WLAN security. Contents

Similar documents
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Wireless security. Any station within range of the RF receives data Two security mechanism

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

CS549: Cryptography and Network Security

Chapter 6 CDMA/802.11i

Security in IEEE WLANs

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Authentication in WLAN

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

CSC574: Computer and Network Security

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Wireless Networks. Welcome to Wireless

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Chapter 2 Wireless Networking Basics

Wireless LAN Security Mechanisms

CS 356 Lecture 29 Wireless Security. Spring 2013

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

ProCurve Wireless LAN Security

Wireless LAN Security I: WEP Overview and Tools

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

Wireless Security for Mobile Computers

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

WI-FI SECURITY: A LITERATURE REVIEW OF SECURITY IN WIRELESS NETWORK

Configure WorkGroup Bridge on the WAP131 Access Point

Certified Wireless Security Professional (CWSP) Course Overview

The next generation of knowledge and expertise Wireless Security Basics

Lecture 3. WPA and i

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Wireless Technology Seminar

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Cipher Suites and WEP

Wi-Fi Client Device Security and Compliance with PCI DSS

Nokia E90 Communicator Using WLAN

Advanced Security Issues in Wireless Networks

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

WIRELESS SECURITY IN (WI-FI ) NETWORKS

ACC , Cisco Systems, Inc. All rights reserved.

Optimizing Converged Cisco Networks (ONT)

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

IEEE Wireless LAN Security Overview

WLAN Security. Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

Distributed Systems Security

Wireless Local Area Network Security Obscurity Through Security

WPA Migration Mode: WEP is back to haunt you...

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Lecture 2 Secure Wireless LAN

How To Secure Wireless Networks

Huawei WLAN Authentication and Encryption

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

WIRELESS NETWORKING SECURITY

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

Tutorial 3. June 8, 2015

WLAN Authentication and Data Privacy

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

WiFi Security: WEP, WPA, and WPA2

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

Recommended Wireless Local Area Network Architecture

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Vulnerabilities in WEP Christopher Hoffman Cryptography

Burglarproof WEP Protocol on Wireless Infrastructure

Security in Wireless Local Area Network

9 Simple steps to secure your Wi-Fi Network.

IEEE 802.1X For Wireless LANs

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Computer Networks. Secure Systems

Security in Wireless and Mobile Networks

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

A Comprehensive Review of Wireless LAN Security and the Cisco Wireless Security Suite

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

Developing Network Security Strategies

Basic Security. Security Service. Authentication. Privacy. Authentication. Data privacy & Data integrity

Configuring Security Solutions

WIRELESS NETWORK SECURITY

The Importance of Wireless Security

2. WLAN SECURITY MECHANISMS AND PROTOCOLS 1. INTRODUCTION

chap18.wireless Network Security

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.

Network Security Protocols

How To Get A Power Station To Work With A Power Generator Without A Substation

How To Secure A Wireless Network With A Wireless Device (Mb8000)

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Analyzing Wireless LAN Security Overhead

Transcription:

Contents WEP (Wired Equivalent Privacy) No key management Authentication methods Encryption and integrity checking WPA (WiFi Protected Access) IEEE 802.1X authentication framework Practical example using SSL/TLS SIM/AuC authentication S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

WLAN security solutions 1. Wired Equivalent Privacy (WEP): Part of the original 802.11 standard. No key management, also several other weaknesses. 2. WiFi Protected Access (WPA): Interim solution offers key management using the 802.1X authentication framework, plus improved encryption and integrity checking. 3. IEEE 802.11i (WPA2): Same as WPA, except improved encryption (AES). S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 2

WLAN security using WEP IEEE 802.11 specifies as an option usage of WEP which can take care of the following security mechanisms: Authentication ("shared key" user authentication) Confidentiality (RC4 stream cipher encryption) Integrity checking (CRC-32 integrity mechanism) No key management No protection against replay attacks S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 3

No key management in WEP Key A Key A Key A AP Key A No key management in WEP every wireless station and AP has the same "preshared" key that is used during authentication and encryption. This key is distributed manually (=> insufficient for enterprise applications). S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 4

Problems with preshared keys Manual key management is not very flexible Same key for everybody: In a large network, users may wish to have independent secure connections. Just a single non-honest WLAN user can break the security. Static key: Since it is relatively easy to crack WEP encryption in a reasonably short time, the keys should be changed often, but the preshared key concept does not support this. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 5

