4. IntroductionIntroduction
• Wireless Technology is an alternative to WiredWireless Technology is an alternative to Wired
Technology, which is commonly used, forTechnology, which is commonly used, for
connecting devices in wireless mode.connecting devices in wireless mode.
• Wi-Fi (Wireless Fidelity) is a generic term thatWi-Fi (Wireless Fidelity) is a generic term that
refers to the IEEE 802.11 communicationsrefers to the IEEE 802.11 communications
standard for Wireless Local Area Networksstandard for Wireless Local Area Networks
(WLANs).(WLANs).
• Wi-Fi Network connect computers to each other,Wi-Fi Network connect computers to each other,
to the internet and to the wired network.to the internet and to the wired network.
5. The Wi-Fi TechnologyThe Wi-Fi Technology
Wi-Fi Networks use Radio Technologies toWi-Fi Networks use Radio Technologies to
transmit & receive data at high speed:transmit & receive data at high speed:
• IEEE 802.11bIEEE 802.11b
• IEEE 802.11aIEEE 802.11a
• IEEE 802.11gIEEE 802.11g
6. IEEE 802.11bIEEE 802.11b
• Appear in late 1999Appear in late 1999
• Operates at 2.4GHz radio spectrumOperates at 2.4GHz radio spectrum
• 11 Mbps (theoretical speed) - within 30 m Range11 Mbps (theoretical speed) - within 30 m Range
• 4-6 Mbps (actual speed)4-6 Mbps (actual speed)
• 100 -150 feet range100 -150 feet range
• Most popular, Least ExpensiveMost popular, Least Expensive
• Interference from mobile phones and BluetoothInterference from mobile phones and Bluetooth
devices which can reduce the transmissiondevices which can reduce the transmission
speed.speed.
7. IEEE 802.11aIEEE 802.11a
• Introduced in 2001Introduced in 2001
• Operates at 5 GHz (less popular)Operates at 5 GHz (less popular)
• 54 Mbps (theoretical speed)54 Mbps (theoretical speed)
• 15-20 Mbps (Actual speed)15-20 Mbps (Actual speed)
• 50-75 feet range50-75 feet range
• More expensiveMore expensive
• Not compatible with 802.11bNot compatible with 802.11b
8. IEEE 802.11gIEEE 802.11g
• Introduced in 2003Introduced in 2003
• Combine the feature of both standardsCombine the feature of both standards
(a,b)(a,b)
• 100-150 feet range100-150 feet range
• 54 Mbps Speed54 Mbps Speed
• 2.4 GHz radio frequencies2.4 GHz radio frequencies
• Compatible with ‘b’Compatible with ‘b’
9. 802.11 Physical Layer802.11 Physical Layer
There are three sublayers in physical layer:There are three sublayers in physical layer:
• Direct Sequence Spread Spectrum (DSSS)Direct Sequence Spread Spectrum (DSSS)
• Frequency Hoping Spread Spectrum (FHSS)Frequency Hoping Spread Spectrum (FHSS)
• Diffused Infrared (DFIR) - Wide angleDiffused Infrared (DFIR) - Wide angle
10. DSSSDSSS
• Direct sequence signaling technique divides the 2.4 GHz band intoDirect sequence signaling technique divides the 2.4 GHz band into
11 22-MHz channels. Adjacent channels overlap one another22-MHz channels. Adjacent channels overlap one another
partially, with three of the 11 being completely non-overlapping.partially, with three of the 11 being completely non-overlapping.
Data is sent across one of these 22 MHz channels without hoppingData is sent across one of these 22 MHz channels without hopping
to other channels.to other channels.
11. IEEE 802.11 Data Link LayerIEEE 802.11 Data Link Layer
The data link layer consists of two sublayers :The data link layer consists of two sublayers :
• Logical Link Control (LLC)Logical Link Control (LLC)
• Media Access Control (MAC).Media Access Control (MAC).
802.11 uses the same 802.2 LLC and 48-bit addressing as other802.11 uses the same 802.2 LLC and 48-bit addressing as other
802 LANs, allowing for very simple bridging from wireless to802 LANs, allowing for very simple bridging from wireless to
IEEE wired networks, but the MAC is unique to WLANs.IEEE wired networks, but the MAC is unique to WLANs.
12. 802.11 Media Access Control802.11 Media Access Control
• Carrier Sense Medium Access with collisionCarrier Sense Medium Access with collision
avoidance protocol (CSMA/CA)avoidance protocol (CSMA/CA)
• Listen before talkingListen before talking
• Avoid collision by explicit Acknowledgement (ACK)Avoid collision by explicit Acknowledgement (ACK)
• Problem: additional overhead of ACK packets, soProblem: additional overhead of ACK packets, so
slow performanceslow performance
• Request to Send/Clear to SendRequest to Send/Clear to Send
(RTS/CTS) protocol(RTS/CTS) protocol
• Solution for “hidden node” problemSolution for “hidden node” problem
• Problem: Adds additional overhead by temporarilyProblem: Adds additional overhead by temporarily
reserving the medium, so used for large size packetsreserving the medium, so used for large size packets
only retransmission would be expensiveonly retransmission would be expensive
13. 802.11 Media Access802.11 Media Access
Control(cont.)Control(cont.)
