1 / 30

Wi-Fi and Some Of Its Security Issues

Wi-Fi and Some Of Its Security Issues. CS 426 Project Instructor: Vicky Hsu Mahesh Kumar Donthula Student ID A1371. Wi-Fi Definition. No Standard definition Short for wi reless fi delity. It is a wireless technology that uses radio frequency to transmit data through the air.

hanzila
Download Presentation

Wi-Fi and Some Of Its Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wi-Fi and Some Of Its Security Issues CS 426 Project Instructor: Vicky Hsu Mahesh Kumar Donthula Student ID A1371

  2. Wi-Fi Definition • No Standard definition • Short for wireless fidelity. • It is a wireless technology that uses radio frequency to transmit data through the air

  3. Brief History • IEEE (Institute of Electrical and Electronics Engineers) established the 802.11 Group in 1990. Specifications for standard ratified in 1997. • Initial speeds were 1 and 2 Mbps. • IEEE modified the standard in 1999 to include: • 802.11b • 802.11a • 802.11g was added in 2003. • IEEE Created standard, but Wi-Fi Alliance certifies products

  4. Networking standards used by Wi-Fi (802.11 series) • 802.11 is primarily concerned with the lower layers of the OSI model. • Data Link Layer • Logical Link Control (LLC). • Medium Access Control (MAC). • Physical Layer • Physical Layer Convergence Procedure (PLCP). • Physical Medium Dependent (PMD).

  5. Wi-fi security issues • Wireless networks are more vulnerable to security attacks because of openness. • Threats of wired networks and additional threats because of its openness. • broadcast nature requires user authentication and data integrity.

  6. Wireless Attacks - 1 • Session Hijacking attack • Social Engineering – Pretend as Comcast service tech (network admin) and steal the key. • Dictionary attacks – Compute keys for all possible words in the dictionary, good technique to crack weak passwords. 1 authenticate client AP 3 Pretend 2 die Attacker

  7. Wireless Attacks - 2 • Replay attacks • Attackers eavesdrop into the network, listen to the packets in the network • Replay the packets at a later time pretending as trusted client. • Attacker is authenticated and provided with all access to the network. • DoS attacks • Jamming the signal by continuing to send malicious signal, so that the no other device operating at the frequency can send a frame. • Sending corrupt or malframed EAP frames to association point.

  8. Wireless Attacks - 3 Plain text attacks Cipher Text CT1 = PT1 XOR RC4 (KEY+IV) Cipher Text CT2 = PT2 XOR RC4 (KEY+IV)A little manipulation would show that,CT1 XOR CT2 = PT1 XOR PT2. (Borisov, Goldberg, & Wagner, 2001)Attackers makes the client send a cipher text for an intended plain text

  9. WiFi Protocols used • WEP – Wired Equivalent privacy Protocol(Not Wireless encryption Protocol). • Stream Cipher, 64 bit key, IV 24 bit • WEP2 • Enhanced WEP, 128 bit key, no change to IV • WPA • Standard that replaces WEP and eliminates most of the vulnerabilities.

  10. Resisting Wireless Attacks • Mac Filtering. • Disabling the SSID broadcast. • Frequently change keys. • Increase the key length, intialization vector and make the IV random. • Use stronger encryption algorithm. • Use block cipher to increase diffusion and enhance randomness. • Use strong keys/passphrases.

  11. Wired Equivalent Privacy (WEP) • WEP is a security algorithm used for providing wireless security in 802.11 WLAN. • Security against eavesdropping. • Prevents intruders from accessing the information on the wireless networks.

  12. Security Goals of WEP • Access Control Ensure authorized access to wireless infrastructure. • Data Integrity Data should not be tampered. • Confidentiality Data should not be read by intruder.

  13. WEP Protocol • Uses 40/104 bit secret key preshared between the sender and receiver. • Uses 24 bit Initialization vector. • Uses RC4 stream cipher for encryption/decryption.

  14. WEP Encryption 40/104 bit key + 24-bit IV input RC4 output 64/128 bit stream sequence XOR + Plain Text Data CRC + Cipher text 24-bit IV

  15. WEP Vulnerabilities • Initial Vector length 24 bit (small) • Subject to session hijacking, collision attacks. • Same key used for authentication and encryption • Social engineering attacks • Stream ciphering • Replay attacks

  16. Wi-Fi Protected Access (WPA) • Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance. • WPA is based on a subset of the 802.11i standard: • 802.1x based mutual authentication • Temporal Key Integrity Protocol (TKIP) on existing RC4 to impose strong data encryption • Use Michael Message Integrity Check for message integrity • Uses 48 bit IV

  17. WPA modes WPA-PSK This mode is used where there is no 802.11x authentication. It uses pre-shared key as a pass code. The configuration of this mode is similar to WEP, but there is option of one pre-shared key for each station tied to the stations MAC

  18. WPA modes 2 WPA using 802.1x This mode has three main Components • Client • An authenticator(AP) • Authentication server(RADIUS)

