A Security Analysis of the Wireless Networks (IEEE )
|
|
- Byron Hampton
- 8 years ago
- Views:
Transcription
1 A Security Analysis of the Wireless Networks (IEEE ) Sampath Thodupunuri Abstract The standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, used to protect link-layer communications from eavesdropping and other attacks. In this paper I discussed about the security flaws in the protocol arising from the misapplication of cryptographic primitives. These flaws lead to several practical attacks that demonstrate that WEP fails to achieve its security goals. As currently defined, WEP s usage of encryption is a fundamentally unsound construction; the WEP encapsulation remains insecure whether its key length is 1 bit or 1000 or any other size whatsoever, and the same remains true when any other stream cipher replaces RC4. The weakness stems from WEP s usage of its initialization vector. This vulnerability prevents the WEP encapsulation from providing a meaningful notion of privacy at any key size. The deficiency of the WEP encapsulation design arises from attempts to adapt RC4 to an environment for which it is poorly suited.
2 Table of Contents 1. Introduction to Wireless Networks --- ad hoc mode --- infrastructure mode --- walkthrough of association 2. Overview of WEP protocol security goals Attack practicality 3. The risks of keystream reuse Finding instances of keystream reuse Exploiting keystream reuse to read encrypted traffic Decryption dictionaries Key management Summary 4. Message Authentication Message modification Message Injection Summary 5. History of wireless LAN security In the beginning, there was obfuscation --- cordless phones --- wireless networks and war dialing --- alternatives to WEP WEP: Unsafe at any key length X and i: Is that your final answer 6. Summary 7. Bibliography
3 1 Introduction to Wireless Networks [1] With more and more companies and individuals requiring portable and mobile computing the need for wireless local area networks continues to rise throughout the world. Because of this growth, IEEE formed a working group IEEE This standard defines the Medium Access Control (MAC) and Physical Layer (PHY) for wireless local area network. The standard defines three different physical layers for the wireless LAN, each operating in a different frequency range and at rates of 1 Mbps and 2 Mbps. Figure 1 illustrates the principal components of the wireless LAN architecture. The fundamental building block of the architecture is the cell, knows as the basic service set (BSS) in the parlance. A BSS typically contains one or more wireless stations and a central base station, known as an access point (AP) in terminology. Figure 1 The wireless stations, which may be either fixed or mobile, and the central base station communicate among themselves using the IEEE wireless MAC protocol. Multiple APs may be connected together (for example using a wired Ethernet or another wireless channel) to form a socalled distribution system (DS). The DS appears to upper-level protocol (for example, IP) as a single 802 network to the upper-layer protocol wireless networks operate in one of two modes- ad-hoc or infrastructure mode. The IEEE standard defines the ad-hoc mode as Independent Basic Service Set (IBSS), and the infrastructure mode as Basic Service Set (BSS). In the remainder of this section, the differences between the two modes and how they operate are explained. ad hoc mode Figure 2 shows that IEEE stations can also group themselves together to form an ad-hoc network a network with no central control and with no connections to the outside world. Here, the network is formed on the fly, simply because there happen to be mobile devices that have found themselves in proximity to each other, that have a need to communicate, and that find no pre-existing network infrastructure (for example, a pre-existing BSS with an AP) in the location. An ad hoc network might be formed when people with laptops meet together (for example in conference room, a train, or a car or in a battlefield) and want to exchange data in the absence of a centralized AP.
4 infrastructure mode In infrastructure mode, each client sends all of it s communications to a central station, or access point (AP). The access point acts as an Ethernet bridge and forwards the communications onto the appropriate network either the wired network, or the wireless network, see figure 3. Prior to communicating data, wireless clients and access points must establish a relationship, or an association. Only after an association is established can the two wireless stations exchange data. In infrastructure mode, the clients associate with an access point. The association process is a two step process involving three states: 1. Unauthenticated and unassociated, 2. Authenticated and unassociated, and 3. Authenticated and associated.
5 Figure 4 shows the classic state machine [3]. An frame can be of two basic types: a management frame or a data frame. To transition between the states, the communicating parties exchange management frames. walk through of association Figure 4 I will now walk through a wireless client finding and associating with an access point. All access points transmit a beacon management frame at fixed interval. To associate with an access point and join a BSS, a client listens for beacon messages to identify the access points within range. The client then selects the BSS to join in a vendor independent manner. For instance on the Apple Macintosh, all of the network names (or service set identifiers (SSID)), which are usually contained in the beacon frame, are presented to the user so that they may select the network to join. A client may also send a probe request management frame to find an access point with a desired SSID. After identifying an access point, the client and the access point perform a mutual authentication by exchanging several management frames as part of the process. The primary methods for authentication and access control are open-system, shared-key authentication and MAC-address based access-control lists. After successful authentication, the client moves into the second state, authenticated and unassociated. Moving from the second state to the third and final state, authenticated and associated, involves the client sending an association request frame, and the access point responding with an association response frame. After following the process described in the previous paragraph, the client becomes a peer on the wireless network, and can transmit data frames on the network. 2 The WEP Protocol Due to the proliferation of laptop computers and PDA s wireless networks of various kinds have gained much popularity. But with the added convenience of wireless access come new problems, not the least of which are heightened security concerns. When transmissions are broadcast over radio waves, interception and masquerading becomes trivial to anyone with a radio, and so there is a need to employ additional mechanisms to protect the communications. The standard for wireless LAN communications introduced the Wired Equivalent Privacy (WEP) protocol in an attempt to address these new problems and bring the security level of wireless
