Wireless Local Area. Network Security
|
|
- Lionel Jared Norris
- 8 years ago
- Views:
Transcription
1 Wireless Local Area Network Security HONORS PROJECT CIS 345/ Section 131 Spring 2005 Mentor: Prof. C.S. Rani
2 The first part of this research paper will answer questions such as: what is wireless, how wireless works, and how does a basic WLAN (Wireless Local Area Network) look like. The second part will discuss in detail about the WLAN security. PART I Wireless In general the term wireless refers to any means of communication which occur without wires. The following terms (some of them referring also to technologies) are synonymous with the word wireless: PCS (Personal Communication Systems), WAP (Wireless Application Protocol), WTLS (Wireless Transport Layer Security, which is similar to SSL Secure Socket Layer for web traffic), WML (Wireless Markup Language, a lightweight markup language similar to HTML, but designed for small screens with low bandwidth use), b (IEEE standard), Wi-Fi (Wireless Fidelity), HomeRF (Home Radio Frequency), Bluetooth. ([1] p. 4) How wireless works In order to know how wireless works, we have to know how the data is represented and how the wireless signals are used to transmit data. The digital data for wireless communication is represented the same way as in a standard computer. Because computers and the data transmission equipment are made of 2
3 electrical devices, and the electricity has two states (0 OFF, 1 - ON), all these electrical devices use the binary number system (0, 1). 1 0 Any number can be represented in binary using the digits of 0 and 1. These digits are known as bits (BInary digits). A group of eight binary digits form a byte. Also, any character (letters, digits, punctuation) can be uniquely represented as a binary number, according to one coding scheme called ASCII (American Standard Code for Information Interchange). For example, upper case letter A has been assigned number 65 (which in binary is ), sign has been assigned number 63 (which in binary is ), the arithmetic number 6 has been assigned number 54 (which in binary is ), and so on. But how is this data sent? If we re using wires, we can transmit data using copper wires or fiber optic cable. Unlike wired connections, wireless data travels on waves. All forms of electromagnetic energy, from gamma rays to radio waves (Figure 1, [4]), travel through space at the speed of light and they don t require any special medium for movement. ([2] p. 31) 3
4 Figure 1 Electromagnetic spectrum There are two basic types of waves by which wireless signals are sent and received: infrared light and radio waves. The infrared wireless systems have several advantages. Infrared light never interferes with other communication signals nor is it affected by other signals. Also, the signals cannot be intercepted by outsiders because the infrared red light cannot penetrate walls. On the other hand it has serious limitations: lack of mobility (all the time the mobile devices have to be aligned), range of coverage (interference has to be avoided), and speed of transmission (the highest data rate is 4 Mbps). The radio waves provide the most common and effective means of wireless communications today. They overcome the distance limitations of infrared light. The data is transmitted as an analog or digital signal. 4
5 The analog signal (as shown in Figure 2) is a continuous signal with no breaks in it; that is no individual element of an analog signal can be uniquely identified from another element of the signal. ([2] p. 39) Figure 2 Analog signal The digital signal (Figure 3) is a discrete signal; that is, it has numerous starts and stops throughout the signal stream. Computers operate using digital signals, so any kind of data (images, video, audio) has to be converted to a digital format before storing it in the computer. Figure 3 Digital signal A basic Wireless Local Area Network (WLAN) Now that we know what wireless is and how it works, let s take a look at what a basic WLAN is composed of. A basic WLAN consists of two or more computers connected via a wireless link. 5
6 Figure 4 Link between two computers via electromagnetic spectra The link between two computers consists of a connection via electromagnetic spectra traveling over the air in which data is transmitted (see Figure 4, [6]). As shown in Figure 5 ([5]), the computers in a wireless network require NICs (Network Interface Cards) that establish the wireless connection (transmission and reception of information between networked computers). Figure 5 Wireless network 6
