Download presentation
Presentation is loading. Please wait.
Published byMadison Garrett Modified over 9 years ago
1
AJ Mancini IV Paul Schiffgens Jack O’Hara
2
WIRELESS SECURITY Brief history of Wi-Fi Wireless encryption standards WEP/WPA The problem with WEP WPA/WPA2 Recommend use of WPA on home networks
3
WIRELESS SECURITY First wireless local area network (WLAN) ALOHAnet University of Hawaii – 1970 Norman Abramson Seven Computers, Four Islands More publications to IEEE ~ 1980 Including infrared and CDMA
4
WIRELESS SECURITY 802.11 Committee Institute of Electrical and Electronic Engineers (IEEE) IEEE 802.11-1997 – First Industry Standard Followed by 802.11a/b/g
5
WIRELESS SECURITY WEP Wired Equivalent Privacy Part of original 802.11 standard Deprecated in 2004 Still included in standard
6
WIRELESS SECURITY Problems with WEP 40-bit or 104-bit key with 24-bit Initialization Vector (IV) Government restriction on cryptography WEP uses an RC4 stream cipher Paramount that the same IV never be used twice Problem: 50% chance that an IV will repeat after 5000 packets
7
WIRELESS SECURITY Published attacks on WEP encryption Scott Fluhrer, Itsik Mantin, Adi Shamir published crpytanalysis of RC4 aircrack-ng – crack any WEP key in minutes, regardless of size or complexity
8
WIRELESS SECURITY Published attacks on WEP encryption 2005 – FBI demonstration Andreas Klein expands on previous work, exposing more weaknesses in the RC4 cipher.
9
WIRELESS SECURITY Published attacks on WEP encryption Erik Tews, Andrei Pychkine, Ralf-Philipp Weinmann extend Klein’s work and apply RC4 weaknesses to WEP key recovery, develop new attack 104-bit key 40,000 packets – 50% recovery 60,000 packets – 80% recovery 85,000 packets – 95% recovery Using packet injection, 40k packets can be generated in under 1 minute
10
WIRELESS SECURITY Problems with WEP identified WEP deprecated in 2004 802.11i – Standard introduced Wi-Fi Protected Access (WPA) Problem: WEP is still included for compatibility with older equipment, is often the default form of security on consumer-level wireless equipment Further problem: most equipment comes without any form of security enabled by default
11
WIRELESS SECURITY WPA2 Can utilize Advanced Encryption Standard (AES) encryption Government-qualified for Top Secret Cipher has no known vulnerabilities Only successful exploits are cross-channel attacks Attacks made against implementation, not cipher Disadvantage – requires hardware support
12
WIRELESS SECURITY Recap WEP 64/128 – 24 bit IV + 40/104 bit key IVs must be unique – vulnerability 5000 IVs before repeat WPA2 w/ AES Top Secret-grade encryption No vulnerabilities in the cipher Authenticated and Encrypted
13
WIRELESS SECURITY Recommend immediate adoption of WPA2 over WEP, unsecured networks
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.