN WEP and its weaknesses Promise of WPA - Modes of Operations - Security Mechanisms What is WPA2? Encryption Method Comparison Table Conclusions

3 3 WLAN Standards 802.11 1-2 Mbps speed 2.4 GHz band 802.11a (Wi-Fi) 54 Mbps speed 5 GHz band 802.11b (Wi-Fi) 11 Mbps speed 2.4 GHz band 802.11g (Wi-Fi) 54 Mbps speed 2.4 GHz band WLAN components Wireless Clients Access Points Requirements for secure WLAN Encryption and Data Privacy Authentication and Access Control Overview of WLAN

4 4 Security Mechanism – Wired Equivalent Privacy Confidentiality, Access Control and Data Integrity Both WEP Authentication and encryption are based on a secret key shared between AP and wireless client WEP uses RC4 encryption algorithm  Symmetric Key stream Cipher  variable length key  64 bit = 40 bit WEP key and 24 bit random number known as IV to encrypt the data  Encryption: stream cipher  plaintext = cipher text  Sender sends the packet = cipher text + IV to receiver  Decryption: WEP key and attached IV

5 5 WEP Encryption WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65

6 6 Two modes of authentication:  Open System ( “No Authentication”)  Shared Key WEP Authentication Client Access Point Authentication request Random challenge Encrypted RC Success/failure response

7 7 A single key is used for all AP’s and wireless clients Static WEP key ~ Dynamic WEP Key Same key used for Access Control and Encryption which gives rise to problems Initialization Vector (IV) Reuse C i = P i  ks i and C i ’= P i ’  ks i ’ Therefore, C i  C i ’= P i  P i ’ Known Plain text attacks WEP provides no replay protection When WEP was available it was not always turned on WEP Weaknesses

8 8 stronger security solution via standards-based interoperable security specification known as WPA (Wi-Fi specification) WPA is a subset of 802.11i standard and maintains forward compatibility Run as software upgrade on AP’s and NIC’s and minimizes the impact of network performance Inexpensive in terms of cost/time to implement and addresses all WEP weaknesses Secure all versions of 802.11 devices including 802.11b, 802.11a and 802.11g Promise of WPA - Wireless Protected Access

9 9 Enterprise Mode: - Requires an authentication server – RADIUS (Remote Authentication Dial In Service) for authentication and key distribution - RADIUS has centralized management of user credentials Pre-shared key (PSK) Mode: - Does not require authentication server - A “shared secret” is used for authentication to access point - vulnerable to dictionary attacks WPA - Modes of Operation

10 10 Enterprise Mode Diagram http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

11 11 PSK Mode Diagram http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

12 12 Needed if no authentication server is in use “shared secret” – revealed, network security is compromised No standardized way of changing shared secret It increases the attacker’s effort to do decryption of messages The more complex the shared secret is, the better it is as there are less chances of dictionary attacks Issues of PSK Mode

13 13 Security Mechanisms in WPA http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf

14 14 802.1X Authentication prevents end users from accessing Enterprise networks http://www.mtghouse.com/MDC_WP_052603.pdf

15 15 Simpler Representation Authenticator (Access Point) Initiates connection Supplicant (Wireless Client) Port = enabled State = unauthorized requests identity responds with identity Response ACCEPT/REJECT Supplicant’s Port = enabled State = authorized Forwards the identity Forwards Response requests identity from RADIUS Forwards the request RADIUS passes its identity Access points forwards the identity RADIUS

16 16 Mutual Authentication http://www.mtghouse.com/MDC_WP_052603.pdf

17 17 TKIP is responsible for generating the encryption key, encrypting the message and verifying its integrity TKIP ensures: - Encryption key changes with every packet - Encryption key is unique for every client - TKIP encryptions keys are 256 bit long WEP Encryption key = shared secret + IV TKIP packet comprises of: - 128 bit temporal key (shared by both clients and AP) - Client Device MAC address - 48 bit IV (Packet sequence number) to prevent known plain text attacks (WEP = 24 bit IV) TKIP – Temporal Key Integrity Protocol

18 18 TKIP key mixing function + temporal key = per packet key Temporal keys - 128 bit, change frequently, definite life MAC Address + Temporal key + four most significant octets of the packet sequence number are fed into the S-Box to generate intermediate key Results in a unique encryption key Then, mix the intermediate key with two least significant octets of packet sequence number = 128 bit per packet key Each key encrypts only one packet of data and prevents weak key attacks TKIP for Data Privacy

19 19 Used to enforce data integrity “Message Integrity Code” (MIC) = 64 bit message calc. using Michael’s algorithm MIC is inserted in the TKIP packet The sender and the receiver each compute MIC and then compare. MIC does not match = data is manipulated Detects potential packet content altercation due to transmission error or purposeful manipulation Uses 64 bit key and partitions the data into 32 bit blocks Various operations: shifts, XOR’s, additions Michael Message Integrity Check

20 20 WEP vs. WPA http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf

21 21 Vulnerable to Denial-of-Service Attacks AP receives 2 data packets that fail MIC check within 60 seconds -  active attack Counter measure for AP’s which includes disassociating each client using the AP Prevents the attacker from getting encryption keys Users can loose network connectivity for 60 seconds Drawbacks of WPA

22 22 Uses the Advanced Encryption Standard (AES) Symmetric key block 128 bit key Full 802.11i support including Counter Mode with CBC- MAC Protocol (CCMP) encryption CCMP = CTR + CBC + MAC Will require or replacement hardware (AP’s and NIC’s) Certified Equipments due in late 2004 Upcoming WPA2

23 23 Encryption Method Comparison Table http://www.wi-fi.org/opensection/pdf/Wi-Fi_ProtectedAccessWebcast_2003.pdf

24 24 WEP is not secure anymore ! WPA solves almost all WEP weaknesses WPA still considered secure and provides secure authentication, encryption and access control WPA is not yet broken…! WPA2 is a stronger cipher than WPA and will provide robust security for WLANs Conclusions

25 25 References WLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-65 Wireless networking security: Security flaws in 802.11 data link protocols, Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker; Communications of the ACM-Volume 46, Issue 5 (May 2003), Pages 35-39 http://www.cizgi.com.tr/makaleler/seminer/S2-1.pdf http://www.dtm.ca/download/wireless_toshiba.pdf http://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf http://www.mtghouse.com/MDC_WP_052603.pdf

26 26 http://www.sans.org/rr/papers/68/1109.pdf http://www.sans.org/rr/papers/68/1301.pdf http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf http://www.wi-fi.org/opensection/pdf/Wi- Fi_ProtectedAccessWebcast_2003.pdf http://www.hackfaq.org/wireless-networks/wpa-wi-fi-protected-access.shtml http://techrepublic.com.com/5100-6265-5060773.html References

Download ppt "1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Similar presentations

Ads by Google