SlideShare une entreprise Scribd logo

Wireless security

S
Salma Elhag

The document provides an overview of wireless network and mobile device security. It discusses some key factors that contribute to higher security risks for wireless networks compared to wired networks, including the wireless channel, mobility, limited device resources, and accessibility. It also describes common wireless network threats like accidental association, man-in-the-middle attacks, denial of service attacks, and network injection. The document then discusses measures to secure wireless transmissions and access points. It outlines security threats specific to mobile devices like lack of physical security controls and use of untrusted networks and applications. Finally, it provides an overview of IEEE 802.11 wireless LAN security standards including WEP, WPA, RSN, and the phases of 802.

Formation
1  sur  36
Télécharger pour lire hors ligne
chap18.Wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr SeoulTech UCS Lab 2015-1st
Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless LAN Overview 18.4 IEEE 802.11i Wireless LAN Security 18.5 Recommended Reading 18.6 Key Terms, Review Questions, and Problems 2
1. Wireless Security Some of the key factors contributing to the higher security risk of wireless networks compared to wired networks include the following • Channel: Eavesdropping and jamming than wired networks. Wireless networks are also more vulnerable to active attacks that exploit • Mobility: Mobility results in a number of risks. • Resources: Limited memory and processing resources with which to counter threats, including denial of service and malware. • Accessibility: Greatly increases their vulnerability to physical attacks. 3
Wireless Network Threats (1/2) • Accidental association : A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. • Malicious association : a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users and then penetrate a wired network through a legitimate wireless access point. • Ad hoc networks : peer-to-peer networks between wireless computers with no access point between them • Nontraditional networks : Nontraditional networks and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs, pose a security risk in terms of both eavesdropping and spoofing. 4 18.1 Wireless Security
Wireless Network Threats (2/2) • Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. • Man-in-the middle attacks: This attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Wireless networks are particularly vulnerable to such attacks. • Denial of service (DoS): The wireless environment lends itself to this type of attack, because it is so easy for the attacker to direct multiple wireless messages at the target. • Network injection: A network injection attack targets wireless access points that are exposed to nonfiltered network traffic, such as routing protocol messages or network management messages. An example of such an attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance. 5 18.1 Wireless Security
6 Wireless Security Measures (1/2) Securing Wireless Transmissions principal threats to wireless transmission are eavesdropping, altering or inserting messages, and disruption • Signal-hiding techniques: Organizations can take a number of measures to make it more difficult for an attacker to locate their wireless access points, including turning off service set identifier (SSID) broadcasting by wireless access points; assigning cryptic names to SSIDs; reducing signal strength to the lowest level that still provides requisite coverage; and locating wireless access points in the interior of the building, away from windows and exterior walls. Greater security can be achieved by the use of directional antennas and of signal-shielding techniques. • Encryption: Encryption of all wireless transmission is effective against eavesdropping to the extent that the encryption keys are secured. 18.1 Wireless Security
7 Wireless Security Measures (2/2) Securing Wireless Access Points The main threat involving wireless access points is unauthorized access to the network. The principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control. Securing Wireless Networks 1. Use encryption. Wireless routers are typically equipped with built-in encryption mechanisms for router-to-router traffic. 2. Use antivirus and antispyware software, and a firewall. 3. Turn off identifier broadcasting. If a network is configured so that authorized devices know the identity of routers, this capability can be disabled, so as to thwart attackers. 4. Change the identifier on your router from the default. 5. Change your router’s pre-set password for administration. This is another prudent step. 6. Allow only specific computers to access your wireless network. A router can be configured to only communicate with approved MAC addresses. 18.1 Wireless Security
