Final WiFi Technology

8/8/2019 Final WiFi Technology

1/27

WiWi--Fi TechnologyFi Technology


2/27

AgendaAgenda

IntroductionIntroduction

HistoryHistory

WiWi--FiFi TechnologiesTechnologies

WiWi--FiFi NetworkNetwork ElementsElements HowHow aa WiWi--FiFi NetworkNetwork WorksWorks

WiWi--FiFi NetworkNetwork TopologiesTopologies

WiWi--FiFi ConfigurationsConfigurations

ApplicationsApplications ofof WiWi--FiFi WiWi--FiFi SecuritySecurity

Advantages/Advantages/ DisadvantagesDisadvantages ofof WiWi--FiFi


3/27

IntroductionIntroduction

WirelessWireless TechnologyTechnology isis anan alternativealternative toto WiredWiredTechnology,Technology, whichwhich isis commonlycommonly used,used, for forconnectingconnecting devicesdevices inin wirelesswireless modemode..

WiWi--FiFi (Wireless(Wireless Fidelity)Fidelity) isis aa genericgeneric termterm thatthatrefersrefers toto thethe IEEEIEEE 802802..1111 communicationscommunicationsstandardstandard forfor WirelessWireless LocalLocal AreaArea NetworksNetworks(WLANs)(WLANs)..

WiWi--FiFi NetworkNetwork connectconnect computerscomputers toto eacheach other,other,toto thethe internetinternet andand toto thethe wiredwired networknetwork..


4/27

HistoryHistory

In 1991 WiIn 1991 Wi--Fi was invented byFi was invented by NCR CorporationNCR Corporation

/ AT & T./ AT & T.

Under the name WaveLAN with speeds ofUnder the name WaveLAN with speeds of

1Mbps/2Mbps.1Mbps/2Mbps.

Initially meant for Cashier systems.Initially meant for Cashier systems.

Vic HayesVic Hayes who is the inventor of Wiwho is the inventor of Wi--Fi has beenFi has been

named 'father of Winamed 'father of Wi--Fi.Fi. In 1997 the Institute of Electrical and ElectronicIn 1997 the Institute of Electrical and Electronic

Engineers (IEEE) worked out the 802.11Engineers (IEEE) worked out the 802.11

standard.standard.


5/27

The WiThe Wi--Fi TechnologyFi Technology

WiWi--FiFi NetworksNetworks useuse RadioRadio TechnologiesTechnologies tototransmittransmit && receivereceive datadata atat highhigh speedspeed::

IEEE 802.11bIEEE 802.11b

IEEE 802.11aIEEE 802.11a

IEEE 802.11gIEEE 802.11g


6/27

IEEE 802.11bIEEE 802.11b

Appear in late 1999Appear in late 1999

Operates at 2.4GHz radio spectrumOperates at 2.4GHz radio spectrum

11 Mbps (theoretical speed)11 Mbps (theoretical speed) -- within 30 m Rangewithin 30 m Range

44--6 Mbps (actual speed)6 Mbps (actual speed)

100100 --150 feet range150 feet range

Most popular, Least ExpensiveMost popular, Least Expensive

Interference from mobile phones and BluetoothInterference from mobile phones and Bluetooth

devices which can reduce the transmissiondevices which can reduce the transmission

speed.speed.


7/27

IEEE 802.11aIEEE 802.11a

Introduced in 2001Introduced in 2001

Operates at 5 GHz (less popular)Operates at 5 GHz (less popular)

54 Mbps (theoretical speed)54 Mbps (theoretical speed) 1515--20 Mbps (Actual speed)20 Mbps (Actual speed)

5050--75 feet range75 feet range

More expensiveMore expensive Not compatible with 802.11bNot compatible with 802.11b


8/27

IEEE 802.11gIEEE 802.11g

IntroducedIntroduced inin 20032003

CombineCombine thethe featurefeature ofof bothboth standardsstandards

(a,b)(a,b) 100100--150150 feetfeet rangerange

5454 MbpsMbps SpeedSpeed

22..44 GHzGHz radioradio frequenciesfrequencies CompatibleCompatible withwith bb


9/27

Elements of a WIElements of a WI--FI NetworkFI Network

AccessAccess PointPoint (AP)(AP) -- TheThe APAP isis aa wirelesswireless LANLANtransceivertransceiver oror basebase stationstation thatthat cancan connectconnect oneone oror manymany

wirelesswireless devicesdevices simultaneouslysimultaneously toto thethe InternetInternet..

