wireless security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Wireless Security PowerPoint Presentation
Download Presentation
Wireless Security

Loading in 2 Seconds...

play fullscreen
1 / 31

Wireless Security - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

Wireless Security. Cable Modem. Premises- based. Access Networks. LAN. Transit Net. LAN. LAN. Private Peering. Premises- based. Core Networks. Transit Net. WLAN. WLAN. NAP. Analog. WLAN. Transit Net. Public Peering. DSLAM. Operator- based. RAS. Regional. Wireline

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless Security' - tait


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the current internet connectivity and processing

Cable

Modem

Premises-

based

AccessNetworks

LAN

Transit Net

LAN

LAN

Private

Peering

Premises-

based

Core Networks

Transit Net

WLAN

WLAN

NAP

Analog

WLAN

Transit Net

Public

Peering

DSLAM

Operator-

based

RAS

Regional

Wireline

Regional

Cell

H.323

Data

Cell

Data

H.323

Cell

PSTN

Voice

Voice

The Current Internet: Connectivity and Processing
how can it affect cell phones
How can it affect cell phones?
  • Cabir worm can infect a cell phone
    • Infect phones running Symbian OS
    • Started in Philippines at the end of 2004, surfaced in Asia, Latin America, Europe, and recently in US
    • Posing as a security management utility
    • Once infected, propagate itself to other phones via Bluetooth wireless connections
    • Symbian officials said security was a high priority of the latest software, Symbian OS Version 9.
  • With ubiquitous Internet connections, more severe viruses/worms for mobile devices will happen soon …
outlines
Outlines
  • 802.11 Basics
  • Mobile link access: CDMA/CA
  • Security in 802.11b
  • Example and more attacks
  • Trend: 802.16 Wireless MAN
ieee 802 11 wireless lan
802.11b

2.4-5 GHz unlicensed radio spectrum

up to 11 Mbps

widely deployed, using base stations

802.11a

5-6 GHz range

up to 54 Mbps

802.11g

2.4-5 GHz range

up to 54 Mbps

All use CSMA/CA for multiple access

All have base-station and ad-hoc network versions

IEEE 802.11 Wireless LAN
base station approch
Base station approch
  • Wireless host communicates with a base station
    • base station = access point (AP)
  • Basic Service Set (BSS) (a.k.a. “cell”) contains:
    • wireless hosts
    • access point (AP): base station
  • BSS’s combined to form distribution system (DS)
ad hoc network approach
Ad Hoc Network approach
  • No AP (i.e., base station)
  • wireless hosts communicate with each other
    • to get packet from wireless host A to B may need to route through wireless hosts X,Y,Z
  • Applications:
    • “laptop” meeting in conference room, car
    • interconnection of “personal” devices
    • battlefield
csma carrier sense multiple access
CSMA (Carrier Sense Multiple Access)

CSMA: listen before transmit:

  • If channel sensed idle: transmit entire frame
  • If channel sensed busy, defer transmission
  • Human analogy: don’t interrupt others!
csma collisions
CSMA collisions

spatial layout of nodes

collisions can still occur:

propagation delay means

two nodes may not hear

each other’s transmission

collision:

entire packet transmission

time wasted

note:

role of distance & propagation delay in determining collision probability

csma cd collision detection
CSMA/CD (Collision Detection)

CSMA/CD: carrier sensing, deferral as in CSMA

    • collisions detected within short time
    • colliding transmissions aborted, reducing channel wastage
  • collision detection:
    • easy in wired LANs: measure signal strengths, compare transmitted, received signals
    • difficult in wireless LANs: receiver shut off while transmitting
  • human analogy: the polite conversationalist
ieee 802 11 multiple access
IEEE 802.11: multiple access
  • Collision if 2 or more nodes transmit at same time
  • CSMA makes sense:
    • get all the bandwidth if you’re the only one transmitting
    • shouldn’t cause a collision if you sense another transmission
  • Collision detection doesn’t work: hidden terminal problem
ieee 802 11 mac protocol csma ca
IEEE 802.11 MAC Protocol: CSMA/CA

802.11 CSMA: sender

- if sense channel idle for DISF sec.

then transmit entire frame (no collision detection)