• Power ManagementPower Management
• MAC supports power conservation to extend the battery life ofMAC supports power conservation to extend the battery life of
portable devicesportable devices
• Power utilization modesPower utilization modes
• Continuous Aware ModeContinuous Aware Mode
• Radio is always on and drawing powerRadio is always on and drawing power
• Power Save Polling ModePower Save Polling Mode
• Radio is “dozing” with access point queuing any data for itRadio is “dozing” with access point queuing any data for it
• The client radio will wake up periodically in time to receiveThe client radio will wake up periodically in time to receive
regularregular beaconbeacon signals from the access point.signals from the access point.
• The beacon includes information regarding which stations haveThe beacon includes information regarding which stations have
traffic waiting for themtraffic waiting for them
• The client awake on beacon notification and receive its dataThe client awake on beacon notification and receive its data
14. 802.11 Media Access802.11 Media Access
Control(cont.)Control(cont.)
• FragmentationFragmentation
• CRC checksumCRC checksum
• Each pkt has a CRC checksum calculatedEach pkt has a CRC checksum calculated
and attached to ensure that the data was notand attached to ensure that the data was not
corrupted in transitcorrupted in transit
• Association & RoamingAssociation & Roaming
15. Elements of a WI-FI NetworkElements of a WI-FI Network
• Access Point (AP) -Access Point (AP) - The AP is a wireless LANThe AP is a wireless LAN
transceiver or “base station” that can connect one or manytransceiver or “base station” that can connect one or many
wireless devices simultaneously to the Internet.wireless devices simultaneously to the Internet.
• Wi-Fi cards -Wi-Fi cards - They accept the wireless signal and relayThey accept the wireless signal and relay
information.They can be internal and external.(e.g PCMCIAinformation.They can be internal and external.(e.g PCMCIA
Card for Laptop and PCI Card for Desktop PC)Card for Laptop and PCI Card for Desktop PC)
• Safeguards -Safeguards - Firewalls and anti-virus software protectFirewalls and anti-virus software protect
networks from uninvited users and keep information secure.networks from uninvited users and keep information secure.
16. How a Wi-Fi Network WorksHow a Wi-Fi Network Works
• Basic concept is same as Walkie talkies.Basic concept is same as Walkie talkies.
• A Wi-Fi hotspot is created by installing an access pointA Wi-Fi hotspot is created by installing an access point
to an internet connection.to an internet connection.
• An access point acts as a base station.An access point acts as a base station.
• When Wi-Fi enabled device encounters a hotspot theWhen Wi-Fi enabled device encounters a hotspot the
device can then connect to that network wirelessly.device can then connect to that network wirelessly.
• A single access point can support up to 30 users andA single access point can support up to 30 users and
can function within a range of 100 – 150 feet indoors andcan function within a range of 100 – 150 feet indoors and
up to 300 feet outdoors.up to 300 feet outdoors.
• Many access points can be connected to each other viaMany access points can be connected to each other via
Ethernet cables to create a single large network.Ethernet cables to create a single large network.
18. AP-based topologyAP-based topology
• The client communicate through Access Point.The client communicate through Access Point.
• BSA-RF coverage provided by an AP.BSA-RF coverage provided by an AP.
• ESA-It consists of 2 or more BSA.ESA-It consists of 2 or more BSA.
• ESA cell includes 10-15% overlap to allowESA cell includes 10-15% overlap to allow
roaming.roaming.
19. Peer-to-peer topologyPeer-to-peer topology
• AP is not required.AP is not required.
• Client devices withinClient devices within
a cell cana cell can
communicate directlycommunicate directly
with each other.with each other.
• It is useful for settingIt is useful for setting
up of a wirelessup of a wireless
network quickly andnetwork quickly and
easily.easily.
20. Point-to-multipoint bridge topologyPoint-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANsThis is used to connect a LAN in one building to a LANs
in other buildings even if the buildings are milesin other buildings even if the buildings are miles
apart.These conditions receive a clear line of sightapart.These conditions receive a clear line of sight
between buildings. The line-of-sight range varies basedbetween buildings. The line-of-sight range varies based
on the type of wireless bridge and antenna used as wellon the type of wireless bridge and antenna used as well
as the environmental conditions.as the environmental conditions.
