Wireless Encryption and Beyond - PowerPoint PPT Presentation

About This Presentation
Title:

Wireless Encryption and Beyond

Description:

The first generation wireless modems were created in the early 1980's by amateur ... a pass phrase like 'Idaho hung gear id gene', or a hexadecimal string like ' ... – PowerPoint PPT presentation

Number of Views:110
Avg rating:3.0/5.0
Slides: 43
Provided by: stude51
Category:

less

Transcript and Presenter's Notes

Title: Wireless Encryption and Beyond


1
Wireless Encryption and Beyond
  • Justin Kontny, Chris Nassouri, and Matt Martens

2
History of Wireless Networks
  • The first generation wireless modems were created
    in the early 1980's by amateur radio operators.
  • These wireless data modems by adding a voice band
    data communication modem that had rates below
    9600 bit/s to an already made short range radio
    system.

3
Second generation networks
  • Second generation wireless modems were created
    after the FCC announced that there would be
    experimental, non military use bands for spread
    spectrum technology.
  • These modems were able to prove data rates of
    hundreds of kbs.

4
Third Generation
  • The third generation wireless modems were
    directed towards compatibility with the current
    LAN that harbored data rates of Mbit/s.

5
Why security is needed
  • Unlike LAN networks Wireless networks can be
    attacked without Physically being connected via
    network jack.
  • Wireless signals are broadcasted beyond company
    walls.
  • If authentication is not required (no encryption)
    then anyone can connect to the access point.

6
Cryptography
  • Cryptography is method of taking legible and
    readable data and turning it into data that is
    unreadable.
  • The purpose of this is to assure a safe
    transaction of private data from one user to
    another.
  • When the other user receives the unreadable data,
    a secret key pass is used to convert it back to a
    legible state.

7
Cryptography
  • The science of cryptography is much older than
    computers. This method of security was created by
    Julias Caesar in the days of old Rome.
  • A very easy example of cryptography is to assign
    a letter to a progressively higher number. Doing
    this would give you, A1 B2 C3 and so forth.
  • All through time, this has been used to keep
    secret data secure from falling into the wrong
    hands.
  • As time passes, cryptography is getting stronger
    and stronger.

8
DES Cryptography
  • A lot of cryptography methods use a secret key.
    The key is what allows someone to decrypt
    messages sent to them that have been made
    unreadable.
  • The most commonly used secret key system is Data
    Encryption Stands, also known as DES.
  • There is also Triple DES, which encrypts the data
    three times over.

9
Public Key Cryptography
  • An even more common method of cryptography is the
    public key system.
  • This method has two keys, which work together.
  • There are two keys, a public key and a private
    key. The public key is accessible to anyone and
    the secret key is only known by specific users.
    It allows the person sending the private data to
    use the public key to encrypt it but the only way
    to decrypt it is with the secret key.

10
Hash Functions
  • Hash functions offer a piece of mind to those who
    need to keep certain data safe.
  • It assures the receiver of the message that the
    message was sent by a trusted user or source.
  • Sometimes, hash functions are used with public
    and private key cryptography. Hash functions
    apply an algorithm to messages. This makes it so
    the message itself can not be recovered. It does
    not encrypt data for later decryption but it acts
    as a digital fingerprint for the message.
  • When the message is received, the hash function
    is re-read, to make sure the message had not been
    altered during sending.

11
Cryptography
  • Cryptography is a very reliable way of sending
    private data to another user safely.
  • If a hacker was to try and break a private key,
    they would have to spend months using the brute
    force method.
  • A brute force attack is the most commonly used
    attack, it attempts to crack the secret key. It
    works by trying a large number of key
    combinations, eventually trying every possible
    one.

12
Wireless Encryption
  • Wireless encryption is used to disguise plain
    text over a network.
  • Encryption is an algorithm used to encrypt and
    decrypt based on shared or private keys.
  • Encryption comes in different strengths and
    algorithms.

