1 / 9

802.11b Security

802.11b Security. CSEP 590 TU Osama Mazahir. Introduction. Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern in wireless compared to wired network This requires data encryption mechanisms. Wired Equivalent Protocol (WEP).

blaine-ingram
Télécharger la présentation

802.11b Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 802.11b Security CSEP 590 TU Osama Mazahir

  2. Introduction • Packets are sent out into the air for anyone to receive • Eavesdropping is a much larger concern in wireless compared to wired network • This requires data encryption mechanisms

  3. Wired Equivalent Protocol (WEP) • Single key is shared by all machines in network • Shared key is used to encrypt packets • RC4 stream cipher • 40-bit key + 24-bit initialization vector (IV) • IV sent in plaintext • To send plaintext packet P, you send: {IV, P  RC4(K, IV)}

  4. WEP issues • Optional deployment • IV changes in simply and predictably from one packet to the next • 24-bits is too small of a space • IV repeating allows for plaintext discovery • Checksum is not keyed • Attacker can create ciphertext and adjust checksum so that receiver accepts packet • Attacker can inject forged packets

  5. Wi-Fi Protected Access (WPA) • Created as an interim solution while waiting for 802.11i • Subset of 802.11i • 128-bit key + 48-bit IV • Still uses RC4 stream cipher • 802.1X Authentication Server can be used to distribute different keys to each user

  6. WPA (continued) • Temporal Key Integrity Protocol (TKIP) to thwart WEP key recovery attacks • Per-packet key mixing • Message integrity check • Hashed RC4 traffic key (re-keying) • Message Authentication Code (MAC) to prevent packet forgery • Frame Counter to prevent basic replay attacks

  7. 802.11i (WPA2) • Similar to WPA in many respects • AES block cipher • Robust Security Network (RSN) mechanism for algorithm/encryption selection • After authentication/association, a 4-way handshake is done in which a new Pairwise Transient Key (PTK) is established • PTK is used to for data packet transmission

  8. Virtual Private Networks • Allows establishing a secure point-to-point channel across an untrusted/shared network • Nodes not in trusted LAN can VPN into trusted LAN • Requires end-user configuration • Not good for end-user roaming scenarios

  9. Questions?

More Related