Ju-A A Lee and Jae-Hyun Kim
|
|
- Margery James
- 5 years ago
- Views:
Transcription
1 Ju-A A Lee and Jae-Hyun Kim Wireless Information & Network Engineering Research Lab, Korea {gaia, jkim}@ajou.ac.kr Abstract. IEEE i standard supports a secure access control for wireless LAN and IEEE 802.1X standard includes various authentication methods. It is expected that next-generation wireless LAN security techniques will be based on IEEE 802.1X and IEEE i standards. However users who are not familiar with a computer or an authentication method have difficulty to setup the network security based on IEEE i. Accordingly, this paper proposes the authentication scenario to minimize the participation by users, and the password method which is changed randomly and periodically. The proposed protocols provide convenience for nonprofessional computer users as well as secure home network environment against unwanted attacks such as a brute force attack or a replay attack.
2 2 1. Introduction Home network service has been integrated with various com-munication technologies for the convenient life. The service is closely related to the private information about electric home applications, electronic commerce, medicine service and banking service. But contrary to the device directly connected with another in wire LAN, the connection of wireless LAN (WLAN) is exposed to other devices in the range of access point (AP). This property offers the chance that the neighbor or man near the house can receive the traffic and the malicious intruder makes bad use of privacy. Therefore, authentication mecha-nisms have to be considered a mechanism that only an eligible user is authenticated to use resources of the home network. IEEE working group (WG) specifies an authentication procedure but it provides the only basic mechanism which can not protect the WLAN communications from the ineligible approach. IEEE i standardization group is working on the access control based on IEEE 802.1X and air traffic encryption to strengthen WLAN security techniques[1]. In conventional method, nonprofessional user is confused how to setup security information inside WLAN stations and APs. Furthermore there are various user levels of computer knowledge in home network. Because of this reason, the way to setup authentication information should be prepared easily for users who are not familiar with a computer or an authentication. In this paper, we suggest the authentication scenario in order to easily protect the users from intrusion even if the users don t have the knowledge about the access control of WLAN in home network. And we propose the authentication procedures based on the scenario as well as the packet format to maintain the backward compatibility with legacy systems. The rest of the paper is organized as follows: Section II presents related works. In Section III, we describe the proposed authentication scenario and the security mechanisms for home network. A performance analysis of the proposed security mechanisms is presented in Section IV. Finally Section V concludes the paper.
3 Wireless Access Point EAP : Extensible Authentication Protocol Laptop computer Ethernet Radius Server Beacon (RSNIE : Robust Security Network Information Element) Open System Authentication Request Open System Authentication Response Associate Request(RSNIE) Associate Response EAPoL-Start EAP-Request/Identity EAP-Response/Identity Radius-Access-Request EAP Authentication Protocol Exchange EAP-Success Radius-Access-Accept 4-way EAP-Key handshake (4-way handshake) Access allowed 3 2. Related Works IEEE i provides enhanced security in the medium access control (MAC) layer for the IEEE networks[2]. One of the major missions of IEEE i is to define a robust security network (RSN). The definition of an RSN according to the IEEE i specification is a security network that only allows the creation of robust security network associations. To provide associations in an RSN, IEEE i defines authentication, encryption improvements, key management, and key establishment. In the first stage, IEEE i starts with Open System Authentication defined IEEE And the WLAN station is authenticated and associated with an AP. At the end of this stage, IEEE 802.1X port remains blocked and no data packets can be exchanged. The second stage consists of IEEE 802.1X authentication which employs extensible authentication protocol (EAP) to authenticate users. A user can surf the Internet after the completion of 4-Way Handshake execution in the third stage. The IEEE 802.1X standard specifies how to implement port-based access control for IEEE 802 LANs, including wireless LAN[3]. In IEEE 802.1X, the port represents the association between a WLAN station and an AP. Basically IEEE 802.1X has three entities which are a supplicant, an authenticator, and a backend authentication server. In the context of a WLAN, the supplicant is a WLAN station, the authentica-tor is an AP, and the authentication server can be a centralized remote access dial-in user service (RADIUS) server. IEEE 802.1X employs EAP as an authentication frame-work that can carry many authentication protocols, between the supplicant and the authenticator[4], [5]. The proto-col between the authenticator and the authentication server is not specified in the IEEE 802.1X standard. Instead, IEEE 