Presentation is loading. Please wait.

Presentation is loading. Please wait.

WLAN 보안.

Published byAlannah Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "WLAN 보안."— Presentation transcript:

1 WLAN 보안

2 Requirements for Secure Wireless LANs
WLAN Security Requirements for Secure Wireless LANs Authentication Access Control Data Privacy Data Integrity Protection Against Replay

3 WLAN Attack Wardriving 워드라이빙 :
Driving around looking for unsecured wireless networks. term coined by Pete Shipley 워드라이빙 : 이동수단을 이용하여, 무인증 무선네트워크를 찾아다니는 행위 해킹 경유지의 순차적 추적 불가능 무선 AP에는 접속 로그 미존재 실시간 추적시에도 무선 AP로부터 접속자 위치 확인 불가능 실시간 이동 공격자에 대한 추적 대책 미흡 (핸드폰 위치추적기술과 같은 방법 개발 필요)

4 MAC address Authentication Attack
Strengths (장점) MAC 주소를 기반으로 AP에 접속하고자 하는 Station들을 제어 Weaknesses (단점) MAC 주소는 쉽게 위조 가능 무선랜 네트워크를 모니터링(sniffing)함으로써 쉽게 MAC 주소를 획득 공격자들은 무선랜 통신을 계속 감시 가능 MAC 주소의 Brute-force 공격이 가능 Man in the middle attack 기술로 네트워크가 공격에 노출 TOOL Windows AiroPeek : Wireless Network Management Tool SMAC : MAC address Changer - Linux Kismet : Wireless Network Sniffing Tool macchanger : MAC address Changer

5 MAC Address Attack

6 Rogue AP – Spoofing Attack
Station은 항상 가장 신호가 센 AP로 접속 Attacker는 목표 AP와 동일한 SSID를 사용 Attacker는 목표 AP보다 강한 신호를 발생시켜 Victim이 접속하기 가장 용이한 AP로 위장 Victim은 아무런 의심없이 AP에 접속 Attacker는 정상적인 홈페이지를 위장한 가상홈페이지를 열어놓고 ID와 PW 입력 유도

7 Rogue AP – Spoofing Attack

8 Attacker Passive Monitoring
Access Point Username: dziminski Password:cleartext Station Attacker Passive Monitoring Captures data

9 802.11 DOS Attack X Access Point Connection is broken Station
Attacker spoofs Disassociate frame

10 802.11 Man in the Middle Attack
Attacker broadcasts spoofed AP SSID and MAC Address Station unknowingly connects to attacker MIM attacks can always be established But if strong authentication and encryption are used, attacker will be nothing more than a bridge. Station Access Point Station MAC Address Attacker AP MAC Address Station MAC Address AP MAC Address

11 Authentication and Encryption Standards
Credentials Certificate Username/Password TLS PEAP Authentication Protocols EAP 802.1x Encryption Algorithms RC4 RC4 AES Encryption Standards WEP WPA-TKIP 802.11i WEP: Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server

12 Evolution of WLAN Security
WEP: not adequate IEEE formed a Task Group “i” to develop i standard Objective: to produce a detailed specification to enhance the security features for WLANs IEEE 802 Working group IEEE WLAN WG IEEE i WLAN security RSN TSN Robust Security Network Transitional Security Network

13 Evolution of WLAN Security
Responses from Wi-Fi Alliance The industry cannot wait for the i standard. It is demanding a more secure wireless environment right now Wi-Fi Alliance, together with IEEE, developed Wi-Fi Protected Access (WPA) to offer a strong interoperable security standard to the market 802.11i contributed TKIP (encryption) and MIC (integrity) algorithms, which were being developed for RSN but applicable to WPA Wi-Fi Alliance IEEE i WPA TKIP + MIC Temporal Key Integrity Protocol Message Integrity Check Wi-Fi Protected Access

14 High-level Differences Between RSN and WPA
Designed from the start, without regards to existing WEP systems Will require new hardware to support new methods of encryption Supports options for encryption (privacy) TKIP AES WPA Designed with constraints around existing WEP systems Objective: use same hardware and upgrade software only Only supports one encryption standard: TKIP Essentially, the two approaches are very similar and built around the same security architecture

15 Encrypted with 40 or 104 bit key. RC4 Algorithm.
WEP Encryption 24 bit IV clear text integrity check IV Payload CRC-32 Encrypted with 40 or 104 bit key. RC4 Algorithm. WEP has several problems IV is too small. At 10,000 packets per second IV repeats in 0.5 hours. - For 24 bits, an IV will be reused after packets if IV value is incremented by 1 each time. For a device sending 10,000 packets per second 24-bit IV takes half an hour to rollover There are several “weak keys”. Those are especially vulnerable. No key update mechanism built in. Message replay attacks. DOS. 15

16 WPA Key features to address WEP vulnerabilities
Access Control and Authentication: Implements 802.1X EAP based authentication to enforce mutual authentication Encryption Applies Temporal Key Integrity Protocol (TKIP) on existing WEP to impose strong data encryption Integrity Uses Message Integrity Check (MIC) rather than CRC-32 for message integrity WPA also presents some potential security issues There are still potential encryption weaknesses in TKIP. Fortunately, the successful crack is expected to be heavy and expensive. Performance may be sacrificed potentially due to a more complex and computation intensive authentication and encryption protocols. Note: The ultimate wireless security solution is still i RSN. All products are supposed to comply with RSN standard since it is released, often under the name WPA2.