6 systems closer to that of wired ones. The primary goal of WEP is to protect the confidentiality of user data from eavesdropping. WEP is part of an international standard; it has been integrated by manufacturers into their hardware and is currently in widespread use. Unfortunately, WEP falls short of accomplishing its security goals. Despite employing the wellknown and believed-secure RC4 cipher, WEP contains several major security flaws. The flaws give rise to a number of attacks, both passive and active, that allow eavesdropping on, and tampering with, wireless transmissions. In this section, we discuss the flaws that are identified and describe the attacks that ensue. The following section is devoted to an overview of WEP and the threat models that it is trying to address. Sections 2.2 and 2.3 identify particular flaws and the corresponding attacks, and also discuss the security principles that were violated. Finally, Section 6 offers some conclusions. 2.1 Overview of the WEP Protocol The Wired Equivalent Privacy protocol is used in networks to protect link-level data during wireless transmission. It is described in detail in the standard; I will reproduce a brief description to enable the following discussion of its properties. WEP relies on a secret key k shared between the communicating parties to protect the body of a transmitted data. Encryption of a frame proceeds as follows: Checksumming: First, we compute an integrity checksum c(m) on the message M. We concatenate the two to obtain a plaintext P = <M,c(M)>, which will be used as input to the second stage. Note that c(m), and thus P, does not depend on the key k. Encryption: In the second stage, we encrypt the plaintext P derived above using RC4. We choose an initialization vector (IV) v. The RC4 algorithm generates a keystream i.e., a long sequence of pseudorandom bytes as a function of the IV v and the key k. This keystream is denoted by RC4 (v, k). Then, we exclusive-or ( XOR, denoted by ) the plaintext with the keystream to obtain the ciphertext: C = P RC4(v, k). Transmission: Finally, we transmit the IV and the ciphertext over the radio link. Symbolically, this may be represented as follows: A B : v,( P RC4(v, k)) where P = <M,c(M)> The format of the encrypted frame is also shown pictorially in Figure 5. We will consistently use the term message (symbolically, M) to refer to the initial frame of data to be protected, the term plaintext (P) to refer to the concatenation of message and checksum as it is presented to the RC4 encryption algorithm, and the term ciphertext (C ) to refer to the encryption of the plaintext as it is transmitted over the radio link.
7 Figure 5 Encrypted WEP frame. To decrypt a frame protected by WEP, the recipient simply reverses the encryption process. First, he regenerates the keystream RC4(v, k) and XORs it against the ciphertext to recover the initial plaintext: P = C RC4(v, k) = (P RC4(v, k)) RC4(v, k) = P. Next, the recipient verifies the checksum on the decrypted plaintext P by splitting it into the form <M, c >, re-computing the checksum c(m ), and checking that it matches the received checksum c. This ensures that the receiver accepts only frames with a valid checksum. 2.2 Security Goals The WEP protocol is intended to enforce three main security goals: Confidentiality: The fundamental goal of WEP is to prevent casual eavesdropping. Access control: A second goal of the protocol is to protect access to a wireless network infrastructure. The standard includes an optional feature to discard all packets that are not properly encrypted using WEP, and manufacturers advertise the ability of WEP to provide access control. Data integrity: A related goal is to prevent tampering with transmitted messages; the integrity checksum field is included for this purpose. In all three cases, the claimed security of the protocol relies on the difficulty of discovering the secret key through a brute-force attack. There are actually two classes of WEP implementation: classic WEP, as documented in the standard, and an extended version developed by some vendors to provide larger keys. The WEP standard specifies the use of 40-bit keys. This key length is short enough to make bruteforce attacks practical to individuals and organizations with fairly modest computing resources. However, it is straightforward to extend the protocol to use larger keys, and several equipment manufacturers offer a so-called 128-bit version (which actually uses 104-bit keys, despite its misleading name). This extension renders brute-force attacks impossible for even the most resourceful of adversaries given today s technology. Nonetheless, we will demonstrate that there are shortcut attacks on the system that do not require a bruteforce attack on the key, and thus even the 128-bit versions of WEP are not secure.
8 In the remainder of this paper, we will argue that none of the three security goals are attained. First, we show practical attacks that allow eavesdropping. Then, we show that it is possible to subvert the integrity checksum field and to modify the contents of a transmitted message, violating data integrity. Finally, we demonstrate that our attacks can be extended to inject completely new traffic into the network. 2.3 Attack Practicality Before describing the attacks, we would like to discuss the feasibility of mounting them in practice. In addition to the cryptographic considerations discussed in the sections to follow, a common barrier to attacks on communication subsystems is access to the transmitted data. Despite being transmitted over open radio waves, traffic requires significant infrastructure to intercept. An attacker needs equipment capable of monitoring 2.4GHz frequencies and understanding the physical layer of the protocol; for active attacks, it is also necessary to transmit at the same frequencies. A significant development cost for equipment manufacturers lies in creating technologies that can reliably perform this task. As such, there might be temptation to dismiss attacks requiring link-layer access as impractical; for instance, this was once established practice among the cellular industry. However, such a position is dangerous. First, it does not safeguard against highly resourceful attackers who have the ability to incur significant time and equipment costs to gain access to data. This limitation is especially dangerous when securing a company s internal wireless network, since corporate espionage can be a highly profitable business. Second, the necessary hardware to monitor and inject traffic is readily available to consumers in the form of wireless Ethernet interfaces. All that is needed is to subvert it to monitor and transmit encrypted traffic. There were successful attempts of passive attacks using off-the-shelf equipment by modifying driver settings. Active attacks appear to be more difficult, but not beyond reach. The time investment required is non-trivial; however, it is a one-time effort the rogue firmware can then be posted on a web site or distributed amongst underground circles. Therefore, it would be prudent to assume that motivated attackers will have full access to the link layer for passive and even active attacks. Further supporting this assumption are the WEP documents themselves. They state: Eavesdropping is a familiar problem to users of other types of wireless technology. The difficulties of link layer access will not be discussed further, and instead the focus shifts on cryptographic properties of the attacks. 