Security Threats (1/4) SP 800-14 lists seven major security concerns for mobile devices. • Lack of Physical Security Controls Mobile device is required to remain on premises, the user may move the device within the organization between secure and nonsecured locations. theft and tampering are realistic threats. The threat is two fold: 1) A malicious party may attempt to recover sensitive data from the device itself 2) may use the device to gain access to the organization’s resources. 8 18.2 Mobile Device Security
Security Threats (2/4) • Use of Untrusted Mobile Devices In addition to company-issued and company-controlled mobile devices, virtually all employees will have personal smartphones and/or tablets. The organization must assume that these devices are not trustworthy. • Use of Untrusted Networks If a mobile device is used on premises, it can connect to organization resources over the organization’s own in-house wireless networks. Thus, traffic that includes an off-premises segment is potentially susceptible to eavesdropping or man-in-the- middle types of attacks. 9 18.2 Mobile Device Security
Security Threats (3/4) • Use of Applications Created by Unknown Parties By design, it is easy to find and install third-party applications on mobile devices. This poses the obvious risk of installing malicious software. • Interaction with Other Systems Unless an organization has control of all the devices involved in synchronization, there is considerable risk of the organization’s data being stored in an unsecured location, plus the risk of the introduction of malware. 10 18.2 Mobile Device Security
Security Threats (4/4) • Use of Untrusted Content Mobile devices may access and use content that other computing devices do not encounter.. • Use of Location Services The GPS service, it creates security risks. An attacker can use the location information to determine where the device and user are located, which may be of use to the attacker. 11 18.2 Mobile Device Security
Fig1. Mobile Device Security Elements 12 18.2 Mobile Device Security
13 • Station : The device is compatible with MAC and physical layer to IEEE802.11 • Access point (AP) : Station has a function. And an object that provides access to the distribution system over a wireless medium • Basic service set (BSS) : Station set of all possible approaches, including the AP and the AP • Extended service set (ESS) : A set of two or more mutually connected BSS in the expanded form of the BSS. • Distribution system (DS) : BBS and the LAN and connects the system to generate an extended service set 18.3 IEEE 802.11 Wireless LAN Overview
14 • MAC protocol data unit (MPDU) : Unit for exchanging data using a physical layer service between the two MAC entities • MAC service data unit (MSDU) : One information unit between MAC users • Coordination function : Station logic function which operates within the BBS is decided to permit the transfer and acceptor Protocol data units (PDUs) 18.3 IEEE 802.11 Wireless LAN Overview
15 IEEE Standard Protocol Model ..... Transport Layer Network Layer Data Link Layer Physical Layer OSI 7Layer 18.3 IEEE 802.11 Wireless LAN Overview Fig2. IEEE 802.11 Protocol Stack
16 MSDU Aggregation MAC Layer MPDU Aggregation Physical Layer LLC Layer MPDU Format MPDU FlowChart 18.3 IEEE 802.11 Wireless LAN Overview Fig3. General IEEE 802 MPDU Format
17 • Direct communication between the client stations in the BSS does not occur. • All Station within the BSS is a BSS, which is called directly transmitted and received without passing through the AP Independent BSS (IBSS). 18.3 IEEE 802.11 Wireless LAN Overview Fig5. IEEE 802.11 Extended Service Set
18 Primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN. The term integrated refers to a wired LAN that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. Service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN. The term integrated refers to a wired LAN that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. 18.3 IEEE 802.11 Wireless LAN Overview
19 Association : Establishes an initial association between a station and an AP. Before a station can transmit or receive frames on a wireless LAN, its identity and address must be known. For this purpose, a station must establish an association with an AP within a particular BSS. The AP can then communicate this information to other APs within the ESS to facilitate routing and delivery of addressed frames. Reassociation : Enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another. Disassociation : A notification from either a station or an AP that an existing association is terminated. A station should give this notification before leaving an ESS or shutting down. However, the MAC management facility protects itself against stations that disappear without notification. 18.3 IEEE 802.11 Wireless LAN Overview
20 • Wired Equivalent Privacy (WEP) algorithm – Provides security between the wireless LAN operated as part of the 802.11. • Wi-Fi Protected Access (WPA) – Was created by the WiFi Alliance. – 802.11i security protocols to be used in the draft version • Robust Security Network (RSN) – Recent 802.11i standard form 18.4 IEEE 802.11i Wireless Security