802.1X provides RADIUS usage guidelines in the Annex. The EAP messages in EAP over LAN or wireless LAN (EAPoL) contain the authentication information and the RADIUS proto-col is used to carry EAP messages to the authentication server from the authenticator. EAP is a method of conducting an authentication conversation between a supplicant and an authentication server[5]. The authentication methods in EAP include message digest 5 (MD5), transport layer security (TLS), tunneled TLS (TTLS) and so on. These method protocols have features as follows. EAP-MD5[6]: EAP-MD5 uses challenge handshake authentication protocol (CHAP[7]) which is a chal-lenge-response process for the user authentication por-tion. It is one of the most popular EAP types because it is easy to use. The authentication server asks for the password by sending RADIUS-Access-Challenge. The password hash is then sent by using EAP-Re-sponse, which is further encapsulated by RADIUS-Access-Request. EAP-TLS[8] : EAP-TLS provides a way to use certificates for both the supplicant and the server to authenticate each other. Therefore, the forged APs can be detected. Both the supplicant and the authentication server need to have valid certificates when using EAP-TLS. EAP-TTLS[9] : EAP-TTLS extends EAP-TLS to exchange additional information between the supplicant and the authentication server by using the secure tunnel established by TLS negotiation. An EAP-TTLS negotiation comprises two phases: the TLS handshake phase and the TLS tunnel phase. During phase one, the TLS process is used for the supplicant to authenticate the authentication server by using certificates. In phase two, the authentication of the supplicant can use any non-eap protocols[10]. To apply these protocols mentioned above to the user s device, the user has to know how to setup these authentication protocols. Accordingly, it needs a simple and easy way to authenticate the home network users. In this paper, we consider the home network user and discuss how to provide automatic authentication mechanism for the users.
4 Sever transmits EAP-Request/Identity Server receives EAP-Response/Identity A.N. is included in EAP-Response/Identity? A.N. of WLAN station No == A.N. in MAC.T.? Server authenticate the WLAN station using the password in A.N.T. The WLAN station is authenticated? A.N. of WLAN station No and password to the == the current A.N.? WLAN station Server transmits EAP-Success No No A.N. : authentication number A.N.T. : authentication number management table MAC. : MAC address MAC.T. : MAC address management table Authenticate the WLAN station using the appointed password transmit the current A.N. The WLAN station is authenticated? Server transmits EAP-Failure No 4 3. WLAN Security Mechanisms for Home Network It is inconvenient to use the current method for access control of WLAN, for example, users have to setup the authentication information in WLAN stations and APs. In addition, the technical terms of the authentication properties obstruct the secure access of the users without related knowledge. This may causes the serious problem of security that intruder easily can access the network. Therefore we propose the access control scenario that offers convenience and this method minimizes the user s participation. In the scenario, we assume that the WLAN user needs an appointed password to be authorized at the first time. The appointed password can be registered to an authentication server by user. On the other way, WLAN station seller transfers the MAC address to the service provider which can register the password based on the MAC address to the authentication server. Then the authentication server periodically changes the password at random by software without user s participation. And the server distributes the changed password to all WLAN stations in home network. After receiving the changed password from the authentication server, the WLAN stations use the new password to next connection with an AP. Through this scenario the user can easily access the home network with security even though the user has insufficient knowledge about the authentication. To support the mentioned scenario, an authentication protocol requires additional message exchanges including information which is not specified in Standards[7], [9]. The periodic password change may cause a problem for WLAN users, when the password is changed while a user takes the WLAN station out of home. The WLAN station needs to be authenticated again when the user brings the WLAN station back home. However the WLAN station can not obtain the authority without user s assistance since the password is already changed. Other stations in home network are also needed to know the new password to keep the authority. The proposed protocols solve the problem by adding the authentication number. The authentication number is an index number which corresponds to each password. It is numbered randomly whenever the password is changed. The authentication server manages two tables. One is the MAC address management table which records the MAC addresses of the authenticated stations and the authentication number. The other is the authentication number management table. When the password is changed, the password and the authentication number are recorded in the authentication table.