3 The Risks of Keystream Reuse WEP provides data confidentiality using a stream cipher called RC4. Stream ciphers operate by expanding a secret key (or, as in the case of WEP, a public IV and a secret key) into an arbitrarily long keystream of pseudorandom bits. Encryption is performed by XORing the generated keystream with the plaintext. Decryption consists of generating the identical keystream based on the IV and secret key and XORing it with the ciphertext. A well-known pitfall of stream ciphers is that encrypting two messages under the same IV and key can reveal information about both messages: If and then C1 = P1 RC4(v,k) C2 = P2 RC4(v,k)
9 C1 C2 = (P1 RC4(v,k)) (P2 RC4(v,k)) = P1 P2. In other words, XORing the two ciphertexts (C1and C2) together causes the keystream to cancel out, and the result is the XOR of the two plaintexts (P1 P2). Thus, keystream reuse can lead to a number of attacks: as a special case, if the plaintext of one of the messages is known, the plaintext of the other is immediately obtainable. More generally, real-world plaintexts often have enough redundancy that one can recover both P1 and P2 given only P1 P2; there are known techniques, for example, for solving such plaintext XORs by looking for two English texts that XOR to the given value P1 P2. Moreover, if we have n ciphertexts that all reuse the same keystream, we have what is known as a problem of depth n. Reading traffic in depth becomes easier as n increases, since the pairwise XOR of every pair of plaintexts can be computed, and many classical techniques are known for solving such problems (e.g., frequency analysis, dragging cribs, and so on). Note that there are two conditions required for this class of attacks to succeed: The availability of ciphertexts where some portion of the keystream is used more than once, and Partial knowledge of some of the plaintexts. To prevent these attacks, WEP uses a per-packet IV to vary the keystream generation process for each frame of data transmitted. WEP generates the keystream RC4(v,k) as a function of both the secret key k (which is the same for all packets) and a public initialization vector v (which varies for each packet); this way, each packet receives a different keystream. The IV is included in the unencrypted portion of the transmission so that the receiver can know what IV to use when deriving the keystream for decryption. The IV is therefore available to attackers as well1, but the secret key remains unknown and maintains the security of the keystream. The use of a per-packet IV was intended to prevent keystream reuse attacks. Nonetheless, WEP does not achieve this goal. We describe below several realistic keystream reuse attacks on WEP. First, we discuss how to find instances of keystream reuse; then, we show how to exploit these instances by taking advantage of partial information on how typical plaintexts are expected to be distributed. Finding instances of keystream reuse. One potential cause of keystream reuse comes from improper IV management. Note that, since the shared secret key k generally changes very rarely, reuse of IV s almost always causes reuse of some of the RC4 keystream. Since IV s are public, duplicate IV s can be easily detected by the attacker. Therefore, any reuse of old IV values exposes the system to keystream reuse attacks. We call such a reuse of an IV value a collision. The WEP standard recommends (but does not require) that the IV be changed after every packet. However, it does not say anything else about how to select IV s, and, indeed, some implementations do it poorly. A particular PCMCIA card reset the IV to 0 each time they were re-initialized, and then incremented the IV by one for each packet transmitted. These cards re-initialize themselves each time they are inserted into the laptop, which can be expected to happen fairly frequently. Consequently, keystreams corresponding to low-valued IV s were likely to be reused many times during the lifetime of the key.
10 Even worse, the WEP standard has architectural flaws that expose all WEP implementations no matter how cautious to serious risks of keystream reuse. The IV field used by WEP is only 24 bits wide, nearly guaranteeing that the same IV will be reused for multiple messages. A back-of-theenvelope calculation shows that a busy access point sending 1500 byte packets and achieving an average 5Mbps bandwidth (the full transmission rate is 11Mbps) will exhaust the available space in less than half a day. Even for less busy installations, a patient attacker can readily find duplicates. Because the IV length is fixed at 24 bits in the standard, this vulnerability is fundamental: no compliant implementation can avoid it. Implementation details can make keystream reuse occur even more frequently. An implementation that uses a random 24-bit IV for each packet will be expected to incur collisions after transmitting just 5000 packets, which is only a few minutes of transmission. Worse yet, the standard does not even require that the IV be changed with every packet, so an implementation could reuse the same IV for all packets without risking noncompliance! Exploiting keystream reuse to read encrypted traffic. Once two encrypted packets that use the same IV are discovered, various methods of attack can be applied to recover the plaintext. If the plaintext of one of the messages is known, it is easy to derive the contents of the other one directly. There are many ways to obtain plausible candidates for the plaintext. Many fields of IP traffic are predictable, since protocols use well-defined structures in messages, and the contents of messages are frequently predictable. For example, login sequences are quite uniform across many users, and so the contents e.g., the Password: prompt or the welcome message may be known to the attacker and thus usable in a keystream reuse attack. As another example, it may be possible to recognize a specific shared library being transferred from a networked file system by analyzing traffic patterns and lengths; this would provide a large quantity of known plaintext suitable for use in a keystream reuse attack. There are also other, sneakier, ways to obtain known plaintext. It is possible to cause known plaintext to be transmitted by, for example, sending IP traffic directly to a mobile host from an Internet host under the attacker s control. The attacker may also send to users and wait for them to check it over a wireless link. Sending spam might be a good method of doing this without raising too many alarms. 3.1 Decryption Dictionaries Once the plaintext for an intercepted message is obtained, either through analysis of colliding IV s, or through other means, the attacker also learns the value of the keystream used to encrypt the message. It is possible to use this keystream to decrypt any other message that uses the same IV. Over time, the attacker can build a table of the keystreams corresponding to each IV. The full table has modest space requirements perhaps 1500 bytes for each of the 224possible IV s, or roughly 24 GB so it is conceivable that a dedicated attacker can, after some amount of effort, accumulate enough data to build a full decryption dictionary, especially when one considers the low frequency with which keys are changed (see next section). The advantage to the attacker is that, once such a table is available, it becomes possible to immediately decrypt each subsequent ciphertext with very little work. Of course, the amount of work necessary to build such a dictionary restricts this attack to only the most persistent attackers who are willing to invest time and resources into defeating WEP security. It can be argued that WEP is not designed to protect from such attackers, since a 40-bit key can be
