1 / 27

IEEE 802.11

IEEE 802.11. Wireless Local Area Networks (WLAN’s). Two modes of operation:. 1. Ad-Hoc Mode The clients communicate directly with each other. No mediation is needed. 2. Infrastructure Mode Clients and stations. Stations – Computers with NIC (Network Interface Cards) and Access Points (APs).

oya
Télécharger la présentation

IEEE 802.11

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE 802.11 Wireless Local Area Networks(WLAN’s)

  2. Two modes of operation: 1. Ad-Hoc Mode The clients communicate directly with each other. No mediation is needed. 2. Infrastructure Mode Clients and stations. Stations – Computers with NIC (Network Interface Cards) and Access Points (APs)

  3. Communication With APs 3 stages: 1. Unauthenticated and Unassociated. 2. Authenticated and Unassociated. 3. Authenticated and Associated.

  4. Wireless Protocols IEEE 802.11 • WEP for security • Challenge/Response with symmetric key for authentication • IEEE 802.1X • WEP for security • EAP for authentication

  5. WEP- Wired Equivalent Privacy • Link layer security protocol. • Secures IEEE 802.11 communications. • Based upon RC4 stream cipher encryption system, with symmetric key.

  6. IV clear Encrypted text WEP protocol 40 bits 64 bits RC4 Shared Secret key Original text 24bits IV Initialization vector IV used IV clear Encrypted text CRC32 IV used IV Initialization vector 40 bits 64 bits Shared Secret key Original text CRC RC4

  7. Security problems in WEP • During the years, a lot of security problems have been discovered in WEP. • We will discuss the most important of those problems, which is known as the “IV Collisions” problem.

  8. IV Collisions • Every once in a while, an IV gets reused. • C1 = P1  RC4(v,k) • C2 = P2  RC4(v,k)

  9. IV Collisions (2) We get the following equation: C1C2 = (P1RC4(v,k))(P2RC4(v,k)) XOR is associative, and therefore: C1  C2 = P1  P2

  10. The Bottom line WEP security is better than no security at all, but not by much

  11. The Problem EAP assumes a secured connection to work with

  12. Problems over an unsecured connection • Snooping the user ID • Forging / changing EAP packets • Denial of service • Offline dictionary attack • Man-in-the-middle • Authentication method downgrading attack • Breaking a weak key

  13. B E A MD5 EAP Request <R> MD5 EAP Request <R> H(ID || KEY || R) EAP Failure H(ID || KEY || R) EAP Success Man-in-the-middle

  14. Possible Solutions • Mutual authentication • Cryptographic connection between authentication methods • Using a limited number of unsecured authentication methods • Preferring one strong method over a large number of weak ones.

  15. Possible Solutions (2) • Using authentication method that derives a symmetric key, prevents replay attack and promises message integrity • The authentication method should be safe against dictionary attack

  16. One method has all the above advantages: TLS

  17. Application Handshake protocol Alert CCS Record Protocol TCP Quick summary of TLS

  18. TCP three-way handshake Client Hello <Client Random, Proposed algorithms> Server Hello <Server random, Selected algorithm> CA Certificate Server done Client Key Exchange Enc (Pub(s),<Pre-Master secret>) Quick summary of TLS (2) Server Client Both sides perform a known calculation to derive the Master Key

  19. CCS (ID) FIN MAC authentication of all former messages CCS (ID) FIN MAC authentication of all former messages Data transfer (encrypted by the Master Key) Quick summary of TLS (3) Server Client

  20. Code Length Identifier TLS message length Type Flags TLS message length TLS Data EAP - TLS

  21. EAP Request <Identity> EAP Response <Identity (MyID)> EAP Request, type = EAP-TLS <TLS Start> EAP Response, type = EAP-TLS <TLS Client Hello> EAP Request, type = EAP-TLS <TLS Server Hello, TLS Certificate, TLS Certificate Request, TLS Server Done> EAP –TLS (2) Authenticator Peer

  22. EAP Response, type = EAP-TLS <TLS Certificate, TLS Client Key Exchange, TLS CCS, Certificate verify, TLS FIN> EAP Request, type = EAP-TLS <TLS CCS, TLS FIN> EAP Response, type = EAP-TLS EAP Success / EAP Failure EAP-TLS (3) Authenticator Peer

  23. Session resumption • The SessionID field in the TLS Client Hello Message should be the same as the ID of the session to return to. • The authenticator sends EAP request with TLS Server Hello, TLS CCS (using the former session CCS ID), and TLS FIN. • The peer sends EAP response with TLS CCS using the same ID, and TLS FIN. • The protocol continues as in the standard EAP-TLS.

  24. Session resumption (2) Advantages of session resumption: • Quick renewal of connections. • Handling roaming in WLAN.

  25. Key Derivation PRF1 = PRF (Master Secret, "Client EAP Encryption", Random) PRF2 = PRF ("", "Client EAP Encryption", Random) PRF1 is 128 bytes long. PRF2 is 64 bytes long.

  26. Key Derivation (2) 32 64 96 128 0 PRF1 Client’s ENC Key Server’s ENC Key Client’s Auth Key Server’s Auth Key 32 64 0 PRF2 Server’s IV Client’s IV

  27. Fragmentation • The first fragment raises the L, M and S flags. The total TLS message length is also included. • All other fragments, except the last, raise the M flag. The identification field in the EAP header increases by 1 with each fragment. • Every EAP with a TLS fragment is responded by an EAP packet with no data as an Ack.

More Related