Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Size: px
Start display at page:

Download "Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018"

Transcription

1 Perry Correll Aerohive, Wi-Fi Alliance member October

2 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi has become a key complementary technology for enterprise and carrier networks and an essential part of the home indicates this value will only rise as next generation products and deployments become available over the next several years. Wi-Fi is one of the greatest success stories of the technology era, and its societal benefits have long been known. 2

3 Agenda About Wi-Fi Alliance Recent program activity Wi-Fi CERTIFIED WPA3 : Next generation Wi-Fi security Wi-Fi CERTIFIED Easy Connect : Simple IoT device connection Wi-Fi CERTIFIED Enhanced Open : Better data protections in open networks 3

4 The worldwide network of companies that brings you Wi-Fi Effective global collaboration 800+ member companies Constant evolution Driving industry growth 4

5 5

6 One of the greatest success stories of the high tech era 9+ billion devices in use 3+ billion shipments per year Nonstop innovation Primary medium for global internet traffic Source: ABI Research,

7 Recent Wi-Fi Alliance program releases Wi-Fi CERTIFIED Optimized Connectivity : Part of the Wi-Fi CERTIFIED Vantage program, Wi-Fi Optimized Connectivity leverages Wi-Fi features that bring users a seamless connectivity experience when traveling across networks. Wi-Fi CERTIFIED Wi-Fi Aware : New capabilities and optimization for dense environments enable Wi-Fi Aware to provide more personalized mobility experiences. Native support available in Android Oreo operating systems. Wi-Fi CERTIFIED EasyMesh : Harmonizing the burgeoning multiple-ap system market, Wi-Fi EasyMesh brings a standards-based approach to full coverage, self-adapting residential Wi-Fi. Wi-Fi CERTIFIED Enhanced Open: Wi-Fi Enhanced Open devices provide data encryption to users, preserving the convenience open networks offer while reducing some of the risks associated with accessing an unsecured network. Wi-Fi CERTIFIED Easy Connect: Connecting devices to Wi-Fi networks has never been simpler; Wi-Fi Easy Connect makes secure device provisioning as easy as scanning a product QR code. 7

8 Wi-Fi Protected Access Next generation Wi-Fi security

9 Consumer and enterprise confidence in Wi-Fi security is essential to continued growth in Wi-Fi use 9

10 Wi-Fi CERTIFIED WPA3: Next generation Wi-Fi security Wi-Fi CERTIFIED WPA3 is next generation Wi-Fi security for personal and enterprise networks Delivers suite of features to simplify Wi-Fi security configuration and enhance network security protections WPA3 Brings robust authentication, increased cryptographic strength Offers protections in ever-changing threat landscape WPA3 and Wi-Fi Easy Connect provide good experience, secure connections Wi-Fi security highlights 10

11 WPA3 protects users in Wi-Fi CERTIFIED networks WPA3 networks use latest security methods and disallow legacy protocols, such as Temporal Key Integrity Protocol (TKIP) WPA3 requires use of Protected Management Frames (PMF) As WPA3 adoption grows, next generation Wi-Fi security will become mandatory WPA3 maintains interoperability with WPA2 devices through a transition mode WPA2, updated earlier this year, continues to be mandatory for Wi-Fi CERTIFIED devices 11

12 WPA3 supports the market through two distinct modes WPA3-Personal: Robust, password-based authentication WPA3-Enterprise: Enterprise-grade security for sensitive data networks Resistant to offline dictionary attacks; stronger protections for users against password guessing attempts by third parties Protection even when users choose passwords that fall short of complexity recommendations Provides forward secrecy; protects data traffic even if a password is later compromised No change to the way users connect to a network Available 192-bit cryptographic strength for networks transmitting sensitive data 192-bit security suite provides additional security for networks like government and finance Greater consistency in application of security protocols Better network resiliency 12

