1 / 25

Wireless security Wi–Fi (802.11) Security

Wireless security Wi–Fi (802.11) Security. Seminar by: Jigar Shah Guide: Prof. G.K. Kharate. Content. Introduction to Wi-Fi Types of attacks Traditional security with ref. to Wi-Fi How IEEE 802.11 WEP works Why WEP is not secured IEEE 802.11i and RSN WPA: An intermediate solution

jennis
Download Presentation

Wireless security Wi–Fi (802.11) Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless securityWi–Fi (802.11) Security Seminar by: Jigar Shah Guide: Prof. G.K. Kharate

  2. Content • Introduction to Wi-Fi • Types of attacks • Traditional security with ref. to Wi-Fi • How IEEE 802.11 WEP works • Why WEP is not secured • IEEE 802.11i and RSN • WPA: An intermediate solution • Wi-Fi security in Real World

  3. Ad hoc mode

  4. Infrastructure mode

  5. Types of attacks

  6. Example: Man – In – Middle attack • Listen to message from Mob to AP • Read message till end of “check-word” • Transmit a sudden burst of noise to corrupt check-word • Forge ack. message with AP’s address and send it to MOB • Recalculate check-word and send captured msg. to AP • Wait for ACK from AP and corrupt check-word again so MOB rejects it

  7. Conventional Security Architecture firewall UntrustedZone Trusted Zone Remote User in “Trusted Bubble” firewall UntrustedZone VPN Trusted Zone User Traditional security Architecture

  8. Wireless User in Untrusted Zone firewall VPN Trusted Zone UntrustedZone User Treating a Wi-Fi LAN user Like a Remote User firewall VPN Trusted Zone UntrustedZone WLAN Wireless LAN security option 1

  9. How 802.11 WEP works • Authentication • Message Encryption

  10. Authenticate (request) STA AP Authenticate (success) Open Authentication

  11. Authenticate (request) Authenticate (challenge) Authenticate (response) Authenticate (success) WEP Authentication STA AP

  12. Combined RC4 key IV Secret Key RC4 Algorithm C B A $ W & WEP Message Encryption using RC4 stream cipher

  13. Adding ICV Compute check DATA ICV Encrypt Unencrypted Adding IV and KeyID bits IV Key ID Data & ICV Encrypted Mechanics of WEP

  14. Why WEP is not secure • Authentication • Access control • Replay prevention • Message modification • Message privacy • IV reuse • RC4 weak keys • Direct key attacks

  15. Basic requirements for authentication • Robust method of proving identity • Method of preserving identity over subsequent transaction that cannot be transferred • Mutual authentication • Independent keys. i.e. independent from encryption keys

  16. Transition to 802.11i (RSN): The ultimate solution • Encryption algorithms • TKIP • CCMP – AES. • WRAP • Message Integrity – A strong data integrity algorithm (Michael Message Integrity Check) is applied. • Mutual Authentication – 802.11i uses 802.1X/EAP for user authentication. • Other security features - secure IBSS, secure fast handoff, and secure deauthentication and disassociation. • Roaming Support

  17. Relationship of Wireless LAN Security Layers Authentication Layer Authentication Server Authentication Client (Kerberos V5, TLS, PEAP,EAP-SIM) Corporate Network Operating System Access Control Layer Authenticator (Access Control) (EAP, IEEE 802.1X, RADIUS) Supplicant Wireless LAN Layer Wireless LAN Wireless LAN Access Point Mobile Devices

  18. An intermediate solution: WPA • Goals of WPA • be a strong • Interoperable security replacement for WEP • be software upgradeable to existing Wi-Fi CERTIFIED products • be Applicable for both home and large enterprise users • be available immediately

  19. WPA (Wi-Fi Protected Access) • Implements 802.1X EAP based authentication • Apply Temporal Key Integrity Protocol (TKIP) on existing RC4 WEP • Use Michael Message Integrity Check

  20. Wi-Fi Security In Real World

  21. Conclusion

  22. References

  23. References

  24. Thank you!

  25. Questions ?

More Related