21 • Authentication: Mutual recognition between the user and the AS using the protocol and defines a temporary key generation used between the client and the AP between the wireless link. • Access control: Use the authentication function, will be done through the proper message routing and key exchange. The implementation of this feature, using a variety of authentication protocols. • Privacy with message integrity: Encrypting the message with the integrity code can be confirmed that the data has not changed the data in the MAC layer. 802.11i RSN security services 18.4 IEEE 802.11i Wireless Security
22 Fig6. Elements of IEEE 802.11 CBC-MAC = Cipher Block Chaining Message Authentication Code (MAC) CCM = Counter Mode with Cipher Block Chaining Message Authentication Code CCMP = Counter Mode with Cipher Block Chaining MAC Protocol TKIP = Temporal Key Integrity Protocol Elements of RSN 18.4 IEEE 802.11i Wireless Security
23 Fig7. IEEE 802.11i Phases of Operation 18.4 IEEE 802.11i Wireless Security
Discovery Phases(1/3) 24 The Discovery phase determines the technology used in the following areas. l Confidentiality Integrity Protocol MPDU l Authentication Method l Cryptographic key management scheme 18.4 IEEE 802.11i Wireless Security
25 Encryption options are as follows for the confidentiality and integrity protection. l WEP l TKIP l CCMP Discovery Phases(2/3) 18.4 IEEE 802.11i Wireless Security
26 MPDU exchange l network and security features l Open System Authentication l Association Discovery Phases(3/3) 18.4 IEEE 802.11i Wireless Security
Authentication Phases(1/2) 27 • Authentication step of performing authentication between a STA and AS. • Should allow an authenticated Station will use the network. • Station to communicate with the network, and that we are guaranteeing the fair. • Certification process step is composed of three steps: Connect to AS. ü EAP exchange. ü Secure Key Delivery. 18.4 IEEE 802.11i Wireless Security
28 1. Connect to AS • Station is connected to the AS sends a request to their AP. • AP is a response to the received request, and transmits the access request to the AS. 2. EAP ( Extensible authentication protocol) exchange • Do the mutual authentication between the Station and the AS. 3. Secure Key Delivery: • The AS generates a Master Session Key (MSK) after mutual authentication and sent to the Station. • Master keys are transferred to the Station through the AP. Authentication Phases(2/2) 18.4 IEEE 802.11i Wireless Security
Key Management Phases(1/3) 29 Pre-shared key AAA Key Pairwise master key Pairwise transient key EAPOL key confirmation key EAPOL key Encryption key Temporal Key 사용자 정의 Out-of-band path EAP method path PSK AAAK or MSK PMK PTK KCK KEK TK No modification Possible truncation PRF(pseudo-random function) Using HMAC-SHA-1 18.4 IEEE 802.11i Wireless Security Fig8. Pairwise key hierarchy
30 • The key management phase, various encryption key is generated and being distributed Station. • Pairwise key pair are commonly used for communication between the Station and the AP. • This key is dynamically generated from a master key and limited use of time.. • The top layer has two kinds of keys are present. ü PSK is AP and Station shared key to the dictionary.. ü MSK is generated during the authentication phase is different from the generation method according to the authentication protocol. Key Management Phases(2/3) 18.4 IEEE 802.11i Wireless Security
31 • Pairwise master key is generated in the following manner. ü PSK is used, generates a PMK with PSK ü MSK Gaga used if the PMK is cut using some MSK. • After the end of the final stage of certification is the AP and Station to share the PMK. Key Management Phases(3/3) 18.4 IEEE 802.11i Wireless Security • PMK is finished and after mutual authentication between the AP Station is used to generate a PTK is used for communication. • PTK = HMAC( PMK ||the MAC addresses of the STA and AP|| nonces ).
32 18.4 IEEE 802.11i Wireless Security Fig9. Group key hierarchy
33 18.4 IEEE 802.11i Wireless Security Fig10. IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols
34 18.4 IEEE 802.11i Wireless Security Fig10. IEEE 802.11i Phases of Operation: Four-Way Handshake and Group Key Handshake
35 Protected Data Transfer Phases The IEEE 802.11i defines TKIP and CCMP two systems to deliver MPDU. 1. TKIP • Message integrity : Then after the data field by attaching a Message integrity code (MIC) to ensure integrity. MIC is inputted with the destination MAC address, a data field and the key value through the Michael algorithm produces a 64-bit result value. • Data Confidentiality: The MPDU encrypted data and MIC as RC4 to guarantee confidentiality. 2. CCMP • Message integrity : Use the Cipher Block Chaining Authentication Code. • Data Confidentiality : The use of 128-bit AES encryption. 18.4 IEEE 802.11i Wireless Security
Thank You! 36