13 WPA3-Personal Password-based authentication with increased protections by replacing PSK with Simultaneous Authentication of Equals (SAE) from IEEE specification WPA3-Personal uses passwords for authentication by proving knowledge of the password and not for key derivation SAE handshake negotiates a fresh Pairwise Master Key (PMK) per client, which is then used in a traditional Wi-Fi four-way handshake to generate session keys Neither the PMK nor the password credential used in the SAE exchange can be obtained by a passive attack, active attack, or offline dictionary attack Resistant to offline dictionary attacks because each instance of the authentication exchange only allows both parties to guess the password once Forward secrecy is provided because the SAE handshake assures the PMK cannot be recovered if the password becomes known Transition mode enables WPA2-Personal and WPA3-Personal simultaneously on a single basic service set (BSS) using same passphrase, and clients connect at highest security supported 13

14 WPA3-Enterprise WPA3-Enterprise does not fundamentally change the protocols defined in WPA2-Enterprise, and client devices will continue to interoperate with WPA3-Enterprise networks Disabling PMF for a WPA3-Enterprise network is not an option: PMF capable or required Optional 192-bit security provides additional security for segmented networks transmitting sensitive data, such as within government, healthcare, or finance 192-bit security suite certifies a consistent set of cryptographic tools, includes: GCMP-256 for authenticated encryption HMAC-SHA384 for key derivation and key confirmation ECDHE and ECDSA using a 384-bit elliptic curve for key establishment and authentication BIP-GMAC-256 for robust management frame protection RSA key lengths of 3K bits or greater for asymmetric cryptography and digital signatures may be offered for legacy interoperability WPA3-Enterprise 192-bit security ensures the right combination of cryptographic tools are used, and sets a consistent baseline of security, within a WPA3 network 14

15 WPA3 continues the evolution of Wi-Fi security and maintains the brand promise of Wi-Fi Protected Access 15

16 Complementary programs

17 Wi-Fi CERTIFIED Easy Connect: simple, secure way to connect smart home and IoT devices Wi-Fi Easy Connect simplifies process of adding Wi-Fi devices with limited or no display interface to Wi-Fi network Enables the utilization of device with more robust interface to easily provision and configure devices Use smartphone or tablet to scan product QR code to add devices to a Wi-Fi network Provides standardized, consistent method for onboarding IoT devices Supports WPA2 and WPA3 networks Wi-Fi Easy Connect highlights 17

18 Wi-Fi Easy Connect enhances the user experience while maintaining secure connections Wi-Fi Easy Connect defines two roles Configurator: a trusted device, such as a smartphone, serving as a central point of configuration for all devices on the network Enrollee: device that a network owner wants to connect to the network, including APs 18

19 Wi-Fi Easy Connect basics Wi-Fi Easy Connect is based on the Wi-Fi Alliance Device Provisioning Protocol Specification, which consists of a four-step process: bootstrapping, authentication, configuration, and network access Bootstrapping and authentication Every device ships with an identify in the form of public/private keys Establishes a trust relationship through exchange of public keys (one-way or mutual) Performed by scanning QR code or exchanging human-readable string Public keys are not part of security credential received during configuration Device Provisioning Protocol (DPP) authentication protocol establishes a secure Wi-Fi connection using public keys Configuration Configurator passes configuration object to enrollee over secure connection Configuration object includes credential, which may be signed enrollee connector Signed enrollee connector consists of public key (not the bootstrapping public key), network role, and group attributes, and it is unique to the Wi-Fi device owning it 19

20 Wi-Fi Easy Connect basics Network access Network introduction protocol allows an enrollee client device to securely connect to an enrollee AP using connectors provided by a configurator Enrollee client device and enrollee AP validate that each connector is signed by the configurator and that their roles are complementary, such as client and AP Enrollees validate that the group attributes match Enrollee client and enrollee AP mutually derive a unique pairwise master key (PMK) based on their public connector keys Enrollee client and enrollee AP establish connectivity 20

