Presentation is loading. Please wait.

Presentation is loading. Please wait.

Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs.

Published byAnthony Griffith Modified over 9 years ago

Similar presentations

Presentation on theme: "Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs."— Presentation transcript:

1 Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs Bobrovskis Department of Computer Technologies and Natural Sciences Information Systems Management Institute (ISMA) Riga, Latvia 6th International Conference INNOVATIVE INFORMATION TECHNOLOGIES FOR SCIENCE, BUSINESS AND EDUCATION, IIT-2013 November 14-16, 2013, Vilnius, Lithuania

2 Work Objectives Motivation Topicality Mission Object of Study Methods of Analysis 2

3 Wireless communication basics Wireless communication Standards and amendments -Ad-hoc mode – wireless supplicants communicate directly in peer-to-peer way without any additional device (e.g. access point) -Infrastructure mode – wireless supplicants communication occurring through access point -Authentication -Association 3

4 Wireless security hazards Security Hazard Accidental AssociationMalicious AssociationMAC Spoofing Man-in-the-Middle (MiTM)Denial of Service (DoS)Network Injection MAC Piggy-BackingEavesdroppingUnintentional Interference Intentional interferenceDeathenticationDiassosication Illegal Channel BeaconingProbe Response FloodAssociation Flood Fake Access PointWireless HijackingEncryption Cracking Vendor Proprietary AttackPhysical Damage and TheftSocial Engineering 4

5 Wi-Fi Preservation Capability Wireless security standard used are: – WEP Wired Equivalence Privacy – WPA/WPAv2 Wi-Fi Protected Access 5

6 802.1x and EAP-Based Authentication Standard 802.1x – Supplicant – Authenticator – Authenticator server EAP - Extensible Authentication Protocol 6

7 Client-side Certificate issued to supplicants by PKI (VeriSign) Server-side Certificate issued to Authentication Server by PKI (VeriSign) 1. Supplicant System (Juniper Odyssey Access Client) EAPoL (frames) Authenticator System (Cisco AIR-CAP3602I-E- K9) EAPoR (frames) Authentication Server (Microsoft Windows Server 2012) Layer 2 Access 2. Layer 2 Association 3. EAPoL Start Process 4a. EAP-Request (Identity) 5. RADIUS Access Request (EAP-Response (Identity) – Bogus username 802.1X Uncontrolled port allows only authentication and key management data to pass 4b. EAP-Response (Identity)–Bogus username At this step AS is notified about supplicant who is requesting an authentication 5a. Server Certificate Server Certificate Validation 5b. Client Certificate Client Certificate Validation TLS Tunnel Mutual Authentication 6. RADIUS Access (or Reject) At this stage the following must be in place: Network Access Protection (NAP) Service; NAP Health Certificate; Windows System Update Service / Antivirus status/ Firewall status / Operating System Requirements / Spyware Definition Up-to-Date; Encryption used 7. EAP Success (or Failure) NAP Restricted Access For enterprises that requires extreme secure environment: at this stage Token, Biometric or SMS systems could be established. Token (One-Time-Pad) – every supplicant user must have a token which is synchronized with server. By using PIN+Token Number user gets authenticated; SMS System – requires Exchange Server, Blackberry and SMS System support. By applying username and password an SMS could be sent directly to the mobile phone of the user; Biometric authentication (finger print, retina scanning, facial recognition, iris scanning etc.). These three methods adds additional layer of security, but the main problem is COST, by sending each time an SMS. These methods could be used instead of BOGUS USERNAME, or during authentication inside the encrypted tunnel. 8. 4-Way Handshake Pairwise Transient Key Creation (Unicast Frames Encryption) Group Transient Key Creation (Broadcast Frames Encryption) Encrypted Tunnel 802.1X Controlled port allows protected data to pass WIPS/WIDS/ Policies/Regulations/ Trainings Layer 3-7 Access 7 Scheme for RSN wireless authentication

8 Conclusion The realisation of intelligent wireless network communication system involves the use of: – 802.1x/EAP authentication scheme; – RSN capable Supplication software (native or proprietary); – RSN capable Authenticator (in most cases proprietary, Cisco/Juniper); – RSN or hybrid requirements Authenticator Server (Microsoft); – Check Point Server (for encryption of wireless devices like laptops hard drives, thumb drives, CDs, DVDs and etc.); – Antennas with configurable transmission signals; – WIDS/WIPS; – Faraday room (cage) for extreme security; – Other native or third-party software, like Microsoft Operations Manager, Microsoft Network Access Protection (NAP) etc. 8

9 Thanks for listening! Any questions? 9

Download ppt "Development of the Authentication Reliability and Security System for Wireless Local Area Network Professor, Dr. sc. ing. Viktors Gopejenko MSc. Sergejs."

Similar presentations

Authentication.

Authentication.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.

Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
December 17, 2002 1 Wi-Fi Mark Faggiano GBA 576. December 17, 20022 Purpose of the Project  I hear Wi-Fi, WLAN, 802.11 everywhere  What does it all.

December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager Molde University College.

Mobile and Wireless Security INF245 Guest lecture by Bjorn Jager Molde University College.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.

Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.

Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

802.1X in Windows Tom Rixom Alfa & Ariss. Overview 802.1X/EAP 802.1X in Windows Tunneled Authentication Certificates in Windows WIFI Client in Windows.

Similar presentations

Ads by Google