5 Wireless Access Point WLAN station Ethernet Authentication Server 5 The proposed EAP-MD5 procedure by using the authentication number is as follows. 1. The WLAN station associates with an AP using Open System Authentication with wired equivalent privacy (WEP) turned off. Then the AP asks for the user s identity. 2. The WLAN station transmits an EAP-Response message which contains the identity and the authentication number of the WLAN to the server. 3. The server confirms whether the authentication number transmitted by WLAN station is the same as the authentication number recorded in the MAC address management table. 4. If both authentication numbers are the same, the server sends the EAP-MD5 challenge to the station. 5. The station encodes the MD5-challenge by using its password and transmits the encoded MD5- challenge (MD5-response) to the server. 6. After receiving the MD5-response, the server decodes the message by using the password corresponding to the authentication number in the authentication management table. And the server decides whether the station is valid or not according as the MD5-challenge and the decoded MD5- response are the same or not. 7. If the station is valid and the authentication number of the station is different from the current authentication number, the server transmits the current authentication number and password to the station for the next authentication. 8. The WLAN station which received the current authentication information updates the authentication information for itself. This message is encoded using the password of the WLAN station for protection from the man-in-the-middle attack. 9. The server rewrites the authentication number in the MAC address management table and transmits the EAP-Success message after receiving EAP-Response message.
6 Wireless Access Point WLAN station Ethernet Authentication Server 6 The proposed EAP-TTLS procedure by using the authentication number is as follows. 1. The user s WLAN station associates with an AP using Open System Authentication. Then the AP asks for the user s identity 2. The WLAN station transmits an EAP-Request message encapsulated in an EAPoL frame to the AP, which contains the MAC address of the WLAN station. 3. The server is authenticated to the WLAN station using its security certificate and a TLS connection is established between them. The encryption key for the TLS connection will be used for air traffic encryption. 4. Inside the TLS connection (inside box), the exchanged messages are encapsulated into TLS records that are again encapsulated into EAP-Request and EAP-Response messages. In the existing procedure, the WLAN station informs the AP of a user name and a password. In addition, we propose that the WLAN station sends the authentication number in the same EAP-Response message. After receiving it, the AP relays it to the server. 5. The server then verifies the authentication number whether the MAC address and the authentication number of the WLAN station are the same as the stored data in the MAC address management table. If the authentication number is verified, the server completes the course of authentication by using the password corresponding to the authentication number management table. At this point, the authentication method is able to use many protocols. Here, we assume that CHAP is used. 6. After authenticating the WLAN station, if the authentication number of the station is different from the current authentication number, the server transmits the current authentication number and password to the WLAN station. The WLAN station which received the current authentication information updates the authentication information for itself. 7. The server rewrites the authentication number in the MAC address management table after receiving EAP-Response message. 8. The EAP-TTL procedure ends by sending the EAP-success message to the WLAN station.
7 ( 6 1) ( 16 1) N D N C total memory size = + bytes N D + + bytes N C 7 4. Evaluation of Our Proposed Mechanism 4.1 Security analysis EAP-MD5 is more vulnerable to unwanted attacks than other authentication methods. One of such attacks is a brute force attack. A brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities, for example, exhaustively working through all possible keys in order to decrypt a message. To protect the brute force attack, at least, the password should be changed by every month. The proposed protocol is robust to the brute force attack since it changes the password periodically. It also helps to detect a replay attack. By using the replay attack, an attacker could pretend to be an authorized user to access a network. For example, an attacker can simply intercept and replay a challenge message and response message to be authenticated. However owing to change of the password, the response message also changed on a periodic basis in proposed protocol. Therefore, even though the attacker receives the same challenge message as previous interceptive message, it is difficult for the attacker to be authenticated. In case of the mutual authentication, these security problems will be eliminated. Instead of security, the proposed mechanism gives automatic authentication under the environment the password is changed. 4.2 The burden of the authentication server Since the server has to manage two tables, we need to calculate the required memory size for practical implementation. First of all, for the MAC address management table, the MAC address consists of 6 bytes and the authentication number occupies 1 byte on the assumption whose range is from 0 to 255. The authentication number in the authentication number management table also occupies 1 byte like the MAC address management table. And if the password uses the WEP2 encryption, it will require the memory size of 16 bytes. We can calculate the total memory size by (1) total memory size = (6+1) bytesxn D +(16+1) bytesxn C where is the number of WLAN stations and is the number of the used authentication number. If we assume that there are 30 WLAN stations and 100 records of the changed password, the total required memory capacity is 1.91 Mbytes.