17 Wi-Fi Protected Access (WPA) TKIP-Encryption
Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers). WPA-TKIP fixes problems with WEP. IV changes to 48 bits with no weak keys years to repeat an IV at 10k packets/sec Use IV as a replay counter Message integrity Per-packet keying Supported on many wireless card and on Windows XP (after applying 2 hot fixes). Uses 802.1x for key distribution. Can also use static keys. 17

18 Key features to address WEP vulnerabilities
802.11i RSN Key features to address WEP vulnerabilities Access Control and Authentication Implements 802.1X EAP based authentication to enforce mutual authentication (same as WPA) WRAP: RSN includes a Wireless Robust Authentication Protocol. Uses AES in offset codebook mode (OCB) for encryption and integrity. Encryption TKIP: In order to support legacy device, the i chooses TKIP as one of the encryption options AES: Stands for Advanced Encryption Standard, which is a much stronger encryption algorithm. AES requires a hardware coprocessor to operate Integrity Uses Michael Message Integrity Check (MIC) for message integrity Other security features: Secure IBSS (Ad Hoc mode), secure fast handoff, secure de-authentication and disassociation. Supports Roaming Is referred to as WPA2 by the Wi-Fi Alliance IBSS: Independent Basic Service Set

19 802.11i AES-encryption Ratified by the IETF in June of 04.
Uses the AES algorithm for encryption and 802.1x for key distribution. Backwards compatible with TKIP to support WPA clients. 802.11i not in many products yet. 19

20 Access Control and Authentication – 802.1X / EAP
Initially designed for wired networks but is now applicable to WLANs. Provides port-based access control and mutual authentication between client and APs via an authentication server. 802.1X standard is comprised of three elements A supplicant: the client (laptop, PDA,…) who wants to be authenticated An authenticator: the AP, which acts as an intermediary between a supplicant and an authentication server. An authentication server: such as a RADIUS (Remote Access Dial-In User Service) server. Access Point Authenticator Station Supplicant RADIUS Server Authorizer

21 Access Control and Authentication – 802.1X / EAP
EAP (Extensible Authentication Protocol): protocol that 802.1X uses to manage mutual authentication. Initially developed for use with PPP (RFC2284) Several EAP types depending on the authentication method (passwords, PKI certificates,…) EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP EAP-SIM The authenticator does not need to understand the details about authentication methods. It simply package and repackage EAP packets, usually between Supplicant and RADIUS

22 802.1x EAP-TLS Authentication
Client digital cert From XYZ CA Access Point Authenticator Station Supplicant RADIUS Server Authorizer Server Digital cert From XYZ CA

23 802.1x PEAP authentication Phase 1: Authenticate AP. Secure tunnel
to AP using TLS Digital cert From XYZ CA Access Point Authenticator Station Supplicant RADIUS Server Authorizer Username Dan Password: encrypted Phase 2: Password authentication with directory server Success/Fail Directory Server

24 LEAP (Lightweight Extensible Authentication Protocol)
LEAP Characteristics Primarily developed by Cisco for Aironet WLAN deployments. Cisco is now licensing the software, other vendors are now beginning to support LEAP in their wireless LAN adapters. Encrypts data transmissions using dynamically generated WEP keys and supports mutual authentication. No certificates are required Uses bi-directional challenge-response with user password as shared secret Transaction sent in clear text (dictionary attacks !)

25 EAP Authentication Types Comparison Chart
802.1x EAP Types Feature / Benefit MD5 TLS TTLS PEAP LEAP Client side certificate required no yes Server side certificate required WEP key management Rogue AP detection Developer Authentication Attributes One way Mutual Deployment Easy Difficult Moderate Wireless Security Poorest Highest High

Download ppt "WLAN 보안."

Similar presentations

Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.

CSG357 Dan Ziminski & Bill Davidge 1 Effective Wireless Security – Technology and Policy CSG 256 Final Project Presentation by Dan Ziminski & Bill Davidge.
無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – 802.11b  Security Mechanisms in 802.11b  Security Problems in 802.11b  Solutions for 802.11b.

無線區域網路安全 Wireless LAN Security. 2 Outline  Wireless LAN – b  Security Mechanisms in b  Security Problems in b  Solutions for b.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

WLAN Security:PEAP Sunanda Kandimalla. Intoduction The primary goals of any security setup for WLANs should include: 1. Access control and mutual authentication,

Similar presentations

Ads by Google