Upload
evelyn-barrett
View
214
Download
0
Embed Size (px)
Citation preview
Wireless security Wi–Fi (802.11) Security
Seminar by: Jigar Shah
Guide: Prof. G.K. Kharate
Content
Introduction to Wi-Fi
Types of attacks
Traditional security with ref. to Wi-Fi
How IEEE 802.11 WEP works
Why WEP is not secured
IEEE 802.11i and RSN
WPA: An intermediate solution
Wi-Fi security in Real World
Ad hoc mode
Infrastructure mode
Types of attacks
Example: Man – In – Middle attack
1. Listen to message from Mob to AP
2. Read message till end of “check-word”
3. Transmit a sudden burst of noise to corrupt check-word
4. Forge ack. message with AP’s address and send it to MOB
5. Recalculate check-word and send captured msg. to AP
6. Wait for ACK from AP and corrupt check-word again so MOB rejects it
Traditional security Architecture
UntrustedZone
Trusted Zone
firew
all
Conventional Security Architecture
firew
all
UntrustedZone Trusted
ZoneVP
NUser
Remote User in “Trusted Bubble”
Wireless LAN security option 1
VP
NUntrustedZone
Trusted Zone
User
firew
all
Wireless User in Untrusted Zone
VP
NUntrustedZone
Trusted Zone
WLAN
Treating a Wi-Fi LAN user Like a Remote Userfir
ewal
l
How 802.11 WEP works
AuthenticationMessage Encryption
Open Authentication
Authenticate (success)
Authenticate (request)
STA AP
WEP Authentication
Authenticate (request)
Authenticate (challenge)
Authenticate (success)
Authenticate (response)
STA AP
WEP Message Encryption using RC4 stream cipher
IV Secret Key
RC4
AlgorithmC AB $ W &
Combined RC4 key
Mechanics of WEP
Encrypt
Compute check
DATA ICV
Adding ICV
Encrypted
Data & ICVKey IDIV
Unencrypted Adding IV and KeyID bits
Why WEP is not secure Authentication Access control Replay prevention Message modification Message privacy
• IV reuse
• RC4 weak keys
• Direct key attacks
Basic requirements for authentication
1. Robust method of proving identity
2. Method of preserving identity over subsequent transaction that cannot be transferred
3. Mutual authentication
4. Independent keys. i.e. independent from encryption keys
Transition to 802.11i (RSN): The ultimate solution
Encryption algorithms
• TKIP
• CCMP – AES.
• WRAP
Message Integrity – A strong data integrity algorithm (Michael Message
Integrity Check) is applied.
Mutual Authentication – 802.11i uses 802.1X/EAP for user
authentication.
Other security features - secure IBSS, secure fast handoff, and secure
deauthentication and disassociation.
Roaming Support
Authentication Server
Corporate Network
Authenticator (Access Control)
Wireless LAN
Access Point
Wireless LAN
Supplicant
Operating System
Authentication Client
Mobile Devices
Authentication Layer
Access Control Layer
Wireless LAN Layer
Relationship of Wireless LAN Security Layers
(EAP, IEEE 802.1X, RADIUS)
(Kerberos V5, TLS, PEAP,EAP-SIM)
An intermediate solution: WPA
Goals of WPA• be a strong
• Interoperable security replacement for WEP
• be software upgradeable to existing Wi-Fi CERTIFIED products
• be Applicable for both home and large enterprise users
• be available immediately
WPA (Wi-Fi Protected Access)
Implements 802.1X EAP based authentication
Apply Temporal Key Integrity Protocol (TKIP) on existing RC4 WEP
Use Michael Message Integrity Check
Wi-Fi Security In Real World
Conclusion
Referenceshttp://www.iss.net/wirelesshttp://www.monkey.org/~dugsong/dsniff/http://www.cigital.com/news/wireless/arppoison.gifhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html http://www.cs.rice.edu/~astubble/wep/wep_attack.htmlhttp://www.cs.umd.edu/~waa/1x.pdfhttp://freshmeat.net/projects/airsnort/http://sourceforge.net/projects/wepcrackhttp://wireless.newsfactor.comhttp://security.itworld.comhttp://standards.ieee.org/getieee802/download/802.1X-2001.pdfhttp://www.sans.org/rr/papers/6/123.pdf
References
http://www.hackfaq.org/wireless-networks/802.11i.shtmlhttp://www.nwfusion.com/details/715.htmlhttp://www.counterpane.com/pki-risks.htmlhttp://www.ieee802.org/1/files/public/docs2000/P8021XOverview.PDFhttp://www.cs.umd.edu/%7Ewaa/1x.pdf http://www.nwfusion.com/research/2002/0506whatisit.htmlhttp://www.80211-planet.com/tutorials/article.php/1377171
Thank you!
?Questions