11 discovered through brute-force in a relatively short amount of time with moderate resources. However, manufacturers have already begun to extend WEP to support larger keys, and the dictionary attack is effective regardless of key size. (The size of the dictionary depends not on the size of the key, but only on the size of the IV, which is fixed by the standard at 24 bits.) Further, the dictionary attack can be made more practical by exploiting the behavior of PCMCIA cards that reset the IV to 0 each time they are reinitialized. Since typical use of PCMCIA cards includes reinitialization at least once per day, building a dictionary for only the first few thousand IV s will enable an attacker to decrypt most of the traffic directed towards the access point. In an installation with many clients, collisions in the first few thousand IV s will be plentiful. 3.2 Key Management The standard does not specify how distribution of keys is to be accomplished. It relies on an external mechanism to populate a globally-shared array of 4 keys. Each message contains a key identifier field specifying the index in the array of the key being used. The standard also allows for an array that associates a unique key with each mobile station; however, this option is not widely supported. In practice, most installations use a single key for an entire network. This practice seriously impacts the security of the system, since a secret that is shared among many users cannot stay very well hidden. Some network administrators try to ameliorate this problem by not revealing the secret key to end users, but rather configuring their machines with the key themselves. This, however, yields only a marginal improvement, since the keys are still stored on the users computers. The reuse of a single key by many users also helps make the attacks in this section more practical, since it increases chances of IV collision. The chance of random collisions increases proportionally to the number of users; even worse, PCMCIA cards that reset the IV to 0 each time they are reinitialized will all reuse keystreams corresponding to a small range of low-numbered IV s. Also, the fact that many users share the same key means that it is difficult to replace compromised key material. Since changing a key requires every single user to reconfigure their wireless network drivers, such updates will be infrequent. In practice, we expect that it may be months, or even longer, between key changes, allowing an attacker more time to analyze the traffic and look for instances of keystream reuse. 3.3 Summary The attacks in this section demonstrate that the use of stream ciphers is dangerous, because the reuse of keystream can have devastating consequences. Any protocol that uses a stream cipher must take special care to ensure that keystream never gets reused. This property can be difficult to enforce. The WEP protocol contains vulnerabilities despite the designers apparent knowledge of the dangers of keystream reuse attacks. Nor is it the first protocol to fall prey to streamcipher- based attacks; 4 Message Authentication The WEP protocol uses an integrity checksum field to ensure that packets do not get modified in transit. The checksum is implemented as a CRC-32 checksum, which is part of the encrypted payload of the packet. We will argue below that a CRC checksum is insufficient to ensure that an attacker cannot tamper with a message: it is not a cryptographically secure authentication code. CRC s are designed to detect random errors in the message; however, they are not resilient against malicious attacks. As we will demonstrate, this vulnerability of CRC is exacerbated by the fact that the message payload is encrypted using a stream cipher.
12 4.1 Message Modification First, we show that messages may be modified in transit without detection, in violation of the security goals. We use the following property of the WEP checksum: Property 1 The WEP checksum is a linear function of the message. By this, we mean that checksumming distributes over the XOR operation, i.e., c(x y) = c(x) c(y) for all choices of x and y. This is a general property of all CRC checksums. One consequence of the above property is that it becomes possible to make controlled modifications to a ciphertext without disrupting the checksum. Let s fix our attention on a ciphertext C which we have intercepted before it could reach its destination: A (B) : <v, C> We assume that C corresponds to some unknown message M, so that C = RC4(v,k) <M, c(m)> (1) We claim that it is possible to find a new ciphertext C that decrypts to M, where M = M and may be chosen arbitrarily by the attacker. Then, we will be able to replace the original transmission with our new ciphertext by spoofing the source, (A) B : <v, C >, and upon decryption, the recipient B will obtain the modified message M with the correct checksum. All that remains is to describe how to obtain C from C so that C decrypts to M instead of M. The key observation is to note that stream ciphers, such as RC4, are also linear, so we can reorder many terms. We suggest the following trick: XOR the quantity <,c( )> against both sides of Equation 1 above to get a new ciphertext C : C = C <, c( )> = RC4(v,k) <M, c(m)> <,c( )> = RC4(v,k) <M, c(m) c( )> = RC4(v,k) <M, c(m )> = RC4(v,k) <M, c(m )>. In this derivation, we used the fact that the WEP checksum is linear, so that c(m) c( ) = c(m ). As a result, we have shown how to modify C to obtain a new ciphertext C that will decrypt to P. This implies that we can make arbitrary modifications to an encrypted message without fear of detection. Thus, the WEP checksum fails to protect data integrity, one of the three main goals of the WEP protocol. Notice that this attack can be applied without full knowledge of M: the attacker only needs to know the original ciphertext C and the desired plaintext difference, in order to calculate C = C <,c( )>. For example, to flip the first bit of a message, the attacker can set = This allows an attacker to modify a packet with only partial knowledge of its contents.
