Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.11 Wireless Insecurity By: No’eau Kamakani Robert Whitmire.

Published byAdelia Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "802.11 Wireless Insecurity By: No’eau Kamakani Robert Whitmire."— Presentation transcript:

1 802.11 Wireless Insecurity By: No’eau Kamakani Robert Whitmire

2 Outline  Background  Security Features  Attacks  Demonstrations  Conclusion

3 Background

4 Wireless Definitions  802.11 802 = LANs (Local Area Network)802 = LANs (Local Area Network) 11 = Wireless11 = Wireless  WiFi Wireless FidelityWireless Fidelity  Hotspots Connection point for a WiFi network hardwired to the InternetConnection point for a WiFi network hardwired to the Internet

5 How Does It Work?  Transmits over radio frequency 2.4 – 2.483 GHz2.4 – 2.483 GHz 5 GHz range5 GHz range  Channels (for B and G) Direct Sequence Spread SpectrumDirect Sequence Spread Spectrum USA 1-11USA 1-11 Europe 1-13Europe 1-13 Japan 1-14Japan 1-14

6 Protocols

7 Products

8 Why go wireless  Infrastructure easy Goes thru walls, no wiringGoes thru walls, no wiring  Portability and Flexibility Access from anywhereAccess from anywhere  Interoperability Compatible with all WiFi products certified by Wireless Ethernet Compatibility Alliance (WECA)Compatible with all WiFi products certified by Wireless Ethernet Compatibility Alliance (WECA)  Increased Productivity Endless connectivityEndless connectivity

9 Security

10 WEP  Wired Equivalent Privacy  Secret Key for encrypting data Shared between mobile card and access pointShared between mobile card and access point 40-128 bits (includes IV)40-128 bits (includes IV)  Initialization Vector (IV) 24 bit, randomly generated24 bit, randomly generated Sent in clear textSent in clear text FiniteFinite

11 RC4 Encryption Algorithm  Stream cipher Generates infinite pseudo-random keystreamGenerates infinite pseudo-random keystream  Keystream generated with key and IV XOR’ed with message and Checksum to generate ciphertextXOR’ed with message and Checksum to generate ciphertext Receiver generates same keystream and XOR’s with ciphertext to get message and checksumReceiver generates same keystream and XOR’s with ciphertext to get message and checksum

12 Visualizing RC4

13 CRC-32 Checksum  Linear Checksum algorithm Integrity checkingIntegrity checking A bit in message correlates directly to set of checksum bitsA bit in message correlates directly to set of checksum bits

14 WEP Vulnerabilities  Relies on flawed encryption method RC4 is crackable through statistical analysisRC4 is crackable through statistical analysis  IV’s collisions, calculate key from this Checksum is predictableChecksum is predictable  IV implemented incorrectly  Better than nothing Not on as defaultNot on as default Not end all security measureNot end all security measure  Easily Crackable (AirSnort)

15 WPA  WiFi Protected Access  Latest snapshot of 802.11i Explained laterExplained later  Rotating Keys Temporal Key Integrity ProtocolTemporal Key Integrity Protocol  Increased IV (24-48 bits)  Checksum  Order of magnitude harder to crack

16 802.1X  User not Machine Authentication  Supposed to provide a vendor- independent way to control access  Authentication through EAP (Extensible Authentication Protocol) Tokens, Kerberos, one-time passwords, certificates, etc..Tokens, Kerberos, one-time passwords, certificates, etc..

17 Other Security Attempts  802.11i IEEE attempt to provide strong securityIEEE attempt to provide strong security Dynamically updating WEP KeyDynamically updating WEP Key Not completeNot complete  VPN Providing security through VPN tunneling protocolsProviding security through VPN tunneling protocols Compatibility issues, better than WEP but not universal solutionCompatibility issues, better than WEP but not universal solution  MAC Filtering MAC addresses sent in clearMAC addresses sent in clear Easy to sniffEasy to sniff Easy to spoofEasy to spoof

18 Attacks  Passive attack to decrypt traffic Waits for keystream collisionWaits for keystream collision Gets XORGets XOR Statistically reveals plain textStatistically reveals plain text  Active attack to inject traffic RC4(X) xor X xor Y = RC4(Y)RC4(X) xor X xor Y = RC4(Y)  Unauthorized Access Points on a Network Attacker set up own access point on network effectively circumventing security measuresAttacker set up own access point on network effectively circumventing security measures Resetting access points to defaultResetting access points to default

19 Fun Demonstrations

20 War Driving

21 War Driving Silicon Valley

22 War Spying  Also called Warviewing  2.4 GHz wireless Cameras  Gear

23 Conclusion  WEP is better than nothing  Never settle for default settings  Base protection level on sensitivity of data  Provide backup network protection  Remember, anyone can sniff your wireless network.

24 Questions?

Download ppt "802.11 Wireless Insecurity By: No’eau Kamakani Robert Whitmire."

Similar presentations

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.

Wireless Security By Robert Peterson M.S. C.E. Cryptographic Protocols University of Florida College of Information Sciences & Engineering.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
WEP and 802.11i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.

WEP and i J.W. Pope 5/6/2004 CS 589 – Advanced Topics in Information Security.
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

Similar presentations

Ads by Google