Shashank wireless lans security
-
Upload
shashank-srivastava -
Category
Technology
-
view
352 -
download
4
description
Transcript of Shashank wireless lans security
1. Wireless Introduction
2. Wireless network modes
3. SSID
4. WEP
5. WPA
6. Advantages
7. Disadvantage
8. Conclusion
Wireless Network Security
INTROA Wireless LAN Links Two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider internet.
IEEE 802 series standards802.11 – wireless LANs (LAN)802.15 – wireless personal area networks (e.g., Bluetooth)802.16 – wireless broadband up to 155Mb
Wireless Network Security
802.11a – 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to clients Cisco products: Aironet 1200
802.11b – 11 [email protected] GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200
802.11g – 54 [email protected] GHz Same range as 802.11b Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200
Wireless Network Security
The 802.11 wireless networks operate in two basic modes:1. Infrastructure mode2. Ad-hoc mode
Infrastructure mode: each wireless client connects directly to a
central device called Access Point (AP) No direct connection between wireless clients AP acts as a wireless hub that performs the
connections and handles them between wireless clients
Wireless Network Security
The hub handles: the clients’ authentication, Authorization link-level data security (access control and enabling
data traffic encryption) Ad-hoc mode:
Each wireless client connects directly with each other
No central device managing the connections Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of disaster…)
Each node must maintain its proper authentication list
Wireless Network Security
Identifies a particular wireless network A client must set the same SSID as the one in that
particular AP Point to join the network Without SSID, the client won’t be able to select and
join a wireless network Hiding SSID is not a security measure because the
wireless network in this case is not invisible It can be defeated by intruders by sniffing it from any
probe signal containing it.
Wireless Network Security
The original native security mechanism for WLAN provide security through a 802.11 network Used to protect wireless communication from eavesdropping
(confidentiality) Prevent unauthorized access to a wireless network (access
control) Prevent tampering with transmitted messages Provide users with the equivalent level of privacy inbuilt in
wireless networks.
Wireless Network Security
1. Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)
2. Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY).
3. The Initialization Vector (IV) and default key on the station access point are used to create a key stream
4. The key stream is then used to convert the plain text message into the WEP encrypted frame.
Wireless Network Security
Wireless Network Security
Wireless Network Security
Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network
interface 16.7 million possible keys (224)
Shared Secret Key 40 bits long (5 ASCII characters) when 64 bit key is used 104 bits long (13 ASCII characters) when 128 bit key is used
Wireless Network Security
Wireless Network Security
IV
RC4key
IV encrypted packet
original unencrypted packet checksum
Wireless Network Security
Wireless Network Security
1. The station sends an authentication request to AP2. AP sends challenge text to the station.3. The station uses its configured 64-bit or 128-bit default key to
encrypt the challenge text, and it sends the latter to AP.4. AP decrypts the encrypted text using its configured WEP key
that corresponds to the station's default key. 5. AP compares the decrypted text with the original challenge
text. 6. If the decrypted text matches the original challenge text,
then the access point and the station share the same WEP key, and the access point authenticates the station.
7. The station connects to the network.
Wireless Network Security
Wireless Network Security
Wireless Network Security
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, plaintext appended to the key to avoid Repetition
Injecting packets generates IVs
New technique in 2002 replacement of security flaws of WEP. Improved data encryption Strong user authentication Because of many attacks related to
static key, WPA minimize shared secret key in accordance with the frame transmission.
Wireless Network Security
Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.
When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.
WPA also provides vastly improved payload integrity.
Wireless Network Security
A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael".
The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.
The Michael algorithm is a strong algorithm that would still work with most older network cards.
WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker.
Wireless Network Security
Wireless Network Security
WEP WPAENCRYPTION RC4 RC4
KEY ROTATION NONE Dynamic Session Keys
KEY DISTRIBUTION
Manually typed into each device
Automatic distribution available
AUTHENTICATION
Uses WEP key as Authentication
Can use 802.1x & EAP
1. It is easier to add or move workstations.
2. It is easier to provide connectivity in areas where it is difficult to lay cable.
3. Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.
4. Access to the network can be from anywhere within range of an access point.
5.Portable or semi-permanent buildings can be connected using a WLAN.
Wireless Network Security
1.As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly.
2.Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.
3.Security is more difficult to guarantee and requires configuration.
4.Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user.
Wireless Network Security
1.Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments.
2.Cahners In-Stat group predicts the market for wireless LANs will be $2.2 billion in 2004, up from $771 million in 2000.
3.Growing use and popularity require increased focus on security
Wireless Network Security
Thank You!
Wireless Network Security