Recommandé

Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Introduction To Network Design
Introduction To Network DesignIntroduction To Network Design
Introduction To Network DesignSteven Cahill
 
Vpn
VpnVpn
VpnAnkit Anand
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
TCP/IP Protocols With All Layer Description
TCP/IP Protocols With All Layer DescriptionTCP/IP Protocols With All Layer Description
TCP/IP Protocols With All Layer DescriptionShubham Khedekar
 

Recommandé

Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Introduction To Network Design
Introduction To Network DesignIntroduction To Network Design
Introduction To Network DesignSteven Cahill
 
Vpn
VpnVpn
VpnAnkit Anand
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Virtual Private Network (VPN).
Virtual Private Network (VPN).Virtual Private Network (VPN).
Virtual Private Network (VPN).Debasis Chowdhury
 
TCP/IP Protocols With All Layer Description
TCP/IP Protocols With All Layer DescriptionTCP/IP Protocols With All Layer Description
TCP/IP Protocols With All Layer DescriptionShubham Khedekar
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking FundamentalsRajet Veshin
 
Vpn
VpnVpn
Vpnsaisravanthi11
 
network fundamentals
network fundamentalsnetwork fundamentals
network fundamentalsSithu PM
 
Computer Networking.
Computer Networking.Computer Networking.
Computer Networking.mvenkat2016
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkHASHIR RAZA
 
Network protocol
Network protocolNetwork protocol
Network protocolPriyangaRajaram
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking FundamentalsManjit Chavda
 
Computer networking
Computer networking Computer networking
Computer networking Sukrant Chandna
 
Wide Area Network (WAN)
Wide Area Network (WAN)Wide Area Network (WAN)
Wide Area Network (WAN)Claisse Martinez
 
Network Slides
Network SlidesNetwork Slides
Network Slidesiarthur
 
WLAN
WLANWLAN
WLANMukesh Chinta
 
Introduction of computer network
Introduction of computer networkIntroduction of computer network
Introduction of computer networkVivek Kumar Sinha
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 
Computer Networking fundamentals
Computer Networking fundamentals Computer Networking fundamentals
Computer Networking fundamentals Kirti Verma
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Networking Slides
Networking SlidesNetworking Slides
Networking Slidesiarthur
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
A Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityA Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityUniversitas Pembangunan Panca Budi
 
A Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityA Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityDustin Pytko
 

Contenu connexe

Tendances

TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking FundamentalsRajet Veshin
 
network fundamentals
network fundamentalsnetwork fundamentals
network fundamentalsSithu PM
 
Computer Networking.
Computer Networking.Computer Networking.
Computer Networking.mvenkat2016
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkHASHIR RAZA
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking FundamentalsManjit Chavda
 
Network Slides
Network SlidesNetwork Slides
Network Slidesiarthur
 
Introduction of computer network
Introduction of computer networkIntroduction of computer network
Introduction of computer networkVivek Kumar Sinha
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)Avinash Nath
 
Computer Networking fundamentals
Computer Networking fundamentals Computer Networking fundamentals
Computer Networking fundamentals Kirti Verma
 
Networking Slides
Networking SlidesNetworking Slides
Networking Slidesiarthur
 

Tendances (20)

Wireless network security
Wireless network securityWireless network security
Wireless network security
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol Architeture
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
 
Vpn
VpnVpn
Vpn
 
network fundamentals
network fundamentalsnetwork fundamentals
network fundamentals
 
Computer Networking.
Computer Networking.Computer Networking.
Computer Networking.
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Network protocol
Network protocolNetwork protocol
Network protocol
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
 
Computer networking
Computer networking Computer networking
Computer networking
 
Wide Area Network (WAN)
Wide Area Network (WAN)Wide Area Network (WAN)
Wide Area Network (WAN)
 
