SlideShare une entreprise Scribd logo

Wireless Networking Security

Anshuman Biswal
Anshuman Biswal

An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.

Formation
1  sur  30
M. S. Ramaiah School of Advanced Studies 1 SPC2520 Advanced Wireless System Presentation Wireless Networking Security Anshuman Biswal PT 2012 Batch, Reg. No.: CJB0412001 M. Sc. (Engg.) in Computer Science and Networking Module Leader: Rinki Sharma Module Name: Advanced Wireless Systems Module Code : SPC2520
M. S. Ramaiah School of Advanced Studies 2 Presentation Outline • Introduction • Why security is considered in wireless? • Wireless network threats • Wireless LAN security protocols and standards • 802.11i RSN(WPA2) security services • Elements of 802.11i • IEEE 802.11i phases of operation • IEEE 802.11i Keys • IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs • Conclusion • References
M. S. Ramaiah School of Advanced Studies 3 Marking Head Maximum Score Technical Content 05 Grasp and Understanding 05 Delivery – Technical and General Aspects 05 Handling Questions 05 Total 20
M. S. Ramaiah School of Advanced Studies 4 Introduction • An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts. • Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security • Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks. • The risks to users of wireless technology have increased as the service has become more popular. • As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
M. S. Ramaiah School of Advanced Studies 5 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc NetworkMalicious Association Caffe Latte attack
M. S. Ramaiah School of Advanced Studies 6 Wireless network threats Accidental association: Company wireless LANs or wireless access points to wired LANs in close proximity (e.g., in the same or neighboring buildings) may create overlapping transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. Although the security breach is accidental, it nevertheless exposes resources of one LAN to the accidental user. Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc NetworkMalicious Association Caffe Latte attack
M. S. Ramaiah School of Advanced Studies 7 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc Network Caffe Latte attack Malicious association: In this situation, a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users and then penetrate a wired network through a legitimate wireless access point.
M. S. Ramaiah School of Advanced Studies 8 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Caffe Latte attack Malicious Association Ad hoc networks: These are peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of a central point of control.
M. S. Ramaiah School of Advanced Studies 9 Wireless network threats Accidental Association Network InjectionDenial of Service Mac spoofing/Identity Theft Man in the middle attacks Caffe Latte attack Malicious Association Nontraditional networks: Nontraditional networks and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs pose a security risk both in terms of eavesdropping and spoofing Adhoc Network
M. S. Ramaiah School of Advanced Studies 10 Wireless network threats Accidental Association Network InjectionDenial of Service Man in the middle attacks Caffe Latte attack Malicious Association Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. Adhoc Network Non traditional Networks
M. S. Ramaiah School of Advanced Studies 11 Wireless network threats Accidental Association Network InjectionDenial of Service Caffe Latte attack Malicious Association Man-in-the middle attacks is in the context of the Diffie-Hellman key exchange protocol. In a broader sense, this attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Wireless networks are particularly vulnerable to such attacks. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft
M. S. Ramaiah School of Advanced Studies 12 Wireless network threats Accidental Association Network Injection Caffe Latte attack Malicious Association Denial of service (DoS): In the context of a wireless network, a DoS attack occurs when an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources. The wireless environment lends itself to this type of attack, because it is so easy for the attacker to direct multiple wireless messages at the target. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks
M. S. Ramaiah School of Advanced Studies 13 Wireless network threats Accidental Association Caffe Latte attack Malicious Association Network injection: A network injection attack targets wireless access points that are exposed to non- filtered network traffic, such as routing protocol messages or network management messages. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service
