Security in Wireless LAN 802.11 - PowerPoint PPT Presentation

About This Presentation
Title:

Security in Wireless LAN 802.11

Description:

Dr.Mark Stamp. 5 basic threats to WLAN. Sniffing - eavesdropping ... Traffic redirection change in ARP table. Denial of service (DOS) Flood the network ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 18
Provided by: MK173
Learn more at: http://www.cs.sjsu.edu
Category:
Tags: lan | drdos | security | wireless

less

Transcript and Presenter's Notes

Title: Security in Wireless LAN 802.11


1
Security in Wireless LAN 802.11
  • Layla Pezeshkmehr
  • CS 265
  • Fall 2003-SJSU
  • Dr.Mark Stamp

2
5 basic threats to WLAN
  • Sniffing - eavesdropping
  • Invasion steal valid STAs access to gain
    access to network
  • Traffic redirection change in ARP table
  • Denial of service (DOS)
  • Flood the network
  • Disrupt connection between machines
  • Prevent a STA from connecting to WLAN
  • Rogue networks and station redirection Man- in-
    the- middle attacks.

3
IEEE 802.11 Authentication Open Key
  • Uses null authentication, Simple
  • Is the default authentication
  • 2 steps
  • A sends a request authentication to B
  • B sends the result back to A
  • If dot11 Authentication Type at B is set to
    "Open System" ? Returns "success" ? A is
    mutually authenticated
  • Otherwise A is not authenticated

4
Shared key Authentication
  • Provides a better degree of authentication.
  • Station must implements WEP
  • (Wired Equivalent Privacy)
  • 4 steps
  • Request sends an Authentication frame to AP.
  • AP replies with a random challenge text generated
    by the WEP engine( 128 bit).
  • STA copy the challenge text, encrypt it with a
    shared key then send the frame to the AP.
  • AP decrypt the received frame, then verifies the
    32- bits CRC ICV, and that the challenge text
    matches the one it sends earlier to the station.
  • Successful/negative authentication if
    match/mismatch

5
Identity Problems
  • Open System authentication
  • Null authentication.
  • Messages sent in clear.
  • Any one can impersonate either the station or the
    access point.
  • Shared key authentication
  • Only station authenticates itself.
  • No mechanism for AP to prove its identity to the
    station therefore malicious AP.
  • Only the station is authenticated not the user of
    the station.

6
Shared key vulnerabilities (cont)
  • Exchanging both challenge and response occurs
    over the wireless link and is vulnerable to a
    man-in-the-middle attack.

7
IEEE 802.11 Wired Equivalent Privacy (WEP)
Protocol
  • The goal is to provide data privacy to the level
    of a wired network.
  • (WEP) algorithm is used to prevent eavesdropping.
  • An encapsulation of 802.11 data frame.
  • 64- bits key (40-bit secret key,24-bit "init"
    vector).
  • Symmetric algorithm because the same key is used
    for cipher and decipher.
  • Data integrity checked with CRC-32.

8
WEP Encryption
  • A key shared among members of the BSS.
  • Sender calculates CRC of the frame's data.
  • WEP appends a new generated 24-bit initialization
    vector (IV) to the shared key.
  • WEP PRNG (RC4) is used to generate a key stream.
  • XORs key stream against (payload CRC) to
    produce ciphertext.
  • The sender also inserts the IV into frame header,
    and sets the WEP encrypted packet bit indicator.

9
WEP Decryption
  • Receiver extracts IV from the frame
  • appends IV to the BSS shared key, and generates
    the "per- packet" RC4 key sequence
  • ciphertext is XORed against the key steam to
    extract plaintext.
  • Verification performs integrity check on
    plaintext
  • Compares ICV1 result with the ICV transmitted.

10
WEP Decryption
11
ICV Weakness
  • How is the attacker able to modify ICV to match
    the bit-flipped changes to the frame?

12
WEP Problems-with RC4
  • flip a bit in the ciphertext (C) ? the
    corresponding bit in the plaintext will be
    flipped.
  • Eavesdropper intercepts 2 ciphertext encrypted
    with the same key stream ? possible to obtain the
    XOR of the 2 plaintexts.
  • c1 p1 ? b c2 p2 ? b
  • ? c1 ? c2 (p1 ? b) ? (p2 ? b) p1 ? p2

13
WEP Problems-with IV
  • IV is 24 bits cleartext, part of a message.
  • A small space of initialization vectors
    guarantees the reuse of the same key stream.
  • AP constantly send 1500 byte pkt at 11 Mbps will
    exhaust the space of IV after
  • 1500 8/(11 10 6 ) 2 24 18000s
    5h
  • When the same key is used by all mobile stations
    more chances of IV collision.

14
Cisco enhancements to 802.11 WEP to increase
security
  • Mutual authentication instead of one-way
    authentication
  • Secure key derivation using one way hash function
  • Dynamic WEP keys instead of static WEP keys
  • Initialization Vector changes

15
Today future control
  • Service Set Identifier (SSID)
  • Each AP has an SSID of the AP to identify itself.
    STA have to know the SSID of the AP to which it
    wants to connect. SSID keeps a STA from
    accidentally connecting to neighboring AP.
  • This does not solve other security issues and
    does not keep an attacker from setting up a
    "rogue" AP that uses the same SSID as the valid AP

16
Today future control (cont.)
  • MAC filters
  • AP check MAC addresses of STAs before being
    connected to the network
  • AP keep a list of MAC addresses in long- term
    memory.
  • AP may send a RADIUS request with the MAC address
    as the userID (and a null password ) to a central
    RADIUS server to check the list for an address.

17
The End
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security in Wireless LAN 802.11" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!