8 8 5. Conclusion The home network environment is sensitive to privacy, but wireless communication is exposed to the access of unauthorized people. In addition, most of home network users do not know well how to prevent from the unwanted access. Therefore we introduced WLAN authentication mechanism for home network users. First of all we proposed the authentication scenario which uses the periodically changed password. The change of password makes home network safe without authentication knowledge of users. Second, we proposed the procedure to support the scenario for EAP-MD5 and EAP-TTLS. Compared with the existing authentication protocol, the proposed protocol supports a protection against a brute force attack and a replay attack. Because it is difficult to find out the randomly changed password, WLAN users can protect from these attacks. The use of the proposed mechanism will provide secure and convenient WLAN access mechanism for home network and will contribute to authentication mechanisms for other wireless communication technologies in home network such as Bluetooth, Zigbee, or UWB. References [1] IEEE, LAN/MAN Specific Requirements Part 11: Wireless Medium Access Control(MAC) and Physical Layer(PHY) Specification: Specification for Robust Security, IEEE Std i/D3.2, Apr [2] C. He and J. C. Mitchell, Security Analysis and Improvements for IEEE i, in proc. the 12th Annual Network and Distributed System Security Symposium (NDSS'05), San Diego, USA, Feb. 3-4, 2005, pp [3] IEEE Standards for Local and Metropolitan Area Networks Port-Based Network Access Control, IEEE Std 802.1X, Jun H. Luo and P. Henry, A Secure Public Wireless LAN Access Technique That Supports Walk-Up Users, in proc. GLOBECOM 2003, vol. 22, no. 1, pp , Dec [4] B. Aboba et al., Extensible Authentication Protocol, IETF RFC 3748, Jun [5] D. Potter et al., PPP EAP MS-CHAP-V2 Authentication Protocol, internet draft, Jan [6] W. Simpson, PPP Chanllenge Handshake Authentication Protocol (CHAP), IETF RFC 1994, Aug [7] B. Aboba, PPP EAP TLS Authentication Protocol, IETF RFC 2716, Aug [8] P. Funk, EAP Tunneled TLS Authentication Protocol, internet draft, Jul [9] J. C. Chen and Y. P. Wang, Extensible Authentication Protocol (EAP) and IEEE 802.1x: Tutorial and Empirical Experience, cs.nthu.edu.tw/wire1x/. [10] J. A. Lee, J. H. Kim, J. H. Park and K. D. Moon, A Secure Wireless LAN Access Technique for Home Network, in Proc. IEEE VTC'06-Spring, Melbourne, Australia, May. 7-10, [11] Y. Ma and X. Cao, How to Use EAP-TLS Authentication in PWLAN Environment, in Int. Conf. Neural Networks&Signal Processing, Nanjing, China, Dec , 2003.
A Secure Wireless LAN Access Technique for Home Network
A Secure Wireless LAN Access Technique for Home Network *Ju-A Lee, *Jae-Hyun Kim, **Jun-Hee Park, and **Kyung-Duk Moon *School of Electrical and Computer Engineering Ajou University, Suwon, Korea {gaia,
More informationChapter 4 Configuring 802.1X Port Security
Chapter 4 Configuring 802.1X Port Security Overview HP devices support the IEEE 802.1X standard for authenticating devices attached to LAN ports. Using 802.1X port security, you can configure an HP device
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationSecure Initial Access Authentication in WLAN
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 13 (2014), pp. 1299-1303 International Research Publications House http://www. irphouse.com Secure Initial
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti piero[at]studioreti.it 802-1-X-2008-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by
More informationNetwork Access Flows APPENDIXB
APPENDIXB This appendix describes the authentication flows in Cisco Identity Services Engine (ISE) by using RADIUS-based Extensible Authentication Protocol (EAP) and non-eap protocols. Authentication verifies
More informationPort-based authentication with IEEE Standard 802.1x. William J. Meador
Port-based authentication 1 Running head: PORT-BASED AUTHENTICATION Port-based authentication with IEEE Standard 802.1x William J. Meador Port-based authentication 2 Port based authentication Preface You
More informationHow to Break EAP-MD5
How to Break EAP-MD5 Fanbao Liu and Tao Xie School of Computer, National University of Defense Technology, Changsha, 410073, Hunan, P. R. China liufanbao@gmail.com Abstract. We propose an efficient attack
More informationTable of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1
Table of Contents 1 802.1x Configuration 1-1 Introduction to 802.1x 1-1 Architecture of 802.1x Authentication 1-1 The Mechanism of an 802.1x Authentication System 1-3 Encapsulation of EAPoL Messages 1-3
More informationAgile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.