WLAN authentication methods 1. 2. 3. 4. 5. 6. Open system authentication (specified in WEP) actually no authentication at all Shared key authentication (specified in WEP) weak due to non-existing key management Authentication using SSID of AP MAC address filtering IEEE 802.1X authentication (specified in WPA) SIM/AuC authentication (in operator-based network) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 6

Open system authentication 1: MAC address 2: Status code AP Status codes are defined in IEEE 802.11 Status code 0 1 : 15 : Meaning Successful Unspecified failure : Authentication rejected (cause x) : S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 7

Shared-key authentication WEP Encryption 1: MAC address 2: Challenge text (128 octets, clear) 3: Response text (WEP encrypted) 4: Status code Authentication successful / failure AP Authentication is successful, if WEP decryption gives original challenge text S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 8

Authentication using SSID of AP Probe request message transmitted from WS includes SSID of AP AP Access ok SSID = Service Set Identifier Not very secure: SSID is transmitted unencrypted over the wireless network and can be easily captured by an attacker. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 9

MAC address filtering MAC address 2 Access ok Not very secure: Attacker can read MAC address of a wireless station attached to the WLAN and replace own MAC address with this stolen MAC address. AP Accepted MAC addresses: MAC address 1 MAC address 2 MAC address 3 MAC address 4 : S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 10

WEP encryption WEP encryption is based on the RC4 stream cipher. First the preshared key (40 bits) is combined with a 24 bit initialization vector (IV) that should change from packet to packet (WEP does not specify how to select the IV). The combined key (preshared key + IV) is fed to the RC4 algorithm that generates a continuous keystream. The plaintext information (+ ICV, see future slide) is bitwise combined with the keystream by employing the XOR operation, thus producing the encrypted information. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 11

WEP encryption and decryption Preshared key (40 bits) + Init. vector (24 bits) RC4 RC4 algorithm RC4 RC4 algorithm Preshared key (40 bits) + Init. vector (24 bits) RC4 keystream RC4 keystream Plaintext information Transmitter Encrypted information Receiver Plaintext information S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 12

Standard solution: WEP key lengths 40 bit key 24 bit IV Enhanced solution: 104 bit key 24 bit IV Initialisation vector (IV) is sent unencrypted over the wireless interface to the receiving end. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 13

WEP integrity check Integrity checking prevents man-in-the-middle attacks: Tx Information Rogue station Altered information Rx Integrity check is implemented in WEP by appending an integrity check value (ICV) bit sequence after the plaintext information before encryption at the transmitter. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 14

WEP integrity check Plaintext information Integrity algorithm Transmitter Integrity check value (ICV) Plaintext information ICV WEP encryption WEP decryption Plaintext information ICV Receiver Integrity algorithm ICV Integrity ok if ICV = ICV S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 15

WEP operation: transmitter 40 bit WEP key 24 bit initialisation vector (IV) RC4 algorithm ICV Plaintext information Integrity algorithm MAC header IV header Encrypted payload ICV FCS WEP encryption S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 16

WEP operation: receiver 40 bit WEP key 24 bit initialisation vector (IV) RC4 algorithm Plaintext information Integrity algorithm ICV ICV ICV ICV = ICV? ICV? MAC header IV header Encrypted payload ICV FCS WEP encrypted S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 17

WEP summary Security measure Key management Authentication Encryption Integrity protection Replay attacks Features WEP does not support key management Shared key authentication RC4 stream cipher, 40 bit key length is rather weak Rather weak in WEP No protection. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 18

WLAN security using WPA WPA is basically a pre-standard version of IEEE 802.11i as accepted by the WiFi alliance. WPA offers: Key management (using the 802.1X framework, it is also possible to use preshared keys) Authentication (using the 802.1X framework) Confidentiality (TKIP encryption) Integrity checking ("Michael" protocol) Protection against replay attacks. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 19

Temporal Key Integrity Protocol (TKIP) TKIP encryption is also based on the RC4 stream cipher, just like WEP encryption, with the following differences: The length of the initialization vector is 48 bit (instead of 24 bit in WEP) TKIP uses 104-bit per-packet keys, derived from a master secret and different for each packet (instead of a 40-bit or 104-bit static preshared key in WEP). Note that AES (Advanced Encryption Standard) encryption used in IEEE 802.16i is significantly different. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 20

