Distributed Systems Security
|
|
- Frederica Osborne
- 8 years ago
- Views:
Transcription
1 Distributed Systems Security Protocols (Physical/Data-Link Layer) Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck
2 Overview Security on Different Layers Security on Physical & Data-Link Layer Mostly security in wireless networks Example: Wireless LANs (IEEE a/b/g, i) Security - 07 Physical/Data Link Layer #2
3 Security on Different Layers Security - 04 Cryptology #3
4 Security on Different Layers Where do we place security mechanisms? Pros and cons on different protocol layers? Physical / Data-Link Layer E.g., Bluetooth, WEP/WPA/WPA2 in WLAN Network Layer E.g., IPSec, L2TP Transport Layer E.g., SSL/TLS Application Layer E.g., PGP, Kerberos Kerberos UDP LLC/MAC PHY LLC IP WEP MAC HTTP FTP SMTP TCP/UDP IPSec LLC/MAC HTTP FTP SMTP SSL/TLS TCP/UDP IP SET HTTP PGP S-MIME SMTP TCP Security - 06 Protocols #4 IP
5 Security in Lower Layers (PHY, DL) Protection of (some) individual links + Transparent for upper layers (i.e., IP, TCP, and application) + Minimal changes in protocol stack Security for single hops only No end-to-end security Not flexibly controllable by applications directional radio Security - 06 Protocols #5
6 Security in Network/Transport Layer Protection on the IP and/or TCP/UDP layer + Transparent for applications on network layer (IP IPSec) + End-to-end security across unsecure infrastructures + Complete connections securable (e.g., using VPNs) + Transport layer security controllable by /visible to applications (e.g., https instead of http) IPSec not controllable by / visible to applications Transport layer (TCP over TLS) requires application changes Any application layer protocol E.g., FTP, Web Apps, SMTP, POP, IMAP,... end-to-end connection security directional radio Security - 06 Protocols #6
7 Security in Application Layer Application security provided by the application + Flexibly controllable by applications Each application has its own custom-tailored security services No synergy between different applications E.G. Kerberos, S/MIME, PGP, GnuPG provide their own implementations Secure application layer protocol E.g., PGP, S/MIME, SMTPs, POPs, IMAPs,... end-to-end connection security directional radio Security - 06 Protocols #7
8 Wireless LAN
9 Wireless LAN Standards Also known as WLAN and WiFi Specifies layer 1&2 (physical & data-link layer) Standards IEEE (1997: 1 / 2 Mbps, 2.4Ghz) IEEE a (1999: max. 54 Mbps, 5 Ghz) IEEE b (1999: 5,5 Mbps and 11 Mbps, 2.4 Ghz) IEEE g (2003: 54 Mbps, 2.4 Ghz) IEEE n (2009: 150 Mbps, 2.4 / 5 GHz) IEEE i (2004, enhanced security) Security - 07 Physical/Data Link Layer #9
10 Infrastructure Mode Access Point (AP) Bridge between wireless and wired networks Composed of Radio interface Wired network interface (usually 802.3) Bridging software Aggregates access for multiple wireless stations to wired network Basic Service Set (BSS) single cell Access Point Station Extended Service Set (ESS) multiple cells Wireless station Security - 07 Physical/Data Link Layer #10
11 Interception Wireless LAN uses radio signals Not limited to physical buildings BSS Signal weakened by Walls, Floors, and Interference Directional antenna allows interception over longer distances Station outside building perimeter Security - 07 Physical/Data Link Layer #11
12 Wardriving Software Netstumbler THC-Wardrive Kismet Wellenreiter VisStumbler inssider Laptop with (optional) GPS for logging MAC address & channel Network name (SSID) Manufacturer Signal strength /noise Location Security - 07 Physical/Data Link Layer #12
13 Wardriving example Security - 07 Physical/Data Link Layer #13
14 Joining a BSS APs send beacons (announce WiFi presence) May include Service Set Identifier (SSID) AP chosen on signal strength and observed error rates Client scans channels Periodically or on weak signal Check for stronger or more reliable APs If one is found, it re-associates with new AP Open System Authentication No authentication or encryption Clients only specify SSID when requesting association Security - 07 Physical/Data Link Layer #14
15 MAC Address locking Access points have Access Control Lists (ACL) ACL is list of allowed MAC addresses E.g. Allow access to: 00:01:42:0E:12:1F 00:01:42:F1:72:AE 00:01:42:4F:E2:01 MAC addresses are sniffable and spoofable ACLs are ineffective security technique Security - 07 Physical/Data Link Layer #15