13 4.2 Message Injection Next, we show that WEP does not provide secure access control. We use the following property of the WEP checksum: Property 2 The WEP checksum is an unkeyed function of the message. As a consequence, the checksum field can also be computed by the adversary who knows the message. This property of the WEP integrity checksum allows the circumvention of access control measures. If an attacker can get a hold of an entire plaintext corresponding to some transmitted frame, he will then able to inject arbitrary traffic into the network. As we saw in Section3, knowledge of both the plaintext and ciphertext reveals the keystream. This keystream can subsequently be reused to create a new packet, using the same IV. That is, if the attacker ever learns the complete plaintext P of any given ciphertext packet C, he can recover keystream used to encrypt the packet: P C = P (P RC4(v,k)) = RC4(v,k) He can now construct an encryption of a message M : (A) B : <v, C >, where C = <M, c(m )> RC4(v,k). Note that the rogue message uses the same IV value as the original one. Therefore, the attack works only because of the following behavior of WEP access points: Property 3 It is possible to reuse old IV values without triggering any alarms at the receiver. Therefore it is not necessary to block the reception of the original message. Once we know an IV v along with its corresponding keystream sequence RC4(v,k), this property allows us to reuse the keystream indefinitely and circumvent the WEP access control mechanism. A natural defense against this attack would be to disallow the reuse of IV s in multiple packets, and require that all receivers enforce this prohibition. However, the standard does not do this. While the standard strongly recommends against IV reuse, it does not require it to change with every packet. Hence, every receiver must accept repeated IV s or risk non-interoperability with compliant devices. Note that in this attack we do not rely on Property 1 of the WEP checksum (linearity). In fact, substituting any unkeyed function in place of the CRC will have no effect on the viability of the attack. Only a keyed message authentication code (MAC) such as SHA1-HMAC will offer sufficient strength to prevent this attack. 4.4 Summary In this section, we have shown the importance of using a cryptographically secure message authentication code, such as SHA1-HMAC, to protect integrity of transmissions. The use of CRC is wholly inappropriate for this purpose, and in fact any unkeyed function falls short from defending against all of the attacks in this section. A secure MAC is particularly important in view of composition of protocols, since the lack of message integrity in one layer of the system can lead to breach of secrecy in the larger system.
14 5 History of Wireless LAN security In this section I will focus on the history of wireless LAN security, especially security in IEEE In the Beginning, There Was Obfuscation [5] Cordeless Phones It's depressing how often we see that those who don't remember history are doomed to repeat it. When cordless phones and the first analog cell phones hit the market, anybody with a scanner that operated at the right frequency could easily listen to calls not intended for them. The same cycle played out with equipment. Vendors first claimed that spread-spectrum modulation made it hard to build a receiver. That assertion was true in a limited sense. Traditional RF receivers listen at a narrow band for the signal, and spread spectrum uses wide bands. However, the claim is also a silly assertion because the receiver of a frame must, by definition, be able to receive and process it. Therefore, any interface must, by definition, be the receiver that vendors claimed didn't exist. Wireless Networks and War dialing Finding wireless networks is easy. By necessity, wireless access points must announce themselves to the world beacon frames, used to broadcast network parameters, are sent unencrypted. By monitoring beacon frames, wandering users with an receiver can find out about wireless networks in the area simply by putting up an antenna. A few people made headlines by attaching high-gain antennas to their automobiles and running custom software to log the wireless networks they found while driving around [6]. By analogy to "war dialing" (dialing every number looking for a modem backdoor into a network), driving around looking for access points was called "war driving." War driving can be surprisingly effective. Tools to assist with war driving are now famous (or infamous, if you prefer). One of the better known tools is NetStumbler [7]. Once a wireless network has been located, there was originally only one standardized provision for restricting access to a wireless network in the standard, and it required implementing WEP, the Wired Equivalent Privacy specification. Alternatives to WEP Many vendors did not implement WEP initially, and needed to develop an alternative security solution that could be deployed quickly. MAC-address filtering emerged as the solution. Like all other IEEE 802 networks, uses 48-bit station identifiers in the frame headers. Address filtering was based on the dubious theory that IT departments are responsible for issuing wireless LAN cards to users and should therefore be able to maintain a corporate-wide list of MAC addresses allowed to connect to a wireless network. During the initial connection procedures, wireless access points can check the MAC address of connecting stations to ensure the station is on the list of known good MAC addresses. Address filtering was never part of the standard, but it has been widely deployed anyway. It is not, however, a serious security solution. Addresses identify stations, not users. Malicious attackers with a "good" MAC address are not prevented from accessing the network. Addresses do not validate that the system software is free from tampering. Stations on the "good" list may have any number of eavesdropping programs, spyware, or Trojan horses installed. Granting access to a station with the