WiWi--FiFi cardscards -- TheyThey acceptaccept thethe wirelesswireless signalsignal andand relayrelayinformationinformation..TheyThey cancan be be internalinternal andand externalexternal..(e(e..gg PCMCIAPCMCIA

CardCard forfor LaptopLaptop andand PCIPCI CardCard forfor DesktopDesktop PC)PC)

SafeguardsSafeguards -- FirewallsFirewalls andand antianti--virusvirus softwaresoftware protectprotectnetworksnetworks fromfrom uninviteduninvited usersusers andand keepkeep informationinformation securesecure..


10/27

How a WiHow a Wi--Fi Network WorksFi Network Works

BasicBasic conceptconcept isis samesame asas WalkieWalkie talkiestalkies..

AA WiWi--FiFi hotspothotspot isis createdcreated byby installinginstalling anan accessaccess pointpoint

toto anan internetinternet connectionconnection..

AnAn accessaccess pointpoint actsacts asas aa basebase stationstation.. WhenWhen WiWi--FiFi enabledenabled devicedevice encountersencounters aa hotspothotspot thethe

devicedevice cancan thenthen connectconnect toto thatthat networknetwork wirelesslywirelessly..

AA singlesingle accessaccess pointpoint cancan supportsupport upup toto 3030 usersusers andand

cancan functionfunction withinwithin aa rangerange ofof 100100 150150 feetfeet indoorsindoors andandupup toto 300300 feetfeet outdoorsoutdoors..

ManyMany accessaccess pointspoints cancan bebe connectedconnected toto eacheach otherother viavia

EthernetEthernet cablescables toto createcreate aa singlesingle largelarge networknetwork..


11/27

WiWi--Fi Network TopologiesFi Network Topologies

APAP--basedbased topologytopology (Infrastructure(Infrastructure Mode)Mode)

PeerPeer--toto--peerpeer topologytopology (Ad(Ad--hochoc Mode)Mode)

PointPoint--toto--multipointmultipoint bridgebridge topologytopology


12/27

APAP--based topologybased topology

TheThe clientclient communicatecommunicate throughthrough AccessAccess PointPoint..

BSABSA--RFRF coveragecoverage providedprovided byby anan APAP..

ESAESA--ItIt consistsconsists ofof 22 oror moremore BSABSA..

ESAESA cellcell includesincludes 1010--1515%% overlapoverlap toto allowallow

roamingroaming..


13/27

PeerPeer--toto--peer topologypeer topology

A

P is not required.A

P is not required. ClientClient devicesdevices withinwithin

aa cellcell cancan

communicatecommunicate directlydirectly

withwith eacheach otherother..

ItIt isis usefuluseful forfor settingsetting

upup of of aa wirelesswireless

networknetwork quicklyquickly andandeasilyeasily..


14/27

PointPoint--toto--multipoint bridge topologymultipoint bridge topology

ThisThis isis usedused toto connectconnect aa LANLAN inin oneone buildingbuilding toto aa LANsLANsinin other other buildingsbuildings eveneven if if thethe buildingsbuildings areare milesmiles

apartapart..TheseThese conditionsconditions receivereceive aa clear clear lineline of of sightsight

betweenbetween buildingsbuildings.. TheThe lineline--ofof--sightsight rangerange variesvaries basedbased

onon thethe typetype ofof wirelesswireless bridgebridge andand antennaantenna usedused asas wellwell

asas thethe environmentalenvironmental conditionsconditions..