M. S. Ramaiah School of Advanced Studies 14 Wireless network threats Accidental Association Malicious Association Caffe Latte Attack: The Caffe Latte attack is another way to defeat WEP. It is not necessary for the attacker to be in the area of the network . By using a process that targets theWindows wireless stack, it is possible to obtain the WEP key from a remote client. By sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP. The attacker uses the ARP responses to obtain the WEP key in less than 6 minutes. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service Network Injection
M. S. Ramaiah School of Advanced Studies 15 Wireless network threats Accidental Association Malicious Association Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service Network Injection Caffe Latte attack
M. S. Ramaiah School of Advanced Studies 16 Wireless LAN security protocols and standards Wired Equivalent Privacy (WEP) algorithm : • Wired Equivalent privacy • Was broken years ago and takes 15 min to break in • Very week and not recommended • Accepts only hexadecimal password • 802.11 privacy
M. S. Ramaiah School of Advanced Studies 17 • Wi-Fi Protected Access (WPA) – Wi-Fi Protected Access – set of security mechanisms that eliminates most 802.11 security issues – based on the current state of the 802.11i standard – Much better than WEP – Accept long password and with all possi ble combinations – Easy to setup, as easy as WEP – Available in all the common wi-fi routers – A must for all home users and it takes a long time to break in • WPA2: Advance Wi-Fi Protected Access (RSN) – Better than WPA – Takes little more pain to setup – Advised in corporate environments – Strong encryption and authentication support – final form of the 802.11i standard Wireless LAN security protocols and standards
M. S. Ramaiah School of Advanced Studies 18 802.11i RSN(WPA2) security services: • Authentication: A protocol is used to define an exchange between a user and an Authentication Server that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link • Access control: enforces the use of the authentication function, routes the messages properly, and facilitates key exchange – It can work with a variety of authentication protocols • Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered
M. S. Ramaiah School of Advanced Studies 19 Elements of 802.11i Access Control Authentication and Key generation Confidentiality, Data origin authentication and integrity and Replay protection IEEE 802.1 port- based access control Extensible Authentication Protocol ( EAP) TKIP CCMP RSN services and protocol confidentiality TKIP (RC4) CCM (AES- CTR) NIST- key wrap Integrity and data origin authentication HMAC -SHA1 HMAC -MD5 TKIP- Michael MIC CCM (AES- CBC- MAC) HMAC – SHA1 RFC 1750 Key generation Cryptographic algorithms used for these services ProtocolsServices AlgorithmsServices
M. S. Ramaiah School of Advanced Studies 20 IEEE 802.11i phases of operation STA AP AS End Station Phase1: Discovery Phase 2: Authentication Phase 3: Key management Phase 4: Protected data transfer Phase 5: Connection termination Discovery: • An AP uses messages called Beacons and Probe responses to advertise its IEEE 802.11i security policy. • The STA uses these to identify an AP for a WLAN with which it wishes to communicate. • The STA associates with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses ,present a choice. Authentication: • During this phase, the STA and AS prove their identities to each other. • The AP blocks non-authentication traffic between the STA and AS until the authentication transaction is successful. • The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS.
M. S. Ramaiah School of Advanced Studies 21 IEEE 802.11i phases of operation STA AP AS End Station Phase1: Discovery Phase 2: Authentication Phase 3: Key management Phase 4: Protected data transfer Phase 5: Connection termination Key generation and distribution: • The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. • Frames are exchanged between the AP and STA only. Protected data transfer: • Frames are exchanged between the STA and the end station through the AP. • Secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. Connection termination: • The AP and STA exchange frames. During this phase, the secure connection is torn down and the connection is restored to the original state.
M. S. Ramaiah School of Advanced Studies 22 IEEE 802.11i phases of operation STA AP AS Probe Request Probe Response Open system authentication request Open system authentication response Assosiation request Assosiation response 802.1X controlled port blocked 802.1x EAP request 802.1x EAP response Access request (EAP request) Extensible Authentication Protocol Exchange Accept/EAP- success key material 802.1x EAP success 802.1X controlled port blocked Station sends a request to join network Station sends a request to perform null authentication AP sends possible security parameter ( security parameter set per the security policy) AP performs null authentication Station sends a request to associate with AP with security parameters AP sends the associated security parameterStation sets selected security parameters