IEEE 802.1X authentication framework The 802.1X authentication framework protects wired and wireless networks from unauthorised use in open environments (such as university campus). 802.1X uses EAP (Extensible Authentication Protocol) to handle authentication requests. As the name implies, EAP is extensible and therefore should be future proof. 802.1X also uses RADIUS (Remote Authentication Dialin User Service) for handling secure signalling between AP and authentication server. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 21

802.1X architecture 802.1X defines three network entities: Supplicant (the wireless client in the wireless station), authenticator (in a WLAN usually the AP) and authentication server (containing user-related authentication information). EAP over LAN (EAPoL) RADIUS AS Supplicant Authenticator Authentication server (AS) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 22

802.1X authentication procedure (1) With 802.1X, authentication occurs after association. However, prior to successful authentication, a wireless client is only allowed access to the AS. All other traffic is blocked at the AP. Other network resources Wireless client AP AS S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 23

802.1X authentication procedure (2) After successful authentication, the wireless client is granted access to other network resources by the AP. Other network resources Wireless client AP AS S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 24

802.1X authentication procedure (3) The authenticator (AP) can also perform authentication based on MAC address filtering (for preventing denialof-service = DoS attacks) before starting the 802.1X authentication. Sorry, MAC address not acceptable Other network resources Wireless client AP AS S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 25

Example: EAP-TLS As an example, SSL/TLS is one of the various options defined to be used over EAP. The next two slides show how the SSL/TLS handshake sequence is embedded into a corresponding EAP sequence. (The RADIUS part of the signalling is not shown.) EAP-TLS RADIUS Wireless client AP AS S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 26

Basic SSL/TLS handshake sequence Client 1. Supported security algorithms Server 2. Chosen security algorithms + certificate 3. Encrypted pre-master secret Compute keys 4. and 5. MAC of handshake messages Compute keys Secure data transport S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 27

EAP-TLS signalling sequence WS EAP request: ID EAP response: ID EAP request: TLS start EAP response: TLS client hello (1) EAP request: TLS server hello (2) EAP response: Key + MAC info (3 and 4) EAP request: MAC info (5) EAP response: Null data AP S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 28

Authentication in operator-based network 802.11 networks offer new possibilities when the wireless station includes a SIM (Subscriber Identity Module) that is provided by a certain network operator / service provider. SIM Through the SIM, operators can offer WLAN users added value applications such as secure authentication, nationwide or worldwide roaming, and usertailored charging solutions. Let us next see how SIM-based authentication works. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 29

SIM/AuC authentication (1) SIM/AuC authentication is based on storing a user-specific authentication key in two safe places: the authentication center (safely stored in the operator s premises) and the SIM in the user terminal. SIM Network Authentication Center (AuC) (AuC) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 30

SIM/AuC authentication (2) SIM/AuC authentication uses the challenge - response method. A challenge is sent to the SIM, where it is encrypted using the authentication key, and the result (response) is returned to the network (e.g. the AP). SIM Challenge Response Authentication Center (AuC) (AuC) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 31

SIM/AuC authentication (3) The challenge is also encrypted in the AuC using the same authentication key, and the result (which should be identical to the response from the SIM) is sent to the network (e.g. the AP). SIM Challenge Response Result Authentication Center (AuC) (AuC) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 32

SIM/AuC authentication (4) If the result is the same, authentication was successful. SIM Challenge Response Result Authentication Center (AuC) (AuC) Same result => authentication successful Different result => either the authentication key or encryption algorithm was different in SIM and AuC S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 33

SIM/AuC authentication (5) The high security of this scheme is based on two facts: 1. The authentication key stored in the SIM can never be read from the SIM. The encryption algorithm is also running inside the SIM. SIM Authentication Center (AuC) (AuC) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 34

SIM/AuC authentication (6) The high security of this scheme is based on two facts: 2. The authentication key is never removed from the AuC and the algorithm is running in the AuC. As long as there is no access to the AuC, security is assured. SIM Authentication Center (AuC) (AuC) S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 35

Operator services If operators want to offer new services or applications, distribution of SIM cards is not the only issue they must consider. In order to implement the services, various network resources must also be implemented (like AuC in the previous example). Obviously, all this is not without cost, so there must be some way of charging subscribers (again requiring new network elements => charging center, etc.) for the services. Future will tell if operator services will ever be successful as far as 802.11 networks are concerned. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 36

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information