1 / 19

Wireless Network Security

Wireless Network Security. Guilin Wang The School of Computer Science 19 March 2008 ( L21 ). Outline. Wireless Network Wireless Network Security - WEP - WPA=WEP2 - WPA2. 1. Wireless Network.

nitara
Télécharger la présentation

Wireless Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Network Security Guilin Wang The School of Computer Science 19 March 2008 (L21)

  2. Outline • Wireless Network • Wireless Network Security - WEP - WPA=WEP2 - WPA2

  3. 1. Wireless Network Wireless network could be any type of computer network without the use of wires, i.e., wireless. The most common wireless networks are telecommunications networks that use electromagnetic waves (e.g. radio waves) to transmit information between nodes.

  4. 1. Wireless Network The following is a classification of wireless network (http://en.wikipedia.org/wiki/Wireless_network): ■ Wireless LAN - Wi-Fi: A wireless-technology brand owned by the Wi-Fi Alliance; enhance the interoperability of WLAN products based on IEEE 802.11. - Fixed Wireless: Connect wireless devices or systems within two fixed locations; Useful in remote area (no satellite feeds, no cable). ■ Wireless MAN (Metropolitan Area Networks) Used to connect several Wireless LANs.

  5. 1. Wireless Network ■ Mobile Devices Networks - GSM (Global System for Mobile Communications): The most popular standard for mobile phones in the world; Over 2 billion users (82% market). - PCS (Personal Communications Service):A radio band that can be mobile users in North America. . - D-AMPS (Digital Advanced Mobile Phone Service): Two 2G mobile phone systems (S-54 and IS-136) in north America, to be placed with GSM. - 3GPP (The 3rd Generation Partnership Project): Aims to replace the current GSM. ■ Others: Bluetooth, Ad hoc and Sensor networks etc

  6. 1. Wireless Network WWAN WLAN WPAN Bluetooth, Zigbee, 802.15 Medium Power, Medium Range Low-Power, Short Range 802.11and Similar Technologies High Power, Long Range Cellular & Related Technologies

  7. 1. Wireless Network Nowadays, wireless networks are very popular, due to their convenience. Many laptop computers are pre-installed with wireless cards. However, wireless networks are more vulnerable than wired networks to different attacks, since capturing physical signal (i.e. eavesdropping) is very easy. The following is a recent case happened in US: (Reported by Kathryn Tewson and Steve Riley, http://technet.microsoft.com/en-us/magazine/cc160770.aspx)

  8. 1. Wireless Network - Three bad guys noticed that wireless pricing scanners had been used by a national retail chain store. - Moreover, transaction data were not encrypted and the access point (AP) was configured with the default administrator password. - So, they uploaded a tiny program to one of the store’s severs that can record customers’ credit card numbers into a file. - By parking near the store, they can read the file from their laptop. - Finally, they were arrested and sentenced…

  9. 1. Wireless Network ■In this lecture, we shall discuss three standards for securing wireless networks. - WEP (Wired Equivalent Privacy) - WPA (Wireless Protected Access) - WPA2 ■ Actually, they are a family, called IEEE 802.11. ■The corresponding commercial specifications are certified by Wi-Fi Alliance.

  10. 2. Wireless Network Security WEP (Wired Equivalent Privacy): ■ Specified by IEEE Standard 802.11a, 1997. ■ Aimed to make wireless as secure as wired networks. ■ Security flaws were identified before the ink was dry. ■ Most serious attacks can recover the the WEP key by analysing a few million encrypted packets. ■ In 2005, a group from FBI showed a demo to break a WEP protected wireless network within 3 minutes by using publicly available tools. ■ Open Source utilities: aircrack-ng, weplab, WEPCrack, …

  11. 2. Wireless Network Security How WEP works? ■ WEP uses RC4 to encrypt each packet M. ■ A WEP key K is shared among AP and all clients. ■ More specifically, the ciphertext C is generated by C=(M||ICV)RC4(IV||K). ICV: (non-cryptographic) checksum. IV: a per-packet initialization value (3 bytes=24 bits). K: from 5 to 16 bytes. ■ Finally, IV||C is transferred to the receiver.

  12. 2. Wireless Network Security Illustration of WEP: data 802.11 Hdr || ICV CRC-32 WEP Key Per-Frame Key RC4 Encryption K || 802.11 Hdr IV Data ICV

  13. 2. Wireless Network Security Weaknesses in WEP: ■ Key management and key size The same shared secret key is used for both authentication and encryption ■ Authentication Only one-way authentication. That is, AP is not authenticated to the client. ■ Integrity It is possible to modify some bits in a message so that the resulting message still passes the ICV test.

  14. 2. Wireless Network Security ■ Confidentiality - WEP RC4 can be compromised easily by passively analysing several millions of packets. - IV is short, reused, and not encrypted. - RC4 has some weaknesses. - Technical details can be found in the following paper. A. Stubblefield, J. Ioannidis, and A. D. Rubin. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP. 2001. http://citeseer.ist.psu.edu/stubblefield01using.html

  15. 2. Wireless Network Security WPA (Wireless Protected Access) or WEP2: ■ An interim solution to replace WEP. ■ Aimed to work well with hardware designed for WEP. ■ Still use RC4 for encryption. ■ Several new elements were introduced: - TKIP (Temporal Key Integrity Protocol). - MIC (message integrity code) for preventing forgery. - IV=48 bits for preventing replay attack. - A mixing function for generating per-frame key.

  16. 2. Wireless Network Security Illustration of WPA (or WEP2): data 802.11 Hdr TKIP MIC Function || MIC WEP Key Per-Frame Key RC4 Encryption Mixing Function K K’ Integrity Key 802.11 Hdr IV Data MIC

  17. 2. Wireless Network Security WPA2: ■ A long term solution specified by IEEE 802.11i in 2004. ■ Aimed to work with new hardware. ■ Use AES (in a new mode called CCM) for encryption. ■ Several new elements were introduced: - The base key K=128 bits. - MIC is 64 bits for preventing forgery. - IV=48 bits for preventing replay attack. - Packet sequence number is used to generate IV.

  18. 2. Wireless Network Security Format of WAP2: IV Key ID Encrypted by AES 802.11 Hdr 802.11i Hdr Data MIC FCS Authenticated by MIC - FCS: Frame Check Sequence - Check here for some nice diagrams for Wi-Fi Encryption: http://xirrus.gcsmarket.com/pdfs/Xirrus_WiFiEncryption.pdf

  19. Summary This Lecture: ■ Wireless Network Security - Background - WEP, WAP, WAP2

More Related