M. S. Ramaiah School of Advanced Studies 23 IEEE 802.11i Key Hierarchies Pre-shared key Temporal keyEAPOL key confirmation key AAA key Pair wise master key Pair wise transient key EAPOL key encryption key Out of band path EAP method path PSK AAAK or MSK PMK PTK KCK KEK TK EAP Authentication Following EAP Authentication or PSK During 4 way hand shake 128 bits 128 bits 128 bits(CCMP) 256 bit (TKIP) 384 bits(CCMP) 512 bit (TKIP) 256 bits 256 bits ≥ 256 bitsUser defined crypto Legend No modification possible truncation PRF(Pseudo random function)using HMAC-SHA-1 LEGEND Group master key Group temporal key GMK (generated by AS) Changes periodically or if compromised Changes based on policy (dissassosiation , deauthentication) GTK 40 bits,104 bits(WEP) 128 bits(CCMP) 256 bits(TKIP) 256 bitsThese keys are components of PTK
M. S. Ramaiah School of Advanced Studies 24 IEEE 802.11i Keys
M. S. Ramaiah School of Advanced Studies 25 Pseudorandom Function The function PRF( K , A , B , Len ). The parameter K serves as the key input to HMAC. The message input consists of four items concatenated together: the parameter A , a byte with value 0, the parameter B , and a counter i . The counter is initialized to 0. The HMAC algorithm is run once, producing a 160-bit hash value. If more bits are required, HMAC is run again with the same inputs, except that i is incremented each time until the necessary number of bits is generated.
M. S. Ramaiah School of Advanced Studies 26 IEEE 802.11i Key management phase STA AP Message1: EAPOL- key(Anonce,Unicast) Message2: EAPOL- key(snonce,unicast,MIC) Message 3: EAPOL- key(InstallPTK,unicast,MIC) 802.1X controlled port blocked Message 4: EAPOL-key(unicast,MIC) Message 2 delivers another nonce to the AP so that it can also generate the PTK. It demonstrates to the AP that the STA is alive,ensures that the PTK is fresh(new) and that there is no man-in-the-middle Message1 delivers a nonce to the STA so that it can generate the PTK Message3 demonstrates to the STA that the authenticator is alive,ensures that the PTK is fresh(new) and that there is no man-in-the-middle Message4 serves as an acknowledgement to message 3. It serves no cryptographic function. This message also ensures the reliable start of the group key handshake. Ap’s 802.1X controlled port un-blocked for unicast traffic Message 1: EAPOL-key(GTK,MIC) Message 2: EAPOL-key(MIC) The STK decrypts GTK and installs it for use Message2 is delivered to the AP. This frame serves only as an acknowledgement to the AP Message 1 delivers a new GTK to the STA. The GTK is encrypted before it is sent and the entire message is integrity protected The AP installs the GTK
M. S. Ramaiah School of Advanced Studies 27 Temporal Key Integrity Protocol (TKIP) • Designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP • Provides two services: IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs message integrity adds a message integrity code to the 802.11 MAC frame after the data field data confidentiality provided by encrypting the MPDU
M. S. Ramaiah School of Advanced Studies 28 Counter Mode-CBC MAC Protocol (CCMP) • Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme • Provides two services: Message integrity Uses the cipher-block- chaining message authentication code (CBC-MAC) Data confidentiality Uses the CTR block cipher mode of operation with AES for encryption IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs
M. S. Ramaiah School of Advanced Studies 29 Conclusion • Change the router login password frequently – Atleast once a month • Change the wireless WPA password also – Atleast once a month • Avoid temptation to connect to open wireless just looking for free internet. • Configure DHCP more tightly.Example – I have 3 machines in my home (desktop/laptop/phone) – I’ll create a IP pool of 3 IPs only – I’ll do DHCP reservation using the MAC of these 3 IP – Effectively I’m not allowing any outsider machine to connect • Try to configure MAC binding – Allow only MY machines to connect – Many access points support MAC binding – Any other machine will not be able to connect to my Wi-Fi
M. S. Ramaiah School of Advanced Studies 30 References [FRAN07] Frankel,S.;Eydt,B.;Owens,L.;And Scarfone,K. “Establishing wireless robust security networks: A guide to 802.11i”. NIST special publication Sp 800-97, February 2007. [Edney04] Edney, J.; Arbaugh,W.; “Real 802.11 Security: WiFi Protected Access and 802.11i”. Addison-Wesley, 2004. [WPA2015] “Wi-fi Protected Access”[Online] Available from: http://en.wikipedia.org/wiki/Wi- Fi_Protected_Access (Accessed: 1 January 2015) [WSA2015]“Wireless Security Access”[Online] Available from: http://en.wikipedia.org/wiki/Wireless_security (Accessed: 25 December 2015)

