Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp."— Presentation transcript:

1 Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp

2 Outline  Why Wireless?  Overview Security in Wirelss Networking  WEP  Authentication  Integrity  Encryptions  Off Standard: Access Control List  Attacks  Future Solution

3 Wireless?  Wire: Limited by power and LAN cable  Mobility  unwire  Laptop & Wireless  Simple Installation  Convenience to use  Cost of equipment  Popularity

4 Wireless Standards  IEEE 802.11b  11Mbps 2.4Ghz band Unlicensed, 1999  IEEE 802.11a  54Mbps, 5Ghz band Licensed  IEEE 802.11g  54Mbps 2.4Ghz band Unlicensed, 2003  IEEE 802.11i: (Amendment)

5 Overview Wireless  Wi-Fi : Wireless Fidelity  Hotspot: Where you can have Wi-Fi access  Two types of Wireless Networking  ad hoc: meeting or conference (no internet)  Infrastructure: base station & clients  Connect to external Network (Internet)  Needs: Access point and/or Wireless NIC

6 Overview Security in Wireless Protocol: WEP Authentication (challenge & Response) Integrity: CRC-32 Encryption: Stream cipher, RC4, with IV

7 WEP  Wired Equivalent Privacy Protocol  Security behind the Wi-Fi  Designed to encrypt and decrypt data for Wi-Fi  Disable or 40 bit keys or 104 bit keys  Uses RC4 encryption algorithm  64 bits for RC4 keys or none  40 bits for WEP key & 24 bits for IV

8 Authentication in WEP  Open & Shared Key  Picture from Mark Stamp  Problem: Know Plaintext Attack Nonce N E(N, K A-B ) Request for shared key auth. Authentication response Alice Bob (base station)

9 Access Control List (not in WEP)  Created by Vendors, not in 802.11 Family  Identity Problem: Who you are?  Based on the shared Key?  Only one shared Key  Access List: a list of MAC addresses  Failure: MAC addresses can be modifiable  Open source device drivers

10 Encryption in WEP  IV + Secret Key XOR Plaintext  IV is only 24 bits, too short  40 bits for WEP is still too short  Remember: The other 64 bits for RC4  Given P1 = P2 then C1 = C2  No session Key, One key for all operations  Encryption and Decryption  Access point & Users

11 Integrity in WEP  No protect against replays  (No sequence Number in Packet)  CRC-32 checksum is not good enough for integrity in experiment  High Possibility of Collision

12 Key Management in WEP  No key distribution systems   Static Key and the same key for everything  Manually Enter the secret key in Both sides  Not practice, is often ignored

13 Attacks in WEP  Numerous Attacks since 2001  Fluhrer-Mantin-Shamir (FMS) attacks  Publicly Released the tools to attack WEP  Off-the-Shelf Hardware and Software  Impossible to detect  Only a couple of hours

14 Solution: IEEE 802.11i  A Future Standard for Wi-Fi  IEEE 802.11i still Amendment  Two new Protocols to address above issues  New key management: IEEE802.1X  Short Term Solution: TKIP  Long Term Solution: CCMP

15 TKIP  Temporal Key Integrity Protocol  No new hardware required but  firmware upgrade & driver upgrade  Three element:  A message integrity code  A packet sequencing  A per-packet key mixing function  128-bit Encryption, 64-bit Authentication

16 CCMP  Counter-Mode-CBC-MAC Protocol  New Protocol in 802.11i  required new hardware  Many properties similar to TKIP  Free from constraints of existed Hardware  RC4 replaced by AES  AES 128-bit, 48-bit IV, no per-packet key  Fix all well known WEP flaws

17 The End  Good-bye

Download ppt "Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.

Wireless Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Similar presentations

Ads by Google