V100R002C10 Permission Control Technical White Paper Issue 01 Date 2016-04-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form
More informationDesign and Implementation of WIRE1x
Design and Implementation of WIRE1x Yu-Ping Wang 1 Yi-Wen Liu 2 Institute of Communications Engineering Department of Computer Science National Tsing Hua University Hsinchu, Taiwan ichiro, timl, jcchen
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More information802.1x Configuration. FSOS 802.1X Configuration
FSOS 802.1X Configuration Contents 1.1 802.1x Overview... 1 1.1.1 802.1x Authentication...1 1.1.2 802.1x Authentication Process...3 1.2 802.1X Configuration... 6 1.2.1 Configure EAP...6 1.2.2 Enable 802.1x...
More information802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
More informationSecurity Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router
Security Enhanced IEEE 802.1x Method for WLAN Mobile Router Keun Young Park*, Yong Soo Kim*, Juho Kim* * Department of Computer Science & Engineering, Sogang University, Seoul, Korea kypark@sogang.ac.kr,
More informationWireless Attacks and Countermeasures
Wireless Attacks and Countermeasures Wireless Network Technology Wireless network refers to any type of computer network which is wireless, and is commonly associated with a network whose interconnections
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationSecurity in IEEE Networks
Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationTable of Contents X Configuration 1-1
Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-2 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-3 EAP over LAN 1-4 EAP over RADIUS 1-5 802.1X Authentication
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More information802.11a g Dual Band Wireless Access Point. User s Manual
802.11a+802.11g Dual Band Wireless Access Point User s Manual 0 Chapter 1 Introduction 1.1 Feature Fully interoperable with IEEE 802.11b compliant products. High-Speed data transfer rate up to 11Mbps.
More information802.1x Configuration. Page 1 of 11
802.1x Configuration Page 1 of 11 Contents Chapter1 Configuring 802.1X...3 1.1 Brief Introduction to 802.1X Configuration... 3 1.1.1 Architecture of 802.1X...3 1.1.2 Rule of 802.1x... 5 1.1.3 Configuring
More informationENHANCING PUBLIC WIFI SECURITY
ENHANCING PUBLIC WIFI SECURITY A Technical Paper prepared for SCTE/ISBE by Ivan Ong Principal Engineer Comcast 1701 John F Kennedy Blvd Philadelphia, PA 19103 215-286-2493 Ivan_Ong@comcast.com 2017 SCTE-ISBE
More informationOperation Manual 802.1x. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 802.1x Overview... 1-1 1.1.1 Architecture of 802.1x... 1-1 1.1.2 Operation of 802.1x... 1-3 1.1.3 EAP Encapsulation over LANs... 1-4 1.1.4 EAP Encapsulation
More informationIEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT
IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT Hüseyin ÇOTUK Information Technologies hcotuk@etu.edu.tr Ahmet ÖMERCİOĞLU Information Technologies omercioglu@etu.edu.tr Nurettin ERGİNÖZ Master Student
More informationSecure User Authentication Mechanism in Digital Home Network Environments
Secure User Authentication Mechanism in Digital Home Network Environments Jongpil Jeong, Min Young Chung, and Hyunseung Choo Intelligent HCI Convergence Research Center Sungkyunkwan University 440-746,
More informationChapter 10 Security Protocols of the Data Link Layer
Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol (PPP) Point-to-Point Tunneling Protocol (PPTP) [NetSec], WS 2005/06 10.1 Scope of Link Layer Security Protocols
More information802.1X: Background, Theory & Implementation
Customized for NCET Conference 2007 802.1X: Background, Theory & Implementation March 16, 2007 Presented by: Jennifer Jabbusch, CISSP, HP MASE, CAD Mike McPherson, HP ProCurve Neal Hamilton, HP ProCurve
More informationTable of Contents X Configuration 1-1
Table of Contents 1 802.1X Configuration 1-1 802.1X Overview 1-1 Architecture of 802.1X 1-1 Authentication Modes of 802.1X 1-2 Basic Concepts of 802.1X 1-2 EAP over LAN 1-3 EAP over RADIUS 1-5 802.1X Authentication
More informationSelection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach
Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach David Gitonga Mwathi * William Okello-Odongo Elisha Opiyo Department of Computer Science and ICT
More informationSecuring Wireless LANs with Certificate Services
1 Securing Wireless LANs with Certificate Services PHILIP HUYNH University of Colorado at Colorado Springs Abstract Wireless Local Access Network (WLAN) is used popularly in almost everywhere from the
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationExam Questions CWSP-205
Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationWhat is Eavedropping?
