National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN...
-
Upload
amanda-webster -
Category
Documents
-
view
213 -
download
0
Transcript of National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN...
[1]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
Wireless LAN Security
Presented By SWAGAT SOURAV Roll # EE 200118189
Under the guidance of
Mr. Siddhartha Bhusan Neelamani
[2]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
• It is also easy to interfere with wireless communications. A simple jamming transmitter can make communications impossible. For example, consistently hammering an access point with access requests, whether successful or not, will eventually exhaust its available radio frequency spectrum and knock it off the network.
• Advantages of WLAN
• Disadvantages WLAN
Introduction
[3]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication• Wireless LANs, because of their broadcast nature, require the addition of:
User authentication Data privacy • Authenticating wireless LAN clients.
Client Authentication Process
[4]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication• Types Of Authentication
Open Authentication
• The authentication request
• The authentication response Shared Key Authentication
• requires that the client configure a static WEP key
Service Set Identifier (SSID) MAC Address Authentication
• MAC address authentication verifies the client’s MAC address against a locally configured list of allowed addresses or against an external authentication server
[5]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication Vulnerabilities
• SSID
An eavesdropper can easily determine the SSID with the use of an 802.11 wireless LAN packet analyzer, like Sniffer Pro.
• Open Authentication
Open authentication provides no way for the access point to determine whether a client is valid.
• Shared Key Authentication Vulnerabilities
The process of exchanging the challenge text occurs over the wireless link and is vulnerable to a man-in-the-middle attack
• MAC Address Authentication Vulnerabilities
A protocol analyzer can be used to determine a valid MAC address
[6]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption • WEP is based on the RC4 algorithm, which is a symmetric
key stream cipher. The encryption keys must match on both the client and the access point for frame exchanges to succeed
Stream Ciphers
Encrypts data by generating a key stream from the key and performing the XOR function on the key stream with the plain-text data
[7]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Block Ciphers
Fragments the frame into blocks of predetermined size and performs the XOR function on each block.
[8]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses • There are two encryption techniques to overcome WEP encryption weakness
Initialization vectorsFeedback modes
• Initialization vectors
[9]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Feedback Modes
[10]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Statistical Key Derivation—Passive Network Attacks
A WEP key could be derived by passively collecting particular frames from a wireless LAN
• Inductive Key Derivation—Active Network Attacks
Inductive key derivation is the process of deriving a key by coercing information from the wireless LAN
Initialization Vector Replay Attacks
Bit-Flipping Attacks
• Static WEP Key Management Issues
[11]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
Component of WLAN Security
• The Authentication Framework (802.1X)
• The EAP Authentication Algorithm
Mutual Authentication
User-Based Authentication
Dynamic WEP Keys
• Data Privacy with TKIP (Temporal Key Integrity Protocol )
A message integrity check (MIC
Per-packet keying
Broadcast Key Rotation
[12]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security• AES (Advanced Encryption Standard )
AES-OCB Mode
[13]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security AES-CCM Mode
[14]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
ConclusionWireless LAN deployments should be made as secure as possible. Standard 802.11 security is weak and vulnerable to numerous network attacks. This paper has highlighted these vulnerabilities and described how it can be solved to create secure wireless LANs.
Some security enhancement features might not be deployable in some situations because of device limitations such as application specific devices (ASDs such as 802.11 phones capable of static WEP only) or mixed vendor environments. In such cases, it is important that the network administrator understand the potential WLAN security vulnerabilities.
[15]
Nati
onal In
stit
ute
of
Sci
en
ce &
Tech
nolo
gy
WIRELESS LAN SECURITY
Swagat Sourav
Thank You!!!