The document discusses wireless local area network (WLAN) security. It describes common WLAN security methods like service set identifiers (SSIDs), Wired Equivalent Privacy (WEP), and media access control (MAC) address authentication. It also discusses newer security protocols like Wi-Fi Protected Access (WPA) and WPA2 that improved upon WEP. WPA2 is the strongest and uses the Advanced Encryption Standard (AES) along with 802.1X authentication, the Counter Mode with CBC-MAC Protocol (CCMP), and the Temporal Key Integrity Protocol (TKIP). The document recommends using a combination of security technologies and performing a threat risk assessment to determine the optimal WLAN security solution.

1. WLAN SECURITY
Name: ----
H.T No: 12AB40000
Guide By
------

2. ABSTRACT
Wireless LAN is a flexible communication system implemented as an
extension to a wired LAN, using electromagnetic waves to transmit and
receive data over air, minimizing the need for wired connections. It is a
communication network that provides connectvity to wireless devices
within a limited geographic are such as home, school, single office, building
or campus. ”Wi-Fi” is universal standard for wireless networks and is the
wireless equivalent of wired Ethernet networks.

3. WLAN and Architecture
 WLAN: Linking of two or more computers without using wires which
uses spread spectrum technology based on radio waves

4. WLAN and Architecture

5. Basic security in WLAN
SSIDs, WEP, and MAC Address Authentication:
 Service Set Identifiers: Prevents access by any client device that does
not have the SSID.
 Open or shared-key authentication, static WEP key: Access point
sends the client device a challenge-text packet which client must
encrypt
 Media Access Control authentication: clients MAC address
matches an address in an authentication table

6. Wi-Fi Protected Access (WPA)
 There are two types of WPA authentication:
WPA and WPA2. WPA is designed to work with all wireless network
adapters, but it might not work with older routers or access points.
WPA2 is more secure than WPA, but it will not work with some older
network adapters. WPA is designed to be used with an 802.1X
authentication server.

7. Features of WPA
 WPA Authentication
 Pre-shared key (PSK)
 every user given the same pass-phrase
 less secure
 preferred for Personal mode - homes, small offices
 IEEE 802.1X authentication
 server distributes different keys to each user
 enhanced security and authentication
 preferred for enterprise mode - business, government, education

8. Encryption
RC4 stream cipher using 128-bit key, 48-bit IV
larger IV defeats Key recovery attack
Key Management
Temporal Key Integrity Protocol (TKIP) - dynamically changes
encryption keys for each packet.
Payload Integrity
8 Byte Message integrity code( MIC)
Calculated by algorithm called Michael
MIC includes a frame counter to prevent replay attacks

9. Components of WPA2
 802.1X Port-Based Network Access Control – for authentication
 Counter Mode with CBC-MAC Protocol (CCMP) – for
confidentiality, integrity and origin authentication
 Temporary Key Integrity Protocol (TKIP)

10. IEEE 802.1X
 802.1X is an IEEE standard for port-based Network Access Control for
LANs
 For WLANs, it is based on the EAP, Extensible Authentication Protocol
 The authentication is usually done by a third-party entity, such as a
RADIUS server

11. TKIP - Temporal Key Integrity Protocol
 RC4 stream cipher as in WEP
 Keys used for encryption - 128-bit long
 Keys used for authentication - 64 bit long

12. TKIP provides
 Per-Packet Key Hashing to Mitigate "Weak IV" Attacks:
Each time a wireless station associates to an access point, a new
base key is created which is built by hashing base key with the IV.
 Prevention of Collision attacks: Each packet transmitted
using TKIP has a unique 48-bit serial number which
incremented every time a packet is transmitted. This solves
another problem in WEP, called "collision attacks," which can
occur when the same key is used for two different packets.

13. CCMP (Counter Mode with CBC MACProtocol)
 CCMP uses the counter mode (CTR) for data confidentiality and
the Cipher Block Chaining Message Authentication Code (CBC-
MAC) for data integrity.
 It uses the Advanced Encryption Standard (AES) algorithm with
a 128-bit key and a 128-bit block size.
 CCMP uses a 48-bit Packet Number (PN) to prevent replay
attacks and construct a fresh nonce for each packet.

14. Some other solutions
 Smart cards
Beneficial in environments requiring authentication beyond
simple username and password
 User certificate and other information are stored on the cards
 VPN
Provides secure data transmission across public network
infrastructures.
Use IPsec Protocol suite for ensuring private
communications.
 Biometrics
For agencies needing higher levels of security, biometrics
such as fingerprint/palm-print scanners , optical scanner can
be integrated with wireless smart cards

15. Advantages of WLAN:
 It's easier to add or move workstations.
 Easier to provide connectivity in areas that are difficult to lay cable.
 Installation is quick and easy.

16. Disadvantages of WLAN:
 When the number of computers that use the network increases,
the data transfer to the computer each will be reduced.
 The low bandwidth wireless.
 Long-term cost benefits can be found in the static environment.

17. Conclusion
 The optimal security solution for WLAN involves a combination of
security technologies.
 A detailed threat risk assessment and analysis is essential to determine
which security measures or combination of measures are the most
effective.

18. References
 en.wikipedia.org/wiki/Wi-Fi_Protected_Access
 en.wikipedia.org/wiki/WPA2
 http://en.wikipedia.org/wiki/IEEE_802.1x
 en.wikipedia.org/wiki/TKIP
 http://www.networkworld.com/reviews/2004/1004wirelesstkip.html
 http://tldp.org/HOWTO/html_single/8021X-HOWTO/#p8021x
 www.wi-fiplanet.com/tutorials/article.php/953561
 www.drizzle.com/~aboba/IEEE/