15 right wireless card but the wrong software can have disastrous consequences for your network security. Most importantly, addresses are not strong authentication. Users with sufficient operating-system privileges can alter addresses to masquerade as an allowed wireless-network user. Obtaining a list of authorized wireless stations can be done quite economically. Sniffers can be built entirely from open-source components. To turn a Linux laptop into a sniffer, the only additional cost would be less than $100 for a wireless LAN card based on the Intersil PRISM chipset. Once an attacker has built a sniffer, all that remains is to gather a list of allowed addresses. The sniffer can be used to monitor stations, which successfully associate with the wireless LAN, and then the attacker can easily adopt one of the addresses on the authorized list. 5.1 WEP: Unsafe at any Key Length Although WEP was the first serious attempt to fix the insecurity of wireless LANs, it was hamstrung from the beginning because it was designed during the infamous era in which strong cryptographic systems fell under the same export regulations as weapons of mass destruction. Until these rules were relaxed, the U.S. government prevented the export of cryptographic products with long key lengths. WEP secret keys were limited to 40 bits, the longest, exportable key length allowed at the time. WEP was also limited by the complexity of itself. The MAC is quite complex and takes a great deal of processing power to run. The additional burden imposed by cryptography was too much for a number of early products, which simply did not implement WEP. In addition to limitations on the strength of the cryptography that could be used, WEP has always been an option feature of the standard compliant products do not have to implement WEP. When it became clear that wireless networks unprotected by WEP were extremely vulnerable, users were urged to select products that implemented WEP, and WEP became the linchpin of network security. It was, however, a flawed anchor point for security. Two major papers, from teams at Berkeley [3] and the University of Maryland (UMD) [2], attacked the design of WEP as flawed on various grounds. The Berkeley paper (explained int the previous section)demonstrated weaknesses due to key reuse and weak message authentication. The UMD paper showed the weaknesses of access control mechanisms, even those based on WEP's cryptographic authentication. A later paper argued that the weak message authentication made it possible to inject traffic into the network.[8] Although long-key length versions of WEP were released to the market, the flaws in WEP were not due to a short key. The flaws persist in any version of WEP, whether a short exportcrippled key is used or a reasonably long key. One member of the working group memorably described WEP as "unsafe at any key length" and urged the working group to redesign WEP.[4] Though there was a great deal of discussion about redesigning WEP, the issue was finally forced in August Up until that point, WEP had been a dam resisting minor cracks and design flaws, but the torrent was now ready to sweep away any perception of WEP security. Until this point, attacks on WEP were based on the design of the system, and most people assumed the underlying cryptography, RSA's RC4 algorithm, was sound. A paper by Scott Fluhrer, Itsik Mantin, and Adi Shamir about the method RC4 used to expand the key into a long keystream dispelled that assumption.[9]
16 Fluhrer, Mantin, and Shamir found a flaw in the "key scheduling algorithm" of RC4 that made certain RC4 keys fundamentally weak, and they designed an attack that would allow a passive listener to recover the secret WEP key simply by collecting a sufficient number of frames encrypted with weak keys. They did not, however, implement the attack. Several others did, though; the first public description was from an AT&T Labs technical report. [10] Open-source implementations of the attack are now widely available. One of the best-known programs is AirSnort, which was covered by the industry media when it was released.[11] Key recovery with AirSnort takes only a few seconds once enough weakly-encrypted frames are gathered. In fact, gathering enough frames can be done within a day, depending on your traffic load x and i: Is That Your Final Answer? After August 2001, WEP was clearly in ruins. It was designed to provide both authentication and privacy, but had been shown to provide neither. To solve the user-authentication problem, the working group adopted the 802.1x standard, which provides "per-port user authentication." It was designed to require user authentication before granting network access. It was, however, designed for a wired network, which leads to several problems.[12] At the heart of it all is that 802.1x was designed for a network with a fixed physical topology. The main threats to authentication traffic are that the frames may be altered, authorized sessions may be hijacked, and an imposter may impersonate the network to steal authentication credentials. On a wired network, authentication is implicit in the connection to the network itself. Data ports on the walls almost always go to the real network infrastructure, and altering traffic as it traverses the wire is difficult. Wireless networks, however, have a very different physical topology. It is much easier to inject messages into an authentication sequence or hijack authorized sessions in the absence of strong mutual authentication and integrity checks. Even if 802.1x is imperfect, it is a far better user-authentication solution than WEP ever was x clients are now becoming available for many popular operating systems i has not yet been standardized. It takes 802.1x as its base and adds several features for wireless networks. The most notable addition is that i includes a key distribution framework, which should replace the static, manually configured WEP key i also allows the use of the AES encryption algorithm. Some observers had hoped it would be standardized by September 2002, but skeptics are predicting it may take until mid- to late-2003 before i completes the standardization process. 6 Summary In this paper I have explained major security flaws in the WEP protocol and described practical protocol that result. As a result WEP should not be counted on to provide strong link-level security, and that additional precautions be taken to protect network traffic. 7 Bibliography: [1] James F. Kurose, Keith W. Ross, Computer Networking, A top-down approach featuring the Internet, 1st edition, Pearson Education, [2] W.A.Arbaugh, N.Shankar, and Y.J.Wan. Your wireless network has no clothes, Mar [3] N. Borisov, I. Goldberg, and D. Wagner, Intercepting Mobile Communications:
17 The Insecurity of 802.1, [4] J. Walker, Unsafe at any key size: an analysis of the WEP encapsulation, Tech. Rep E,IEEE committee, March [5] Matthew Gast, Wireless LAN Security: A Short History, 4/19/2002 [6] News story about Peter Shipley's war driving: April 2001; maps of San Francisco war-driving results available from [7] NetStumbler home page: [8] Arbaugh, William A. An inductive chosen plaintext attack against WEP/WEP2, IEEE Document /230, May [9] Fluhrer, Scott, Itsik Mantin, and Adi Shamir. Weaknesses in the Key Scheduling Algorithm of RC4, Eighth Annual Workshop on Selected Areas in Cryptography, August [10] Stubblefield, Adam, John Ioannidis, and Aviel D. Rubin. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, AT&T Labs Technical Report TD-4ZCPZZ. Revision 2, August [11] AirSnort home page: [12] Mishra, Arunesh, and William Arbaugh, An Initial Security Analysis of the IEEE 802.1x Security Standard, February 6,
Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationWLAN and IEEE 802.11 Security
WLAN and IEEE 802.11 Security Agenda Intro to WLAN Security mechanisms in IEEE 802.11 Attacks on 802.11 Summary Wireless LAN Technologies WLAN technologies are becoming increasingly popular, and promise
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationWireless LANs and Privacy. Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And
Wireless LANs and Privacy Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And Lance Hayden Business Development Manager Cisco Secure Consulting Services Cisco
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationLinux Access Point and IPSec Bridge
Tamkang Journal of Science and Engineering, Vol. 6, No. 2, pp. 121-126 (2003) 121 Linux Access Point and IPSec Bridge T. H. Tseng and F. Ye Department of Electrical Engineering Tamkang University Tamsui,
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationWireless Security: Token, WEP, Cellular
Wireless Security: Token, WEP, Cellular 27 May 2015 Lecture 9 Some slides adapted from Jean-Pierre Seifert (TU Berlin) 27 May 2015 SE 425: Communication and Information Security 1 Topics for Today Security
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2003: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC and physical characteristics
More informationSecurity in Wireless Local Area Network
Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June
More informationWIRELESS NETWORKING SECURITY
WIRELESS NETWORKING SECURITY Dec 2010 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationWireless LAN Security I: WEP Overview and Tools
Wireless LAN Security I: WEP Overview and Tools Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationAttacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com
Attacking Automatic Wireless Network Selection Dino A. Dai Zovi and Shane A. Macaulay {ddaizovi,smacaulay1}@bloomberg.com We made Slashdot! Hackers, Meet Microsoft "The random chatter of several hundred
More informationWireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationA SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS
A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS Jose Perez Texas A&M University Corpus Christi Email: jluisperez16@gmail.com Fax Number: (361) 825-2795 Faculty Advisor: Dr. Ahmed Mahdy, Texas A&M University
More informationWireless LAN Security: Securing Your Access Point
IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.5B, May 2006 173 Wireless LAN Security: Securing Your Access Point Sia Sie Tung, Nurul Nadia Ahmad, Tan Kim Geok Faculty
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationECE 4893: Internetwork Security Lab 10: Wireless 802.11 Security
Group Number: Member Names: Date Assigned: March 23, 2004 Date Due: March 30, 2004 Last Revised: March 22, 2004 ECE 4893: Internetwork Security Lab 10: Wireless 802.11 Security Goal: The goal of this lab
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationCOMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)
COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) Disha Baba Banda Singh Bahadur Engineering College Fatehgarh Sahib, Punjab Sukhwinder Sharma Baba Banda Singh Bahadur Engineering College Fatehgarh
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationThe Basics of Wireless Local Area Networks
The Basics of Wireless Local Area Networks Andreas Johnsen Student at Mälardalens högskola ajn05012@student.mdh.se +46 712345678 ABSTRACT This paper is written as a brief education about the basics of
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationEbonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science
Security Measures taken in Securing Data Transmission on Wireless LAN 1 AGWU C. O., 2 ACHI I. I., AND 3 OKECHUKWU O. 1 Department of Computer Science Ebonyi State University Abakaliki 2 Department of Computer
More informationWireless LAN Security
Wireless LAN Security Today and Tomorrow By Sangram Gayal and Dr. S. A. Vetha Manickam Center for Information and Network Security Pune University Table of Contents 1. Introduction... 3 2. Wireless LANs...
More informationWireless LAN Security In a Campus Environment
Wireless LAN Security In a Campus Environment Clark Gaylord and Steven Lee Virginia Tech Introduction With the September 1999 ratification of the 802.11b standard by the Institute of Electrical and Electronic
More informationPwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure
PwC Outline Wireless LAN Security: Attacks and Countermeasures 1. Introduction 2. Problems with 802.11 security 3. Attacks on and risks to Wireless Networks 4. Defending wireless networks ISACA Hong Kong
More informationIndustrial Communication. Securing Industrial Wireless
Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...
More informationLab Exercise 802.11. Objective. Requirements. Step 1: Fetch a Trace
Lab Exercise 802.11 Objective To explore the physical layer, link layer, and management functions of 802.11. It is widely used to wireless connect mobile devices to the Internet, and covered in 4.4 of
More informationA COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)
A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) Vipin Poddar Suresh Gyan Vihar School of Engginering And Technology, Jaipur, Rajasthan. Hitesh Choudhary, Poornima University, Jaipur,
More informationSecurity in Ad Hoc Network
Security in Ad Hoc Network Bingwen He Joakim Hägglund Qing Gu Abstract Security in wireless network is becoming more and more important while the using of mobile equipments such as cellular phones or laptops
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationHIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper
HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper Rev 1.0 HIPAA Security Considerations for Broadband Fixed Wireless Access Systems This white paper will investigate
More informationTutorial 3. June 8, 2015
Tutorial 3 June 8, 2015 I. Basic Notions 1. Multiple-choice (Review Questions Chapter 6, 8 and 11) 2. Answers by a small paragraph (Chapter 2: viruses: MBR, rootkits, ) Multiple choice X. Which is the
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationWireless Security with Cyberoam
White paper Cyberoam UTM Wireless Security with Cyberoam Robust, Fault-tolerant security is a must for companies sporting wireless networks. Cyberoam UTM strengthens the existing Wireless Security Architecture
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationEnterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003
Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.
