CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Similar documents
Chapter 6 CDMA/802.11i

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

How To Secure Wireless Networks

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

chap18.wireless Network Security

Security in Wireless and Mobile Networks

Link Layer and Network Layer Security for Wireless Networks

Wireless Networks. Welcome to Wireless

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

CS 356 Lecture 29 Wireless Security. Spring 2013

CS549: Cryptography and Network Security

Wireless Security with Cyberoam

Wireless Encryption Protection

The next generation of knowledge and expertise Wireless Security Basics

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Authentication in WLAN

Security in IEEE WLANs

Security Awareness. Wireless Network Security

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

The Basics of Wireless Local Area Networks

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story


Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

Link Layer and Network Layer Security for Wireless Networks

Security vulnerabilities in the Internet and possible solutions

Wireless security. Any station within range of the RF receives data Two security mechanism

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

WiFi Security: WEP, WPA, and WPA2

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Security in Wireless Local Area Network

Chapter 2 Configuring Your Wireless Network and Security Settings

Yahoo Attack. Is DDoS a Real Problem?

Certified Wireless Security Professional (CWSP) Course Overview

Firewalls and Intrusion Detection

Wireless Technology Seminar

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Key Management (Distribution and Certification) (1)

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Recommended Wireless Local Area Network Architecture

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

CS5008: Internet Computing

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

Computer Networks. Secure Systems

Vulnerabilities in WEP Christopher Hoffman Cryptography

Network Access Security. Lesson 10

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Security Protocols

DOS ATTACKS IN INTRUSION DETECTION AND INHIBITION TECHNOLOGY FOR WIRELESS COMPUTER NETWORK

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Wireless security (WEP) b Overview

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

Wireless Network Standard and Guidelines

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

Netzwerksicherheit: Anwendungen

Safeguards Against Denial of Service Attacks for IP Phones

Cryptography and Network Security

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

A S B

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

WIRELESS NETWORKING SECURITY

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

How To Analyze The Security On An Ipa Wireless Sensor Network

Configuring Security Solutions

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

IEEE Wireless LAN Security Overview

Topics in Network Security

m-trilogix White Paper on Security in Wireless Networks

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Wireless Local Area. Network Security

XIV. Title. 2.1 Schematics of the WEP Encryption in WEP technique Decryption in WEP technique Process of TKIP 25

WLAN Security Networking with Confidence

WiFi Security Assessments

TECHNICAL NOTE REFERENCE DOCUMENT. Improving Security for Axis Products. Created: 4 October Last updated: 11 October Rev: 1.

CSE331: Introduction to Networks and Security. Lecture 6 Fall 2006

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Methodology: Security plan for wireless networks. By: Stephen Blair Mandeville A. Summary

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Fortigate Features & Demo

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Lecture 3. WPA and i

Huawei WLAN Authentication and Encryption

Firewalls. Ahmad Almulhem March 10, 2012

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Lecture 2 Secure Wireless LAN

Transcription:

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter 1. This chapter also contains a good description of cellular network security.) Issues: - Concerned with security at the link layer. - Easier eavesdropping someone can set up an antenna at the right location and listen to the wireless communication - Easier impersonation untethered access (unlike wired networks) - Protect spectrum/network from unauthorized use The diagram below shows the WEP method that was widely used in the early 2000. In this diagram a link layer frame (containing data and cyclic redundancy check) is encrypted and sent over the wireless link from a mobile station (STA) to an access point (AP).

A property of CRC (Cyclic Redundancy Check): crc(x xor y) = crc(x) xor crc(y) Consider transmitting message M after encrypting it with the key bytes from the RC4 random number generator. A network header has a checksum field so that if the checksum is correct then it means that the header as well as the payload hasn t been corrupted. If the checksum is wrong, then some bits have been changed. Cyclic redundancy check (CRC) is a better checksum method than a simple parity check. Consider an attacker than wishes to change the integrity of the message. The attacker needs to xor [dm crc(dm)] to the original message [M crc(m)] to change the encrypted message M, to (M xor dm) with the correct crc. This is shown as follows: [M crc(m)] xor K xor [dm crc(dm)] can be written as [M crc(m)] xor K xor [dm crc(dm)] The above can be written as: (this is just a reordering of the terms) (M xor dm) [crc(m) xor crc(dm)] xor K Now, using the property crc(x xor y) = crc(x) xor crc(y), crc(m) xor crc(dm) = crc(m xor dm), which is (M xor dm) crc(m xor dm) K Thus someone can change the message, and the CRC is still correct. Another problem: IV is only 24 bits long. This means that you expect the IV to repeat after 2^24 (16 million) possible numbers (worst case). Every encrypted WIFI message uses a new IV. If there is a known m_i, and known c_i, then you know k_i = m_i xor c_i. Now that you know k_i, and the next time that the same IV is used, you can reuse this k_i and figure out the message. Numerical example: 54 Mbps channel, 1 kb packet that you want to encrypt, 16 million possible IV how much time before there is a repeated IV in the worst case? - about 2400 seconds Authentication:

