Wireless Network Security - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Wireless Network Security

Description:

to prevent unauthorized access to a wireless network. Why we need it? communication media is ... Developed by Funk. Client authenticates via username / password ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 22
Provided by: Yah969
Category:

less

Transcript and Presenter's Notes

Title: Wireless Network Security


1
Wireless Network Security
  • Bureau of National Security (BNS)
  • Brad Bargabus
  • Minh Nguyen
  • Nirdesh Shukla
  • CMPE 209 Richard Sinn

2
Introduction
  • What is it?
  • to prevent unauthorized access to a wireless
    network.
  • Why we need it?
  • communication media is the airwaves.
  • companies are reluctant to integrate wireless
    without security.

3
History
4
No Security
  • Unsafe to implement for home usage
  • Vulnerable to packet sniffing, illegal activates,
    and network takeover.
  • Hotspots offer NO SECURITY.
  • Password protected for logging in but packets are
    not encrypted.
  • Unfeasible for hotspot providers to give everyone
    a personal VPN login.
  • Avoid entering personal information (E-mail, Bank
    Accounts, chat conversations).

5
WEP (Wired Equivalence Protection)
  • 40-bit pre-shared key combined with 24-bit
    Initiation Vector (IV).
  • Data encryption using RC4 stream cipher.
  • IV is changed incrementally or pseudo-randomly
  • No rules set for how to determine the IV.
  • CRC-32 is used to as a checksum for data
    integrity.

6
WEP Frame
7
WEP Weaknesses
  • Keystream recycle over time becomes high with
    only 224 (16 mil.) combinations.
  • Approx. 9000 weak IV values.
  • Weak keys can be used to reveal keystream bytes
    5-10 of the time.
  • Parts of the Keystream can be guessed.
  • CRC is linear and should only be used to check
    data accuracy, not data integrity. MD5 or SHA-1
    much better.
  • No authentication

8
End of WEP
  • Vulnerable to passive and active attacks.
  • Increasing keystream size and IV size only delays
    key cracking, not prevent.
  • Applications widely available on the internet to
    crack keys within minutes.
  • WPA-PSK developed to replace WEP.

9
WPA (TKIP) Features
  • 128-bit Temporal Key (TK), 48-bit IV, RC4
    encryption.
  • Base key is negotiated between AP and users using
    session secret, random numbers, and MAC
    addresses.
  • New key is generated every 10,000 packets.
  • IV is used as the counter and is incremented
    every packet, not sent as plaintext.
  • Message Integrity Check (MIC)

10
WPA Security Improvements
  • Difficult to guess current IV and TK.
  • Weak Key attack prevented by hashed counter and
    changing base keys.
  • Replay attacks prevented by counter.
  • Packet modification prevented by MIC.

11
PSK (Pre-shared Key)
  • 256-bit key, up to 32 characters.
  • 4 way handshaking using hashed frames.
  • Vulnerable to dictionary attacks if key less than
    20 characters.
  • Tools available to help pick a strong key
    (Diceware)

12
WPA2 (AES)
  • Developed in 2004
  • 256-bit block ciphers
  • Based on PKI
  • Initial Converted into 256-bit blocks.
  • SubByte Each byte through 8-bit lookup
    tables.
  • ShiftRows Shift each row in the block by an
    offset.
  • MixColumns Each column 4-bytes are mixed.
  • AddRoundKey Each block is XOR with subkey.

13
EAP (Extensible Authentication Protocol)
  • EAP-TLS
  • EAP-TTLS
  • EAP-PEAP
  • PEAPv0 MSCHAPv2
  • PEAPv1 GTC
  • EAP-LEAP
  • EAP-MD5

14
EAP-TLS (Transport-Layer Security)
  • Most secure EAP method today
  • Based on RFC 5216 (standard)
  • Certificates
  • User-side certificates
  • Server-side certificates
  • Problem
  • Need to provide user-side certificates for all
    the employees

15
EAP-TLS (Transport-Layer Security)
Station
Access Point
Radius Server
Client Hello
Client Hello
Server Hello
Server Hello
ClientKeyExchange
ClientKeyExchange
Master Key
Master Key
ChangeCipherSpec
ChangeCipherSpec
EAP-SUCCESS
EAP-SUCCESS
Data
16
EAP-TTLS (Tunneled TLS)
  • Developed by Funk
  • Client authenticates via username / password
  • No need for user-side certificates

17
EAP-PEAP (Protected EAP)
  • Similar to EAP-TTLS
  • Client needs username / password
  • PEAPv0
  • Developed by Microsoft, Cisco, RSA Security
  • Uses MSCHAPv2 as outer auth. method
  • PEAPv1
  • Developed by Cisco
  • Uses GTC (Challenge-Response)

18
EAP-LEAP (Lightweight EAP)
  • Developed by Cisco
  • No outer authentication method
  • Client authenticates via username / password
  • Server does not authenticate to client
  • Rarely used since Microsoft does not support
    EAP-LEAP in ZeroConfig.

19
EAP-MD5
  • Least secure EAP method
  • MD5 hash of password

20
Conclusion
  • Network administrator should aware about attacks
    and how to restrict them
  • WLAN devices should be secured using at least WEP
    security
  • Use a closed network that does not broadcast
    the SSID
  • Check and monitor the wireless network for
    weakness and compromise
  • Personnel should be trained about wireless
    network security

21
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com