Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Wireless Security - Introduction to Network Security - Lecture Slides, Slides of Network security

The major concept in the Introduction to Network Security and the key points in these lecture slides are:Wireless Security, Wireless LAN Protocols, Wireless Application Protocol, Wireless Site Evaluation, Wireless Vulnerabilities, Unauthorized, Sniffing, Wireless Security Tools, Confidentiality, Access Control

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathaye
sathaye 🇮🇳

4.8

(8)

106 documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Wireless Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download Wireless Security - Introduction to Network Security - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

Wireless Security

2

Wireless Security

  • Wireless LAN protocols (IEEE 802.11)
  • Wireless Application Protocol (WAP)
  • Wireless site evaluation
  • Wireless vulnerabilities
    • Unauthorized base stations
    • Sniffing
  • Wireless security tools

4

Wireless communication security

  • 802.11b has certain security features available, but not a whole lot
  • Service Set Identifier (SSID) are introduced to differentiate networks
  • Access Point (AP) names are preset by equipment manufacturer. Linksys APs have the name ‘linksys’ and Cisco APs have the name ‘tsunami.’ Since these are well known, the user must reset the SSIDs just like a secure password (non-standard name with non-standard characters, non-guessable)
  • APs broadcast SSIDs every few seconds in ‘Beacon Frames’ form

5

Wireless communication security

  • Two methods to establish connection with APs are:
    • Shared key authentication
    • Open authentication
  • In shared key authentication, client requests connection with AP. AP sends a challenge string in clear. Client encrypts using what is known as Wired Equivalent Privacy (WEP) method and sends the encrypted string back to the AP. AP knows what it is expecting as encrypted string. If the two match, then access to communicate is granted by the AP.

7

Wireless communication security

  • WEP uses a 40-bit key and a separate 24-bit initialization vector (IV) with the 40-bit key. All 64 bits are used in the encryption. However, the IV is sent along with the encrypted text. The hacker will be able to see the encrypted text and the IV but not the original text.
  • To break the WEP key one needs to try all combinations of the 40-bit key with the 24-bit IV. The 40-bit key gives nearly a billion combinations, and they are within reach of today’s computing power to mount an exhaustive attack

8

Wireless communication security

  • Lucent company has proposed a 128-bit key

for WEP, known as WEP Plus

  • The 128-key consists of a 104-bit

encryption key and a 24-bit IV

  • One solution proposed by the industry is to

turn off the broadcast of SSID. This is

being practiced now. Users type the SSID

in when establishing contact with AP.

Industry recommendation is not to change

the SSID periodically.

10

Default WEP Keys

  • The NetGear Access Point uses the

following 4 sequences as default keys:

  • It is recommended not to use the default

WEP keys

11

Wired Equivalent Privacy (WEP)

  • Suppose P1 and P2 are encrypted with the same keystream K
  • Let C1 = P1 xor K and C2 = P2 xor K
  • Then C1 xor C2 = P1 xor K xor P2 xor K

= P1 xor P

  • 802.11 cards reset the IV counter to 0 for each new activation and increment by 1 for each packet transmission
  • So initials values of IV become predictable, even if it is in encrypted format

13

WEP vulnerabilities

  • Active attack
    • Attacker knows the plaintext of one encrypted message. Use this knowledge to construct the encrypted text and insert that instead
    • WEP uses RC4 encryption. It is known that RC4(X) xor X xor Y = RC4(Y) where X is known message and RC4(X) is its encrypted message using RC

14

WEP vulnerabilities

  • WEP uses CRC-32 for error check.

However, CRC is designed to catch random

errors and not malicious errors inserted by

hackers. So, CRC-32 is not effective in

WEP as a security mechanism

16

802.11 Standards

  • 802.11a was set for 5GHz band at 54 Mbps over a 300 feet distance. Standard approved in 1999 but did not come to market first
  • 802.11b was set for 2.4GHz band at 11 Mbps over a 90 feet distance. Standard approved in 1999 and came to market first
  • 802.11g was set for 2.54GHz band at 54 Mbps over a 150 feet distance. Standard approved in 2002 and is currently in market

17

802.11 Standards

  • 802.11h was a modification of 802.11g standard for compatibility with European WLANs (HiperLAN). This standard has not been approved yet.
  • 802.11i has been proposed to fix the security flaws in existing 802.11 standards. This is still in draft form.
  • 802.11j is currently being developed as a global standard in the 5GHz band for interoperability with 802.11a

19

Wireless Application Protocol (WAP)

  • WAP 2.0 was released in 2002
  • WAP 2.0 uses Wireless TLS (upgraded SSL)
  • WTLS is used for authentication
  • Since devices move from one location to another, in WTLS a session exists over many connections. This way the security parameters are negotiated per session and held for the duration of the session.
  • WTLS will be enhanced with the introduction of Smart Card security

20

Wireless Site Survey

  • Needs assessment of network users
    • Knowing the number of users on the WLAN
  • Site blueprint
    • Since radio waves do not penetrate all types of material, knowing the details of the structure is essential
    • Certain building materials reflect signals
    • Concrete, marble, brick, and water are difficult to work with while dealing with WLAN