Download presentation
1
Wireless security Wi–Fi (802.11) Security
Seminar by: Jigar Shah Guide: Prof. G.K. Kharate
2
Content Introduction to Wi-Fi Types of attacks
Traditional security with ref. to Wi-Fi How IEEE WEP works Why WEP is not secured IEEE i and RSN WPA: An intermediate solution Wi-Fi security in Real World
3
Ad hoc mode
4
Infrastructure mode
5
Types of attacks
6
Example: Man – In – Middle attack
Listen to message from Mob to AP Read message till end of “check-word” Transmit a sudden burst of noise to corrupt check-word Forge ack. message with AP’s address and send it to MOB Recalculate check-word and send captured msg. to AP Wait for ACK from AP and corrupt check-word again so MOB rejects it
7
Traditional security Architecture
UntrustedZone Trusted Zone firewall Conventional Security Architecture firewall UntrustedZone Trusted Zone VPN User Remote User in “Trusted Bubble”
8
Wireless LAN security option 1
VPN UntrustedZone Trusted Zone User firewall Wireless User in Untrusted Zone VPN UntrustedZone Trusted Zone WLAN Treating a Wi-Fi LAN user Like a Remote User firewall
9
How WEP works Authentication Message Encryption
10
Open Authentication AP STA Authenticate (request)
Authenticate (success) Authenticate (request) STA AP
11
WEP Authentication STA AP Authenticate (request)
Authenticate (challenge) STA AP Authenticate (response) Authenticate (success)
12
WEP Message Encryption using RC4 stream cipher
IV Secret Key RC4 Algorithm C A B $ W & Combined RC4 key
13
Mechanics of WEP Data & ICV Key ID IV DATA ICV Adding ICV
Encrypt Compute check DATA ICV Adding ICV Encrypted Data & ICV Key ID IV Unencrypted Adding IV and KeyID bits
14
Why WEP is not secure Authentication Access control Replay prevention
Message modification Message privacy IV reuse RC4 weak keys Direct key attacks
15
Basic requirements for authentication
Robust method of proving identity Method of preserving identity over subsequent transaction that cannot be transferred Mutual authentication Independent keys. i.e. independent from encryption keys
16
Transition to 802.11i (RSN): The ultimate solution
Encryption algorithms TKIP CCMP – AES. WRAP Message Integrity – A strong data integrity algorithm (Michael Message Integrity Check) is applied. Mutual Authentication – i uses 802.1X/EAP for user authentication. Other security features - secure IBSS, secure fast handoff, and secure deauthentication and disassociation. Roaming Support
17
Relationship of Wireless LAN Security Layers
Authentication Layer Authentication Server Authentication Client (Kerberos V5, TLS, PEAP,EAP-SIM) Corporate Network Operating System Access Control Layer Authenticator (Access Control) (EAP, IEEE 802.1X, RADIUS) Supplicant Wireless LAN Layer Wireless LAN Wireless LAN Access Point Mobile Devices
18
An intermediate solution: WPA
Goals of WPA be a strong Interoperable security replacement for WEP be software upgradeable to existing Wi-Fi CERTIFIED products be Applicable for both home and large enterprise users be available immediately
19
WPA (Wi-Fi Protected Access)
Implements 802.1X EAP based authentication Apply Temporal Key Integrity Protocol (TKIP) on existing RC4 WEP Use Michael Message Integrity Check
20
Wi-Fi Security In Real World
21
Conclusion
22
References http://www.iss.net/wireless
23
References http://www.hackfaq.org/wireless-networks/802.11i.shtml
24
Thank you!
25
Questions ?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.