WLAN Security What is Eavedropping? War Driving War Driving refers to someone driving around with a laptop and an 802.11 client card looking for an 802.11 system to exploit. War Walking Someone walks
More informationD. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.
Volume: 119 Questions Question No: 1 John Smith uses a coffee shop's Internet hot-spot (no authentication or encryption) to transfer funds between his checking and savings accounts at his bank's website.
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationNetwork Security. Chapter 10 Security Protocols of the Data Link Layer
Network Security Chapter 10 Security Protocols of the Data Link Layer IEEE 802.1x Point-to-Point Protocol () Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Virtual Private Networks
More informationWLAN Security Performance Study
WLAN Security Performance Study GHEORGHE MÜLEC *,. RADU VASIU *, FLAVIU M. FRIGURA-ILIASA **, DORU VATAU ** * Electronics and Telecommunication Faculty, ** Power and Electrical Engineering Faculty POLITEHNICA
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More informationCross-organisational roaming on wireless LANs based on the 802.1X framework Author:
Cross-organisational roaming on wireless LANs based on the 802.1X framework Author: Klaas Wierenga SURFnet bv P.O. Box 19035 3501 DA Utrecht The Netherlands e-mail: Klaas.Wierenga@SURFnet.nl Keywords:
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationControlled/uncontrolled port and port authorization status
Contents 802.1X fundamentals 1 802.1X architecture 1 Controlled/uncontrolled port and port authorization status 1 802.1X-related protocols 2 Packet formats 2 EAP over RADIUS 4 Initiating 802.1X authentication
More informationImplementing X Security Solutions for Wired and Wireless Networks
Implementing 802.1 X Security Solutions for Wired and Wireless Networks Jim Geier WILEY Wiley Publishing, Inc. Contents Introduction xxi Part I Concepts 1 Chapter 1 Network Architecture Concepts 3 Computer
More informationSelected Network Security Technologies
Selected Network Security Technologies Petr Grygárek rek Agenda: Security in switched networks Control Plane Policing 1 Security in Switched Networks 2 Switch Port Security Static MAC addresses assigned
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationWPA-GPG: Wireless authentication using GPG Key
Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication
More informationVol. 7, No. 6, June 2016 ISSN Journal of Emerging Trends in Computing and Information Sciences CIS Journal. All rights reserved.
Vol. 7,. 6, June 2016 ISSN 2079-8407 Algorithm for Selection of EAP Authentication Method for Use In A Public WLAN David Gitonga Mwathi 1, William Okello-Odongo 2, Elisha Opiyo 3 1 Department of Computer
More informationTechnical White Paper for Huawei 802.1X
Technical White Paper for Huawei 802.1X Huawei Technologies Co., Ltd. October 2004 Table of Contents 1 Overview...1 2 Basic Operating Mechanism of 802.1X...1 2.1 System Architecture...1 2.1.1 Port PAE...2
More informationCisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)
Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS) HOME SUPPORT PRODUCT SUPPORT WIRELESS CISCO 4400 SERIES WIRELESS LAN
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationApplication Note. Using RADIUS with G6 Devices
Using RADIUS with G6 Devices MICROSENS GmbH & Co. KG Küferstr. 16 59067 Hamm/Germany Tel. +49 2381 9452-0 FAX +49 2381 9452-100 E-Mail info@microsens.de Web www.microsens.de Summary This Application Note
More informationEXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.
CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationTABLE OF CONTENTS CHAPTER TITLE PAGE
vii TABLE OF CONTENTS CHAPTER TITLE PAGE DECLARATION ACKNOWLEDGMENT ABSTRACT ABSTRAK TABLE OF CONTENTS LIST OF TABLES LIST OF FIGURES LIST OF APPENDICES ii iv v vi vii xiii xiv xvi 1 OVERVIEW 1 1.1 Introducation
More informationTable of Contents. Why doesn t the phone pass 802.1X authentication?... 16
Table of Contents ABOUT 802.1X... 3 YEALINK PHONES COMPATIBLE WITH 802.1X... 3 CONFIGURING 802.1X SETTINGS... 4 Configuring 802.1X using Configuration Files... 4 Configuring 802.1X via Web User Interface...
More informationTopGlobal MB8000 Hotspots Solution
MB8000 s MB8000 is a mobile/portable wireless communication gateway. It combines the best of Wi-Fi technology and 2.5G/3G mobile communication technology. WISP can deploy their wireless hotspots with MB8000
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 8 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Cisco ME 3400 Ethernet Access switch. As LANs extend to
More informationWireless KRACK attack client side workaround and detection
Wireless KRACK attack client side workaround and detection Contents Introduction Components used Requirements EAPoL Attack protections Why this works Possible impact How to identify if a client is deleted
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationTestsDumps. Latest Test Dumps for IT Exam Certification
TestsDumps http://www.testsdumps.com Latest Test Dumps for IT Exam Certification Exam : PW0-200 Title : Certified wireless security professional(cwsp) Vendors : CWNP Version : DEMO Get Latest & Valid PW0-200
More informationIEEE 802.1X workshop. Networkshop 34, 4 April Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association
IEEE 802.1X workshop Networkshop 34, 4 April 2006. Josh Howlett, JRS Technical Support, University of Bristol. Copyright JNT Association 2005 1 Introduction Introduction (5 mins) Authentication overview
More informationExam : PW Title : Certified wireless security professional(cwsp) Version : DEMO
Exam : PW0-200 Title : Certified wireless security professional(cwsp) Version : DEMO 1. Given: John Smith often telecommutes from a coffee shop near his home. The coffee shop has an 802.11g access point
More informationHtek IP Phones 802.1x Guide
Htek IP Phones 802.1x Guide Version 2.0.4.4.24 Feb. 2018 1 Table of Contents About 802.1x... 3 Htek Phone compatible with 802.1x... 3 802.1x Settings... 5 Configuration files for 802.1x... 5 Applying the
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationStandard For IIUM Wireless Networking
INTERNATIONAL ISLAMIC UNIVERSITY MALAYSIA (IIUM) Document No : IIUM/ITD/ICTPOL/4.3 Effective Date : 13/11/2008 1.0 OBJECTIVE Standard For IIUM Wireless Networking Chapter : Network Status : APPROVED Version
More informationExam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]
s@lm@n HP Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ] HP HP2-Z32 : Practice Test Question No : 1 What is a proper use for an ingress VLAN in an HP MSM VSC?
More informationRADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions
RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions MERUNETWORKS.COM February 2013 1. OVERVIEW... 3 2. AUTHENTICATION AND ACCOUNTING... 4 3. 802.1X, CAPTIVE PORTAL AND MAC-FILTERING...
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationSecure and Seamless Handoff Scheme for a Wireless LAN System
Secure and Seamless Handoff Scheme for a Wireless LAN System Jaesung Park 1,BeomjoonKim 2, and Iksoon Hwang 3 1 Department of Internet Information Engineering, The University of Suwon, Gyeonggi-Do, 445-743,
More informationREMOTE AUTHENTICATION DIAL IN USER SERVICE
AAA / REMOTE AUTHENTICATION DIAL IN USER SERVICE INTRODUCTION TO, A PROTOCOL FOR AUTHENTICATION, AUTHORIZATION AND ACCOUNTING SERVICES Peter R. Egli INDIGOO.COM 1/12 Contents 1. AAA - Access Control 2.