There is a serious problem with this If you snoop R, then you can figure out K by xoring R and c. Summary: Three problems - Poor authentication, IV repeats, and you can change the message and have it integrity protected. IEEE 802.11i - to fix the flaws of WEP -called Robust Security Network (RSN) -use AES instead of RC4 -change the authentication mechanism Problem with transition, there was hardware that was specific to RC4, so it would be difficult to move quickly from one type of hardware to another. What they did was to keep RC4 for a while, and go ahead with changing the authentication mechanism. Optional protocol called Temporal Key Integrity Protocol (TKIP) - immediately adopted by manufactures - this is called WiFi Protected Access (WPA) - temporary standard The final standard is WPA2, which is the same as RSN. The difference between WPA and WPA2 is that RC4 was replaced with AES. The authentication mechanism of WPA2 is based on the IEEE 802.1X standard (which was designed for security in wired LANs). The STA and the Authentication server (AS) mutually authenticate each other using TLS-like protocol. The STA and the AS derive a PMK (pair-wise master key). The AS sends the PMK to the AP using a long-term secret between the AP and the AS. The AP and the STA then ensure that they have the PMK and use the PMK to derive session keys. Public WiFi: Access points route every packet to a special gateway called hotspot controller. The hotspot controller allows only http request to a special page. If the username & password are entered successfully (after possibly paying using a credit card and setting up an account), the IP address is inserted in a white list and packets from this IP address are allowed by the hotspot controller. DoS (Denial-of-service) attacks Reference book: Internet Denial of Service, Attack and Defense Mechanisms, by Jelena Mirkovich et al. Prentice Hall. DoS attack: Ø The goal isn t access or theft of information or services. Ø The goal is to stop the service from operating

To deny service to legitimate users Usually a temporary phenomenon Simple DoS attack Ø One machine overloads another Ø Attack machine must be more powerful Ø Sometimes generating a request is much cheaper than formulating a response (a weaker machine can become relatively powerful ). DDoS (distributed denial-of-service attack): More Complex than DoS and harder to solve see figure below: First recruit, exploit, infect nodes Send attack commands Generate attack traffics Who is vulnerable? Ø Everyone connected to the Internet Challenges: Ø Securing one s own machine is not enough. It is not necessarily your vulnerabilities but that of everyone else. Ø A firewall cannot help much because (i) it can be penetrated or itself be attacked. Ø The use of a VPN can actually make things worse (decryption will consume even more resources). Ø There is no limit to attackers resources so over- provisioning might not help. Attacker Master Agent Why do we have DoS attacks? natural consequence of the way the Internet is designed

o routers forward packets based on destination addresses, do not maintain any state o routers enforce no security, authentication etc. send lots of traffic to lots of places o DoS: send lots of traffic to one place no attempt to correlate traffic or perform sophisticated analysis, every packet treated individually and looks proper in the Internet first come first serve attacker gets there first and uses the resources TCP backoff Why don t people prevent their machines from becoming agents? DDoS attacks, typically, do not harm attack agents even if they do, people don t care or don t know altruism has not proven to be compelling argument for network security No accountability no method for assigning proper responsibility for bad packets or packet streams, no easy way to determine who corrupted a machine. There is poor cooperation across different entities. Deploying defensive systems close to a potential victim is not very effective. There is no incentive for those close to the sources for deploying defensive systems. What are the requirements of DOS prevention solution? The solution should be effective (solve the problem not just push it somewhere else), accurate (should aim to prevent collateral damage), low in cost (especially when no attacks are taking place), and deployable. There are two approaches towards finding solutions for DoS prevention. The first approach is to find solutions that do not require any drastic changes in the Internet and its protocols. The second approach is to look for a clean slate design of the Internet that enhances security (including security against DoS attacks).

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information