Wireless Communications and Mobile Computing
|
|
- June Barton
- 5 years ago
- Views:
Transcription
1 WNMC-MPR-Sec 1 Wireless Communications and Mobile Computing MAP-I Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto
2 SECURITY - BASIC CONCEPTS WNMC-MPR-Sec 2
3 WNMC-MPR-Sec 3 Symmetric Cryptography Ex: RC4, AES 3
4 WNMC-MPR-Sec 4 Digest/Hash Input» variable length message Output» a fixed-length bit string (the hash) Used to guarantee message integrity and source identification Ex: MD5, SHA1 4
5 Public Key Cryptography Confidenciality WNMC-MPR-Sec 5 5
6 Public Key Cryptography - Authentication (digital signature) WNMC-MPR-Sec 6 6
7 WNMC-MPR-Sec 7 Public Key Distribution Problem Ataque MIM: (8) Kpriv Alice [Kpub Alice [ Logo pelas 19h ]]= Logo pelas 19h (3) Logo pelas 20h (1) Kpub Alice (2) Kpub Carol Alice Carol Bob (7) Kpub Alice [ Logo pelas 19h ] (4) Kpub Carol [ Logo pelas 20h ] (5) Kpriv Carol [Kpub Carol [ Logo pelas 20h ]]= Logo pelas 20h (6) Logo pelas 20h è Logo pelas 19h O que a Alice julga ter acontecido: (4) Kpriv Alice [Kpub Alice [ Logo pelas 19h ]]= Logo pelas 19h (2) Logo pelas 19h Alice (1) Kpub Alice (3) Kpub Alice [ Logo pelas 19h ] Bob 7
8 WNMC-MPR-Sec 8 Certification Authority 8
9 WNMC-MPR-Sec 9 SSL/TLS SSL (Secure Socket Layer) Developed by Netscape TLS 1.x (Transport Layer Security) IETF Transparent to application protocols Server/client can authenticate using certificates But, due to certificate costs» Servers è authenticated by certificates» Clients è authenticated at the application layer (e.g. passwords) 9
10 WNMC-MPR-Sec 10 SSL/TLS Typical Procedure Client:» connects to a TLS-enabled server requesting secure connection» presents a list of supported CipherSuites (ciphers, hash functions) Server:» picks the strongest CipherSuite; notifies the client about the decision Server:» sends back its identification as a Digital Certificate» Certificate: [server name, server's public encryption key, trusted certificate authority (CA)] Client:» Contacts CA and verifies if certificate is authentic Client:» encrypts a random number (RN) with the server's public key (PbK)» sends it to server Server» Decrypts RN using its private key (PvK) Client Server: generate key material for encryption/decryption Client: authenticates near the server
11 SECURITY WNMC-MPR-Sec 11
12 WNMC-MPR-Sec Security Minimum security WEP (Wired Equivalent Privacy) Station authentication» Open mode è no authentication» Shared Mode AP sends challenge è station returns the challenge encrypted with the WEP key Confidentiality è frames are encrypted with RC4 Integrity è CRC32 12
13 WNMC-MPR-Sec 13 WEP - Encryption IV WEP Key SDU WEP PRNG (RC4) XOR ICV (crc32) Header IV Cryptogram FCS Frame Keystream 13
14 WNMC-MPR-Sec 14 WEP - Decryption IV WEP Key SDU WEP PRNG (RC4) XOR ICV Check values ICV Header IV Cryptogram FCS Frame Keystream 14
15 WNMC-MPR-Sec 15 WEP Vulnerabilities Same IV and WEP key same keystream» IV too short (24 bits)» No mechanism for WEP key update Same keystream:» SDU2 SDU1 = cryptogram1 cryptogram2» If SDU1 is known (ICMP, TCP ack, ) then» SDU2 = cryptogram1 cryptogram2 SDU1 15
16 WNMC-MPR-Sec 16 WEP Vulnerabilities (2)» RC4 key = IV (3 bytes) + WEP key (5 or 13 bytes) Weak IVs help breaking the WEP key» Weak IVs: i:ff:x Ex: Weak IVs for WEP keys of 40 bits» 3:ff:X, 4:ff:X, 5:ff:X, 6:ff:X, 7:ff:X 16