  19. Wi-Fi-Protected Access 2 (802.11i) Introduction WPA2 or 802.11i is the latest wireless security protocol designed to provide secure communication over wireless networking devices. WPA2 was designed by the IETF and certified by Wi-Fi Alliance. The main purposes of designing this protocol was to overcome the weaknesses found in WEP (Wired Equivalent Protocol) and further enhance the security provided by WPA

  20. Working of WPA 2 WPA 2 has two versions: WPA2- Personal: Provides authorized access to the wireless networks based on a set-up password. WPA2-Enterprise: Provides access in the large business wireless networks through an authentication server

  21. Phases of secure communication A secure communication is established using 4 phases: • Phase I: Security Policy Agreement between client and the access point • Phase II: 802.1x Authentication [1] • Phase III: Key Distribution and Derivation – 4 Way Handshake s[1] • Phase IV: 4- Data Integrity and Confidentiality

  22. Phase IAgreeing on the Security Policies.

  23. Phase II: 802.1x Authentication

  24. Phase III: Key Derivation and Distribution

  25. Phase IV Phase IV Data Integrity and Data Confidentiality All the keys used in the phase 3 are used for the protocols which are used in the RSNA like the TKIP, CCMP etc. The reason for implementing TKIP which is based on the RC4 stream cipher is to allow the WEP systems to be upgraded.

  26. Weaknesses of WPA/WPA2 The major weakness with the WPA/ WPA2 is in the use of WPA-PSK mode. WPA-PSK mode is based on PMK which is derived from pass phrase, SSID, SSID length and nonce. The concatenated string is hashed 4096 times to generate 256 bit values and combined with the nonce value. This information is broadcasted with the normal traffic. The strength of PTK which is equal to the value of PMK depends on the strength of pass phrase. WPA-PSK is vulnerable to offline dictionary and brute-force attack.

  27. 8. Conclusion This paper compares various wireless network security protocols and brings out the vulnerabilities of WEP and WEP2 used in home routers. Industry has moved to WPA due to the security holes in WEP protocol. The paper strongly advises its readers to move to the latest wireless network security protocol (WPA2) and change the keys frequently to avoid any kind of identity theft

  28. References 1 1 http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm 2 http://netsecurity.about.com/od/hackertools/a/aa072004b.htm 3 http://www.microsoft.com/windowsxp/using/networking/security/wireless.mspx 4 www.findwhitepapers.com 5 http://www.wkmn.com/newsite/wireless.html 6 http://www.l-com.com/content/Article.aspx?Type=L&ID=210&source=gspec 7 http://www.l-com.com/content/DatacommunicationsTutorial.aspx 8 Security flaws in 802.11 data link protocols by Nancy Cam-Winget, Russ Housley, David Wagner and Jesse Walker. Communications of the ACM Volume 46, May 2003 pages 35-39 URL:http://portal.acm.org/citation.cfm?id=769823&jmp=cit&coll=GUIDE&dl=GUIDE&CFID=10510466&CFTOKEN=95869072 9 An Analysis of Wireless Security by Ross Hytnen and Mario Garcia, Texas A&M Corpus Christi, Corpus Christi, Texas 78412. Journal of Computing Sciences in Colleges Volume 21 April 2006 pages 210-216 URL:http://portal.acm.org/citation.cfm?id=1127389.1127429&coll=GUIDE&dl=GUIDE&CFID=65721065&CFTOKEN=72977758 10 http://www.smartbridges.com/education/articles.asp?id=556

  29. References 2 11 802.11, 802.1x, and Wireless Security by J.Philip Craiger. June 23, 2002 (GIAC Security Essentials Certification, practical assignment Version 1.4) URL: http://www.sans.org/reading_room/whitepapers/wireless/ 12 Corporate Wireless LAN: Know the Risks and Best Practices to Mitigate them By Danny Neoh (GIAC Security Essential Certification Version 1.4b December 12th 2003) URL: http://www.sans.org/reading_room/whitepapers/wireless/ 13 An Overview of 802.11 Wireless Network Security Standards & Mechanisms by Luis Carlos Wong (GIAC Security Essential Certification Version 1.4b October 21st 2004 Practical assignment 1.4c) URL: http://www.sans.org/reading_room/whitepapers/wireless/ 14 Wi-Fi securities – WEP, WPA and WPA2 by Guillaume Lehembre. Article published in number 1/2006 (14) of hakin9, January 2006. Publication on www.hsc.fr on 28 December 2005. URL: http://www.hsc.fr/ressources/articles/hakin9_wifi/index.html.en 15 Wireless attacks from an Intrusion detective perspective by Gary Deckerd (GCIA Gold Certification November 23rd 2006) URL: http://www.sans.org/reading_room/whitepapers/honors/ 16 The security mechanism for IEEE 802.11 Wireless Networks by Alicia Laing (GIAC Security Essential Certification Version 1.2f November 24th 2001 ) URL: http://www.sans.org/reading_room/whitepapers/wireless/ 17. http://etutorials.org/Networking/802.11+security.+wi-fi+protected+access+and+802.11i/

More Related