All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices



Similar documents
12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

CS 356 Lecture 29 Wireless Security. Spring 2013

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

How To Secure Wireless Networks

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

The next generation of knowledge and expertise Wireless Security Basics

The following chart provides the breakdown of exam as to the weight of each section of the exam.

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Wireless Networks. Welcome to Wireless

Recommended Wireless Local Area Network Architecture

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

chap18.wireless Network Security

CS549: Cryptography and Network Security

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

m-trilogix White Paper on Security in Wireless Networks

Link Layer and Network Layer Security for Wireless Networks

Security in Ad Hoc Network

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Security in Wireless Local Area Network

Link Layer and Network Layer Security for Wireless Networks

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Configuring Security Solutions

Wireless security. Any station within range of the RF receives data Two security mechanism

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

WIRELESS SECURITY IN (WI-FI ) NETWORKS

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

Network Access Security. Lesson 10

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

Chapter 6 CDMA/802.11i

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Wireless Security for Mobile Computers

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Wireless Technology Seminar

Chapter 2 Wireless Networking Basics

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

HANDBOOK 8 NETWORK SECURITY Version 1.0

Certified Wireless Security Professional (CWSP) Course Overview

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Topics in Network Security

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

Wireless Encryption Protection

Mobile Adhoc Network(MANETS) : Proposed solution to Security Related Issues

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Security in IEEE WLANs

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

How To Protect A Wireless Lan From A Rogue Access Point

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Security in Wireless and Mobile Networks

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

The Importance of Wireless Security

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Computer Networks. Secure Systems

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Industrial Communication. Securing Industrial Wireless

Wi-Fi Client Device Security and Compliance with PCI DSS

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Authentication in WLAN

Wireless Security with Cyberoam

hacking protocol insecurities

SIMULATION STUDY OF BLACKHOLE ATTACK IN THE MOBILE AD HOC NETWORKS

WLAN and IEEE Security

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

WIRELESS NETWORKING SECURITY

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

ANALYSIS OF SECURITY PROTOCOLS FOR WIRELESS NETWORKS

Security in Wireless Mesh Networks

Your Wireless Network has No Clothes

Particularities of security design for wireless networks in small and medium business (SMB)

WLAN Security Why Your Firewall, VPN, and IEEE i Aren t Enough to Protect Your Network

What would you like to protect?

Wireless LAN Security: Securing Your Access Point

Transcription:

Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly encrypted communication Wireless medium is open, unauthorized users can get around firewalls Rogue APs Denial of service Ex: Jamming channel 56

Problems with WEP Revisited IVs are short 24-bit IVs cause the generated key stream to repeat Repetition allows easy decryption of data for a moderately sophisticated adversary Cryptographic keys are shared As the number of people sharing the key grows, the security risks also grow RC4 has a weak key schedule and is inappropriately used in WEP Weakness in the first few bits in RC4 schedule RC4 schedule is restarted for every packet Packet integrity is low CRC and other linear block codes are inadequate for providing cryptographic integrity No user authentication Client does not authenticate AP Anyone can pretend to be an AP Device authentication is simple shared-key challenge-response Shared-key challenge response is subject to man-in-the-middle attack 57

An Illustration of Man-in-the-middle attack Authorization Request Generate a random # Encrypt Challenge using RC4 algo Challenge Response Confirm Success Decrypt response and verify 58

An Illustration of Man-in-the-middle attack Authorization Request 2 Authorization Request 1 Challenge 1 Generate a random # Challenge 1 Authorization Request 2 Challenge 2 Response Response Confirm Success 59

Counter-measurements in WLAN MAC Access Control (ACL) Grant or deny a list of NIC addresses However, MAC addresses are transmitted clear-text and can be spoofed Set up ACL can be cumbersome for medium to large networks Wireless Protected Access (WPA) IEEE 802.1X port access control Stop intruders from sending traffic through the access point into adjacent networks Use Extensible Authentication Protocol (EAP) TKIP (temporal key integrity protocol) Add a per-packet key mixing function to de-correlate the public initialization vectors (IVs) from weak keys Re-keying with fresh encryption and integrity keys every 1000 packets TKIP utilizes RC4 with 128-bit keys for encryption and 64-bit keys for authentication. Now replaced by RSN (Robust Security Network) which use AES block cipher 60

AP acts as a middle man RADIUS: authorization server EAPOW 4-way hanshake can be used to exchange shared-key (for session) 61

Counter-measurements (cont d) Personal firewall Virtual private network (VPN) Corporate intranet, e.g., access UH resource using VPN 62

VPN (cont d) Secured tunnel built on IPsec (layer 3) Access control: Wireless networks on campus Enterprise Network Firewall RADIUS Server 63

An Example Home Wireless Network 00:1C:58:23:BD:9A DSL Modem Wireless Router Enable WEP MAC ACL Firewall 64

66

67

68

A Real Life Example Screen shot from Radisson Bahia Mar (Fort Lauderdale) 69

Security Issues in MANET MANETs inherently assume cooperation and thus are subject to security attack by design Ex: DSR routing uses cached routes Security problems Availability RF jamming sleep deprivation torture Inject false routing information or simply drop packets Integrity Data integrity Device integrity: how do you know your thermometer is telling the truth? Authenticity Absence of online server Secure transient association Confidentiality These problems are aggravated by the fact that many devices, e.g., a thermometer is incapable of performing cryptographic operations by itself 70

An Example Attack in DSR Backhole: A wants to communicate with D. Node A Node B Intruder Node C Node D Node A will broadcast a message asking the better path to reach the node D. The best path is chosen depending on the metric of the different routes If an intruder replies with the shortest path, it inserts itself in the network Node can drop any packet forwarded to him 71

Counter-attack to blackhole Passively acknowledge Node A Node B Data 1 Data 1 Intruder Node C Node D 72

A Secured MANET Routing Protocol Nodes need to be authenticated Source, destination, relay nodes How? Shared-key or public key But how to establish keys? key management is a hard problem Route message content needs to be protected Some are dynamically updated each hop Some are static Integrity of data messages Example: hash chain for AODV to ensure hop count field Source RREP (seed, H TTL (seed), H) Intermediate node, kth hop, (H k, H TTL (seed), H) 73

Further Reading http://csrc.nist.gov/publications/nistpubs/800-48/nist_sp_800-48.pdf 74

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information