7 Also, in a wireless network an Access Point (AP) is needed. An AP is a centralized device that normally has no computer physically attached to it. The AP controls the traffic in the wireless medium: all traffic between the communicating computers must go through the access point. For a wireless network to be successful, it must be reliable, secure, fast and easy to deploy. But, the most important task is to secure the network, starting with individual stations, and continuing with access points and gateways. PART II Security is the most debated topic in wireless LAN community. Wireless LAN can expose secret corporate data and resources to hackers. To protect a wireless LAN from hackers and other adversaries, it should always be operated in encrypted and authenticated mode. ([3] p. 81) In order to discuss about encryption and authentication, we should explain first what standards and WEP (Wired Equivalent Privacy) are. In 1999 the IEEE (Institute of Electrical and Electronics Engineering) completed and approved the standard known as b, and WLANs were born. WLAN networks exist in either infrastructure or ad-hoc mode. Ad-hoc networks have multiple wireless clients talking to each other as peers to share data among themselves without the aid of a central Access Point (AP). An infrastructure WLAN consists of several clients talking to this central device called AP, which is usually connected to a wired network (such as 7
8 Internet, a corporate network, a home LAN). Because the most common implementation requiring security is infrastructure mode, this part will focus on securing stations and APs. WEP Interception of radio communications has been a problem for as long as radios have been used to transmit sensitive information. Since radio transmissions travel in unsecured areas, interception of these radio signals by an attacker is a real threat. In order to protect the data from eavesdroppers, various forms of encryptions have been used to scramble data (more or less successful). ([1] p. 13) The goal of WEP is to make WLAN communication as secure as wired LAN data transmission would be. WEP provides two critical pieces to the wireless security architecture: authentication and confidentiality. WEP uses a shared key mechanism with a symmetric cipher called RC4. The key that a client is using for authentication of the data stream must be the same key as that of the AP. The standard specifies a 40- bit key as shown in Figure 6 ([8]). However, most vendors have also implemented a 104- bit key for greater security. Authentication Authentication is the process that verifies that the user has permission to access the network. Authentication is critical with WLANs because of the open nature of a wireless network (anyone within the range of the network could attempt to break into the WLAN over radio waves). ([2] p. 251) 8
9 Figure standard with a 40-bit key When a station associates with an AP, the station must authenticate itself to the AP. When the association occurs, the station and AP exchange the type of authentication they will accept. If the authentication type is specified as open (see Figure 6), then there is actually no authentication. The AP and the station identify themselves to each other and the association is complete. On the other hand, the devices may also select the shared secret authentication mechanism. Station A will send a nonce (random number) to station B. Station B encrypts (encryption will be discussed later in this paper) the random number using WEP and sends the result to station A. Station A decrypts the packet and verifies the decrypted payload equals the nonce it sent to station B. If the numbers match, then station A will notify station B that the authentication was successful and the association is formed. 9
10 Each WLAN client can be given the Service Set Identifier (SSID) of the network. This value is transmitted to the access point when the client is negotiating with it for the permission to connect to the network. Only those clients that know the SSID are then authenticated as valid users and are allowed to connect to the network. SSIDs provide only a rudimentary level of security because they apply only to devices, not individual users, and because SSIDs themselves are not well secured. ([2] p. 251) A wireless client can be given the SSID in two different ways: first, the SSID can be manually entered into the wireless device (and then whoever has access to that device can see the SSID and distribute it); secondly (even less secure), is when APs freely advertise the SSID to any mobile device that comes into the range of the AP. The default setting on most APs is to freely broadcast SSIDs (for example, Linksys APs have the SSID set to linksys, Cisco APs have the SSID set to tsunami ). Encryption There are several problems with the WEP in its b form. The main problem with WEP is that the RC4 stream cipher used to encrypt data has been proved insecure. There are multiple attacks on the RC4 cipher because of its weak encryption mechanism. RC4 combines the 40-bit WEP key with a 24-bit random number known as Initialization Vector (IV) to encrypt data. The packet is sent over radio waves containing the IV followed by the encrypted data (see Figure 7, [10]). 10