24. Wi-Fi ApplicationsWi-Fi Applications
• HomeHome
• Small Businesses or SOHOSmall Businesses or SOHO
• Large Corporations & CampusesLarge Corporations & Campuses
• Health CareHealth Care
• Wireless ISP (WISP)Wireless ISP (WISP)
• TravellersTravellers
25. Wi-Fi Security ThreatsWi-Fi Security Threats
• Wireless technology doesn’t remove anyWireless technology doesn’t remove any
old security issues, but introduces newold security issues, but introduces new
onesones
• EavesdroppingEavesdropping
• Man-in-the-middle attacksMan-in-the-middle attacks
• Denial of ServiceDenial of Service
26. EavesdroppingEavesdropping
• Easy to perform, almost impossible to detectEasy to perform, almost impossible to detect
• By default, everything is transmitted in clear textBy default, everything is transmitted in clear text
• Usernames, passwords, content ...Usernames, passwords, content ...
• No security offered by the transmission mediumNo security offered by the transmission medium
• Different tools available on the internetDifferent tools available on the internet
• Network sniffers, protocol analysers . . .Network sniffers, protocol analysers . . .
• Password collectorsPassword collectors
• With the right equipment, it’s possible toWith the right equipment, it’s possible to
eavesdrop traffic from few kilometers awayeavesdrop traffic from few kilometers away
27. MITM AttackMITM Attack
1.1. Attacker spoofes aAttacker spoofes a
disassociate messagedisassociate message
from the victimfrom the victim
2.2. The victim starts toThe victim starts to
look for a new accesslook for a new access
point, and the attackerpoint, and the attacker
advertises his own APadvertises his own AP
on a different channel,on a different channel,
using the real AP’susing the real AP’s
MAC addressMAC address
3.3. The attacker connectsThe attacker connects
to the real AP usingto the real AP using
victim’s MAC addressvictim’s MAC address
28. Denial of ServiceDenial of Service
• Attack on transmission frequecy usedAttack on transmission frequecy used
• Frequency jammingFrequency jamming
• Not very technical, but worksNot very technical, but works
• Attack on MAC layerAttack on MAC layer
• Spoofed deauthentication / disassociation messagesSpoofed deauthentication / disassociation messages
• can target one specific usercan target one specific user
• Attacks on higher layer protocol (TCP/IP protocol)Attacks on higher layer protocol (TCP/IP protocol)
• SYN FloodingSYN Flooding
29. Wi-Fi SecurityWi-Fi Security
The requirements for Wi-Fi networkThe requirements for Wi-Fi network
security can be broken down into twosecurity can be broken down into two
primary components:primary components:
• AuthenticationAuthentication
User AuthenticationUser Authentication
Server AuthenticationServer Authentication
• PrivacyPrivacy
30. AuthenticationAuthentication
• Keeping unauthorized users off the networkKeeping unauthorized users off the network
• User AuthenticationUser Authentication
• Authentication Server is usedAuthentication Server is used
• Username and passwordUsername and password
• Risk:Risk:
• Data (username & password) send before secure channelData (username & password) send before secure channel
establishedestablished
• Prone to passive eavesdropping by attackerProne to passive eavesdropping by attacker
• SolutionSolution
• Establishing a encrypted channel before sending usernameEstablishing a encrypted channel before sending username
and passwordand password
31. Authentication (cont..)Authentication (cont..)
• Server AuthenticationServer Authentication
• Digital Certificate is usedDigital Certificate is used
• Validation of digital certificate occursValidation of digital certificate occurs
automatically within client softwareautomatically within client software
32. Wi-Fi Security TechniquesWi-Fi Security Techniques
• Service Set Identifier (SSID)Service Set Identifier (SSID)
• Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
• 802.1X Access Control802.1X Access Control
• Wireless Protected Access (WPA)Wireless Protected Access (WPA)
• IEEE 802.11iIEEE 802.11i
33. Service Set Identifier (SSID)Service Set Identifier (SSID)
• SSID is used to identify an 802.11 networkSSID is used to identify an 802.11 network
• It can be pre-configured or advertised inIt can be pre-configured or advertised in
beacon broadcastbeacon broadcast
• It is transmitted in clear textIt is transmitted in clear text
• Provide very little securityProvide very little security
34. Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
• Provide same level of security as by wired networkProvide same level of security as by wired network
• Original security solution offered by the IEEE 802.11Original security solution offered by the IEEE 802.11
standardstandard
• Uses RC4 encryption with pre-shared keys and 24 bitUses RC4 encryption with pre-shared keys and 24 bit
initialization vectors (IV)initialization vectors (IV)
• key schedule is generated by concatenating the sharedkey schedule is generated by concatenating the shared
secret key with a random generated 24-bit IVsecret key with a random generated 24-bit IV
• 32 bit ICV (Integrity check value)32 bit ICV (Integrity check value)
• No. of bits in keyschedule is equal to sum of length ofNo. of bits in keyschedule is equal to sum of length of
the plaintext and ICVthe plaintext and ICV
35. Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)
(cont.)(cont.)