Recommandé

Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 

Recommandé

Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
kentquirk
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting Presentation
Touhidul Fahim
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
Ankit Anand
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
Abu Rayhan Ahmmed Rimu
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Wireless network security
Wireless network security Wireless network security
Wireless network security
Aurobindo Nayak
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
Nzava Luwawa
 
WEP
WEPWEP
WEP
Sudeep Kulkarni
 
WPA 3
WPA 3WPA 3
WPA 3
diggu22
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
Kalpesh Kalekar
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Dr Shashikant Athawale
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
Lopamudra Das
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 

Contenu connexe

Tendances

Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting Presentation
Touhidul Fahim
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 

Tendances (20)

WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting Presentation
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
 
Wireless LAN Security
Wireless LAN SecurityWireless LAN Security
Wireless LAN Security
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Wireless network security
Wireless network security Wireless network security
Wireless network security
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
WEP
WEPWEP
WEP
 
WPA 3
WPA 3WPA 3
WPA 3
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Ipsec
IpsecIpsec
Ipsec
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 

En vedette

Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connections
guest85e156e
 

En vedette (14)

Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
 
Wireless local loop
Wireless local loopWireless local loop
Wireless local loop
 
WAP- Wireless Application Protocol
WAP- Wireless Application ProtocolWAP- Wireless Application Protocol
WAP- Wireless Application Protocol
 
Wireless Application Protocol ppt
Wireless Application Protocol pptWireless Application Protocol ppt
Wireless Application Protocol ppt
 
WAP
WAPWAP
WAP
 
Wlan security
Wlan securityWlan security
Wlan security
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connections
 
Bluetooth
BluetoothBluetooth
Bluetooth
 
Ad-Hoc Networks
Ad-Hoc NetworksAd-Hoc Networks
Ad-Hoc Networks
 
Satellite communications
Satellite communicationsSatellite communications
Satellite communications
 
4g technology
4g technology4g technology
4g technology
 

Similaire à Wireless Networking Security

A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
IJNSA Journal
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Dr. Amarjeet Singh
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
BRNSSPublicationHubI
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+Vulnerabilities
Yogesh Kumar
 

Similaire à Wireless Networking Security (20)

chapter 7 -wireless network security.ppt
chapter 7 -wireless network security.pptchapter 7 -wireless network security.ppt
chapter 7 -wireless network security.ppt
 
Wireless LAN Deployment Best Practices
Wireless LAN Deployment Best PracticesWireless LAN Deployment Best Practices
Wireless LAN Deployment Best Practices
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK
 
Wireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explainedWireless Deauth and Disassociation Attacks explained
Wireless Deauth and Disassociation Attacks explained
 
Wireless Security Needs For Enterprises
Wireless Security Needs For EnterprisesWireless Security Needs For Enterprises
Wireless Security Needs For Enterprises
 
Securing the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in LibrariesSecuring the Use of Wireless Fidelity (WiFi) in Libraries
Securing the Use of Wireless Fidelity (WiFi) in Libraries
 
Pertemuan 13 wireless security
Pertemuan 13 wireless securityPertemuan 13 wireless security
Pertemuan 13 wireless security
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
Module 6 Wireless Network security
Module 6 Wireless Network securityModule 6 Wireless Network security
Module 6 Wireless Network security
 
Wireless security
Wireless securityWireless security
Wireless security
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
Wireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security SoftwareWireless Network Security Software Wireless Network Security Software
Wireless Network Security Software Wireless Network Security Software
 
Wireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+VulnerabilitiesWireless+LAN+Technology+and+Security+Vulnerabilities
Wireless+LAN+Technology+and+Security+Vulnerabilities
 

Plus de Anshuman Biswal

Ir da in_linux_presentation
Ir da in_linux_presentationIr da in_linux_presentation
Ir da in_linux_presentation
Anshuman Biswal
 