16 Wireless LANs Wireless LANs Wired Equivalent Privacy (WEP)
17 802.11b Security Services (Wired Equivalence Privacy) Goal: Equivalent security like in LANs LAN security features? Security Features of b Authentication, Confidentiality, and Integrity Wired Equivalence Privacy (WEP) Authentication: Shared Key Key shared by all APs and clients of an ESS b defines no key management strategy Nightmare in large wireless LANs Local Area Network (LAN) Equivalent Privacy Confidentiality: RC4 encryption of data Integrity: Integrity Check Vector wireless network Security - 07 Physical/Data Link Layer #17
18 WEP: Shared Key Authentication Station requests association with Access Point Challenge-Response Scheme Procedure 1. AP sends random number to station 2. Station encrypts random number (using RC4, 40 bit shared key and 24 bit IV) 3. Encrypted random number sent to AP 4. AP decrypts received message (using the same key stream) 5. AP compares decrypted number with transmitted one (Step 1) 6. If numbers match, station knows shared secret key Security - 07 Physical/Data Link Layer #18
19 WEP: Packet Transmission Integrity: compute Integrity Check Vector (ICV) 32 bit Cyclic Redundancy Check appended to message to create plaintext Confidentiality: plaintext encrypted via RC4 Plaintext XORed with key stream of pseudo random bits Key stream is function of 40-bit secret key and 24 bit initialization vector Initialization Vector (IV) PRNG IV Secret key Data 32 bit CRC Cipher text Security - 07 Physical/Data Link Layer #19
20 WEP: Packet Reception Decryption: ciphertext decrypted via RC4 XORed with same key stream as sender Generated from 40-bit secret key + 24 bit IV from packet Key stream differs per packet (if different IV is used) Integrity: Compare received and decrypted ICV with CRC of received data Secret key PRNG Plaintext IV Data CRC Cipher text CRC Compare Security - 07 Physical/Data Link Layer #20
21 WEP: Initialization Vector IV must be different for every message standard doesn t specify how IV is calculated Different implementations used Simple incrementing counter for each message Alternating ascending and descending counters Some use a pseudo random IV generator Can be used for a variety of attacks Security - 07 Physical/Data Link Layer #21
22 WEP: Authentication Weaknesses Attack by extracting a single key stream AP does not check if IV is reused Attack Shared Key Authentication Challenge and response provide plain and ciphertext M 1 C 1 = M 1 M 1 RC4(IV,K) = RC4(IV,K) Attacker gets a valid key stream May be used for authentication and sending encrypted messages Security - 07 Physical/Data Link Layer #22
23 WEP: Authentication Weaknesses No mutual authentication Only client is authenticated APs are not authenticated Allows man-in-the-middle attacks Build and run own AP with same name Client connects to AP with best signal Attacker forwards messages to real AP Security - 07 Physical/Data Link Layer #23
24 WEP: Summary WEP dangerous due to wrong key usage Not because of the algorithm RC4 securely used in SSL/TLS Recommended measures WLAN cannot be trusted WLAN outside the Intranet separated by Firewall Use higher layer Security Protocols to secure communication PPTP, IPSec, SSL, SSH, Security - 07 Physical/Data Link Layer #24
25 Wireless LANs Wireless LANs IEEE i (WPA & WPA2)
26 Overview of i After the collapse of WEP, IEEE started to develop a new security architecture i i novelties compared to WEP Access control model based on 802.1X Flexible authentication framework (using EAP) Authentication based on strong protocols (e.g., TLS) Authentication results in shared session key Different functions (encryption, integrity) use different keys derived from the session key using a one-way function Improved encryption and integrity protection Security - 07 Physical/Data Link Layer #26
27 Overview of i i defines concept of a Robust Security Network (RSN) Integrity protection and encryption based on AES (not RC4 anymore) Good, but requires new hardware no software update of routers possible For immediate security: updates to WEP So-called pre-rsn networks New protocol: Temporal Key Integrity Protocol (TKIP) Encryption based on RC4 but avoids WEP s problems For integrity, a novel scheme is proposed (called Michael) Ugly solution, but runs on old hardware (after software upgrade) Industry names TKIP WPA (WiFi Protected Access) RSN WPA2 Security - 07 Physical/Data Link Layer #27
