1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.

Similar documents
CS 356 Lecture 29 Wireless Security. Spring 2013

Chapter 6 CDMA/802.11i

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

WLAN w Technology

chap18.wireless Network Security

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Wireless security. Any station within range of the RF receives data Two security mechanism

Attacks Due to Flaw of Protocols Used In Network Access Control (NAC), Their Solutions and Issues: A Survey

IEEE Wireless LAN Security Overview

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

Ting Ma,Yee Hui Lee and Maode Ma

Authentication in WLAN

Wireless Pre-Shared Key Cracking (WPA, WPA2)

ANALYSIS OF SECURITY PROTOCOLS FOR WIRELESS NETWORKS

MAC Layer Key Hierarchies and Establishment Procedures

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Security Awareness. Wireless Network Security

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Recommended Wireless Local Area Network Architecture

Technical Brief. Wireless Intrusion Protection

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

How To Secure Wireless Networks

IEEE 802.1X For Wireless LANs

WiFi Security Assessments

Client Server Registration Protocol

WIRELESS SECURITY TOOLS

Hole196 Vulnerability in WPA2

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Link Layer and Network Layer Security for Wireless Networks

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

Your Wireless Network has No Clothes

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

CS5008: Internet Computing

International Journal of Recent Trends in Electrical & Electronics Engg., Feb IJRTE ISSN:

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

An Overview of ZigBee Networks

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Security in IEEE WLANs

Wireless Sensor Networks Chapter 14: Security in WSNs

Methodology: Security plan for wireless networks. By: Stephen Blair Mandeville A. Summary

Wireless Security: Secure and Public Networks Kory Kirk

Network security, TKK, Nov

Wireless Networks. Welcome to Wireless

An Experimental Study Analysis of Security Attacks at IEEE Wireless Local Area Network

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Network Security Protocols

Bit Chat: A Peer-to-Peer Instant Messenger

WLAN Security. Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University

Efficient nonce-based authentication scheme for Session Initiation Protocol

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Efficient Nonce-based Authentication Scheme for. session initiation protocol

Certified Wireless Security Professional (CWSP) Course Overview

New Avatars of Honeypot Attacks on WiFi Networks

CSC574: Computer and Network Security

Wireless LAN Security Threats & Vulnerabilities: A Literature Review

CS549: Cryptography and Network Security

PREVENTING WIRELESS LAN DENIAL OF SERVICE ATTACKS

Lecture 3. WPA and i

Security Analysis on Wireless LAN protocols

SPINS: Security Protocols for Sensor Networks

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

1. a. Define the properties of a one-way hash function. (6 marks)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Lab 7. Answer. Figure 1

Legacy Security

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

Link Layer and Network Layer Security for Wireless Networks

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Security Requirements for Wireless Networks and their Satisfaction in IEEE b and Bluetooth

Vulnerabilità dei protocolli SSL/TLS

TLS/SSL in distributed systems. Eugen Babinciuc

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

SCTP-Sec: A secure Transmission Control Protocol

SENSE Security overview 2014

Building secure wireless access point based on certificate authentication and firewall captive portal

Wireless Local Area Network Security Obscurity Through Security

Transcription:

1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6. secure data communication.

The access point periodically advertise its IEEE 802.11i security policy in a certain channel through the Beacon frame. Station passively monitors the Beacon frame and uses the frame to identify the access point.

The station selects one access point from the list of available access points and attempts to authentication and associate with that access point. However, this authentication requires to be supplemented by further mutual authentication.

The station and the authentication server perform mutual authentication and thus some common secret (i.e. PMK) is generated between the station and the authentication server. This step does not exist if a static PSK is preinstalled over the station and the access point.

The station and the access point utilize a handshake scheme to confirm the existence of the PMK verify the selection of the cipher suite and derive a Fresh PTK. PTK is shared between the station and the access point.

Due to the requirement of multicast applications, the access point is able to generate and distribute a fresh GTK to the stations.

By using PTK or GTK, the station and the access point construct a secret transmission channel and thus accomplish robust data confidentiality.

1. Vulnerability to Insider Attack 2. Vulnerability to Offline Guessing Attack 3. No Protection for Management Frames 4. No Protection for Null Data Frames 5. No Protection for EAPOL Frames 6. Denial-of-Service Attack

A great number of vendors adopt a single PSK for every station. An insider adversary is able to easily sniff and store all the messages generated at the 4-way-handshake stage. The adversary can use the shared PSK and first two handshake messages, including the MAC address and the nonces of the station and access point, through a Pseudo Random Function to derive the fresh PTK.

An adversary is capable to guess the PSK by capturing and analyzing 4-wayhandshake messages. The adversary extracts MAC addresses, nonce, the MIC, SN and payload (msg1,2,3,4). Due to the fact that MIC is calculated by using PTK to encrypt nonce, SN and message payload, the attacker is able to use authentication message copies, guess and verify the PTK in an offline environment.

802.11 management frames are always transmitted in an unsecured manner. Based on this drawback, a prodigious amount of attacks are launched such as DoS attack, masquerading attack and MitM attack, etc. An adversary can simply conduct a DoS attack either by flooding abundant management frames or transmitting forged management frames (such as deauthentication and disassociation) to deny service to legitimate users.

contains an empty frame body, to carry special control information to another station. An adversary can send forged null data frames to steal buffered frames. Furthermore, an adversary can update the NAV field in a null data frame and thus mislead stations cannot gain access to the channel.

During the authentication procdure, all the EAPOL frames are out of protection since a RSNA has not been established. An adversary can passively eavesdrop and cache sensitive traffic (eg. access account). An adversary injects either a forged EAPOLlogoff frame to force a legitimate station out of service, or a forged EAPOL-failure frame to disconnect a station from an existing session. In addition, adversaries are able to spoof a station to disconnect from an authentication session by sending a premature EAPOL-success frame

There is another potential security issue at the 4-way-handshake stage. The first handshake message does not involve MIC filed to accomplish integrity protection. Therefore, an adversary can flood forged initialized messages and thus derive inconsistent keys between the station and access point.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information