Presentation is loading. Please wait.

Presentation is loading. Please wait.

Link-Layer Protection in 802.11i WLANs With Dummy Authentication Will Mooney, Robin Jha.

Published byBuddy Roy Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Link-Layer Protection in 802.11i WLANs With Dummy Authentication Will Mooney, Robin Jha."— Presentation transcript:

1 Link-Layer Protection in 802.11i WLANs With Dummy Authentication Will Mooney, Robin Jha

2 WLAN Overview  Basic security  Vulnerability  WPA & WPA-PSK  WEP  802.11 standards  Issues with 802.11i  Dummy Authentication  Performance  Conclusion

3 Wireless LAN components  Access point (AP) = bridge between wireless (802.11) and wired (802.3) networks  Wireless station (STA) = PC or other device with a wireless network interface card (NIC)  RADIUS = Authentication Server  EAP= Extensible Authentication Protocol  CCMP= Encryption based on AES counter mode with CBC-MAC

4 WLANs  WLANs are vulnerable to specialized attacks.  Many of these attacks exploit technology weaknesses since 802.11 WLAN security is relatively new.  There are also many configuration weaknesses since some companies are not using the security features of WLANs on all their equipment.

5 Vulnerability Some of the known wireless attack methods :  Access attack  Denial of Service (DoS) - logical attacks with spoofed signaling, signal jamming  SSID(network name) sniffing  WEP encryption key recovery attacks  MAC address spoofing  Rogue AP attacks- unauthorized ingress routes may bypass firewall

6 Open-Access Network  Open to everyone  Requires no authentication  Provides no protection  Vulnerable to fingerprinting, traffic analysis and eavesdropping

7 WEP  WEP is “Wired Equivalent Privacy” or “Wireless Encryption Protocol”  It is the original wireless security protocol for the 802.11 standard  Based on the use of the same shared private encryption key (or limited set of rotating keys) among all stations on a WLAN.  Discovered recently that it is easy to decrypt if part of the key is known

8 WPA  The Wi-Fi Alliance released WPA (Wi-Fi Protected Access) intended to address some of the flaws.  The WPA solution addressed two critical shortfalls of the original WEP-based security standard:  Design weakness in the WEP protocol  Lack of an effective key distribution method

9 WPA  Uses 802.1x (EAP) for authentication  Adds MIC (Message integrity check) and frame counter  Two modes: PSK and Enterprise PSK (Pre-Shared Key) suffers from similar key- management difficulties to WEP Enterprise Mode requires a RADIUS server

10 What is 802.11?  Refers to the family of specifications developed by the IEEE for wireless LAN technology.  It specifies an interface between a wireless client and a base station or between two clients connected wirelessly.

11 Dummy Authentication 1. The STA sends a request with its MAC address 2. The AP creates a ticket containing the STA's MAC address, a time stamp, a validity period, and a hash of those three things using its private key. This is sent with the AP's MAC address, a status code, and certificate.

12 Dummy Authentication (Cont.) 3. The computer validates the certificate and stores the ticket with AP's public key. Computer generates a random number and pre-session key, encrypts with AP's public key, and sends the AP its MAC address, ticket, random number, and the pre-session key encrypted with the random number. 4. AP verifies the ticket by the MAC address and checks that it is still in the validity period. If so, it sends back its MAC address, status code, and an encrypted pre-session key.

13 Dummy Authentication (Concluded) 5. If successful, then the pre-session key is used in communications. Otherwise, the process begins again.

14 Purpose of the Ticket Reusable within validity period Does not require storage resources of AP Allows for a symmetric operation Binds to the MAC address and prevents replay attacks

15 Results There seemed to be a lack of testing The “quantifiable” results: Spoke of different attacks (flooding the AP at different points) and said they “believed our method can resist this attack”

16 What We Learned Link layer protection in wireless networks Basic information on wireless security we often use How different attacks are performed on a wireless network How NOT to test your project

17 Sources  Yang, Zhimin, Adam C. Champion, Boxuan Gu, Xiaole Bai, and Dong Xuan. "Link-Layer Protection in 802.11i WLANs with Dummy Authentication." WiSEC (2009): 1-8. Print.

Download ppt "Link-Layer Protection in 802.11i WLANs With Dummy Authentication Will Mooney, Robin Jha."

Similar presentations

IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

Similar presentations

Ads by Google