28 802.11i Security Solutions WEP TKIP (WPA) CCMP (WPA2) Algorithm RC4 RC4 AES Key Length 40 / 104 Bit 128 Bit (enc.) 64 Bit (auth.) 128 bit Initialization 24 Bit IV 48 Bit IV - Vector Integrity Data CRC32 Michael CCM (Counter with CBC-MAC) Header none Michael CCM Replay Protection none IV-Check IV-Check Key Management none i 4-Way- Handshake i 4-Way- Handshake Security - 07 Physical/Data Link Layer #28
29 Wireless LANs Wi-Fi Protected Access (WPA) Temporal Key Integrity Protocol (TKIP)
30 TKIP Runs on old hardware Uses RC4 for encryption with WEP weaknesses corrected Improved message integrity scheme New protection mechanism called Michael Message Integrity Check (MIC) value is added at SDU level before fragmentation into PDUs Implemented in the device driver (in software) Improved confidentiality scheme Per-packet keys to prevent attacks based on weak keys Increases IV length to 48 Bits to prevent IV reuse Use IV as replay counter Security - 07 Physical/Data Link Layer #30
31 TKIP: Overview (High-Level) Message Integrity Protection Payload & MIC Key Generation WEP IV WEP Key WEP Encryption Extended IV Encrypted and authenticated frames Security - 07 Physical/Data Link Layer #31
32 TKIP: Integrity Protection Message 64 Bit Key Source MAC Destination MAC Priority Michael Algorithm Message WEP Frame MIC MIC? MAC? Security - 07 Physical/Data Link Layer #32
33 TKIP: WEP Key Generation Source MAC (32 Bit) WEP Key (128 Bit) Sequence Counter (48 Bit) MSB (32 Bit) LSB (16 Bit) Key Mixing (Phase 1) 80 Bit Key Mixing (Phase 2) High Byte of Counter Fill Byte Low Byte of Counter Packet-specific Key Temporary WEP Key (128 Bit) used for encryption Security - 07 Physical/Data Link Layer #33
34 WEP and TKIP: Encryption (High-Level) Message Payload + WPA-MIC CRC-32 Algorithm Message WEP- ICV RC4 Temporary WEP Key (128 Bit) used for encryption Payload WEP- ICV Encrypted Message Security - 07 Physical/Data Link Layer #34
35 TKIP: Overview (WEP Frame Details) Message Integrity Protection Payload + MIC Key Generation WEP IV WEP Key WEP Encryption WEP-Verschlüsselung IV + EIV MAC Header IV and Key ID EIV Payload MIC WEP ICV FCS Encrypted and authenticated frames Security - 07 Physical/Data Link Layer #35
36 Wireless LANs Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
37 CCMP and WPA2 Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) Standard encryption protocol for use with the WPA2 standard Replaces RC4 stream-cipher with AES block cipher WEP ICV with (CBC-)MAC value based on AES Security - 04 Cryptology #37
38 CCMP and WPA2 Encryption Based on CTR mode (using AES); see chapter on cryptology Encrypts payload and MAC value to protect integrity and confidentiality Not encrypted: Headers of MAC (frame) and CCMP Integrity protection Cipher Block Chaining Message Authentication Code (CBC- MAC) Integrity protection based on CBC-MAC (using AES) See next slide Security - 04 Cryptology #38
39 CBC-MAC: Cipher Block Chaining MAC Uses a block cipher to create a message authentication code (MAC) Plaintext chunk #1 Plaintext chunk #2 Plaintext chunk #3 Initialization Vector (IV) Key Block Cipher Key Block Cipher Key Block Cipher MAC Security - 04 Cryptology #39
40 CCMP: Integrity CBC-MAC computed over MAC header CCMP header Payload Mutable fields are set to zero Input is padded with zeros if length is not multiple of 128 Bits Security - 04 Cryptology #40
41 Wireless LANs Wireless LANs IEEE 802.1X / EAP / PEAP
42 Authentication via IEEE 802.1X Access to resources after successful authentication IEEE 802.1X: EAP over Ethernet/LAN (EAPOL) For details on EAP see chapter on AAA EAP Messages IEEE 802.1X: EAP over Ethernet Arbitrary Protocol Client (Supplicant) Authenticator (e.g., access point) Authentication Server (e.g., RADIUS) Security - 07 Physical/Data Link Layer #42
43 Association and Authentication association happens first Open authentication Provides access to the AP and allows an IP address to be supplied Access beyond the AP is still prohibited AP drops non-eap traffic Authentication conversation between supplicant and authentication server Wireless NIC and AP are pass through devices After authentication, AP allows full traffic Security - 07 Physical/Data Link Layer #43
44 Summary of the Protocol Architecture e.g., EAP-MS-CHAPv2 e.g., PEAP EAP (RFC 3748) EAPOL (802.1X) EAP over RADIUS (RFC 3579) (WiFi) RADIUS protocol (RFC 2865) TCP/IP Client Access Point Authentication Server Security - 07 Physical/Data Link Layer #44