Network Slides
Network SlidesNetwork Slides
Network Slides
 
WLAN
WLANWLAN
WLAN
 
Introduction of computer network
Introduction of computer networkIntroduction of computer network
Introduction of computer network
 
Firewalls
FirewallsFirewalls
Firewalls
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)
 
Computer Networking fundamentals
Computer Networking fundamentals Computer Networking fundamentals
Computer Networking fundamentals
 
Dmz
Dmz Dmz
Dmz
 
Networking Slides
Networking SlidesNetworking Slides
Networking Slides
 
Firewalls
FirewallsFirewalls
Firewalls
 

Similaire à Wireless security

A Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityA Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityUniversitas Pembangunan Panca Budi
 
A Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityA Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityDustin Pytko
 
Survey of Security and Privacy Issues of Internet of Things
Survey of Security and Privacy Issues of Internet of ThingsSurvey of Security and Privacy Issues of Internet of Things
Survey of Security and Privacy Issues of Internet of ThingsEswar Publications
 
Annes Beauty Salon, Inc Income Statement For the Year 20XX
Annes Beauty Salon, Inc Income Statement For the Year 20XXAnnes Beauty Salon, Inc Income Statement For the Year 20XX
Annes Beauty Salon, Inc Income Statement For the Year 20XXsimisterchristen
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...IRJET Journal
 
Wireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explainedWireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explainedDavid Sweigert
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT ssk
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxadolphoyonker
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEKate Campbell
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEIRJET Journal
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Scienceinventy
 
Wireless networks & cellular wireless networks
Wireless networks & cellular wireless networksWireless networks & cellular wireless networks
Wireless networks & cellular wireless networksSweta Kumari Barnwal
 
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...redfoxtrapper
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.RAVI RAJ
 
4g security presentation
4g security presentation4g security presentation
4g security presentationKyle Ly
 
Wireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isWireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isssuser5b84591
 

Similaire à Wireless security (20)

A Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityA Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network Security
 
A Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityA Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network Security
 
Survey of Security and Privacy Issues of Internet of Things
Survey of Security and Privacy Issues of Internet of ThingsSurvey of Security and Privacy Issues of Internet of Things
Survey of Security and Privacy Issues of Internet of Things
 
Annes Beauty Salon, Inc Income Statement For the Year 20XX
Annes Beauty Salon, Inc Income Statement For the Year 20XXAnnes Beauty Salon, Inc Income Statement For the Year 20XX
Annes Beauty Salon, Inc Income Statement For the Year 20XX
 
The mfn 3
The mfn 3The mfn 3
The mfn 3
 
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
Wireless Sensor Network: Internet Model Layer Based Security Attacks and thei...
 
Wireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explainedWireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explained
 
Ccna 1 7
Ccna 1 7Ccna 1 7
Ccna 1 7
 
A survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOTA survey in privacy and security in Internet of Things IOT
A survey in privacy and security in Internet of Things IOT
 
A survey in privacy security in IOT
A survey in privacy security in IOT A survey in privacy security in IOT
A survey in privacy security in IOT
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docx
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
 
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICEA SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
A SURVEY OF COMPUTER NETWORKING THEORY AND PRACTICE
 
Research Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and ScienceResearch Inventy : International Journal of Engineering and Science
Research Inventy : International Journal of Engineering and Science
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
Wireless networks & cellular wireless networks
Wireless networks & cellular wireless networksWireless networks & cellular wireless networks
Wireless networks & cellular wireless networks
 
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...
Wasson Week 7 Assignment For Northridge Consulting Group Power Point Presenta...
 
Cryptography and network security.
Cryptography and network security.Cryptography and network security.
Cryptography and network security.
 