13
Wireless Encryption
  • WEP (wired equivalent protection)?
  • WPA (Wi-Fi protected access)?
  • WPA2 (New form of WPA)?
  • PSK (Pre-shared key)?

14
WEP
  • Wired Equivalent Protection
  • WEP is a security scheme to secure IEEE 802.11
    wireless connections. The point of WEP is to try
    and keep a wireless connection secure but it can
    be easily cracked with certain softwares within a
    few moments. Basically, it is only good for
    protection against people who are looking for
    free Internet

15
WEP
  • Encryption 40bit, and 64 bit can communicate.
  • 128bit is the strongest
  • All computers must share the same pass-phrase
    dedicated to a single access point.

16
WEP
  • Pros to using WEP.
  • Some security is better than no security.
  • Most users can not bypass or crack WEP
    encryption.

17
Cons to using WEP
  • Even without the Pass-phrase a user can connect
    to an access point. Although connected without
    the pass-phrase no network resources may be
    accessed.
  • This allows for the capture of network traffic.
    Leading to security threats. This makes WEP
    easily crackable with software that is easily
    obtainable.

18
Cracking WEP
19
Simple Password Dump
20
Hash dump
21
Dictionary Attack
22
Brute Force Attack
23
Converting WPA Passphase
24
Hash Calculator
25
PSK and Security
  • In cryptography, a pre-shared key or PSK is a
    shared secret key that shared between the two
    points.
  • These points use some secure channel before it
    needs to be accessed. Most of these systems
    always always use the symmetric key cryptographic
    algorithm.

26
PSK and Security (Cont.)?
  • The characteristics of this key are determined by
    the system which uses it. Some system designs
    require that such keys be in a particular format.
  • It can be a password like 'bret13i', a pass
    phrase like 'Idaho hung gear id gene', or a
    hexadecimal string like '65E4 E556 8622 EEE1'.
  • The key is used by all the systems involved in
    the processe used to secure the traffic between
    the systems

27
PSK and Security (Cont.)?
  • Since one weakpoint of the crypto system is the
    encryption algorithms key, the strength of the
    key is important, and since the strength of a key
    is in part dependent on its length, it is
    important to choose a key whose length is
    cryptographically secure. There are several tools
    available to help one choose a strong key.
    Diceware is one example

28
WPA
  • Wi-Fi protected access (WPA) is another class of
    systems used to secure wireless networks.
  • Created in response to a number of serious
    weaknesses identified in WEP encryption.
  • WPA is designed for use with an IEEE 802.1X
    authentication server. It distributes different
    keys to each user.
  • It can also be used in a less secure PSK mode
    where every user is given the same pass-phrase.

29
WPA
  • Data is encrypted using the RC4 stream cipher,
    with a 128-bit key and a 48-bit initialization
    vector (IV).
  • One major improvement in WPA over WEP is the
    Temporal Key Integrity Protocol (TKIP), which
    dynamically changes keys as the system is used.
  • When combined with the much larger initialization
    vector, this defeats the well-known key recovery
    attacks on WEP.

30
WPA
  • WPA provides vastly improved payload integrity.
    The cyclic redundancy check (CRC) used in WEP is
    unsecure and it is possible to alter the payload
    and update the message CRC without knowing the
    WEP key.
  • A more secure message authentication code is used
    in WPA. It is an algorithm named "Michael".
  • The MIC used in WPA includes a frame counter,
    which prevents replay attacks being executed.

31
WPA
  • By increasing the size of the keys and IVs,
    reducing the number of packets sent with related
    keys, and adding a secure message verification
    system, WPA makes breaking into a wireless LAN
    far more difficult.
  • The Michael algorithm was the strongest that WPA
    designers could come up with that would still
    work with most older network cards.

32
WPA
  • Due to inevitable weaknesses of Michael, TKIP
    will shut down the network for one minute if two
    frames are discovered that fail the Michael check
    after passing all other integrity checks that
    would have caught noisy frames.
  • It will then require generation of new keys and
    re-authentication when the network restarts,
    forcing the attacker to start over.