45 802.11, 802.1X, EAP (with CHAP + RADIUS) Supplicant (WiFi Client) association Authenticator (Access Point) Authentication Server EAPOL Start EAP request for identity EAP-response (identity) Access-request EAP-request (challenge) RADIUS-challenge EAP-response (response) RADIUS-access-request EAP-succcess RADIUS-access-accept EAPOW-key (WEP/CCMP) Secure authenticated connection Security - 07 Physical/Data Link Layer #45
46 Result of successful authentication Authenticator and Client negotiate a private unicast key Prevents other associated clients from eavesdropping on the communication Authenticator also provides a broadcast key For broadcast communication amongst all associated clients Shared Broadcast Key Private Unicast Key Private Unicast Key Client AP Client Security - 04 Cryptology #46
47 Example: Eduroam (Germany) Users can roam to university-run Wi-Fis worldwide Authentication by home organization Security - 07 Physical/Data Link Layer #47
48 Example: Eduroam (Germany) Requests are routed to the user s home organization s authentication server Based on realm : username@realm E.g., meier@uni-luebeck.de Authentication Uses a secure PEAP (TLS) tunnel to the server Server provides certificate to avoid man-in-the-middle attacks Authenticate using some EAP-method (e.g., MS-CHAPv2 at Lübeck) Security - 07 Physical/Data Link Layer #48
49 Example: Dennis visits Lübeck 1. Lübeck s RADIUS requests identity Dennis replies with dennis@uniheidelberg.de Lübeck 2. Realm is unknown to RADIUS server Forwards all EAP packets to DFN central RADIUS server 3. Berlin knows mapping <realm, RADIUS server> Forwards packets to Heidelberg Berlin 4. Virtual EAP connection between Dennis computer and Heidelberg RADIUS server Dennis authenticates against this server Server presents certificate to authenticate towards Dennis 5. After authentication, access is granted locally Heidelberg Security - 04 Cryptology #49
50 Visitor from SF comes to Lübeck Lübeck San Francisco New York Berlin Security - 04 Cryptology #50
51 Summary on WiFi Security Security has always been considered important for WiFi Early solution based on WEP seriously flawed New security standard for WiFi: i TKIP (WPA) Uses RC4 runs on old hardware Corrects WEP s flaws Mandatory in WPA, optional in WPA2 CCMP (WPA2) Access control model based on 802.1X and EAP Improved key management Uses AES in CCMP mode (CTR mode and CBC-MAC) Needs new hardware that supports AES Security - 07 Physical/Data Link Layer 51/60
52 Literature War Driving Tools J. Schiller. Mobile Communications. 2. Auflage, Addison-Wesley, 2003 IEEE a/b/g/i Standards. Nikita Borisov, Ian Goldberg, David Wagner. Intercepting mobile communications: the insecurity of MOBICOM 2001, pp Scott R. Fluhrer, Itsik Mantin, Adi Shamir. Weaknesses in the Key Scheduling Algorithm of RC4. Selected Areas in Cryptography 2001: pp1-24. Clint Chaplin, Emily Qi, Henry Ptasinski, Jesse Walker, Sheung Li i Overview. IEEE /0123r1, Februar 2005 The Unofficial Security Web Page Security - 07 Physical/Data Link Layer #52
Wireless security. Any station within range of the RF receives data Two security mechanism
802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationWiFi Security: WEP, WPA, and WPA2
WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationSecurity in IEEE 802.11 WLANs
Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationEVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)
EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationSymm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2
Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security (WS 2003: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control (MAC and physical characteristics
More informationNetwork Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.
Network Security Chapter 15 Security of Wireless Local Area Networks Network Security WS 2002: 15 Wireless LAN Security 1 IEEE 802.11 IEEE 802.11 standardizes medium access control MAC and physical characteristics
More informationCS 356 Lecture 29 Wireless Security. Spring 2013
CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationJournal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN 2067 4074
Issues in WiFi Networks Nicolae TOMAI Faculty of Economic Informatics Department of IT&C Technologies Babes Bolyai Cluj-Napoca University, Romania tomai@econ.ubbcluj.ro Abstract: The paper has four sections.
