Shashank wireless lans security

1. Wireless Introduction

2. Wireless network modes

3. SSID

4. WEP

5. WPA

6. Advantages

7. Disadvantage

8. Conclusion

Wireless Network Security

INTROA Wireless LAN Links Two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider internet.

IEEE 802 series standards802.11 – wireless LANs (LAN)802.15 – wireless personal area networks (e.g., Bluetooth)802.16 – wireless broadband up to 155Mb


802.11a – 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to clients Cisco products: Aironet 1200

802.11b – 11 [email protected] GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200

802.11g – 54 [email protected] GHz Same range as 802.11b Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200


The 802.11 wireless networks operate in two basic modes:1. Infrastructure mode2. Ad-hoc mode

Infrastructure mode: each wireless client connects directly to a

central device called Access Point (AP) No direct connection between wireless clients AP acts as a wireless hub that performs the

connections and handles them between wireless clients


The hub handles: the clients’ authentication, Authorization link-level data security (access control and enabling

data traffic encryption) Ad-hoc mode:

Each wireless client connects directly with each other

No central device managing the connections Rapid deployment of a temporal network where no

infrastructures exist (advantage in case of disaster…)

Each node must maintain its proper authentication list


Identifies a particular wireless network A client must set the same SSID as the one in that

particular AP Point to join the network Without SSID, the client won’t be able to select and

join a wireless network Hiding SSID is not a security measure because the

wireless network in this case is not invisible It can be defeated by intruders by sniffing it from any

probe signal containing it.


The original native security mechanism for WLAN provide security through a 802.11 network Used to protect wireless communication from eavesdropping

(confidentiality) Prevent unauthorized access to a wireless network (access

control) Prevent tampering with transmitted messages Provide users with the equivalent level of privacy inbuilt in

wireless networks.


1. Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)

2. Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY).

3. The Initialization Vector (IV) and default key on the station access point are used to create a key stream

4. The key stream is then used to convert the plain text message into the WEP encrypted frame.


Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network

interface 16.7 million possible keys (224)

Shared Secret Key 40 bits long (5 ASCII characters) when 64 bit key is used 104 bits long (13 ASCII characters) when 128 bit key is used



IV

RC4key

IV encrypted packet

original unencrypted packet checksum

1. The station sends an authentication request to AP2. AP sends challenge text to the station.3. The station uses its configured 64-bit or 128-bit default key to

encrypt the challenge text, and it sends the latter to AP.4. AP decrypts the encrypted text using its configured WEP key

that corresponds to the station's default key. 5. AP compares the decrypted text with the original challenge

text. 6. If the decrypted text matches the original challenge text,

then the access point and the station share the same WEP key, and the access point authenticates the station.

7. The station connects to the network.



WEP encrypted networks can be cracked in 10 minutes

Goal is to collect enough IVs to be able to crack the key

IV = Initialization Vector, plaintext appended to the key to avoid Repetition

Injecting packets generates IVs

New technique in 2002 replacement of security flaws of WEP. Improved data encryption Strong user authentication Because of many attacks related to

static key, WPA minimize shared secret key in accordance with the frame transmission.


Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV).

One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.

When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

WPA also provides vastly improved payload integrity.


A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael".

The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.

The Michael algorithm is a strong algorithm that would still work with most older network cards.

WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker.



WEP WPAENCRYPTION RC4 RC4

KEY ROTATION NONE Dynamic Session Keys

KEY DISTRIBUTION

Manually typed into each device

Automatic distribution available

AUTHENTICATION

Uses WEP key as Authentication

Can use 802.1x & EAP

1. It is easier to add or move workstations.

2. It is easier to provide connectivity in areas where it is difficult to lay cable.

3. Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.

4. Access to the network can be from anywhere within range of an access point.

5.Portable or semi-permanent buildings can be connected using a WLAN.


1.As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly.

2.Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.

3.Security is more difficult to guarantee and requires configuration.

4.Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user.


1.Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments.

2.Cahners In-Stat group predicts the market for wireless LANs will be $2.2 billion in 2004, up from $771 million in 2000.

3.Growing use and popularity require increased focus on security


Thank You!


Shashank wireless lans security

Technology

Transcript of Shashank wireless lans security