11 Figure 7 Encrypted packet The first attack uses a simple numerical limitation of the IV to figure out the WEP key. Because the IV is only 24 bits long, there are 2 24 = 16,777,216 possible values for the IV. It may seem a large number of values, but on a heavily used network and with the new technology (faster computers) it takes only a couple of hours before the attacker figures out how to crack the code: the RC4 mechanism, eventually, is going to pick the same IVs over and over again; the attacker is listening to the encrypted traffic and picks up the repeating IVs out of the data stream, until enough data can be gathered in order to crack the WEP key. ([7]) The second attack, based on IV, centers around on what are known as Weak IVs. The encryption of a piece of data begins with RC4 choosing a random 24-bit number, and then combining that number with the WEP key to encrypt the data. Some numbers in the range of 0 to do not work well in the RC4 encryption mechanism. These Weak IVs together with the WEP key are passed into mathematical functions which can reveal part of the WEP key. By capturing massive number of packets, an attacker can pick out enough Weak IVs to reveal the WEP key and compromise the network security. ([7]) 11
12 Data encryption requires the use of mathematical keys to both encrypt and decrypt messages. These keys have a numerical value that is used by an algorithm to scramble information and make it readable only to those senders and receivers who have the corresponding decryption key. There are two types of keys. Public key cryptography uses matched public and private keys for encryption and decryption. One key is used to encrypt the message and a different key is used to decrypt it. The public key can be distributed without damaging the private key. Shared key cryptography uses the same key to encrypt and decrypt the message. The key must be kept secret in order to maintain the confidentiality of the data. The AP and each client can have up to four shared keys. Each key must be manually entered and must correspond to the same key position in each of other devices. In Figure 8 ([2] p. 253), the AP and Client 1 each have four keys defined. The AP can encrypt a message with Key A and send it to Client 1. Because Client 1 s key and AP s key matches, Client 1 can have access to the information (it can decipher the message). A message cannot be sent from AP to Client 2 because Client 2 is encrypted with Key D, which does not match AP s Key D. ([2] p. 252) Keeping the key secure does not make the encryption necessarily stronger; the length of the key contributes to a stronger encryption, because a longer key is more difficult to break (for example, keys that are 56-bit long can be broken in few hours using the today s powerful computers). 12
13 Client 1 Encrypted with Key - A Key - A Sus9an Key B Bri7n Key C 1Greg6 Key - D 2Be5n Decrypts message with Key - A Access Point Client 2 Encrypted with Key - D Key - A Sus9an Key B 3Dea4n Key C Ch8ck Key - D 7Jo4e Key - A Key B Key C Key - D Sus9an Rog6r [Blank] 7Pav97 Cannot decrypt message with Key - D Figure 8 Shared key cryptography Because of the limitations of IEEE WLAN security, enhanced security measures are needed in order to make the WLAN more secure. The next section will explore the types of attacks against WLAN and what can be done to prevent them. WLAN Attacks ([2] p. 254): Hardware theft a wireless device may contain information to assist someone in breaking into the network (for example, SSID and WEP keys can be discovered and the attacker can gain access to the network); Access point impersonation clients authenticate to APs, but APs don t authenticate to clients. An AP can be set up and force clients to authenticate with it; Passive monitoring data transmission can be monitored to acquire information such as the addresses of APs and wireless clients, time of association 13
14 and disassociation with the network, etc. Over time a profile can be built based on statistical analysis that may provide assistance to unauthorized users trying to break into the network. In other cases it is possible to determine the contents of transmission itself; Denial of service (DoS) because the messages to associate or disassociate from the WLAN are not encrypted, these can be intercepted and data collected from them. An unauthorized user can use this information to flood the network with transmissions and deny others access to the AP; In order to increase the security of IEEE 802 WLANs, IEEE is working on what is called IEEE 802.1x. This allows WLANs to centralize the authentication of wireless clients. The 802.1x uses a protocol known as Extensible Authentication Protocol (EAP). EAP allows a client to negotiate authentication protocols with a separate authentication server. The 802.1x also makes use of Remote Authentication Dial-In User Service (RADIUS). The 802.1x suggests that the authentication should be made as follows (as shown in Figure 9, [2] p. 255): A user on a wireless device connects to the AP and enters a username and password; The AP requests authentication of that user by sending the information to a RADIUS server on the wired network; The RADIUS server reviews the request and can accept, reject, or further challenge the request. If it accepts the request, the RADIUS server sends the security 14