4g security presentation
4g security presentation4g security presentation
4g security presentation
 
Wireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-isWireless deployment strategies in WNS-is
Wireless deployment strategies in WNS-is
 

Dernier

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 

Dernier (20)

PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 

Wireless security

  • 1. chap18.Wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr SeoulTech UCS Lab 2015-1st
  • 2. Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless LAN Overview 18.4 IEEE 802.11i Wireless LAN Security 18.5 Recommended Reading 18.6 Key Terms, Review Questions, and Problems 2
  • 3. 1. Wireless Security Some of the key factors contributing to the higher security risk of wireless networks compared to wired networks include the following • Channel: Eavesdropping and jamming than wired networks. Wireless networks are also more vulnerable to active attacks that exploit • Mobility: Mobility results in a number of risks. • Resources: Limited memory and processing resources with which to counter threats, including denial of service and malware. • Accessibility: Greatly increases their vulnerability to physical attacks. 3
  • 4. Wireless Network Threats (1/2) • Accidental association : A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. • Malicious association : a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users and then penetrate a wired network through a legitimate wireless access point. • Ad hoc networks : peer-to-peer networks between wireless computers with no access point between them • Nontraditional networks : Nontraditional networks and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs, pose a security risk in terms of both eavesdropping and spoofing. 4 18.1 Wireless Security
  • 5. Wireless Network Threats (2/2) • Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. • Man-in-the middle attacks: This attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Wireless networks are particularly vulnerable to such attacks. • Denial of service (DoS): The wireless environment lends itself to this type of attack, because it is so easy for the attacker to direct multiple wireless messages at the target. • Network injection: A network injection attack targets wireless access points that are exposed to nonfiltered network traffic, such as routing protocol messages or network management messages. An example of such an attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance. 5 18.1 Wireless Security
  • 6. 6 Wireless Security Measures (1/2) Securing Wireless Transmissions principal threats to wireless transmission are eavesdropping, altering or inserting messages, and disruption • Signal-hiding techniques: Organizations can take a number of measures to make it more difficult for an attacker to locate their wireless access points, including turning off service set identifier (SSID) broadcasting by wireless access points; assigning cryptic names to SSIDs; reducing signal strength to the lowest level that still provides requisite coverage; and locating wireless access points in the interior of the building, away from windows and exterior walls. Greater security can be achieved by the use of directional antennas and of signal-shielding techniques. • Encryption: Encryption of all wireless transmission is effective against eavesdropping to the extent that the encryption keys are secured. 18.1 Wireless Security
  • 7. 7 Wireless Security Measures (2/2) Securing Wireless Access Points The main threat involving wireless access points is unauthorized access to the network. The principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control. Securing Wireless Networks 1. Use encryption. Wireless routers are typically equipped with built-in encryption mechanisms for router-to-router traffic. 2. Use antivirus and antispyware software, and a firewall. 3. Turn off identifier broadcasting. If a network is configured so that authorized devices know the identity of routers, this capability can be disabled, so as to thwart attackers. 4. Change the identifier on your router from the default. 5. Change your router’s pre-set password for administration. This is another prudent step. 6. Allow only specific computers to access your wireless network. A router can be configured to only communicate with approved MAC addresses. 18.1 Wireless Security
  • 8. Security Threats (1/4) SP 800-14 lists seven major security concerns for mobile devices. • Lack of Physical Security Controls Mobile device is required to remain on premises, the user may move the device within the organization between secure and nonsecured locations. theft and tampering are realistic threats. The threat is two fold: 1) A malicious party may attempt to recover sensitive data from the device itself 2) may use the device to gain access to the organization’s resources. 8 18.2 Mobile Device Security
