2. Contents:
What is Wireless Networking
What is Wireless Security
Threats to Wireless Networks
Parking Lot attack
Security in WLAN 802.11
Thoughts on Wireless Security
Conclusion
3. Wireless Networking?
A wireless network is a computer network that uses wireless data
connections between network nodes.
It provides the flexibility and freedom that wired networks lack.
The main standards in the wireless world are:
802.11, which describes the Wireless LAN architecture,
802.16 which describes the Wireless MAN architecture.
4. Wireless Security ?
Access Point(AP):
Allows wireless communication device, such ascomputers to
connect to a wireless network
Service set Identifier(SSID):
SSIDallows wireless clients to communicate with an
appropriate access point. Only clients with correct SSIDcan
communicate with the AP
5. Wireless Security(contd.)?
Reasons why wireless networks are more vulnerable to attacks then a wired network are:
Channel: Involves broadcast communications, which is far more susceptible to
eavesdropping and jamming than wired networks
Mobility: Wireless devices are far more portable and mobile than wired devices.
Accessibility: Wireless devices, such assensors and robots, may be left unattended
in remote and/or hostile locations.
7. Following are the threats to Wireless Networks:
Malicious Association:
A wireless device is configured to appear to be a legitimate access point, and then the operator
penetrates the wired network through a legitimate wireless access point.
Ad hoc Network:
These are peer-to-peer networks between wireless computers with no access point
between them. Such networks can pose a security threat due to a lack of a central point of control.
Identify theft (MAC Spoofing):
This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC
address of a computer with network privileges.
8. PARKING LOT ATTACK
Wireless Signals are intercepted outside an organization, or
even through the floors in multi-storey buildings.
“Parking lot” signifies that the attacker sit in the
organization's parking lot and try to access internal hosts via
the wireless network.
9. SECURITYIN WLAN802.11
802.11 Standard
802.11 Authentication
Wired Equivalent Privacy(WEP)
WEP Weakness
802.1x: EAPover LAN
802.11i Standard
10. 802.11 Standard
The 802.11 IEEEstandard was standardized in 1997.
It consists of three layers: Physical layer, MAC (Medium Access Control) layer, and
LLC(Logical Link Control) layer
The first version of the standard supported only 2 Mbps bandwidth, which
motivated the developing teams to come up with other standards to support upto
54Mbps
12. 802.11 Authentication:
Two types of authentications used: Open System Authentication, Shared Key Authentication.
Open System Authentication:
Default authentication protocol for the 802.11 standard.
Consists of a simple authentication request containing the station ID and an authentication
response containing success or failure data
Upon successful authentication, both stations are considered mutually authenticated.
14. SHAREDKEYAUTHENTICATIONFLAW
Shared key authentication can easily be exploited through a passive attack by
eavesdropping.
WEPuses RC4stream cipher as its encryption algorithm.
If both the plaintext and the cipher text are known, the keystream can be
recovered by simply XORing.
As a result, the attacker can be authenticated to the access point.
In the WEP(Wired Equivalent Privacy) standard both of the authentication modes
were supported. In the new security standards, it is not recommended to use
shared key authentication
15. Wired Equivalent Privacy
It has 2 goals to achieve for Wireless LAN : confidentiality and integrity.
It uses Encryption to provide confidentiality.
It uses CRC(Cyclic Redundancy Check) to provide integrity.
16. WEP Weakness
One of the major reasons behind WEPweaknesses is its key length.
WEPhas a 40-bit key , which can be broken in less than five hours using parallel
attacks with the help of normal computer machines[Brown2003] .
This issue urged vendors to update WEPfrom using 40-bit to 104-bit key; thenew
release is called WEP2.
WEPdoes not support mutual authentication.
CRC(for integrity) lacks the cryptography feature.
17. 802.1x : EAPOver LAN (EAPOL)
The 802.1x standard was designed for port base authentication for 802 networks.
EAP(Extensible authentication Protocol) was designed to support multiple
authentication methods over point to point connections without requiring IP.
It allows any of the encryption schemes to be implemented on top of it.
18. EAPOL (contd.)
802.1x framework define 3 ports or entities:
Supplicant (client want to be authenticated),
Authenticator (AP that connect the supplicant to the wired network),
Authentication Server (performs the authentication process from the supplicant based on
their credentials).
19. 802.11i Standard:
The 802.11i (released June 2004) security standard is supposed to be the final solution to wireless security
issue.
It improves authentication, integrity and data transfer.
After final release the full specification was named as WPA2.
802.11i enhances 802.11 by providing a Robust Security Network (RSN) with two new protocols: the four-
way handshake and the group key handshake.
20. Four-way handshake:
AP–Access Point
STA– Client Station
PTK– Pairwise Transient Key 64 Bytes (generated by
concatenating PMK,APnonce (ANonce), STAnonce (SNonce),
APMAC address, and STAMAC address. The product is then
put through a pseudo-random function.).
GTK– Group Temporal Key 32 Bytes(used to decrypt multicast
and broadcast message)
MIC – Message Integrity Code
21. Group Key Handshake
The Group Temporal Key (GTK)used in the network may need to be updated due to
the expiration of a preset timer.
To handle the updating, 802.11i defines a Group KeyHandshake that consists of a
two-way handshake:
The APsends the new GTKto each STAin the network.
The GTKis encrypted using the KEKassigned to that STA,and protects the data from
tampering, by use of a MIC.
The STAacknowledges the new GTKand replies to theAP
.
22. 802.11i (contd.)
To improve data transfer, 802.11i specifies three protocols: TKIP
, CCMPand WRAP.
TKIP(Temporal Key Integrity Management) was introduced as a "band-aid" solution to
WEP problems.
TKIPprovides per-packet key mixing, a message integrity check and a re-keying
mechanism.
TKIPensures that every data packet is sent with its own unique encryption key.
23. 802.11i (contd.)
WRAP(Wireless Robust Authenticated Protocol) is the LAN implementation of the AES
encryption.
WRAPhas intellectual property issues, where three parties have filed for its patent. This
problem caused IEEEto replace it with CCMP
CCMP(Counter with Cipher Block Chaining Message Authentication Code Protocol) is
considered the optimal solution for secure data transfer under 802.11i.
CCMPusesAESfor encryption.
25. WIRELESSSECURITYMEASURES
We can group wireless security measures into those dealing with:
• Wireless Transmissions(threats involves eavesdropping, altering or inserting
messages,and disruption.)
• Wireless Networks
26. SECURING WIRELESS
TRANSMISSION:
To deal with threats of Wireless Transmission, following two measures can be adopted:
Signal-hiding technique:
Involves turning off service set identifier (SSID)broadcasting by wireless accesspoints
Assigning cryptic names to SSIDs
Reducing signal strength to the lowest level
Encryption:
Encryption of all wireless transmission is effective against eavesdropping to the extent that
the encryption keys are secured.
27. SECURINGWIRELESSNETWORK:
Following techniques can be adopted to secure wireless networks:
Use encryption. Wireless routers are typically equipped with built-in encryption
mechanisms for router-to-router traffic.
Use antivirus and antispyware software, and a firewall.
Turn off identifier broadcasting.
Allow only specific computers to access your wireless network.