3. INTRO
A Wireless LAN Links Two or more devices using some
wireless distribution method and usually providing a
connection through an access point to the wider internet.
IEEE 802 series standards
802.11 – wireless LANs (LAN)
802.15 – wireless personal area networks (e.g., Bluetooth)
802.16 – wireless broadband up to 155Mb
Wireless Network Security
4. 802.11a – 54 Mbps@5 GHz
Not interoperable with 802.11b
Limited distance
Dual-mode APs require 2 chipsets, look like two APs to clients
Cisco products: Aironet 1200
802.11b – 11 Mbps@2.4 GHz
Full speed up to 300 feet
Coverage up to 1750 feet
Cisco products: Aironet 340, 350, 1100, 1200
802.11g – 54 Mbps@2.4 GHz
Same range as 802.11b
Backward-compatible with 802.11b
Speeds slower in dual-mode
Cisco products: Aironet 1100, 1200
Wireless Network Security
5. The 802.11 wireless networks operate in two
basic modes:
1. Infrastructure mode
2. Ad-hoc mode
Infrastructure mode:
each wireless client connects directly to a
central device called Access Point (AP)
No direct connection between wireless clients
AP acts as a wireless hub that performs the
connections and handles them between wireless
clients
Wireless Network Security
6. The hub handles:
the clients’ authentication,
Authorization
link-level data security (access control and enabling
data traffic encryption)
Ad-hoc mode:
Each wireless client connects directly with each
other
No central device managing the connections
Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of
disaster…)
Each node must maintain its proper authentication
list
Wireless Network Security
7. Identifies a particular wireless network
A client must set the same SSID as the one in that
particular AP Point to join the network
Without SSID, the client won’t be able to select and
join a wireless network
Hiding SSID is not a security measure because the
wireless network in this case is not invisible
It can be defeated by intruders by sniffing it from any
probe signal containing it.
Wireless Network Security
8. The original native security mechanism for WLAN
provide security through a 802.11 network
Used to protect wireless communication from eavesdropping
(confidentiality)
Prevent unauthorized access to a wireless network (access
control)
Prevent tampering with transmitted messages
Provide users with the equivalent level of privacy inbuilt in
wireless networks.
Wireless Network Security
9. 1. Appends a 32-bit CRC checksum to each outgoing frame
(INTEGRITY)
2. Encrypts the frame using RC4 stream cipher = 40-bit (standard)
or 104-bit (Enhanced) message keys + a 24-bit IV random
initialization vector (CONFIDENTIALITY).
3. The Initialization Vector (IV) and default key on the station
access point are used to create a key stream
4. The key stream is then used to convert the plain text message
into the WEP encrypted frame.
Wireless Network Security
12. Initialization Vector IV
Dynamic 24-bit value
Chosen randomly by the transmitter wireless network
interface
16.7 million possible keys (224
)
Shared Secret Key
40 bits long (5 ASCII characters) when 64 bit key is used
104 bits long (13 ASCII characters) when 128 bit key is
used
Wireless Network Security
16. 1. The station sends an authentication request to AP
2. AP sends challenge text to the station.
3. The station uses its configured 64-bit or 128-bit default key
to encrypt the challenge text, and it sends the latter to AP.
4. AP decrypts the encrypted text using its configured WEP key
that corresponds to the station's default key.
5. AP compares the decrypted text with the original challenge
text.
6. If the decrypted text matches the original challenge text,
then the access point and the station share the same WEP
key, and the access point authenticates the station.
7. The station connects to the network.
Wireless Network Security
18. Wireless Network Security
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, plaintext appended to the key to
avoid Repetition
Injecting packets generates IVs
19. New technique in 2002
replacement of security flaws of WEP.
Improved data encryption
Strong user authentication
Because of many attacks related to
static key, WPA minimize shared secret
key in accordance with the frame
transmission.
Wireless Network Security
20. Data is encrypted using the RC4 stream
cipher, with a 128-bit key and a 48-bit
initialization vector (IV).
One major improvement in WPA over WEP is
the Temporal Key Integrity Protocol (TKIP),
which dynamically changes keys as the
system is used.
When combined with the much larger IV, this
defeats the well-known key recovery attacks
on WEP.
WPA also provides vastly improved payload
integrity.
Wireless Network Security
21. A more secure message authentication code
(usually known as a MAC, but here termed a MIC
for "Message Integrity Code") is used in WPA, an
algorithm named "Michael".
The MIC used in WPA includes a frame counter,
which prevents replay attacks being executed.
The Michael algorithm is a strong algorithm that
would still work with most older network cards.
WPA includes a special countermeasure
mechanism that detects an attempt to break TKIP
and temporarily blocks communications with the
attacker.
Wireless Network Security
22. Wireless Network Security
WEP WPA
ENCRYPTION RC4 RC4
KEY ROTATION NONE Dynamic Session Keys
KEY
DISTRIBUTION
Manually typed into
each device
Automatic
distribution available
AUTHENTICATI
ON
Uses WEP key as
Authentication
Can use 802.1x &
EAP
23. 1. It is easier to add or move workstations.
2. It is easier to provide connectivity in areas where it is difficult to lay
cable.
3. Installation is fast and easy, and it can eliminate the need to pull
cable through walls and ceilings.
4. Access to the network can be from anywhere within range of an
access point.
5.Portable or semi-permanent buildings can be connected using a
WLAN.
Wireless Network Security
24. 1.As the number of computers using the network increases, the data
transfer rate to each computer will decrease accordingly.
2.Lower wireless bandwidth means some applications such as video
streaming will be more effective on a wired LAN.
3.Security is more difficult to guarantee and requires configuration.
4.Devices will only operate at a limited distance from an access point,
with the distance determined by the standard used and buildings and
other obstacles between the access point and the user.
Wireless Network Security
25. 1.Wireless LANs very useful and convenient, but current security state
not ideal for sensitive environments.
2.Cahners In-Stat group predicts the market for wireless LANs will be $2.2
billion in 2004, up from $771 million in 2000.
3.Growing use and popularity require increased focus on security
Wireless Network Security