  • 9. Security Threats (2/4) • Use of Untrusted Mobile Devices In addition to company-issued and company-controlled mobile devices, virtually all employees will have personal smartphones and/or tablets. The organization must assume that these devices are not trustworthy. • Use of Untrusted Networks If a mobile device is used on premises, it can connect to organization resources over the organization’s own in-house wireless networks. Thus, traffic that includes an off-premises segment is potentially susceptible to eavesdropping or man-in-the- middle types of attacks. 9 18.2 Mobile Device Security
  • 10. Security Threats (3/4) • Use of Applications Created by Unknown Parties By design, it is easy to find and install third-party applications on mobile devices. This poses the obvious risk of installing malicious software. • Interaction with Other Systems Unless an organization has control of all the devices involved in synchronization, there is considerable risk of the organization’s data being stored in an unsecured location, plus the risk of the introduction of malware. 10 18.2 Mobile Device Security
  • 11. Security Threats (4/4) • Use of Untrusted Content Mobile devices may access and use content that other computing devices do not encounter.. • Use of Location Services The GPS service, it creates security risks. An attacker can use the location information to determine where the device and user are located, which may be of use to the attacker. 11 18.2 Mobile Device Security
  • 12. Fig1. Mobile Device Security Elements 12 18.2 Mobile Device Security
  • 13. 13 • Station : The device is compatible with MAC and physical layer to IEEE802.11 • Access point (AP) : Station has a function. And an object that provides access to the distribution system over a wireless medium • Basic service set (BSS) : Station set of all possible approaches, including the AP and the AP • Extended service set (ESS) : A set of two or more mutually connected BSS in the expanded form of the BSS. • Distribution system (DS) : BBS and the LAN and connects the system to generate an extended service set 18.3 IEEE 802.11 Wireless LAN Overview
  • 14. 14 • MAC protocol data unit (MPDU) : Unit for exchanging data using a physical layer service between the two MAC entities • MAC service data unit (MSDU) : One information unit between MAC users • Coordination function : Station logic function which operates within the BBS is decided to permit the transfer and acceptor Protocol data units (PDUs) 18.3 IEEE 802.11 Wireless LAN Overview
  • 15. 15 IEEE Standard Protocol Model ..... Transport Layer Network Layer Data Link Layer Physical Layer OSI 7Layer 18.3 IEEE 802.11 Wireless LAN Overview Fig2. IEEE 802.11 Protocol Stack
  • 16. 16 MSDU Aggregation MAC Layer MPDU Aggregation Physical Layer LLC Layer MPDU Format MPDU FlowChart 18.3 IEEE 802.11 Wireless LAN Overview Fig3. General IEEE 802 MPDU Format
  • 17. 17 • Direct communication between the client stations in the BSS does not occur. • All Station within the BSS is a BSS, which is called directly transmitted and received without passing through the AP Independent BSS (IBSS). 18.3 IEEE 802.11 Wireless LAN Overview Fig5. IEEE 802.11 Extended Service Set
  • 18. 18 Primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN. The term integrated refers to a wired LAN that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. Service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN. The term integrated refers to a wired LAN that is physically connected to the DS and whose stations may be logically connected to an IEEE 802.11 LAN via the integration service. 18.3 IEEE 802.11 Wireless LAN Overview
  • 19. 19 Association : Establishes an initial association between a station and an AP. Before a station can transmit or receive frames on a wireless LAN, its identity and address must be known. For this purpose, a station must establish an association with an AP within a particular BSS. The AP can then communicate this information to other APs within the ESS to facilitate routing and delivery of addressed frames. Reassociation : Enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another. Disassociation : A notification from either a station or an AP that an existing association is terminated. A station should give this notification before leaving an ESS or shutting down. However, the MAC management facility protects itself against stations that disappear without notification. 18.3 IEEE 802.11 Wireless LAN Overview
  • 20. 20 • Wired Equivalent Privacy (WEP) algorithm – Provides security between the wireless LAN operated as part of the 802.11. • Wi-Fi Protected Access (WPA) – Was created by the WiFi Alliance. – 802.11i security protocols to be used in the draft version • Robust Security Network (RSN) – Recent 802.11i standard form 18.4 IEEE 802.11i Wireless Security
