Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11."— Presentation transcript:

1 E-mail: kemal@cs.siu.edu
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE Security - 2 Dr. Kemal Akkaya Wireless & Network Security

2 How about using Virtual Private Networking (VPN) for better Security?
Deploying a secure VPN over a wireless network can greatly increase the security of your data Idea behind this is to treat the wireless network the same as an insecure wired network (the internet). Any user get authenticates through a server Can use the network as if he/she is on the network Campus network, business etc. Not a good solution: Overhead Deployment Performance Susceptible to denial of service (DOS) attacks, along with any attack against the specific VPN Wireless & Network Security

3 Solutions for better IEEE 802.11 Security
IEEE 802.1x Per-user authentication Key distribution mechanism Wi-Fi Protected Access (WPA) Proposed in 2003 Subset of i Two forms: 802.1x + EAP + TKIP + MIC Pre-shared Key + TKIP + MIC IEEE i – WPA2 802.1x + EAP + AES + CCM But WEP is still in wide use Wireless & Network Security

4 IEEE 802.1X 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks. Uses EAP (Extensible Authentication Protocol) for implementation It works along with the protocol to manage authentication for WLAN clients Centralized authentication All clients go through APs Interoperability: Can work along with NICs running WEP Three main components: Supplicant Authenticator Authentication Server Wireless & Network Security

5 IEEE 802.1X Authentication Process
Client makes an association with AP AP places client in an unauthenticated holding area; AP sends an authentication request to client Client sends user ID to AP, which forwards it to server Server sends challenge via AP to client Challenge type up to vendor Secret info is not sent over air in plaintext Client responds to challenge Server verifies response, provides fresh session keys Wireless & Network Security

6 IEEE 802.1X Authentication Process
Authentication session Auth Server “RADIUS” AP Client Let me in! What’s your ID? ID = Is OK? Prove to me that you are The answer is “xxx” Let him in. Here is the session key. Come in. Here is the session key. network EAP Challenge/ Authentication Encrypted session Wireless & Network Security

7 WPA (Wi-Fi Protected Access)
Pre-standard subset of IEEE i Interim solution to run on existing wireless hardware Uses Temporal Key Integrity Protocol (TKIP) for data encryption and confidentiality On October 31, 2002, the Wi-Fi Alliance endorsed TKIP under the name Wi-Fi Protected Access (WPA). TKIP Changes Still uses RC4, 128 bits for encryption Key mixing function for combining the secret root key with the IV Merely concatenation in WEP Provisions for changing base keys Secret part of encryption key changed in every packet Avoids weak keys IV acts as a sequence counter Starts at 0, increments by 1 Against replay attacks Packets received out of order will be rejected by the AP Wireless & Network Security

8 WPA Changes for Integrity
Includes Michael: a Message Integrity Code (MIC) 64 bits Replaces the CRC Different keys for MIC and encryption Observer cannot create new MIC to mask changes to data Computationally Efficient Increases IV from 24 bits to 64 bits 900 years to repeat an IV at 10k packets/sec For WEP this is done in 30 mins Authentication 2 forms based on 802.1X: Per-user based: Public key Pre-shared key: same key – WPA-PSK Wireless & Network Security

9 Final Standard: i The long-awaited security standard for wireless Ratified in June 2004 Also known as WPA2 for the market Another name is Robust Security Network (RSN) Hardware manufactured before 2002 is likely to be unsupported AES requires a new dedicated chip From March 2006, WPA2 certification is mandatory for all new devices Addresses the main problems in WEP Components: 802.1X based Authentication CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) RSN based associations Wireless & Network Security

10 More WPA2 CCMP Key Caching Pre-authentication
Uses Advanced Encryption Standard (AES) Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key and a 128-bit block. Uses CCM Encrypts data and MIC Key Caching Skips re-entering of the user credential by storing the host information on the network APs can store keys Fast re-connection Pre-authentication If previously authenticated Allows client to become authenticated with an AP before moving to it Uses previous authentication info Useful in encrypted VoIP over Wi-Fi Fast Roaming Wireless & Network Security

11 802.11i Summary Wireless & Network Security

Download ppt "E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.

Understanding and Achieving Next-Generation Wireless Security Motorola, Inc James Mateicka.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Similar presentations

Ads by Google