Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless security Wi–Fi (802.11) Security

Similar presentations


Presentation on theme: "Wireless security Wi–Fi (802.11) Security"— Presentation transcript:

1 Wireless security Wi–Fi (802.11) Security
Seminar by: Jigar Shah Guide: Prof. G.K. Kharate

2 Content Introduction to Wi-Fi Types of attacks
Traditional security with ref. to Wi-Fi How IEEE WEP works Why WEP is not secured IEEE i and RSN WPA: An intermediate solution Wi-Fi security in Real World

3 Ad hoc mode

4 Infrastructure mode

5 Types of attacks

6 Example: Man – In – Middle attack
Listen to message from Mob to AP Read message till end of “check-word” Transmit a sudden burst of noise to corrupt check-word Forge ack. message with AP’s address and send it to MOB Recalculate check-word and send captured msg. to AP Wait for ACK from AP and corrupt check-word again so MOB rejects it

7 Traditional security Architecture
UntrustedZone Trusted Zone firewall Conventional Security Architecture firewall UntrustedZone Trusted Zone VPN User Remote User in “Trusted Bubble”

8 Wireless LAN security option 1
VPN UntrustedZone Trusted Zone User firewall Wireless User in Untrusted Zone VPN UntrustedZone Trusted Zone WLAN Treating a Wi-Fi LAN user Like a Remote User firewall

9 How WEP works Authentication Message Encryption

10 Open Authentication AP STA Authenticate (request)
Authenticate (success) Authenticate (request) STA AP

11 WEP Authentication STA AP Authenticate (request)
Authenticate (challenge) STA AP Authenticate (response) Authenticate (success)

12 WEP Message Encryption using RC4 stream cipher
IV Secret Key RC4 Algorithm C A B $ W & Combined RC4 key

13 Mechanics of WEP Data & ICV Key ID IV DATA ICV Adding ICV
Encrypt Compute check DATA ICV Adding ICV Encrypted Data & ICV Key ID IV Unencrypted Adding IV and KeyID bits

14 Why WEP is not secure Authentication Access control Replay prevention
Message modification Message privacy IV reuse RC4 weak keys Direct key attacks

15 Basic requirements for authentication
Robust method of proving identity Method of preserving identity over subsequent transaction that cannot be transferred Mutual authentication Independent keys. i.e. independent from encryption keys

16 Transition to 802.11i (RSN): The ultimate solution
Encryption algorithms TKIP CCMP – AES. WRAP Message Integrity – A strong data integrity algorithm (Michael Message Integrity Check) is applied. Mutual Authentication – i uses 802.1X/EAP for user authentication. Other security features - secure IBSS, secure fast handoff, and secure deauthentication and disassociation. Roaming Support

17 Relationship of Wireless LAN Security Layers
Authentication Layer Authentication Server Authentication Client (Kerberos V5, TLS, PEAP,EAP-SIM) Corporate Network Operating System Access Control Layer Authenticator (Access Control) (EAP, IEEE 802.1X, RADIUS) Supplicant Wireless LAN Layer Wireless LAN Wireless LAN Access Point Mobile Devices

18 An intermediate solution: WPA
Goals of WPA be a strong Interoperable security replacement for WEP be software upgradeable to existing Wi-Fi CERTIFIED products be Applicable for both home and large enterprise users be available immediately

19 WPA (Wi-Fi Protected Access)
Implements 802.1X EAP based authentication Apply Temporal Key Integrity Protocol (TKIP) on existing RC4 WEP Use Michael Message Integrity Check

20 Wi-Fi Security In Real World

21 Conclusion

22 References http://www.iss.net/wireless

23 References http://www.hackfaq.org/wireless-networks/802.11i.shtml

24 Thank you!

25 Questions ?


Download ppt "Wireless security Wi–Fi (802.11) Security"

Similar presentations


Ads by Google