Wired Equivalent Privacy (WEP) was an early protocol for wireless network security. It aimed to provide confidentiality through encryption and integrity through a checksum. However, WEP had several flaws:
1. It reused encryption keys too frequently due to a small initialization vector space, allowing the same encryption to be used for multiple packets.
2. It used a weak integrity checksum that could be predicted, allowing packets to be modified without detection.
3. Its short secret key provided insufficient security against brute force attacks to recover keys from captured network traffic.
It is the powerpoint slide.It is all about WPA 3.It will make wifi more secure.This is the future of wireless security.Know how the man in the middle attack and krack attack works.Know also about RC4 encryption.
It is the powerpoint slide.It is all about WPA 3.It will make wifi more secure.This is the future of wireless security.Know how the man in the middle attack and krack attack works.Know also about RC4 encryption.
We all use Wifi today. You know how much money it saves for your smart-phone data usage band-width. Connecting all your computers and gadgets with cables is not just history, even if you attempt it would be impractical!
Wifi being so pervasive, also brings along tremendous security implications. Come join us to look into details of Wifi security. How to secure your wifi network? How certain wifi encryption technologies can be hacked? We would prove that with live demos!
Join us to reflect on the security aspect of this technology, discuss about it and leave with more confidence about how 'secure' your WiFi access is?
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
This is the the technology which is very basic understanding on Wi- Fi technology..
What is Wi-Fi technology and how is working and also the advantages of wi-fi.....
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
This presentation contain basic knowledge about how voIP work and what are the security threat in voIP. It will also contain how we can prevent attack on voIP system.
We all use Wifi today. You know how much money it saves for your smart-phone data usage band-width. Connecting all your computers and gadgets with cables is not just history, even if you attempt it would be impractical!
Wifi being so pervasive, also brings along tremendous security implications. Come join us to look into details of Wifi security. How to secure your wifi network? How certain wifi encryption technologies can be hacked? We would prove that with live demos!
Join us to reflect on the security aspect of this technology, discuss about it and leave with more confidence about how 'secure' your WiFi access is?
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
Presented at NZISIG on Tuesday 26th February 2019.
"WPA3: What is it good for? (With a little bit of Bluetooth and a soupçon of GPS)"
I offered this talk to Purplecon but they didn't want it so you're getting it instead. Since it's been a few months I've added some other stuff on the end.
Overview of existing issues in WAP, WPA, WPA2 and WPS
Skateboarding dog story
WPA3 improvements:
- Password protection
- Preshared keys (Simultaneous Authentication of Equals - SAE)
- CNSA
- Opportunistic Wireless Encryption (OWE)
- Wifi Easy Connect
Bluetooth
- Direction finding
- End to end security
GPS
- 6th April could get interesting.
This is the the technology which is very basic understanding on Wi- Fi technology..
What is Wi-Fi technology and how is working and also the advantages of wi-fi.....
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
This presentation contain basic knowledge about how voIP work and what are the security threat in voIP. It will also contain how we can prevent attack on voIP system.
Understanding WiFi Security Vulnerabilities and SolutionsAirTight Networks
These slides include discussion on important Wi-Fi security issues and the solutions available to address them. Enterprises which need to secure their networks from Wi-Fi threats in order to protect their information assets, prevent unauthorized use of their network, enforce no-Wi-Fi zones, and meet regulatory compliance for themselves and their clients will benefit from this discussion.
The WEP protocol was introduced with the original 802.11 standards as a means to provide authentication and encryption to wireless LAN implementations.
WPA, became available in 2003, and it was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP encryption standard
This presentation describes the WEP issued in the original IEEE 802.11 and points out it's weakness and how can attacks be executed. Also, it summarizes the best practices to introduce security to the Wireless enviroment.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
2. • Cryptographic Background to WEP
• WEP Cryptographic Operations
• Problems with WEP
• Dynamic WEP
Contents
3. • Guarding against traffic interception is the domain of
cryptographic protocols.
• two most commonly cited informal security objectives are
1. maintaining the secrecy of network data and
2. ensuring it has not been tampered with.
• Initially ,WEP was the answer for wireless security.
• WEP has many flaws, but better than nothing (very simple)
WEP
4. WEP requires the use of the RC4 cipher (A stream cipher )
A stream cipher uses a stream of bits, called the keystream.
The keystream is then combined with the message to produce the ciphertext.
To recover the original message, the receiver processes the ciphertext with
an identical keystream.
Cryptographic Background to WEP
5. Keyed stream cipher operation
Most stream ciphers operate by taking a relatively short secret key and
expanding it into a pseudorandom keystream the same length as the
message. The pseudorandom number generator (PRNG) is a set of rules
used to expand the key into a keystream.
Cryptographic Background to WEP
6. Cryptographic Background to WEP
Stream Cipher Security
• A totally random keystream is called a one-time pad and is the only
known encryption scheme that is mathematically proven to protect
against certain types of attacks.
• One-time pads are not commonly used ,since
• keystream must be perfectly random
• the same length as the data
• it can never be reused.