More informationNetwork Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol
Bibliography General principles about Radius server Bibliography Network System Radius Protocol Claude Duvallet University of Le Havre Faculty of Sciences and Technology 25 rue Philippe Lebon - BP 540
More informationWired Dot1x Version 1.05 Configuration Guide
Wired Dot1x Version 1.05 Configuration Guide Document ID: 64068 Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Services Installation Install the Microsoft Certificate
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationSelection of an EAP Authentication Method for a WLAN
Int. J. Information and Computer Security, Vol. 1, No. 1/2, 2007 Original publication at:http://www.inderscience.com/filter.php?aid=12251 Selection of an EAP Authentication Method for a WLAN Authors: Ali,
More informationNetwork Security. Chapter 11 Security Protocols of the Data Link Layer. Scope of Link Layer Security Protocols
Network Security Chapter 11 Security Protocols of the Data Link Layer! IEEE 802.1Q, IEEE 802.1X & IEEE 802.1AE! Point-to-Point Protocol (PPP)! Point-to-Point Tunneling Protocol (PPTP)! Layer 2 Tunneling
More informationDesign and Implementation of WIRE1x
Design and Implementation of WIRE1x Yu-Ping Wang 2, Jyh-Cheng Chen 1,2, and Yi-Wen Liu 1 1 Department of Computer Science 2 Institute of Communications Engineering National Tsing Hua University Hsinchu,
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More informationCategory: Standards Track Microsoft May 2004
Network Working Group Request for Comments: 3770 Category: Standards Track R. Housley Vigil Security T. Moore Microsoft May 2004 Status of this Memo Certificate Extensions and Attributes Supporting Authentication
More information802.1x Port Based Authentication
802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation
More informationOverview of Security
Overview of 802.11 Security Bingdong Li Present for CPE 601 2/9/2011 Sources: 1 Jesse Walker (Intel) & 2. WinLab 1 Agenda Introduction 802.11 Basic Security Mechanisms What s Wrong? Major Risks Recommendations
More informationConfiguring 802.1X Settings on the WAP351
Article ID: 5078 Configuring 802.1X Settings on the WAP351 Objective IEEE 802.1X authentication allows the WAP device to gain access to a secured wired network. You can configure the WAP device as an 802.1X
More informationHW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)
HW/Lab 4: IPSec and Wireless Security CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday) This HW/Lab assignment covers Lectures 8 (IPSec) and 10 (Wireless Security). Please review these
More informationFast and Secure Initial Access Authentication Protocol for Wireless LANs
American Journal of Engineering Research (AJER) e-issn : 2320-0847 p-issn : 2320-0936 Volume-03, Issue-08, pp-284-294 www.ajer.org Research Paper Open Access Fast and Secure Initial Access Authentication
More informationAbout 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files...
About 802.1X... 3 Yealink IP Phones Compatible with 802.1X... 3 Configuring 802.1X Settings... 5 Configuring 802.1X using configuration files...5 Configuring 802.1X via web user interface...8 Configuring
More informationSecuring Wireless Networks by By Joe Klemencic Mon. Apr
http://www.cymru.com/ Securing Wireless Networks by By Joe Klemencic (faz@home.com) Mon. Apr 30 2001 Many companies make attempts to embrace new technologies, but unfortunately, many of these new technologies
More informationA Wireless LAN Protocol for Initial Access Authentication
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 9 September 2014 Page No. 7992-7999 A Wireless LAN Protocol for Initial Access Authentication Sandhya
More informationWPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)
WPA SECURITY (Wi-Fi Protected Access) Presentation By Douglas Cheathem (csc 650.01 Spring 2007) OUTLINE Introduction Security Risk Vulnerabilities Prevention Conclusion Live Demo Q & A INTRODUCTION! WPA
More informationLight Mesh AP. User s Guide. 2009/2/20 v1.0 draft
Light Mesh AP User s Guide 2009/2/20 v1.0 draft i FCC Certifications This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules.
More informationConfiguring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP
Configuring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP Document ID: 44900 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration Configuring the Access
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationCisco Wireless LAN Controller Module
Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN
More informationHtek 802.1X Authentication
Htek 802.1X Authentication Table of Contents About 802.1x... 2 Htek Phone compatible with 802.1x... 2 802.1x Settings... 4 Configuration files for 802.1x... 4 Applyling the Configuration file to your phone:...
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More information