Message Signaled Interrupts
Message Signaled InterruptsMessage Signaled Interrupts
Message Signaled Interrupts
Anshuman Biswal
 
Bangalore gayatri pariwar gayatri ashwamedha mahayagya
Bangalore gayatri pariwar gayatri ashwamedha mahayagyaBangalore gayatri pariwar gayatri ashwamedha mahayagya
Bangalore gayatri pariwar gayatri ashwamedha mahayagya
Anshuman Biswal
 
Six Sigma and/For Software Engineering
Six Sigma and/For Software EngineeringSix Sigma and/For Software Engineering
Six Sigma and/For Software Engineering
Anshuman Biswal
 
SNMP
SNMPSNMP
SNMP
Anshuman Biswal
 
Fast web development using groovy on grails
Fast web development using groovy on grailsFast web development using groovy on grails
Fast web development using groovy on grails
Anshuman Biswal
 

Plus de Anshuman Biswal (13)

भक्ति वृक्षा – CHAPTER 1 (1).pptx
भक्ति वृक्षा – CHAPTER 1 (1).pptxभक्ति वृक्षा – CHAPTER 1 (1).pptx
भक्ति वृक्षा – CHAPTER 1 (1).pptx
 
Pervasive Computing
Pervasive ComputingPervasive Computing
Pervasive Computing
 
Observer Pattern
Observer PatternObserver Pattern
Observer Pattern
 
Undecidabality
UndecidabalityUndecidabality
Undecidabality
 
Turing Machine
Turing MachineTuring Machine
Turing Machine
 
Ir da in_linux_presentation
Ir da in_linux_presentationIr da in_linux_presentation
Ir da in_linux_presentation
 
Message Signaled Interrupts
Message Signaled InterruptsMessage Signaled Interrupts
Message Signaled Interrupts
 
Array Processor
Array ProcessorArray Processor
Array Processor
 
Bangalore gayatri pariwar gayatri ashwamedha mahayagya
Bangalore gayatri pariwar gayatri ashwamedha mahayagyaBangalore gayatri pariwar gayatri ashwamedha mahayagya
Bangalore gayatri pariwar gayatri ashwamedha mahayagya
 
Six Sigma and/For Software Engineering
Six Sigma and/For Software EngineeringSix Sigma and/For Software Engineering
Six Sigma and/For Software Engineering
 
SNMP
SNMPSNMP
SNMP
 
Fibonacci Heap
Fibonacci HeapFibonacci Heap
Fibonacci Heap
 
Fast web development using groovy on grails
Fast web development using groovy on grailsFast web development using groovy on grails
Fast web development using groovy on grails
 

Dernier

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
fonyou31
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
 

Dernier (20)

Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 

Wireless Networking Security

  • 1. M. S. Ramaiah School of Advanced Studies 1 SPC2520 Advanced Wireless System Presentation Wireless Networking Security Anshuman Biswal PT 2012 Batch, Reg. No.: CJB0412001 M. Sc. (Engg.) in Computer Science and Networking Module Leader: Rinki Sharma Module Name: Advanced Wireless Systems Module Code : SPC2520
  • 2. M. S. Ramaiah School of Advanced Studies 2 Presentation Outline • Introduction • Why security is considered in wireless? • Wireless network threats • Wireless LAN security protocols and standards • 802.11i RSN(WPA2) security services • Elements of 802.11i • IEEE 802.11i phases of operation • IEEE 802.11i Keys • IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs • Conclusion • References
  • 3. M. S. Ramaiah School of Advanced Studies 3 Marking Head Maximum Score Technical Content 05 Grasp and Understanding 05 Delivery – Technical and General Aspects 05 Handling Questions 05 Total 20
  • 4. M. S. Ramaiah School of Advanced Studies 4 Introduction • An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts. • Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security • Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks. • The risks to users of wireless technology have increased as the service has become more popular. • As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
  • 5. M. S. Ramaiah School of Advanced Studies 5 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc NetworkMalicious Association Caffe Latte attack
  • 6. M. S. Ramaiah School of Advanced Studies 6 Wireless network threats Accidental association: Company wireless LANs or wireless access points to wired LANs in close proximity (e.g., in the same or neighboring buildings) may create overlapping transmission ranges. A user intending to connect to one LAN may unintentionally lock on to a wireless access point from a neighboring network. Although the security breach is accidental, it nevertheless exposes resources of one LAN to the accidental user. Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc NetworkMalicious Association Caffe Latte attack
  • 7. M. S. Ramaiah School of Advanced Studies 7 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Adhoc Network Caffe Latte attack Malicious association: In this situation, a wireless device is configured to appear to be a legitimate access point, enabling the operator to steal passwords from legitimate users and then penetrate a wired network through a legitimate wireless access point.
  • 8. M. S. Ramaiah School of Advanced Studies 8 Wireless network threats Accidental Association Network InjectionDenial of Service Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Caffe Latte attack Malicious Association Ad hoc networks: These are peer-to-peer networks between wireless computers with no access point between them. Such networks can pose a security threat due to a lack of a central point of control.
  • 9. M. S. Ramaiah School of Advanced Studies 9 Wireless network threats Accidental Association Network InjectionDenial of Service Mac spoofing/Identity Theft Man in the middle attacks Caffe Latte attack Malicious Association Nontraditional networks: Nontraditional networks and links, such as personal network Bluetooth devices, barcode readers, and handheld PDAs pose a security risk both in terms of eavesdropping and spoofing Adhoc Network
  • 10. M. S. Ramaiah School of Advanced Studies 10 Wireless network threats Accidental Association Network InjectionDenial of Service Man in the middle attacks Caffe Latte attack Malicious Association Identity theft (MAC spoofing): This occurs when an attacker is able to eavesdrop on network traffic and identify the MAC address of a computer with network privileges. Adhoc Network Non traditional Networks
  • 11. M. S. Ramaiah School of Advanced Studies 11 Wireless network threats Accidental Association Network InjectionDenial of Service Caffe Latte attack Malicious Association Man-in-the middle attacks is in the context of the Diffie-Hellman key exchange protocol. In a broader sense, this attack involves persuading a user and an access point to believe that they are talking to each other when in fact the communication is going through an intermediate attacking device. Wireless networks are particularly vulnerable to such attacks. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft
  • 12. M. S. Ramaiah School of Advanced Studies 12 Wireless network threats Accidental Association Network Injection Caffe Latte attack Malicious Association Denial of service (DoS): In the context of a wireless network, a DoS attack occurs when an attacker continually bombards a wireless access point or some other accessible wireless port with various protocol messages designed to consume system resources. The wireless environment lends itself to this type of attack, because it is so easy for the attacker to direct multiple wireless messages at the target. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks
  • 13. M. S. Ramaiah School of Advanced Studies 13 Wireless network threats Accidental Association Caffe Latte attack Malicious Association Network injection: A network injection attack targets wireless access points that are exposed to non- filtered network traffic, such as routing protocol messages or network management messages. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service
  • 14. M. S. Ramaiah School of Advanced Studies 14 Wireless network threats Accidental Association Malicious Association Caffe Latte Attack: The Caffe Latte attack is another way to defeat WEP. It is not necessary for the attacker to be in the area of the network . By using a process that targets theWindows wireless stack, it is possible to obtain the WEP key from a remote client. By sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP. The attacker uses the ARP responses to obtain the WEP key in less than 6 minutes. Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service Network Injection
  • 15. M. S. Ramaiah School of Advanced Studies 15 Wireless network threats Accidental Association Malicious Association Adhoc Network Non traditional Networks Mac spoofing/Identity Theft Man in the middle attacks Denial of Service Network Injection Caffe Latte attack
  • 16. M. S. Ramaiah School of Advanced Studies 16 Wireless LAN security protocols and standards Wired Equivalent Privacy (WEP) algorithm : • Wired Equivalent privacy • Was broken years ago and takes 15 min to break in • Very week and not recommended • Accepts only hexadecimal password • 802.11 privacy
  • 17. M. S. Ramaiah School of Advanced Studies 17 • Wi-Fi Protected Access (WPA) – Wi-Fi Protected Access – set of security mechanisms that eliminates most 802.11 security issues – based on the current state of the 802.11i standard – Much better than WEP – Accept long password and with all possi ble combinations – Easy to setup, as easy as WEP – Available in all the common wi-fi routers – A must for all home users and it takes a long time to break in • WPA2: Advance Wi-Fi Protected Access (RSN) – Better than WPA – Takes little more pain to setup – Advised in corporate environments – Strong encryption and authentication support – final form of the 802.11i standard Wireless LAN security protocols and standards
  • 18. M. S. Ramaiah School of Advanced Studies 18 802.11i RSN(WPA2) security services: • Authentication: A protocol is used to define an exchange between a user and an Authentication Server that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link • Access control: enforces the use of the authentication function, routes the messages properly, and facilitates key exchange – It can work with a variety of authentication protocols • Privacy with message integrity: MAC-level data are encrypted along with a message integrity code that ensures that the data have not been altered
  • 19. M. S. Ramaiah School of Advanced Studies 19 Elements of 802.11i Access Control Authentication and Key generation Confidentiality, Data origin authentication and integrity and Replay protection IEEE 802.1 port- based access control Extensible Authentication Protocol ( EAP) TKIP CCMP RSN services and protocol confidentiality TKIP (RC4) CCM (AES- CTR) NIST- key wrap Integrity and data origin authentication HMAC -SHA1 HMAC -MD5 TKIP- Michael MIC CCM (AES- CBC- MAC) HMAC – SHA1 RFC 1750 Key generation Cryptographic algorithms used for these services ProtocolsServices AlgorithmsServices
  • 20. M. S. Ramaiah School of Advanced Studies 20 IEEE 802.11i phases of operation STA AP AS End Station Phase1: Discovery Phase 2: Authentication Phase 3: Key management Phase 4: Protected data transfer Phase 5: Connection termination Discovery: • An AP uses messages called Beacons and Probe responses to advertise its IEEE 802.11i security policy. • The STA uses these to identify an AP for a WLAN with which it wishes to communicate. • The STA associates with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses ,present a choice. Authentication: • During this phase, the STA and AS prove their identities to each other. • The AP blocks non-authentication traffic between the STA and AS until the authentication transaction is successful. • The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS.
  • 21. M. S. Ramaiah School of Advanced Studies 21 IEEE 802.11i phases of operation STA AP AS End Station Phase1: Discovery Phase 2: Authentication Phase 3: Key management Phase 4: Protected data transfer Phase 5: Connection termination Key generation and distribution: • The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. • Frames are exchanged between the AP and STA only. Protected data transfer: • Frames are exchanged between the STA and the end station through the AP. • Secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. Connection termination: • The AP and STA exchange frames. During this phase, the secure connection is torn down and the connection is restored to the original state.
  • 22. M. S. Ramaiah School of Advanced Studies 22 IEEE 802.11i phases of operation STA AP AS Probe Request Probe Response Open system authentication request Open system authentication response Assosiation request Assosiation response 802.1X controlled port blocked 802.1x EAP request 802.1x EAP response Access request (EAP request) Extensible Authentication Protocol Exchange Accept/EAP- success key material 802.1x EAP success 802.1X controlled port blocked Station sends a request to join network Station sends a request to perform null authentication AP sends possible security parameter ( security parameter set per the security policy) AP performs null authentication Station sends a request to associate with AP with security parameters AP sends the associated security parameterStation sets selected security parameters