• 64 bit preshared key-WEP64 bit preshared key-WEP
• 128 bit preshared key-WEP2128 bit preshared key-WEP2
• Encrypt data only between 802.11 stations.once it entersEncrypt data only between 802.11 stations.once it enters
the wired side of the network (between access point)the wired side of the network (between access point)
WEP is no longer validWEP is no longer valid
• Security Issue with WEPSecurity Issue with WEP
• Short IVShort IV
• Static keyStatic key
• Offers very little security at allOffers very little security at all
36. 802.1x Access Control802.1x Access Control
• Designed as a general purpose network access control mechanismDesigned as a general purpose network access control mechanism
• Not Wi-Fi specificNot Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch portAuthenticate each client connected to AP (for WLAN) or switch port
(for Ethernet)(for Ethernet)
• Authentication is done with the RADIUS server, which ”tells” theAuthentication is done with the RADIUS server, which ”tells” the
access point whether access to controlled ports should be allowedaccess point whether access to controlled ports should be allowed
or notor not
• AP forces the user into an unauthorized stateAP forces the user into an unauthorized state
• user send an EAP start messageuser send an EAP start message
• AP return an EAP message requesting the user’s identityAP return an EAP message requesting the user’s identity
• Identity send by user is then forwared to the authentication server by APIdentity send by user is then forwared to the authentication server by AP
• Authentication server authenticate user and return an accept or rejectAuthentication server authenticate user and return an accept or reject
message back to the APmessage back to the AP
• If accept message is return, the AP changes the client’s state toIf accept message is return, the AP changes the client’s state to
authorized and normal traffic flowsauthorized and normal traffic flows
38. Wireless Protected Access (WPA)Wireless Protected Access (WPA)
• WPAWPA is a specification of standard based, interoperable securityis a specification of standard based, interoperable security
enhancements that strongly increase the level of data protectionenhancements that strongly increase the level of data protection
and access control for existing and future wireless LAN system.and access control for existing and future wireless LAN system.
• User AuthenticationUser Authentication
• 802.1x802.1x
• EAPEAP
• TKIP (Temporal Key Integrity Protocol) encryptionTKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)RC4, dynamic encryption keys (session based)
• 48 bit IV48 bit IV
• per packet key mixing functionper packet key mixing function
• Fixes all issues found from WEPFixes all issues found from WEP
• Uses Message Integrity Code (MIC) MichaelUses Message Integrity Code (MIC) Michael
• Ensures data integrityEnsures data integrity
• Old hardware should be upgradeable to WPAOld hardware should be upgradeable to WPA
39. Wireless Protected Access (WPA)Wireless Protected Access (WPA)
(cont.)(cont.)
• WPA comes in two flavorsWPA comes in two flavors
• WPA-PSKWPA-PSK
• use pre-shared keyuse pre-shared key
• For SOHO environmentsFor SOHO environments
• Single master key used for all usersSingle master key used for all users
• WPA EnterpriseWPA Enterprise
• For large organisationFor large organisation
• Most secure methodMost secure method
• Unique keys for each userUnique keys for each user
• Separate username & password for each userSeparate username & password for each user
40. WPA and Security ThreatsWPA and Security Threats
• Data is encryptedData is encrypted
• Protection against eavesdropping and man-in-the-Protection against eavesdropping and man-in-the-
middle attacksmiddle attacks
• Denial of ServiceDenial of Service
• Attack based on fake massages can not be used.Attack based on fake massages can not be used.
• As a security precaution, if WPA equipment seesAs a security precaution, if WPA equipment sees
two packets with invalid MICs within a second, ittwo packets with invalid MICs within a second, it
disassociates all its clients, and stops all activity fordisassociates all its clients, and stops all activity for
a minutea minute
• Only two packets a minute enough to completelyOnly two packets a minute enough to completely
stop a wireless networkstop a wireless network
41. 802.11i802.11i
• Provides standard for WLAN securityProvides standard for WLAN security
• AuthenticationAuthentication
• 802.1x802.1x
• Data encryptionData encryption
• AES protocol is usedAES protocol is used
• Secure fast handoff-This allow roamingSecure fast handoff-This allow roaming
between APs without requiring client tobetween APs without requiring client to
fully reauthenticate to every AP.fully reauthenticate to every AP.
• Will require new hardwareWill require new hardware
42. AdvantagesAdvantages
• MobilityMobility
• Ease of InstallationEase of Installation
• FlexibilityFlexibility
• CostCost
• ReliabilityReliability
• SecuritySecurity
• Use unlicensed part of the radio spectrumUse unlicensed part of the radio spectrum
• RoamingRoaming
• SpeedSpeed