21 Wi-Fi CERTIFIED Enhanced Open: Better data protections in open networks Preserves convenience of open networks while reducing associated risks Provides protections in scenarios where user authentication is not desired, distribution of credentials impractical Protections against passive eavesdropping without a password or extra steps to join the network Integrates established cryptography mechanisms to provide each user with unique individual encryption Wi-Fi Alliance recommends using Wi-Fi Protected Access security when possible; when it is not, Wi-Fi Enhanced Open brings protections that traditional open networks do not 21

22 Wi-Fi Enhanced Open Wi-Fi Enhanced Open technology is based on Opportunistic Wireless Encryption (OWE), defined in the Internet Engineering Task Force (IETF) RFC8110 OWE overlays an Elliptic-curve Diffie-Hellman (ECDH) key exchange on top of association to a Wi-Fi network OWE does not provide authentication, and does not guard against man-in-the-middle attacks that lure clients to connect to a rogue AP OWE does protect against passive eavesdropping, as well as unsophisticated packet injection such as deauthentication storm attacks or layer-2 injection of data into insecure HTTP sessions Network managers must remain vigilant in monitoring for rogue APs and active attackers that modify information being transmitted on a network Certain types of insider attacks, such as ARP spoofing, might be mitigated on Wi-Fi Enhanced Open networks by configuring the network to isolate clients 22

23 Thank you! Wi-Fi Alliance introduces next generation, WPA3 security for personal and enterprise networks WPA3 brings simplified security, robust authentication, increased cryptographic strength WPA2 remains mandatory for Wi-Fi CERTIFIED devices. As WPA3 adoption grows, WPA3 will become mandatory. Wi-Fi Easy Connect delivers a simple, secure way to connect smart home, IoT devices Wi-Fi Alliance always recommends Wi-Fi security. In scenarios where authentication is not possible/desired, Wi-Fi Enhanced Open provides additional data protections 23

24 Wi-Fi: Cornerstone of connected life today, and into the future Please provide your feedback on today s presentation 24

Chapter 24 Wireless Network Security

Chapter 24 Wireless Network Security Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Why wireless? Wifi, which is short for wireless fi something, allows your computer to connect to the Internet using magic. -Motel 6 commercial 2 but it comes at a price Wireless

More information

Chapter 17. Wireless Network Security

Chapter 17. Wireless Network Security Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand

More information

White paper. Combatant command (COCOM) next-generation security architecture

White paper. Combatant command (COCOM) next-generation security architecture Combatant command () next-generation security architecture using NSA Suite B Table of Contents Combatant command () next-generation security architecture using NSA Suite B NSA Commercial Solution for Classified

More information

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted. Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.

More information

WPA Passive Dictionary Attack Overview

WPA Passive Dictionary Attack Overview WPA Passive Dictionary Attack Overview TakehiroTakahashi This short paper presents an attack against the Pre-Shared Key version of the WPA encryption platform and argues the need for replacement. What

More information

Network Encryption 3 4/20/17

Network Encryption 3 4/20/17 The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server

More information

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities Wireless Security Comp Sci 3600 Security Outline 1 2 3 Wired versus wireless Endpoint Access point Figure 24.1 Wireless Networking Components Locations and types of attack Outline 1 2 3 Wired Equivalent

More information

Introduction to Device Trust Architecture

Introduction to Device Trust Architecture Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform

More information

Authentication Technology for a Smart eid Infrastructure.

Authentication Technology for a Smart eid Infrastructure. Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts

More information

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Frequently Asked Questions WPA2 Vulnerability (KRACK) Frequently Asked Questions WPA2 Vulnerability (KRACK) Release Date: October 20, 2017 Document version: 1.0 What is the issue? A research paper disclosed serious vulnerabilities in the WPA and WPA2 key

More information

Wireless technology Principles of Security

Wireless technology Principles of Security Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so

More information

Configuring the Client Adapter through Windows CE.NET

Configuring the Client Adapter through Windows CE.NET APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:

More information

Configuring Layer2 Security

Configuring Layer2 Security Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring

More information

What is Eavedropping?

