Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

Published byBeatrix May Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Wireless LAN Security Kim W. Tracy NEIU, University Computing"— Presentation transcript:

1 1 Wireless LAN Security Kim W. Tracy NEIU, University Computing k.w.tracy@ieee.org

2 2 Outline l Threats to LANs & Wireless LANs l Wireless LAN Security Techniques l Summary

3 3 Fundamental Premise l Security cannot be considered in isolation and to be effective must consider the entire system l That is, network and LAN security must be: l Consistent with other security mechanisms l E.g. application, data, hardware, and physical l Supportive of other security mechanisms

4 4 Threats

5 5 LAN Threats Network Traffic Protecting Integrity Protecting Secrecy Protecting Availability

6 6 Specific LAN Threats l Availability l Worms/Virus DoS l Errant applications creating lots of traffic/malformed traffic l Authentication l Spying devices on LAN l For example, a contractor connecting to LAN l Secrecy l Sniffers being connected to the LAN to collect passwords, etc.

7 7 Authentication

8 8 Current State of LAN Authentication l Usually none! l If in the building can plug in to the LAN l Can cause severe problems: l Using LAN for illegal purposes (company/person may be liable) l Can more easily compromise servers l For example, send spam from your mail servers l Wireless LANs are bringing issue out

9 9 Authentication services l 802.1X – IEEE standard for LAN authentication l Can use PKI certificate-based authentication l Kerberos (closed environment) l Single login (once per session) l To multiple servers/domains l ‘Ticket’ for each server l X.509 (open environment) l Based on public key infrastructure l Used in SSL, IPSEC, S/MIME, SET… l One-way, two-way or three-way authentication

10 10 Kerberos

11 11 X.509 Authentication [Ta, Ra, B, EkpubB(Kab) ] sgnA [Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB [Rb] sgnA One-way authentication Two-way authentication Three-way authentication [Ta, Ra, B, EkpubB(Kab) ] sgnA [Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB AB

12 12 IEEE 802.1X Terminology Controlled port Uncontrolled port Supplicant Authentication Server Authenticator 802.1X created to control access to any 802 LAN used as a transport for Extensible Authentication Protocol (EAP, RFC 2284)

13 13 802.1X Model Associate EAP Identity Request EAP-Success STA AP Authentication Server EAP Auth Response EAP Auth Request EAP Identity Response Authentication traffic Normal Data Port Status: EAP-Success

14 14 Wireless LAN Security

15 15 Introduction l 802.11 standard specifies the operating parameters of wireless local area networks (WLAN) l History: 802.11, b, a, g, i l Minimal security in early versions l Original architecture not well suited for modern security needs l 802.11i attempts to address security issues with WLANs

16 16 802.11b l Wired Equivalent Privacy (WEP) l Confidentiality l Encryption l 40-bit keys (increased to 104-bit by WEP2) l Based on RC4 algorithm l Access Control l Shared key authentication + Encryption l Data Integrity l Integrity checksum computed for all messages

17 17 802.11b l Vulnerabilities in WEP l Poorly implemented encryption l Key reuse, small keys, no keyed MIC l Weak authentication l No key management l No interception detection

18 18 802.11b l Successful attacks on 802.11b l Key recovery - AirSnort l Man-in-the-middle l Denial of service l Authentication forging l Known plaintext l Known ciphertext

19 19 802.11i l Security Specifications l Improved Encryption l CCMP (AES), TKIP, WRAP l 2-way authentication l Key management l Ad-hoc network support l Improved security architecture

20 20 802.11i Authentication Source: Cam-Winget, Moore, Stanley and Walker

21 21 802.11 Encryption Source: Cam-Winget, Moore, Stanley and Walker

22 22 802.11i – Potential Weaknesses l Hardware requirements l Hardware upgrade needed for AES support l Strength of TKIP and Wrap questionable in the long term l Authentication server needed for 2-way authentication l Complexity l The more complex a system is, the more likely it may contain an undetected backdoor l Patchwork nature of “fixing” 802.11b

23 23 No Control over WLAN? l Often you want to connect to a wireless LAN over which you have no control l Options: l If you can, connect securely (WPA2, 802.11i, etc.) l If unsecured, connect to your secure systems securely: l VPN – Virtual Private Network l SSL connections to secure systems l Be careful not to expose passwords l Watch for direct attacks on untrusted networks

24 24 WLAN Security - Going Forward l 802.11i appears to be a significant improvement over 802.11b from a security standpoint l Vendors are nervous about implementing 802.11i protocols due to how quickly WEP was compromised after its release l Only time will tell how effective 802.11i actually will be l Wireless networks will not be completely secure until the standards that specify them are designed from the beginning with security in mind

25 25 Summary l Wireless LAN Security is not independent of the greater network security and system security l Threats to the Wireless LAN are largely in terms of being available and in providing a means to attack systems on the network l That is, not many folks attack routers (yet)

26 26 References l ftp://ftp.prenhall.com/pub/esm/web_marketing /ptr/pfleeger/ch07.pdf - Charles & Shari Pfleeger’s chapter on network security ftp://ftp.prenhall.com/pub/esm/web_marketing /ptr/pfleeger/ch07.pdf l http://www.gocsi.com/forms/fbi/pdf.jhtml - To request the Computer Security Institute/FBI yearly survey results (widely referenced) http://www.gocsi.com/forms/fbi/pdf.jhtml

Download ppt "1 Wireless LAN Security Kim W. Tracy NEIU, University Computing"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Network Security.

Network Security.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
Implementing Wireless LAN Security

Implementing Wireless LAN Security
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

Similar presentations

Ads by Google