Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath."— Presentation transcript:

1 802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath

2 Wireless Networks? Beer….huh?

3 Presentation Outline 802.11 Protocol Overview 802.11 Protocol Overview 802.11 (in)Security 802.11 (in)Security Wireless LAN Attacks Wireless LAN Attacks Software Demonstration Software Demonstration

4 802.11 Protocol Overview IEEE Wireless LAN Standard IEEE Wireless LAN Standard Operates on ISO Model within the Data Link and Physical Layers Operates on ISO Model within the Data Link and Physical Layers Two Primary Operating Modes Two Primary Operating Modes  Infrastructure Mode  Ad-Hoc Mode SSID assigned to Access Points SSID assigned to Access Points

5 Security Methods Two Main Security Objectives of 802.11 Two Main Security Objectives of 802.11 User Authentication User Authentication  Protocol Specified  Other Data Integrity and Privacy Data Integrity and Privacy  WEP  Third Party

6 Security Methods - Authentication 802.11 Specifies Two Modes for Authentication802.11 Specifies Two Modes for Authentication  OSA (Opens Systems Authentication)  Shared Key Authentication Other Authentication Methods (Currently Used)Other Authentication Methods (Currently Used)  MAC Address Table

7 Open System Authentication Access PointNode

8 Open System Authentication Beacon Access PointNode

9 Open System Authentication Beacon SSID Matches Authentication Req Access PointNode

10 Open System Authentication Beacon SSID Matches Authentication Req Access Point Accepts Node Authentication Resp Access PointNode

11 Open System Authentication Beacon SSID Matches Authentication Req Access Point Accepts Node Authentication Resp Access PointNode Node is Associated

12 Shared Key Authentication Access PointNode

13 Shared Key Authentication Authentication Req Access PointNode

14 Shared Key Authentication Authentication Req Access PointNode Challenge Text

15 Authentication Req Access PointNode Challenge Text WEP Encryption of Challenge Text Shared Key Authentication

16 Authentication Req Access PointNode Challenge Text WEP Encryption of Challenge Text Encrypted Challenge Text

17 Shared Key Authentication Authentication Req Access PointNode Challenge Text WEP Encryption of Challenge Text Encrypted Challenge Text WEP Decryption of Encrypted Challenge Text

18 Shared Key Authentication Authentication Req Access PointNode Challenge Text WEP Encryption of Challenge Text Encrypted Challenge Text WEP Decryption of Encrypted Challenge Text Authentication Decision

19 Shared Key Authentication Authentication Req Access PointNode Challenge Text WEP Encryption of Challenge Text Encrypted Challenge Text WEP Decryption of Encrypted Challenge Text Authentication Decision Node Approval based on Decision

20 MAC Address Authentication Access Points Programmed With List of MAC Addresses Access Points Programmed With List of MAC Addresses Only Valid Node MAC Addresses Authorized Only Valid Node MAC Addresses Authorized Practical in Smaller Wireless LANs Practical in Smaller Wireless LANs Not Outlined in 802.11 Protocol – Hardware Specific Not Outlined in 802.11 Protocol – Hardware Specific

21 Data Integrity and Privacy Due to the vulnerability of the wireless medium, the 802.11 protocol has specified a method of protecting the integrity and privacy of data transmitted over wireless LANs. Due to the vulnerability of the wireless medium, the 802.11 protocol has specified a method of protecting the integrity and privacy of data transmitted over wireless LANs. Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP)

22 WEP – Wired Equivalent Privacy WEP is the security protocol for wireless LANs operating under the 802.11 standard. WEP is the security protocol for wireless LANs operating under the 802.11 standard. WEP is designed to provide the security of a wired LAN through encryption via the RC4 algorithm. WEP is designed to provide the security of a wired LAN through encryption via the RC4 algorithm. Primary function is to safeguard against eavesdropping. Primary function is to safeguard against eavesdropping.

23 RC4 Stream Cipher or Symmetric Encryption Algorithm Stream Cipher or Symmetric Encryption Algorithm Developed by Ron Rivest at RSA Securities in 1987 Developed by Ron Rivest at RSA Securities in 1987 Source Code Cracked and Leaked in 1994 Source Code Cracked and Leaked in 1994 Often Used in Software Applications due to its Speed Often Used in Software Applications due to its Speed Original WEP Schemes Specified 40 bit keys Original WEP Schemes Specified 40 bit keys New Hardware Specifies 104 bit keys New Hardware Specifies 104 bit keys

24 RC4 Algorithms Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = j + S[i] Swap(S[i], S[j]) Output z = S[S[i] + S[j]] Initialization: For i = 0.. N - 1 S[i] = i j = 0 Scrambling: For i = 0.. N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j]) KSAPRGA

25 RC4 Implemented in WEP

26 Encrypted WEP Packet Hdr + Prbl Data IVICV 24 bit Initialization Vector Encrypted under Key + IV using the RC4 Stream Cipher Header and Preamble Information

27 Example of RC4 Encoding Two (00000010 in binary) is our encrypting variable (key). It is XORed with some plain text to produce cipher text. For this example we will use the plain text message “HI” H I 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 XOR 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 1 Encrypted Message Once the receiving node gets the message, it must XOR the encrypted message with the same key to decrypt it. 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 1 Encrypted Message XOR 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 H I

28 Problems with WEP No Defined Key Management Protocol No Defined Key Management Protocol Manual Key Configuration Required Manual Key Configuration Required Initialization Vector (IV) is too Small Initialization Vector (IV) is too Small Inappropriate Integrity Check Value Algorithm Inappropriate Integrity Check Value Algorithm Weak Use of RC4 Weak Use of RC4 Easily Forged Authentication Messages Easily Forged Authentication Messages

29 Attack Types Against Wireless LANs Passive Passive  Packet Listening and Decryption Active Active  Table Building  Man-in-the-Middle Attacks  Bit Flipping

30 Demonstration AirMagnet Wireless LAN Discovery Suite Application for Laptop PCs and PDAs Application for Laptop PCs and PDAs Wireless LAN Analyzer Wireless LAN Analyzer  Real Time Packet Capture and Decode  AP SSID Discovery  Mismatch Tools

31 Conclusion Wireless LANs under 802.11 are NOT fully secured Wireless LANs under 802.11 are NOT fully secured Possible Attack Prevention Techniques Possible Attack Prevention Techniques VPNs VPNs Dynamic Key Rescheduling Dynamic Key Rescheduling 802.1X – User Authentication 802.1X – User Authentication More research needs to be done on wireless LAN security techniques and their implementation. More research needs to be done on wireless LAN security techniques and their implementation.

32 - References Listed on Project Website -

Download ppt "802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath."

Similar presentations

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Encryption/Decyprtion using RC4 Vivek Ramachandran.

Encryption/Decyprtion using RC4 Vivek Ramachandran.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Review of Wireless LAN Security Chapter-9

Review of Wireless LAN Security Chapter-9
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Similar presentations

Ads by Google