15 keys and other data for the wireless client to the AP so that it can establish a secure connection with the client; 3 Access point Accepts and provides keys 1 Username + Password 2 Requests authentication Wireless Client RADIUS Server Figure 9 Authentication made with the use of RADIUS In order to make the network even more secure, an AP should have a list of approved users, which is a list of each user s MAC (Media Access Control) address. The MAC is a unique 48-bit number burned into the NIC (Network Interface Card) when this is manufactured. This list of approved MAC addresses can be entered into the access control list and the access is granted only to those users for which the AP finds a matching MAC address (Figure 10, [2] p. 256). 15
16 CAN JOIN Access Point Client 1 MAC REJECTED Client 2 MAC Access Control List Figure 10 authentication made using MAC addresses If WLAN data requires a higher level of security, the experts suggest the following solutions ([2] p. 256): Use a Virtual Private Network (VPN). A VPN is secure, encrypted connection between two points. Reduce the amount of transmission power used in WLAN. This will decrease the distance that the radio waves can travel, thus limiting the range in which hackers can pick up the signals. Customize the WLAN security settings, never leave them set on default options. Use a 128-bit WEP key, which is much harder to break than 40-bit keys; 16
17 In order to protect your network (or your company s) against malicious attackers, it s better to know what the frequency of the attacks is and when do these attacks occur. Figure 11 ([14]) and Figure 12 ([14]) show that the most attacks occur at the begging of the weekend (Friday evening) when most of the companies end their activities and the working personnel is minimum. Figure 11 Attack counts in a 24-hour period Figure 12 Attack counts during a 7-day period Further I will present some of the most popular encryption algorithms and a short description of each one ([11]): RSA: Implementation of the RSA algorithm was made possible by three mathematicians, Ron Rivest, Adi Shamir and Len Adleman in 1977, right after the idea 17
18 of public key system was proposed. To honor them, the method was referred as the RSA scheme: Rivest, Shamir, Adleman. The system uses a public and a private key, and it starts with two large prime numbers which then are multiplied together. RSA is the most popular method for public key encryption and digital signatures. DES/3DES: The Data Encryption Standard (DES) was developed by U.S. government in 1977 as an official standard for the Automatic Teller Machine (ATM) PIN. It is also used in UNIX password encryption. DES is a block cipher with 64-bit block size that uses 56-bit keys. Considering the new technology, the specialists considered that DES is no longer secure and it was developed a new method, called Triple DES (3DES), which encrypts data three times, reaching e key size of bits. IDEA: International Data Encryption Algorithm (IDEA) was developed in Switzerland by Dr. X. Lai and Prof. J. Massey in early 90s to replace the DES standard. It uses a 128- bit key and is very difficult to break because of the length of the key. It s a fast algorithm and it was implemented in hardware chipsets, which made it even faster. BLOWFISH: Blowfish is a symmetric block cipher (just like DES or IDEA) and it takes a variable-length key between 32 and 448 bits. It was designed by Bruce Schneier in
19 as an alternative to existing algorithms. It has been proved as a strong encryption algorithm, after being analyzed considerably. SEAL: Software-Optimized Encryption Algorithm (SEAL) was designed in 1993 by Rogaway and Coppersmith. It is a stream-cipher, which means the data to be encrypted is continuously encrypted. Stream-ciphers are much faster than block-ciphers, but have a longer initialization phase, during which a large set of tables is created using the Secure Hash Algorithm. It uses 160-bit key and is considered very safe. RC4: RC4 is invented by Ron Rivest, one of the co-inventors of RSA scheme. It uses a key size up to 2048 bits (256 bytes). It creates a stream of random bytes and then XORs those bytes with the text ( XOR is a logical operation, and has its value set to TRUE when both operands are different: e.g. 0 XOR 0 = 0, 0 XOR 1 = 1, 1 XOR 0 = 1, and 1 XOR 1 = 0). It is useful for situations when a new key is needed for each message. After knowing the basics of these algorithms, I will describe in detail one of them and that is the RSA algorithm. The RSA algorithm consists in three parts: the key generation, encryption, and decryption ([12]). RSA Key Generation: We select two prime numbers and do their product. Let p=5 and q=7. 19