-if sense channel busy then binary backoff

802.11 CSMA receiver

- if received OK

return ACK after SIFS

(ACK is needed due to hidden terminal problem)

collision avoidance mechanisms
Collision avoidance mechanisms
  • Problem:
    • two nodes, hidden from each other, transmit complete frames to base station
    • wasted bandwidth for long duration !
  • Solution:
    • small reservation packets
    • nodes track reservation interval with internal “network allocation vector” (NAV)
collision avoidance rts cts exchange
Collision Avoidance: RTS-CTS exchange
  • sender transmits short RTS (request to send) packet: indicates duration of transmission
  • receiver replies with short CTS (clear to send) packet
    • notifying (possibly hidden) nodes
  • hidden nodes will not transmit for specified duration: NAV
collision avoidance rts cts exchange1
Collision Avoidance: RTS-CTS exchange
  • RTS and CTS short:
    • collisions less likely, of shorter duration
    • end result similar to collision detection
  • IEEE 802.11 allows:
    • CSMA
    • CSMA/CA: reservations
    • polling from AP
outlines1
Outlines
  • 802.11 Basics
  • Mobile link access: CDMA/CA
  • Security in 802.11b
  • Example and more attacks
  • Trend: 802.16 Wireless MAN
802 11b built in security features
802.11b: Built in Security Features
  • Service Set Identifier (SSID)
  • Differentiates one access point from another
  • SSID is cast in ‘beacon frames’ every few seconds.
  • Beacon frames are in plain text!
associating with the ap
Associating with the AP
  • Access points have two ways of initiating communication with a client
  • Shared Key or Open Key authentication
  • Open key: need to supply the correct SSID
    • Allow anyone to start a conversation with the AP
  • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates
how shared key auth works
How Shared Key Auth. works
  • Client begins by sending an association request to the AP
  • AP responds with a challenge text (unencrypted)
  • Client, using the proper WEP key, encrypts text and sends it back to the AP
  • If properly encrypted, AP allows communication with the client
wired equivalent protocol wep
Wired Equivalent Protocol (WEP)
  • Primary built security for 802.11 protocol
  • Uses 40bit RC4 encryption
  • Intended to make wireless as secure as a wired network
  • Unfortunately, since ratification of the 802.11 standard, RC4 has been proven insecure, leaving the 802.11 protocol wide open for attack
case study of a non trivial attack
Case study of a non-trivial attack
  • Target Network: a large, very active university based WLAN
  • Tools used against network:
    • Laptop running Red Hat Linux v.7.3,
    • Orinoco chipset based 802.11b NIC card
    • Patched Orinoco drivers
    • Netstumbler
      • Netstumbler can not only monitor all active networks in the area, but it also integrates with a GPS to map AP’s
    • Airsnort
      • Passively listen to the traffic
  • NIC drivers MUST be patched to allow Monitor mode (listen to raw 802.11b packets)
assessing the network
Assessing the Network
  • Using Netstumbler, the attacker locates a strong signal on the target WLAN
  • WLAN has no broadcasted SSID
  • Multiple access points
  • Many active users
  • Open authentication method
  • WLAN is encrypted with 40bit WEP
cracking the wep key
Cracking the WEP key
  • Attacker sets NIC drivers to Monitor Mode
  • Begins capturing packets with Airsnort
  • Airsnort quickly determines the SSID
  • Sessions can be saved in Airsnort, and continued at a later date so you don’t have to stay in one place for hours
  • A few 1.5 hour sessions yield the encryption key
  • Once the WEP key is cracked and his NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN
more attacks in wireless networks
More Attacks in Wireless Networks
  • Rogue Access Point
    • Solution: Monitor the air space for unexpected AP
  • Radio Frequency (RF) Interference
  • AP Impersonation
    • Rogue AP spoofs its MAC address to the identity of an authorized AP
    • Man-in-the-middle attack
    • Denial of service attack
outlines2
Outlines
  • 802.11 Basics
  • Mobile link access: CDMA/CA
  • Security in 802.11b
  • Example and more attacks
  • Trend: 802.16 Wireless MAN
ieee 802 16 wirelessman standard for broadband wireless metropolitan area networks
IEEE 802.16 WirelessMAN Standard for Broadband Wireless Metropolitan Area Networks
  • Broad bandwidth
    • Up to 134 Mbps in 10-66 GHz band
  • Comprehensive and modern security
    • Packet data encryption
      • DES and AES used
    • Key management protocol
      • Use RSA to set up a shared secret between subscriber station and base station
      • Use the secret for subsequent exchange of traffic encryption keys (TEK)
summary of mac protocols
Summary of MAC protocols
  • What do you do with a shared media?
    • Channel Partitioning, by time, frequency or code
      • Time Division,Code Division, Frequency Division
    • Random partitioning (dynamic),
      • ALOHA, CSMA, CSMA/CD
      • carrier sensing: easy in some technologies (wire), hard in others (wireless)
      • CSMA/CD used in Ethernet