17 WNMC-MPR-Sec 17 WEP Vulnerabilities (3) Integrity Check Value based on CRC32 (linear) WEP does not authenticate nor check the integrity of the frame header» Station can change the MAC address AP is not authenticated» Rogue AP WEP does not control the frame sequence» Replay attacks Same key for every station» Traffic can be eavesdropped or even changed by any station knowing the WEP key 17
18 WNMC-MPR-Sec 18 WEP Vulnerabilities (4) Manufacturers put additional barriers» Authentication by SSID Station monitors the medium and wait for another station to associate to see the SSID» Access control by MAC address Station sees the MAC address of allowed stations and clone their address 18
19 WNMC-MPR-Sec X Access Control Before the authentication Traffic 802.1X Other traffic (blocked) After the authentication Traffic 802.1X Other traffic (unblocked)
20 EAP Extensible Authentication Protocol WNMC-MPR-Sec 20» Encapsulates authentication» Runs over any link layer but thought for PPP» Messages Requests, Responses Methods Links TLS EAP AKA/ SIM Token Card PPP bytes variable Code Identifier Length Type Type-Data STA EAP Identity Request EAP Identity Response EAP Auth Request EAP Auth Response EAP-Success Authenticator
21 WNMC-MPR-Sec X with Radius 21
22 WNMC-MPR-Sec 22 Dynamic WEP Uses 802.1X User authentication» Support of multiple authentication methods» Centralized database with users credentials, independent of APs Enables also AP authentication Authenticaton keys encryption keys Periodic update of WEP keys 22
23 WNMC-MPR-Sec 23 Dynamic WEP (2) 1. Authentication through an 802.1X EAP method 2. Generation of MPPE key 6. Station decrypts the WEP key with the MPPE key 7. Station applies the WEP key 4. Generation of WEP key 5. AP encrypts the WEP key with the MPPE key and sends it over EAPOL-KEY 8. AP applies the WEP key 3. MPPE key encrypted with RADIUS key 2. Generation of MPPE key (Microsoft Point-to-Point Encryption) data frames are unblocked and encrypted with WEP 23
24 WNMC-MPR-Sec i WEP failure IEEE i Authentication/Access Control» Pre-shared key (PSK)» With Authentication Server, using 802.1X Key Management» Temporary Keys» Authentication keys Encryption keys Data encryption» CCMP (Counter mode Cipher block Chaining MAC protocol) Based on the AES cipher algorithm» TKIP (Temporal Key Integrity Protocol) Based on the RC4 cipher algorithm (same as WEP) Infraestructured and ad-hoc modes 24
25 WNMC-MPR-Sec 25 Wi-Fi Protected Access WPA» Based on Draft 3.0 of i (2002)» Short term solution for legacy equipments» No support for CCMP nor ad-hoc mode» TKIP reuses the WEP HW (RC4 cipher algorithm) Firmware upgrade WPA2» Supports i» Long term solution 25
26 WNMC-MPR-Sec 26 Authentication methods (802.1X) Requires Authentication Server Most popular Wi-Fi authentication methods» EAP-TLS» EAP-TTLS» PEAP 26
27 WNMC-MPR-Sec 27 EAP-TLS Uses TLS to authenticate both server and user through certificates Mandatory in WPA Cons:» Certificates are expensive» User identity goes in clear in the user s certificate TLS (authentication of server and user) EAP 802.1X (EAPoL) RADIUS ST AP UDP/IP AS 27
28 WNMC-MPR-Sec 28 Tunneled authentication Two phase authentication» TLS tunnel authenticates the Authentication Server» User is autenticated over the TLS tunel Support of weaker methods for user s authentication Certificates are optional User s identity goes encrypted EAP-TTLS, PEAP 28
29 WNMC-MPR-Sec 29 EAP-TTLS EAP- Tunneled TLS MS-CHAP PAP, CHAP, EAP, (User authentication) TLS (Server authentication) EAP 802.1X (EAPoL) RADIUS ST AP UDP/IP AS 29
30 WNMC-MPR-Sec 30 PEAP Protected Extensible Authentication Protocol v0 Microsoft, v1 Cisco PEAPv0/EAP-MSCHAPv2 the most popular MSCHAPv2, TLS, (user authentication) EAP TLS (server authentication) EAP 802.1X (EAPoL) RADIUS ST AP UDP/IP AS 30