33
WPA2
  • Strong encryption and authentication support for
    infrastructure and ad-hoc networks (WPA is
    limited to infrastructure networks)?
  • Reduced overhead in key derivation during the
    wireless LAN authentication exchange
  • Support for opportunistic key caching to reduce
    the overhead in roaming between access points
  • Support for the CCMP (Counter Mode with Cipher
    Block Chaining Message Authentication Code
    Protocol) encryption mechanism based on the
    Advanced Encryption Standard (AES) cipher as an
    alternative to the TKIP protocol.

34
WPA2
  • As of March 2006, the WPA2 certification became
    mandatory for all new equipment certified by the
    Wi-Fi Alliance, ensuring that any reasonably
    modern hardware will support both WPA and WPA2.

35
WPA2
  • By leveraging the RC4 cipher (also used in the
    WEP protocol), the IEEE 802.11i task group was
    able to improve the security of legacy networks
    with TKIP while the IEEE 802.11i amendment was
    completed.
  • It is important to note, however, that TKIP was
    designed as an interim solution for wireless
    security, with the goal of providing sufficient
    security for 5 years while organizations
    transitioned to the full IEEE 802.11i security
    mechanism.
  • While there have not been any catastrophic
    weaknesses reported in the TKIP protocol,
    organizations should take this design requirement
    into consideration and plan to transition WPA
    networks to WPA2 to take advantage of the
    benefits provided by the RSN architecture.

36
Algorithms and Encryption
  • Algorithms are mathematical procedures for
    performing encryption on data.
  • Through the use of an algorithm, information is
    made into meaningless cipher text and requires
    the use of a key to transform the data back into
    its original form.

37
Algorithms and Encryption (Cont.)?
  • There are many different types of security
    algorithms which include Blowfish, AES, RC4, RC5,
    and RC6.
  • Blowfish is a symmetric encryption algorithm
    designed by Bruce Schneier in 1993 as an
    alternative to existing encryption algorithms,
    such as DES. Blowfish is a 64-bit block cipher
    that uses a key length that can vary between 32
    and 448 bits.

38
Algorithms and Encryption (Cont.)?
  • AES is short for Advanced Encryption Standard. It
    is a symmetric 128-bit block data encryption
    technique developed byJoan Daemen and Vincent
    Rijmen.
  • The U.S government adopted the algorithm as its
    encryption technique in October 2000, replacing
    the DES encryption it used. AES works at multiple
    network layers simultaneously.

39
Algorithms and Encryption (Cont.)?
  • RC4 a variable key-size stream cipher with
    byte-oriented operations. The algorithm is based
    on the use of a random permutation.

40
Algorithms and Encryption (Cont.)?
  • RC5 is a parameterized algorithm with a variable
    block size, a variable key size, and a variable
    number of rounds. Allowable choices for the block
    size are 32 bits, 64 bits, and 128 bits. The
    number of rounds can range from 0 to 255, while
    the key can range from 0 bits to 2040 bits in
    size.
  • RC5 does three things
  • Key expansion, encryption, and decryption.

41
Algorithms and Encryption (Cont.)?
  • RC6 is a block cipher based on RC5.
  • RC6 is a parameterized algorithm where the block
    size, the key size, and the number of rounds are
    variable. RC6 adds two features to RC5.
  • The inclusion of integer multiplication and the
    use of four 4-bit working registers instead of
    RC5s two 2-bit registers.

42
Future of Wireless Security
  • The future for wireless networking is not only to
    have the computer hooked up to another computer
    but for a whole house to be able to be run
    through a main computer.
  • Wireless grows day by day and engineers are
    trying to find a way to have just about
    everything wireless.
  • This concept has been giving a name in retail
    businesses and is called the Wireless
    Revolution.
  • As far as security goes, theres no telling what
    the newest form of security could be. The reason
    for this is because wireless security is updated
    as new attacks are created.
Write a Comment
User Comments (0)
About PowerShow.com