What is Eavedropping? WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks

More information

Security in NFC Readers

Security in NFC Readers Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic

More information

Wi-Fi CERTIFIED WiGig : Wi-Fi expands to 60 GHz October 2016

Wi-Fi CERTIFIED WiGig : Wi-Fi expands to 60 GHz October 2016 Wi-Fi CERTIFIED WiGig : Wi-Fi expands to 60 GHz October 2016 The following document and the information contained herein regarding Wi-Fi Alliance programs and expected dates of launch are subject to revision

More information

Aerohive Private PSK. solution brief

Aerohive Private PSK. solution brief Aerohive Private PSK solution brief Table of Contents Introduction... 3 Overview of Common Methods for Wi-Fi Access... 4 Wi-Fi Access using Aerohive Private PSK... 6 Private PSK Deployments Using HiveManager...

More information

BYOD: BRING YOUR OWN DEVICE.

BYOD: BRING YOUR OWN DEVICE. white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased

More information

Cisco Start. IT solutions designed to propel your business

Cisco Start. IT solutions designed to propel your business Cisco Start IT solutions designed to propel your business Small and medium-sized businesses (SMBs) typically have very limited resources to invest in new technologies. With every IT investment made, they

More information

WPA-GPG: Wireless authentication using GPG Key

WPA-GPG: Wireless authentication using GPG Key Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication

More information

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.

More information

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these

More information

Configuring a WLAN for Static WEP

Configuring a WLAN for Static WEP Restrictions for Configuring Static WEP, page 1 Information About WLAN for Static WEP, page 1 Configuring WPA1+WPA2, page 3 Restrictions for Configuring Static WEP The OEAP 600 series does not support

More information

Configuring Wireless Security Settings on the RV130W

Configuring Wireless Security Settings on the RV130W Article ID: 5021 Configuring Wireless Security Settings on the RV130W Objective Wireless networking operates by sending information over radio waves, which can be more vulnerable to intruders than a traditional

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

Aerohive and IntelliGO End-to-End Security for devices on your network

Aerohive and IntelliGO End-to-End Security for devices on your network Aerohive and IntelliGO End-to-End Security for devices on your network Introduction Networks have long used a password to authenticate users and devices. Today, many cyber attacks can be used to capture

More information

Configuring the Client Adapter through the Windows XP Operating System

Configuring the Client Adapter through the Windows XP Operating System APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in

More information

Network Security and Cryptography. December Sample Exam Marking Scheme

Network Security and Cryptography. December Sample Exam Marking Scheme Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers

More information

Achieving End-to-End Security in the Internet of Things (IoT)

Achieving End-to-End Security in the Internet of Things (IoT) Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of

More information

Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS)

Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) Technical Overview Secure, cloud-based workflow, alert, and notification platform built on top of Amazon Web Services (AWS) Copyright 2017 by Bluetooth SIG, Inc. The Bluetooth word mark and logos are owned

More information

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

White Paper for Wacom: Cryptography in the STU-541 Tablet

White Paper for Wacom: Cryptography in the STU-541 Tablet Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5

More information

Wireless Attacks and Countermeasures

Wireless Attacks and Countermeasures Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone

More information

About FIPS, NGE, and AnyConnect

About FIPS, NGE, and AnyConnect About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect

More information

Request for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009

Request for Comments: 5422 Category: Informational H. Zhou Cisco Systems March 2009 Network Working Group Request for Comments: 5422 Category: Informational N. Cam-Winget D. McGrew J. Salowey H. Zhou Cisco Systems March 2009 Dynamic Provisioning Using Flexible Authentication via Secure

More information

Cryptographic Protocols 1

Cryptographic Protocols 1 Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange

More information

Network Access Flows APPENDIXB

Network Access Flows APPENDIXB APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies

More information

COPYRIGHTED MATERIAL. Contents

COPYRIGHTED MATERIAL. Contents Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical

More information

ARM Security Solutions and Numonyx Authenticated Flash

ARM Security Solutions and Numonyx Authenticated Flash ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware

More information

Chapter 1 Describing Regulatory Compliance

Chapter 1 Describing Regulatory Compliance [ 2 ] Chapter 1 Describing Regulatory Compliance Failure to secure a WLAN makes it vulnerable to attack. To properly secure your network, you must be able to identify common threats to wireless and know

More information

Connecting Securely to the Cloud

Connecting Securely to the Cloud Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017 Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017 Overview 1. Key reinstallation in 4-way handshake 2. Misconceptions and remarks

More information

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS) Internet Engineering Task Force (IETF) M. Salter Request for Comments: 6460 National Security Agency Obsoletes: 5430 R. Housley Category: Informational Vigil Security ISSN: 2070-1721 January 2012 Abstract

More information

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices. Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise

More information

WLAN Roaming and Fast-Secure Roaming on CUWN

WLAN Roaming and Fast-Secure Roaming on CUWN 802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP

More information

The Next Generation of Credential Technology

The Next Generation of Credential Technology The Next Generation of Credential Technology Seos Credential Technology from HID Global The Next Generation of Credential Technology Seos provides the ideal mix of security and flexibility for any organization.

More information

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018 KRACKing WPA2 in Practice Using Key Reinstallation Attacks Mathy Vanhoef @vanhoefm BlueHat IL, 24 January 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned

More information

Securing Network Communications

Securing Network Communications Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise

More information

Securing Wireless LANs with Certificate Services

Securing Wireless LANs with Certificate Services 1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the

More information

The RNS (Robust Secure Network) IE must be enabled with an AES Cipher.

The RNS (Robust Secure Network) IE must be enabled with an AES Cipher. Finding Feature Information, page 1 Prerequisites for 802.11w, page 1 Restrictions for 802.11w, page 2 Information About 802.11w, page 2 How to Configure 802.11w, page 3 Disabling 802.11w (CLI), page 5

More information

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802. WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,

More information

Lab Configure Enterprise Security on AP

Lab Configure Enterprise Security on AP Lab 8.5.4.1 Configure Enterprise Security on AP Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, students will demonstrate an understanding

More information

Applying biometric authentication to physical access control systems

Applying biometric authentication to physical access control systems Applying biometric authentication to physical access control systems Published on 24 Jul 2018 Over the past few years, biometrics has rapidly expanded into consumer applications, like the financial market

More information

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point

More information

Appendix E Wireless Networking Basics

Appendix E Wireless Networking Basics Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical

More information

Device Provisioning Protocol Specification

Device Provisioning Protocol Specification Device Provisioning Protocol Specification Version 1.0 WI-FI ALLIANCE PROPRIETARY SUBJECT TO CHANGE WITHOUT NOTICE This document may be used with the permission of Wi-Fi Alliance under the terms set forth

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication

More information

Authentication. Identification. AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

ClearPass QuickConnect 2.0

ClearPass QuickConnect 2.0 ClearPass QuickConnect 2.0 User Guide Copyright 2013 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo,

More information

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc. The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE

More information

Configuring the Client Adapter through the Windows XP Operating System

Configuring the Client Adapter through the Windows XP Operating System APPENDIX E through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in this appendix: Overview, page

More information

Wireless Networking WiFi Standards 802.11a 5GHz 54MB 802.11b 2.4 GHz 11MB 802.11g 2.4GHz 52MB 802.11n 2.4/5GHz 108MB 802.11b The 802.11b standard has a maximum raw data rate of 11 Mbit/s, and uses

More information

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009 Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety

More information

VPN Overview. VPN Types

VPN Overview. VPN Types VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat

More information

Prepare Your Network for BYOD. Meraki Webinar Series

Prepare Your Network for BYOD. Meraki Webinar Series Prepare Your Network for BYOD Meraki Webinar Series 1 Agenda Introduction to Meraki and Cloud Networking BYOD objectives Taming BYOD: capacity, security & management Design considerations Live demos Product