7. WEP Cryptographic Operations
3 major objectives of security
1. Confidentiality :
• protection against interception by unauthorized parties.
• provided by encryption
2. Integrity :
• make sure data has not been modified.
• provided by integrity check sequence
3. Authentication and authorization
• finding out who the user is . WEP uses 802.1x.
• whether the access operation is allowed
WEP attempts to meet all these objectives
9. WEP Cryptographic Operations
WEP Data Processing
As input, WEP requires three items:
1. The payload to be protected
2. A secret key, used in frame encryption. WEP allows four keys to be
stored simultaneously.
3. An initialization vector, used along with the secret key in frame
transmission.
After processing, WEP has a single output:
An encrypted frame, ready for transmission over an untrusted network
with enough information to enable decryption at the remote end.
10. WEP Cryptographic Operations
WEP key length
• The only key length present in the standard is a 64-bit WEP seed
• 40 bits are shared, IV-24 bits
• 128-bit WEP seed
• 104 bits are a kept secret
• One vendor even offers the option of using 256-bit secret keys
• WEP, however, is not a well-designed cryptographic system, and the extra
bits in the key buy you very little
12. WEP Cryptographic Operations
• Each mobile device can have its own key value for unicast
frame.
• All users share a single default key.
• The AP can operate with default keys and key mapping keys
simultaneously;
• When the AP receives a frame (or wants to send one), it looks
in the key table to see whether there is an entry
corresponding to the MAC address of the mobile. If it finds an
entry, it uses it. If not, it uses the default key instead.
Key Mapping Keys
13. WEP Cryptographic Operations
• WEP uses two key distribution schemes:
Static WEP.
• Administrators distribute single default key manually
• Manual Key updates .
• WEP without any key distribution mechanism is often called
manual WEP or static WEP.
• uses same key for all frames transmitted by every station
• Static WEP is supported by Many low-power devices such as
802.11 phones, handheld bar code scanners, and even some
PDAs.
Manual (static) versus automatic (dynamic) WEP
14. WEP Cryptographic Operations
• Dynamic WEP
• The encryption keys used by the clients are distributed using key
encryption keys derived from strong authentication protocols.
• In this case, each station uses two keys.
1. mapping key, shared between the station and access point,
used to protect unicast frames.
2. default key, shared by all stations in the same service set, that
protects broadcast and multicast frames.
Manual (static) versus automatic (dynamic) WEP
15. WEP Cryptographic Operations
• Dynamic WEP advantages
• Keys are used less often and protects less traffic.
• Attackers have much less data to work for each key, making attacks
more time-consuming.
• At periodic intervals, the keys can be refreshed by the access point.
Manual (static) versus automatic (dynamic) WEP
18. Problems with WEP
Cryptographic Properties of RC4
• RC4 is remarkably simple to implement and considered to
be very strong if used in the right way.
• The basic idea behind RC4 encryption is to generate a
pseudorandom sequence of bytes called the key stream
that is then combined with the data using an exclusive OR
(XOR) operation
21. Problems with WEP
Cryptographic Properties of RC4
• Major weakness in any stream cipher - Reuse of the keystream
• XOR of the two encrypted packets is equivalent to the XOR of the
two plaintext packets
• By analyzing differences between the two streams in conjunction
with the structure of the frame body, attackers can learn about the
contents of the plaintext frames themselves
22. Problems with WEP
Cryptographic Properties of RC4
• To help prevent the reuse of the keystream, WEP uses the IV to
encrypt different packets with different RC4 keys.
• However, the IV is part of the packet header and is not encrypted.
23. Problems with WEP
Cryptographic Properties of RC4
• If IV’s repeat, confidentiality is at risk
– If we send two ciphertexts (C, C’) using the same IV, then the xor of
plaintexts leaks (P P’ = C C’), which might reveal both plaintexts
Lesson: If RC4 isn’t used carefully, it becomes insecure
IV, P RC4(K, IV)
IV, P’ RC4(K, IV)
24. Problems with WEP
Cryptographic Properties of RC4
• WEP uses CRC for integrity check but CRC is not
cryptographically secure.
• With CRC it is easy to predict how changing a single bit will
affect the result of the CRC calculation.
26. Design Flaws of the WEP System
• As standardized, static WEP offers a shared secret of only 40
bits.
• WEP's use of the IV tips off an attacker to the reuse of a
keystream.
• IV space is quite small so repetitions are guaranteed on
busy networks
• Two frames that share the same IV almost certainly use
the same secret key and keystream.
27. Design Flaws of the WEP System
• Infrequent rekeying allows attackers to have Decryption
dictionaries
• large collections of frames encrypted with the same key
streams
• As more frames with the same IV pile up, more information
is available about the unencrypted frames even if the
secret key is not recovered
28. Design Flaws of the WEP System
• WEP uses a CRC for the integrity check.
• Although the value of the integrity check is encrypted by
the RC4 keystream, CRCs are not cryptographically secure.
• Use of a weak integrity check does not prevent determined
attackers from transparently modifying frames.