20 The product is n = p*q = 5*7 =35. We choose f(n) = (p-1)*(q-1) = 4*6 = 24. We select an integer e arbitrary such that e is less than (p-1)*(q-1) and relatively prime to it. Let e=5. We solve the congruence ed 1 (mod ((p-1)*(q-1))) (or the inverse of e % f(n)=1). That is, e*d % 24 = 1. 5d 24 q 1 5d 24q 1 24q 1 d 5 The numbers d and q have to be integers (24q+1) has to be divisible by 5 for q = 1 we have a solution which is an integer number: d 24q Now that we have e and d we are going to form the public and private keys: the public key is the pair (e,n) = (5,35), and the private key is the pair (d,n) = (5,35). RSA Encryption: First we need the public key of the person to whom we want to send the message: (e,n) = (5,35). Next we need the message (for simplicity we used only one letter; in real world applications letters are always encrypted in blocks), so we pick letter C to cipher. Before encrypting the letter we have to encode it as a number. For the purpose of this 20
21 example we will just pick the letter s index from the alphabet. Let m represent this number: m = 3. To encrypt we use the formula m = m e mod n, where m represents the encrypted value (or the encrypted message): m = m e mod n = 3 5 mod 35 = 33. The value of m is sent to the receiver. RSA Decryption First we need the private key of the person who received the encrypted message: (d,n) = (5,65). Next we need the encrypted message: m =33. To decrypt this message we use the formula m = m d mod n = 33 5 mod 35 = 3. m encoded as a letter represents the third letter of the alphabet, C, which means the message was decrypted successfully; Overall, the above algorithms and the detailed description of the RSA mechanism point out one important thing: the longer the key s length, the stronger the encryption is; as the key length increases the number of combinations that must be tried to break an encrypted message increases exponentially. For example, to crack a 40-bit key by an individual with minimal budget and a regular computer it takes one week, while cracking 56-bit key wouldn t be possible in a lifetime. Using hardware specifically designed for encryption/decryption (such as Field Programmable Gate Arrays FPGA), an individual could break a 40-bit encryption in 5 hours, while trying to break a 56-bit encryption with 21
22 the same equipment will take 38 years. Recent studies show that the key length should be at least 90 bits in order to ensure security for the next 20 years ([13]). 22
23 References: [1] Security, Potter, Bruce and Fleck, Bob, O Reilly & Associates, Sebastopol, CA, 2002 [2] Guide to Wireless Communication, Ciampa, Mark, Thomson Learning, Boston, MA, 2002 [3] Building Secure Wireless Networks with , Khan, Jahanzeb & Khwaja, Anis, Wiley Publishing, Inc, 2003 [4] [5] [6] [7] [8] [9] papers/paranoia_files/image010.jpg [10] [11] [12] [13] [14] 23
12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationA SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS
A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS Jose Perez Texas A&M University Corpus Christi Email: jluisperez16@gmail.com Fax Number: (361) 825-2795 Faculty Advisor: Dr. Ahmed Mahdy, Texas A&M University
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics
More informationAuthentication in WLAN
Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationTHE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationWireless VPN White Paper. WIALAN Technologies, Inc. http://www.wialan.com
Wireless VPN White Paper WIALAN Technologies, Inc. http://www.wialan.com 2014 WIALAN Technologies, Inc. all rights reserved. All company and product names are registered trademarks of their owners. Abstract
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationINFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG ITMC TECH TIP ROB COONCE, MARCH 2008
INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG What is wireless technology? ITMC TECH TIP ROB COONCE, MARCH 2008 In our world today, this may mean sitting down at a coffee
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationA COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)
A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) Vipin Poddar Suresh Gyan Vihar School of Engginering And Technology, Jaipur, Rajasthan. Hitesh Choudhary, Poornima University, Jaipur,
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationKy Vu DeVry University, Atlanta Georgia College of Arts & Science
Ky Vu DeVry University, Atlanta Georgia College of Arts & Science Table of Contents - Objective - Cryptography: An Overview - Symmetric Key - Asymmetric Key - Transparent Key: A Paradigm Shift - Security
More informationProperties of Secure Network Communication
Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationWhite paper. Wireless Security: It s Like Securing Your Home
White paper Wireless Security: It s Like Securing Your Home WLAN SECURITY IS JUST LIKE YOUR HOUSE Imagine your home, filled with the people you love and your prized possessions. You open all the windows
More informationRecommended 802.11 Wireless Local Area Network Architecture
NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless
More informationThe Basics of Wireless Local Area Networks