  • 21. 21 • Authentication: Mutual recognition between the user and the AS using the protocol and defines a temporary key generation used between the client and the AP between the wireless link. • Access control: Use the authentication function, will be done through the proper message routing and key exchange. The implementation of this feature, using a variety of authentication protocols. • Privacy with message integrity: Encrypting the message with the integrity code can be confirmed that the data has not changed the data in the MAC layer. 802.11i RSN security services 18.4 IEEE 802.11i Wireless Security
  • 22. 22 Fig6. Elements of IEEE 802.11 CBC-MAC = Cipher Block Chaining Message Authentication Code (MAC) CCM = Counter Mode with Cipher Block Chaining Message Authentication Code CCMP = Counter Mode with Cipher Block Chaining MAC Protocol TKIP = Temporal Key Integrity Protocol Elements of RSN 18.4 IEEE 802.11i Wireless Security
  • 23. 23 Fig7. IEEE 802.11i Phases of Operation 18.4 IEEE 802.11i Wireless Security
  • 24. Discovery Phases(1/3) 24 The Discovery phase determines the technology used in the following areas. l Confidentiality Integrity Protocol MPDU l Authentication Method l Cryptographic key management scheme 18.4 IEEE 802.11i Wireless Security
  • 25. 25 Encryption options are as follows for the confidentiality and integrity protection. l WEP l TKIP l CCMP Discovery Phases(2/3) 18.4 IEEE 802.11i Wireless Security
  • 26. 26 MPDU exchange l network and security features l Open System Authentication l Association Discovery Phases(3/3) 18.4 IEEE 802.11i Wireless Security
  • 27. Authentication Phases(1/2) 27 • Authentication step of performing authentication between a STA and AS. • Should allow an authenticated Station will use the network. • Station to communicate with the network, and that we are guaranteeing the fair. • Certification process step is composed of three steps: Connect to AS. ü EAP exchange. ü Secure Key Delivery. 18.4 IEEE 802.11i Wireless Security
  • 28. 28 1. Connect to AS • Station is connected to the AS sends a request to their AP. • AP is a response to the received request, and transmits the access request to the AS. 2. EAP ( Extensible authentication protocol) exchange • Do the mutual authentication between the Station and the AS. 3. Secure Key Delivery: • The AS generates a Master Session Key (MSK) after mutual authentication and sent to the Station. • Master keys are transferred to the Station through the AP. Authentication Phases(2/2) 18.4 IEEE 802.11i Wireless Security
  • 29. Key Management Phases(1/3) 29 Pre-shared key AAA Key Pairwise master key Pairwise transient key EAPOL key confirmation key EAPOL key Encryption key Temporal Key 사용자 정의 Out-of-band path EAP method path PSK AAAK or MSK PMK PTK KCK KEK TK No modification Possible truncation PRF(pseudo-random function) Using HMAC-SHA-1 18.4 IEEE 802.11i Wireless Security Fig8. Pairwise key hierarchy
  • 30. 30 • The key management phase, various encryption key is generated and being distributed Station. • Pairwise key pair are commonly used for communication between the Station and the AP. • This key is dynamically generated from a master key and limited use of time.. • The top layer has two kinds of keys are present. ü PSK is AP and Station shared key to the dictionary.. ü MSK is generated during the authentication phase is different from the generation method according to the authentication protocol. Key Management Phases(2/3) 18.4 IEEE 802.11i Wireless Security
  • 31. 31 • Pairwise master key is generated in the following manner. ü PSK is used, generates a PMK with PSK ü MSK Gaga used if the PMK is cut using some MSK. • After the end of the final stage of certification is the AP and Station to share the PMK. Key Management Phases(3/3) 18.4 IEEE 802.11i Wireless Security • PMK is finished and after mutual authentication between the AP Station is used to generate a PTK is used for communication. • PTK = HMAC( PMK ||the MAC addresses of the STA and AP|| nonces ).
  • 32. 32 18.4 IEEE 802.11i Wireless Security Fig9. Group key hierarchy
  • 33. 33 18.4 IEEE 802.11i Wireless Security Fig10. IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols
  • 34. 34 18.4 IEEE 802.11i Wireless Security Fig10. IEEE 802.11i Phases of Operation: Four-Way Handshake and Group Key Handshake
  • 35. 35 Protected Data Transfer Phases The IEEE 802.11i defines TKIP and CCMP two systems to deliver MPDU. 1. TKIP • Message integrity : Then after the data field by attaching a Message integrity code (MIC) to ensure integrity. MIC is inputted with the destination MAC address, a data field and the key value through the Michael algorithm produces a 64-bit result value. • Data Confidentiality: The MPDU encrypted data and MIC as RC4 to guarantee confidentiality. 2. CCMP • Message integrity : Use the Cipher Block Chaining Authentication Code. • Data Confidentiality : The use of 128-bit AES encryption. 18.4 IEEE 802.11i Wireless Security