More informationChapter 2 Wireless Networking Basics
Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).
More informationWhite paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com
White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm
More informationWLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles
WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking
More informationchap18.wireless Network Security
SeoulTech UCS Lab 2015-1 st chap18.wireless Network Security JeongKyu Lee Email: jungkyu21@seoultech.ac.kr Table of Contents 18.1 Wireless Security 18.2 Mobile Device Security 18.3 IEEE 802.11 Wireless
More informationWireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.
Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationAgenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story
Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationLecture 2 Secure Wireless LAN
Lecture 2 Secure Wireless LAN Network security (19265400 / 201000086) Lecturers: Aiko Pras Pieter-Tjerk de Boer Anna Sperotto Ramin Sadre Georgios Karagiannis Acknowledgements Part of the slides are based
More informationHow To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)
Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a
More informationNetzwerksicherheit: Anwendungen
Internet-Technologien (CS262) Netzwerksicherheit: Anwendungen 22. Mai 2015 Christian Tschudin & Thomas Meyer Departement Mathematik und Informatik, Universität Basel Chapter 8 Security in Computer Networks
More informationIntroduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu
Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks
More informationWLAN Access Security Technical White Paper. Issue 02. Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD.
WLAN Access Security Technical White Paper Issue 02 Date 2012-09-24 HUAWEI TECHNOLOGIES CO., LTD. . 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by
More informationCS 336/536 Computer Network Security. Summer Term 2010. Wi-Fi Protected Access (WPA) compiled by Anthony Barnard
CS 336/536 Computer Network Security Summer Term 2010 Wi-Fi Protected Access (WPA) compiled by Anthony Barnard 2 Wi-Fi Protected Access (WPA) These notes, intended to follow the previous handout IEEE802.11
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationYour 802.11 Wireless Network has No Clothes
Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationNetwork security, TKK, Nov 2008 1
Outline Network security: WLAN Security LAN technology Threats against WLANs Weak security mechanisms and WEP 802.1X, WPA, 802.11i Tuomas Aura, Microsoft Research, UK 2 LAN technology LAN (WLAN) standards
More informationLinux Access Point and IPSec Bridge
Tamkang Journal of Science and Engineering, Vol. 6, No. 2, pp. 121-126 (2003) 121 Linux Access Point and IPSec Bridge T. H. Tseng and F. Ye Department of Electrical Engineering Tamkang University Tamsui,
More informationWLAN Security. Giwhan Cho ghcho@dcs.chonbuk.ac.kr. Distributed/Mobile Computing System Lab. Chonbuk National University
WLAN Security Giwhan Cho ghcho@dcs.chonbuk.ac.kr Distributed/Mobile Computing System Lab. Chonbuk National University Content WLAN security overview 802.11i WLAN security components pre-rsn (Robust Security
More informationWireless LANs and Privacy. Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And
Wireless LANs and Privacy Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And Lance Hayden Business Development Manager Cisco Secure Consulting Services Cisco
More informationNetwork Access Security. Lesson 10
Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.
More informationCS5490/6490: Network Security- Lecture Notes - November 9 th 2015
CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter
More informationWireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com
Wireless Security Overview Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance 209-754-9130 ageyer@tunitas.com Ground Setting Three Basics Availability Authenticity Confidentiality Challenge
More informationAll vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices
Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly
More informationThe next generation of knowledge and expertise Wireless Security Basics
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
More informationWIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS
January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are
More informationA DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES
A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES Johanna Janse van Rensburg, Barry Irwin Rhodes University G01j202j7@campus.ru.ac.za, b.irwin@ru.ac.za (083) 944 3924 Computer Science Department, Hamilton
More informationAnalysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal
Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal 1,2 Department of CSE 1,2,3 BRCM Bahal, Bhiwani 1 shenam91@gmail.com, 2 dkamal@brcm.edu.in Abstract This paper
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationHuawei WLAN Authentication and Encryption
Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions
More informationNetwork Security Protocols
Network Security Protocols Information Security (bmevihim100) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)
More informationWireless Local Area Network Security Obscurity Through Security
Wireless Local Area Network Security Obscurity Through Security Abstract Since the deployment of infamous Wired Equivalent Privacy (WEP), IEEE and vendors have developed a number of good security mechanisms
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationWireless Security: Token, WEP, Cellular
Wireless Security: Token, WEP, Cellular 27 May 2015 Lecture 9 Some slides adapted from Jean-Pierre Seifert (TU Berlin) 27 May 2015 SE 425: Communication and Information Security 1 Topics for Today Security
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationVulnerabilities of Wireless Security protocols (WEP and WPA2)
Vulnerabilities of Wireless Security protocols (WEP and WPA2) Vishal Kumkar, Akhil Tiwari, Pawan Tiwari, Ashish Gupta, Seema Shrawne Abstract - Wirelesses Local Area Networks (WLANs) have become more prevalent
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationHow To Secure Wireless Networks
Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements
More informationACC-232 2002, Cisco Systems, Inc. All rights reserved.