15/27

WiWi--Fi ConfigurationsFi Configurations


16/27



17/27



18/27

WiWi--Fi ApplicationsFi Applications

HomeHome

Small BusinessesSmall Businesses

Large Corporations & CampusesLarge Corporations & Campuses Health CareHealth Care

Wireless ISP (WISP)Wireless ISP (WISP)

TravellersTravellers


19/27

WiWi--Fi Security ThreatsFi Security Threats

WirelessWireless technologytechnology doesntdoesnt removeremove anyany

oldold securitysecurity issues,issues, butbut introducesintroduces newnew

onesones

EavesdroppingEavesdropping

ManMan--inin--thethe--middle attacksmiddle attacks

Denial of ServiceDenial of Service


20/27

EavesdroppingEavesdropping

Easy to perform, almost impossible to detectEasy to perform, almost impossible to detect

By default, everything is transmitted in clear textBy default, everything is transmitted in clear text

Usernames, passwords, content ...Usernames, passwords, content ...

No security offered by the transmission mediumNo security offered by the transmission medium

Different tools available on the internetDifferent tools available on the internet

Network sniffers, protocol analysers . . .Network sniffers, protocol analysers . . .

Password collectorsPassword collectors With the right equipment, its possible toWith the right equipment, its possible to

eavesdrop traffic from few kilometers awayeavesdrop traffic from few kilometers away


21/27

MITM AttackMITM Attack

1.1. Attacker spoofes aAttacker spoofes adisassociate messagedisassociate messagefrom the victimfrom the victim

2.2. The victim starts toThe victim starts to

look for a new accesslook for a new accesspoint, and the attackerpoint, and the attackeradvertises his own APadvertises his own APon a different channel,on a different channel,using the real APsusing the real APs

MAC addressMAC address3.3. The attacker connectsThe attacker connects

to the real AP usingto the real AP usingvictims MAC addressvictims MAC address


22/27

Denial of ServiceDenial of Service

Attack on transmission frequecy usedAttack on transmission frequecy used

Frequency jammingFrequency jamming

Not very technical, but worksNot very technical, but works

A

ttack on MA

C layerA

ttack on MA

C layer Spoofed deauthentication / disassociation messagesSpoofed deauthentication / disassociation messages

can target one specific usercan target one specific user

Attacks on higher layer protocol (TCP/IP protocol)Attacks on higher layer protocol (TCP/IP protocol)

SYN FloodingSYN Flooding


23/27

WiWi--Fi SecurityFi Security

TheThe requirementsrequirements forfor WiWi--FiFi networknetwork

securitysecurity cancan bebe brokenbroken downdown intointo twotwo

primaryprimary componentscomponents::

AuthenticationAuthentication

UserUserAuthenticationAuthentication

ServerServerAuthenticationAuthentication

PrivacyPrivacy


24/27

AuthenticationAuthentication

Keeping unauthorized users off the networkKeeping unauthorized users off the network

UserAuthenticationUserAuthentication

Authentication Server is usedAuthentication Server is used

Username and passwordUsername and password

Risk:Risk:

Data (username & password) send before secure channelData (username & password) send before secure channel

establishedestablished

Prone to passive eavesdropping by attackerProne to passive eavesdropping by attacker

SolutionSolution

Establishing a encrypted channel before sending usernameEstablishing a encrypted channel before sending username

and passwordand password


25/27

Authentication (cont..)Authentication (cont..)

ServerAuthenticationServerAuthentication

Digital Certificate is usedDigital Certificate is used

Validation of digital certificate occursValidation of digital certificate occursautomatically within client softwareautomatically within client software


26/27

AdvantagesAdvantages

MobilityMobility

Ease of InstallationEase of Installation

FlexibilityFlexibility

CostCost

ReliabilityReliability

SecuritySecurity

Use unlicensed part of the radio spectrumUse unlicensed part of the radio spectrum RoamingRoaming

SpeedSpeed


27/27

LimitationsLimitations

InterferenceInterference

Degradation in performanceDegradation in performance

High power consumptionHigh power consumption Limited rangeLimited range

Final WiFi Technology

Documents

Transcript of Final WiFi Technology