  • 23. M. S. Ramaiah School of Advanced Studies 23 IEEE 802.11i Key Hierarchies Pre-shared key Temporal keyEAPOL key confirmation key AAA key Pair wise master key Pair wise transient key EAPOL key encryption key Out of band path EAP method path PSK AAAK or MSK PMK PTK KCK KEK TK EAP Authentication Following EAP Authentication or PSK During 4 way hand shake 128 bits 128 bits 128 bits(CCMP) 256 bit (TKIP) 384 bits(CCMP) 512 bit (TKIP) 256 bits 256 bits ≥ 256 bitsUser defined crypto Legend No modification possible truncation PRF(Pseudo random function)using HMAC-SHA-1 LEGEND Group master key Group temporal key GMK (generated by AS) Changes periodically or if compromised Changes based on policy (dissassosiation , deauthentication) GTK 40 bits,104 bits(WEP) 128 bits(CCMP) 256 bits(TKIP) 256 bitsThese keys are components of PTK
  • 24. M. S. Ramaiah School of Advanced Studies 24 IEEE 802.11i Keys
  • 25. M. S. Ramaiah School of Advanced Studies 25 Pseudorandom Function The function PRF( K , A , B , Len ). The parameter K serves as the key input to HMAC. The message input consists of four items concatenated together: the parameter A , a byte with value 0, the parameter B , and a counter i . The counter is initialized to 0. The HMAC algorithm is run once, producing a 160-bit hash value. If more bits are required, HMAC is run again with the same inputs, except that i is incremented each time until the necessary number of bits is generated.
  • 26. M. S. Ramaiah School of Advanced Studies 26 IEEE 802.11i Key management phase STA AP Message1: EAPOL- key(Anonce,Unicast) Message2: EAPOL- key(snonce,unicast,MIC) Message 3: EAPOL- key(InstallPTK,unicast,MIC) 802.1X controlled port blocked Message 4: EAPOL-key(unicast,MIC) Message 2 delivers another nonce to the AP so that it can also generate the PTK. It demonstrates to the AP that the STA is alive,ensures that the PTK is fresh(new) and that there is no man-in-the-middle Message1 delivers a nonce to the STA so that it can generate the PTK Message3 demonstrates to the STA that the authenticator is alive,ensures that the PTK is fresh(new) and that there is no man-in-the-middle Message4 serves as an acknowledgement to message 3. It serves no cryptographic function. This message also ensures the reliable start of the group key handshake. Ap’s 802.1X controlled port un-blocked for unicast traffic Message 1: EAPOL-key(GTK,MIC) Message 2: EAPOL-key(MIC) The STK decrypts GTK and installs it for use Message2 is delivered to the AP. This frame serves only as an acknowledgement to the AP Message 1 delivers a new GTK to the STA. The GTK is encrypted before it is sent and the entire message is integrity protected The AP installs the GTK
  • 27. M. S. Ramaiah School of Advanced Studies 27 Temporal Key Integrity Protocol (TKIP) • Designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP • Provides two services: IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs message integrity adds a message integrity code to the 802.11 MAC frame after the data field data confidentiality provided by encrypting the MPDU
  • 28. M. S. Ramaiah School of Advanced Studies 28 Counter Mode-CBC MAC Protocol (CCMP) • Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme • Provides two services: Message integrity Uses the cipher-block- chaining message authentication code (CBC-MAC) Data confidentiality Uses the CTR block cipher mode of operation with AES for encryption IEEE 802.11i schemes for protecting data transmitted in 802.11 MPDUs
  • 29. M. S. Ramaiah School of Advanced Studies 29 Conclusion • Change the router login password frequently – Atleast once a month • Change the wireless WPA password also – Atleast once a month • Avoid temptation to connect to open wireless just looking for free internet. • Configure DHCP more tightly.Example – I have 3 machines in my home (desktop/laptop/phone) – I’ll create a IP pool of 3 IPs only – I’ll do DHCP reservation using the MAC of these 3 IP – Effectively I’m not allowing any outsider machine to connect • Try to configure MAC binding – Allow only MY machines to connect – Many access points support MAC binding – Any other machine will not be able to connect to my Wi-Fi
  • 30. M. S. Ramaiah School of Advanced Studies 30 References [FRAN07] Frankel,S.;Eydt,B.;Owens,L.;And Scarfone,K. “Establishing wireless robust security networks: A guide to 802.11i”. NIST special publication Sp 800-97, February 2007. [Edney04] Edney, J.; Arbaugh,W.; “Real 802.11 Security: WiFi Protected Access and 802.11i”. Addison-Wesley, 2004. [WPA2015] “Wi-fi Protected Access”[Online] Available from: http://en.wikipedia.org/wiki/Wi- Fi_Protected_Access (Accessed: 1 January 2015) [WSA2015]“Wireless Security Access”[Online] Available from: http://en.wikipedia.org/wiki/Wireless_security (Accessed: 25 December 2015)