The Basics of Wireless Local Area Networks Andreas Johnsen Student at Mälardalens högskola ajn05012@student.mdh.se +46 712345678 ABSTRACT This paper is written as a brief education about the basics of
More informationWireless LAN Security: Securing Your Access Point
IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.5B, May 2006 173 Wireless LAN Security: Securing Your Access Point Sia Sie Tung, Nurul Nadia Ahmad, Tan Kim Geok Faculty
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationChapter 2 Configuring Your Wireless Network and Security Settings
Chapter 2 Configuring Your Wireless Network and Security Settings This chapter describes how to configure the wireless features of your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router. For a wireless
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationWireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/
Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ At the mall... Page 2 Wireless Networks Page 3 Network supported
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationWireless Ethernet LAN (WLAN) General 802.11a/802.11b/802.11g FAQ
Wireless Ethernet LAN (WLAN) General 802.11a/802.11b/802.11g FAQ Q: What is a Wireless LAN (WLAN)? Q: What are the benefits of using a WLAN instead of a wired network connection? Q: Are Intel WLAN products
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationMobile Office Security Requirements for the Mobile Office
Mobile Office Security Requirements for the Mobile Office S.Rupp@alcatel.de Alcatel SEL AG 20./21.06.2001 Overview Security Concepts in Mobile Networks Applications in Mobile Networks Mobile Terminal used
More informationWIRELESS NETWORKING SECURITY
WIRELESS NETWORKING SECURITY Dec 2010 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK
DOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK ABSTRACT Dr. Sanjeev Dhull Associate Professor, RPIIT Karnal, Dept of Computer Science The DoS attack is the most
More informationA NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION
A NOVEL STRATEGY TO PROVIDE SECURE CHANNEL OVER WIRELESS TO WIRE COMMUNICATION Prof. Dr. Alaa Hussain Al- Hamami, Amman Arab University for Graduate Studies Alaa_hamami@yahoo.com Dr. Mohammad Alaa Al-
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationSecuring an IP SAN. Application Brief
Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationEbonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science
Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationAsymetrical keys. Alices computer generates a key pair. A public key: XYZ123345 (Used to encrypt) A secret key: ABC98765 (Used to decrypt)
Encryption keys Symmetrical keys Same key used for encryption and decryption Exchange of symmetrical keys between parties difficult without risk of interception Asymmetrical keys One key for encryption
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationNetwork Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationRelease: 1. ICANWK502A Implement secure encryption technologies
Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationTop 10 Security Checklist for SOHO Wireless LANs
Introduction Corporations, government agencies, the military, and enterprises in fact all medium to large scale wireless LANs have a different set of security requirements compared to the wireless LAN
More informationWireless LAN Security I: WEP Overview and Tools
Wireless LAN Security I: WEP Overview and Tools Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3
ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationRunning Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS
Wireless Data Network Security 1 Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security for Hospitals: Various Solutions to Meet HIPAA Requirements. Jody Barnes East
More informationLink Layer and Network Layer Security for Wireless Networks
Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.
More informationUsing Wireless Technology Securely
Using Wireless Technology Securely US-CERT In recent years, wireless networking has become more available, affordable, and easy to use. Home users are adopting wireless technology in great numbers. On-the-go
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More informationYou re FREE Guide SSL. (Secure Sockets Layer) webvisions www.webvisions.com +65 6868 1168 sales@webvisions.com
SSL You re FREE Guide to (Secure Sockets Layer) What is a Digital Certificate? SSL Certificates, also known as public key certificates or Digital Certificates, are essential to secure Internet browsing.
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationCOMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)
COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) Disha Baba Banda Singh Bahadur Engineering College Fatehgarh Sahib, Punjab Sukhwinder Sharma Baba Banda Singh Bahadur Engineering College Fatehgarh
More informationChapter 5. Data Communication And Internet Technology
Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More information