More information

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012 NWD2705 Dual-Band Wireless N450 USB Adapter Version 1.00 Edition 1, 09/2012 Quick Start Guide User s Guide www.zyxel.com Copyright 2012 ZyXEL Communications Corporation IMPORTANT! READ CAREFULLY BEFORE

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange

More information

Trust and Security Issues in Decentralised Wireless Networks

Trust and Security Issues in Decentralised Wireless Networks Trust and Security Issues in Decentralised Wireless Networks Professor Alan Marshall Advanced Networks Laboratory Department of Electrical Engineering and Electronics Cybercrime Any act which relies significantly

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of

More information

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1.

1.0 Basic RF Characteristics (15%) 1.1 Describe RF signal characteristics Frequency Amplitude Phase 1.1. CWT 100 Objectives The Certified Wireless Technician (CWT) is an individual who can install APs based on a design document, configure the AP for initial operations and ensure connectivity. The individual

More information

Secure Wireless LAN Design and Deployment

Secure Wireless LAN Design and Deployment Secure Wireless LAN Design and Deployment Mark Krischer CTO, Enterprise Networks Asia Pacific, Japan and Greater China Abstract The proliferation of mobile devices and the rise of BYOD has raised the profile

More information

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017 Network Security: WLAN Mobility Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017 Outline Link-layer mobility in WLAN Password-based authentication for WLAN Eduroam case study 2 LINK-LAYER

More information

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN

BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication

More information

Wireless Network Security Spring 2015

Wireless Network Security Spring 2015 Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA

More information

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material

More information

NIST Cryptographic Toolkit

NIST Cryptographic Toolkit Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others

More information

Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017

Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017 Bluetooth low energy security, how good is it? Petter Myhre Bluetooth World, San Jose March 2017 Common Types of Attack Man-In-The-Middle Passive Eavesdropping Man-in-the-Middle (MITM) attack Active eavesdropping

More information

Chapter 10 : Private-Key Management and the Public-Key Revolution

Chapter 10 : Private-Key Management and the Public-Key Revolution COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 10 : Private-Key Management and the Public-Key Revolution 1 Chapter 10 Private-Key Management

More information

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!

More information

KALASALINGAM UNIVERSITY

KALASALINGAM UNIVERSITY KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE

More information

Cisco Systems 5760 Wireless LAN Controller

Cisco Systems 5760 Wireless LAN Controller Cisco Systems 5760 Wireless LAN Controller FIPS 140-2 Non Proprietary Security Policy Level 1 Validation Version 1.2 April 10, 2015 1 Table of Contents 1 INTRODUCTION... 3 1.1 PURPOSE... 3 1.2 MODEL...

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management

More information

Addressing Cybersecurity in Infusion Devices

Addressing Cybersecurity in Infusion Devices Addressing Cybersecurity in Infusion Devices Authored by GEORGE W. GRAY Chief Technology Officer / Vice President of Research & Development Ivenix, Inc. INTRODUCTION Cybersecurity has become an increasing

More information

Transport Layer Security

Transport Layer Security Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols

More information

FAQ on Cisco Aironet Wireless Security

FAQ on Cisco Aironet Wireless Security FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most

More information

Using Mobile Computers Lesson 12

Using Mobile Computers Lesson 12 Using Mobile Computers Lesson 12 Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data Use BitLocker Drive Encryption Use remote network connections

More information

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points FIPS 140-2 Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points November 4, 2010 Version 2.2 Contents This security policy

More information

Installation and usage of SSL certificates: Your guide to getting it right

Installation and usage of SSL certificates: Your guide to getting it right Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.

More information

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon

More information

A NEW MODEL FOR AUTHENTICATION

A NEW MODEL FOR AUTHENTICATION All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world

More information