Presentation is loading. Please wait.

Presentation is loading. Please wait.

AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP.

Similar presentations


Presentation on theme: "AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP."— Presentation transcript:

1 AJ Mancini IV Paul Schiffgens Jack O’Hara

2 WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP  WPA/WPA2  Recommend use of WPA on home networks

3 WIRELESS SECURITY  First wireless local area network (WLAN)  ALOHAnet  University of Hawaii – 1970  Norman Abramson  Seven Computers, Four Islands  More publications to IEEE  ~ 1980  Including infrared and CDMA

4 WIRELESS SECURITY  802.11 Committee  Institute of Electrical and Electronic Engineers (IEEE)  IEEE 802.11-1997 – First Industry Standard  Followed by 802.11a/b/g

5 WIRELESS SECURITY  WEP  Wired Equivalent Privacy  Part of original 802.11 standard  Deprecated in 2004  Still included in standard

6 WIRELESS SECURITY  Problems with WEP  40-bit or 104-bit key with 24-bit Initialization Vector (IV)  Government restriction on cryptography  WEP uses an RC4 stream cipher  Paramount that the same IV never be used twice  Problem: 50% chance that an IV will repeat after 5000 packets

7 WIRELESS SECURITY  Published attacks on WEP encryption  Scott Fluhrer, Itsik Mantin, Adi Shamir published crpytanalysis of RC4  aircrack-ng – crack any WEP key in minutes, regardless of size or complexity

8 WIRELESS SECURITY  Published attacks on WEP encryption  2005 – FBI demonstration  Andreas Klein expands on previous work, exposing more weaknesses in the RC4 cipher.

9 WIRELESS SECURITY  Published attacks on WEP encryption  Erik Tews, Andrei Pychkine, Ralf-Philipp Weinmann extend Klein’s work and apply RC4 weaknesses to WEP key recovery, develop new attack  104-bit key  40,000 packets – 50% recovery  60,000 packets – 80% recovery  85,000 packets – 95% recovery  Using packet injection, 40k packets can be generated in under 1 minute

10 WIRELESS SECURITY  Problems with WEP identified  WEP deprecated in 2004  802.11i – Standard introduced Wi-Fi Protected Access (WPA)  Problem:  WEP is still included for compatibility with older equipment, is often the default form of security on consumer-level wireless equipment  Further problem: most equipment comes without any form of security enabled by default

11 WIRELESS SECURITY  WPA2  Can utilize Advanced Encryption Standard (AES) encryption  Government-qualified for Top Secret  Cipher has no known vulnerabilities  Only successful exploits are cross-channel attacks  Attacks made against implementation, not cipher  Disadvantage – requires hardware support

12 WIRELESS SECURITY  Recap  WEP 64/128 – 24 bit IV + 40/104 bit key  IVs must be unique – vulnerability  5000 IVs before repeat  WPA2 w/ AES  Top Secret-grade encryption  No vulnerabilities in the cipher  Authenticated and Encrypted

13 WIRELESS SECURITY  Recommend immediate adoption of WPA2 over WEP, unsecured networks


Download ppt "AJ Mancini IV Paul Schiffgens Jack O’Hara. WIRELESS SECURITY  Brief history of Wi-Fi  Wireless encryption standards  WEP/WPA  The problem with WEP."

Similar presentations


Ads by Google