More informationSecurity Requirements for Wireless Networks and their Satisfaction in IEEE 802.11b and Bluetooth
Security Requirements for Wireless Networks and their Satisfaction in IEEE 802.11b and Bluetooth Henrich C. Poehls Master s Thesis M.Sc. in Information Security Information Security Group Royal Holloway,
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationVulnerabilities of Wireless Security protocols (WEP and WPA2)
Vulnerabilities of Wireless Security protocols (WEP and WPA2) Vishal Kumkar, Akhil Tiwari, Pawan Tiwari, Ashish Gupta, Seema Shrawne Abstract - Wirelesses Local Area Networks (WLANs) have become more prevalent
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationWi-Fi and security Wireless Networking and Security by Alain RASSEL
Wi-Fi and security Wireless Networking and Security by Alain RASSEL 1 23.11.04 Overview: Simple configuration example Obvious simple protection means Change Administrator Password Restrict administrator
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationSSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. E-mail: pro09020@fe.up.pt Dez 2009. Dez 2009 1
SSI Commons Wireless Protocols WEP and WPA2 Bertil Maria Pires Marques E-mail: pro09020@fe.up.pt Dez 2009 Dez 2009 1 WEP -Wired Equivalent Privacy WEPisasecurityprotocol,specifiedintheIEEEWireless Fidelity
More informationWireless Sensor Networks Chapter 14: Security in WSNs
Wireless Sensor Networks Chapter 14: Security in WSNs António Grilo Courtesy: see reading list Goals of this chapter To give an understanding of the security vulnerabilities of Wireless Sensor Networks
More informationTHE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9
More informationHow To Protect A Wireless Lan From A Rogue Access Point
: Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other
More informationNetwork Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES)
More informationRobust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been
Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security
More informationCounter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers
Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was
More informationSecuring your Linksys Wireless Router BEFW11S4 Abstract
Securing your Linksys Wireless Router BEFW11S4 Abstract Current implementations of the 802.11b wireless LAN standards have several potential pitfalls for security. However, built in security mechanisms
More informationA Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2
A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 1 Dept of CSE, P.A.College of Engineering 2 Dept of CSE, Srnivas institute
More informationm-trilogix White Paper on Security in Wireless Networks
m-trilogix White Paper on Security in Wireless Networks Executive Summary Wireless local area networks (WLANs) based on IEEE 802.11b (Wi-Fi) will ship, according to a Cahners- Instat study, 23.6 million
More informationTechnical Brief. Wireless Intrusion Protection
Technical Brief Wireless Intrusion Protection Introduction One layer of the multi-layer wireless security solution provided by Aruba Wireless Networks is the ability to lock the air using wireless intrusion
More informationSecure Wireless Access to a Campus Network
Secure Wireless Access to a Campus Network Manuel Pérez, Miguel Sánchez and Román García Computer Engineering Department Polytechnic University of Valencia, Spain Email: {mperez,misan,roman}@disca.upv.es
More informationWireless Network Standard and Guidelines
Wireless Network Standard and Guidelines Purpose The standard and guidelines listed in this document will ensure the uniformity of wireless network access points and provide guidance for monitoring, maintaining
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationWIRELESS NETWORK SECURITY
WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11) wireless LAN systems. The rapid growth and deployment of these systems into a
More informationMethodology: Security plan for wireless networks. By: Stephen Blair Mandeville A. Summary
Methodology: Security plan for wireless networks By: Stephen Blair Mandeville A. Summary The evolution to wireless networks allows connections with the same quality of data transfer at a lower cost but
More informationTop 10 Security Checklist for SOHO Wireless LANs
Introduction Corporations, government agencies, the military, and enterprises in fact all medium to large scale wireless LANs have a different set of security requirements compared to the wireless LAN
More informationWHITE PAPER. WEP Cloaking for Legacy Encryption Protection
WHITE PAPER WEP Cloaking for Legacy TM Encryption Protection Introduction Wired Equivalent Privacy (WEP) is the encryption protocol defined in the original IEEE 802.11 standard for Wireless Local Area
More informationChapter 2 Wireless Settings and Security
Chapter 2 Wireless Settings and Security This chapter describes how to set up the wireless features of your WGT624 v4 wireless router. In planning your wireless network, select a location for the wireless
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationWiFi Security Assessments
WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents
More informationSecureCom Mobile s mission is to help people keep their private communication private.
About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended
More informationEnterprise A Closer Look at Wireless Intrusion Detection:
White Paper Enterprise A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model Josh Wright Senior Security Researcher Introduction As wireless enterprise networks become
More informationHOW ENCRYPTION WORKS. Introduction to BackupEDGE Data Encryption. Technology Overview. Strong Encryption BackupEDGE
HOW ENCRYPTION WORKS Technology Overview Strong Encryption BackupEDGE Introduction to BackupEDGE Data Encryption A major feature of BackupEDGE is the ability to protect archives containing critical client
More informationBasic network security threats
Basic network security threats Packet sniffing Packet forgery (spoofed from address) DNS spoofing wrong IP address for hostname Assume bad guy controls network - Can read all your packets - Can tamper
More informationIY2760/CS3760: Part 6. IY2760: Part 6
IY2760/CS3760: Part 6 In this part of the course we give a general introduction to network security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily
More information802.11b and associated network security risks for the home user
802.11b and associated network security risks for the home user by Michael Osten mosten@bleepyou.com Background ================= Approved in 1997 by the IEEE 802 committee, 802.11 details the framework
More informationTop 10 Security Checklist for SOHO Wireless LANs
Expert Reference Series of White Papers Top 10 Security Checklist for SOHO Wireless LANs 1-800-COURSES www.globalknowledge.com Top 10 Security Checklist for SOHO Wireless LANs David Coleman, AirSpy Networks
More informationAbstract. 1. IEEE 802.11. a. 802.11a b. 802.11b c. 802.11g 2. HiperLAN/2. 3. Bluetooth. 4. HomeRF.
A Detailed Study on Wireless LAN Technologies Vijay Chandramouli Department of Computer Science and Engineering The University of Texas at Arlington vmouli@uta.edu Abstract Wireless Communication is an
More informationVIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong
VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY AUTHOR: Raúl Siles Founder and Security Analyst at Taddong Hello and welcome to Intypedia. Today we will talk about the exciting world of security
More information