1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationSecurity in Wireless and Mobile Networks
Security in Wireless and Mobile Networks 1 Introduction This is a vast and active field, a course by itself Many references on wireless security A good book on wireless cooperation: Thwarting Malicious
More informationWireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA
Wireless Networking Basics NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA n/a October 2005 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks
More informationUNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security
UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationConfigure WorkGroup Bridge on the WAP131 Access Point
Article ID: 5036 Configure WorkGroup Bridge on the WAP131 Access Point Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationState of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture
State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description
More informationIEEE 802.11 Wireless LAN Security Overview
138 IEEE 802.11 Wireless LAN Security Overview Ahmed M. Al Naamany, Ali Al Shidhani, Hadj Bourdoucen Department of Electrical and Computer Engineering Sultan Qaboos University, Oman. Summary Wireless Local
More informationPwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure
PwC Outline Wireless LAN Security: Attacks and Countermeasures 1. Introduction 2. Problems with 802.11 security 3. Attacks on and risks to Wireless Networks 4. Defending wireless networks ISACA Hong Kong
More informationTable of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example
Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationLecture 3. WPA and 802.11i
Lecture 3 WPA and 802.11i Lecture 3 WPA and 802.11i 1. Basic principles of 802.11i and WPA 2. IEEE 802.1X 3. Extensible Authentication Protocol 4. RADIUS 5. Efficient Handover Authentication 1 Lecture
More informationCOMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)
COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) Disha Baba Banda Singh Bahadur Engineering College Fatehgarh Sahib, Punjab Sukhwinder Sharma Baba Banda Singh Bahadur Engineering College Fatehgarh
More informationWireless Technology Seminar
Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available
More informationCSC574: Computer and Network Security
CSC574: Computer and Network Security Lecture 21 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr) Wireless Security Wireless makes network security much more difficult Wired: If Alice
More informationWLAN and IEEE 802.11 Security
WLAN and IEEE 802.11 Security Agenda Intro to WLAN Security mechanisms in IEEE 802.11 Attacks on 802.11 Summary Wireless LAN Technologies WLAN technologies are becoming increasingly popular, and promise
More informationWireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)
Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights
More informationProCurve Wireless LAN Security
ProCurve Wireless LAN Security Fundamentals Guide Technical Training Version 8.21 Contents ProCurve Wireless LAN Security Fundamentals Introduction... 1 Objectives... 1 Discussion Topics... 2 Authentication
More informationWireless LAN Security I: WEP Overview and Tools
Wireless LAN Security I: WEP Overview and Tools Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-09/
More informationBasic Security. Security Service. Authentication. Privacy. Authentication. Data privacy & Data integrity
ITEC4620 Wireless and Mobile Communication Networks D803(12.30-15.30(Sat)) ดร. ประว ทย ช มช ว ศวกรรมสารสนเทศและการส อสาร Email: prawit@mut.ac.th ห องท างาน: F402 เบอร โทรศ พท ท ท างาน: (02)9883655 ต อ
More informationThe Importance of Wireless Security
The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be
More informationWI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK
IMPACT: International Journal of Research in Engineering & Technology (IMPACT: IJRET) ISSN(E): 2321-8843; ISSN(P): 2347-4599 Vol. 3, Issue 5, May 2015, 23-30 Impact Journals WI-FI SECURITY: A LITERATURE
More informationConfiguring Security Solutions
CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 roadmap 1 What is network security? 2 Principles of cryptography 3 Message integrity, authentication
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationAuthentication and Security in IP based Multi Hop Networks
7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationIT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)
IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) ! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationDeveloping Network Security Strategies
NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network
More informationA COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)
A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) Vipin Poddar Suresh Gyan Vihar School of Engginering And Technology, Jaipur, Rajasthan. Hitesh Choudhary, Poornima University, Jaipur,
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More information