31 WNMC-MPR-Sec 31 Key Management Master Key (MK) generated by Authentication Server Pairwise Master Key (PMK) generated from MK PMK sent to the AP through the AAA protocol (RADIUS) Generation of the Pairwise Transient Key (PTK) through the 4-way handshake Group key handshake (GTK) generated by the AP and sent though the Group key handshake Group key handshake 31
32 WNMC-MPR-Sec 32 Key Management (2) Encrypted with PTK PTK = Hash(PMK, Anonce, Snonce, MACaddr STA, MACaddr AP ) 32
33 WNMC-MPR-Sec 33 TKIP Key Encryption generation» Diminui correlação entre a keystream e a chave de cifragem 33
34 WNMC-MPR-Sec 34 Data frames WEP, TKIP, and CCMP Authenticated Encrypted Header IV / KeyID Data ICV 4octets >=0 octets 4 octets Authenticated Authenticated Encrypted Header IV / KeyID Extented IV Data MIC ICV 4octets 4 octets >=0 octets 8 octets 4 octets Encrypted Authenticated Authenticated Header IV / KeyID 4octets Extented IV 4 octets Data >=0 octets MIC 8 octets 34
35 WNMC-MPR-Sec 35 Integridade das mensagens ICV = CRC32 not really a signature MIC signature/hash 35
36 GSM WNMC-MPR-Sec 36
37 WNMC-MPR-Sec 37 Security in GSM Security services» access control/authentication user èsim (Subscriber Identity Module)èsecret PIN (Personal Identification Number) SIM è contains Ki (subscriber secret authentication key)» confidentiality voice and signaling encrypted on the wireless link (after authentication)» anonymity TMSI - Temporary Mobile Subscriber Identity newly assigned at each new location update encrypted transmission 3 algorithms specified in GSM» A3 for authentication» A5 for encryption» A8 for key generation
38 WNMC-MPR-Sec 38 GSM - Authentication mobile network SIM K i RAND RAND RAND K i AuC 128 bit 128 bit 128 bit 128 bit A3 SRES* 32 bit SRES A3 32 bit SIM MSC SRES* =? SRES SRES 32 bit SRES K i : individual subscriber authentication key SRES: signed response
39 WNMC-MPR-Sec 39 GSM - Key Generation and Encryption mobile network (BTS) MS with SIM K i RAND RAND RAND K i AuC 128 bit 128 bit 128 bit 128 bit SIM A8 A8 cipher key K c 64 bit K c 64 bit BTS A5 data encrypted data SRES data A5 MS
40 WNMC-MPR-Sec 40 Security in GPRS and UMTS (3GPP TS , 3GPP TS )
41 WNMC-MPR-Sec 41 Security Function Authentication of the MS by the network User identity anonymity» Temporary identification, ciphering Data and signalling confidentiality» Ciphering In UMTS (Iu mode)» also authentication of the network by the MS
42 WNMC-MPR-Sec 42 Authentication Two types of authentication» GSM authentication» UMTS authentication» Independent of the RAN modes GSM authentication» Based on SIM» Authentication of the MS by the network» Establishment of GSM ciphering key (Kc) between the SGSN and the MS UMTS authentication» Based on USIM» Requires authentication quintets» Implies mutual authentication» Agreement between SGSN and MS on Ciphering Key (CK) and Integrity Key (IK)
43 WNMC-MPR-Sec 43 GSM Authentication MS RAN SGSN HLR 1. Send Authentication Info 1. Send Authentication Info Ack 2. Authentication and Ciphering Request 2. Authentication and Ciphering Response 1. SGSN requests Authentication-Info (IMSI); HLR responds 2. SGSN» sends Authentication-Ciphering(RAND, CKSN, Ciphering Algorithm)» MS responds with Ciphering-Response (SRES) GPRS: MS starts ciphering after sending Response message UMTS: SGSN / MS shall generate CK and IK from the GSM Kc
44 WNMC-MPR-Sec 44 MS VLR/SGSN HE/HLR UMTS Authentication Authentication data request Distribution of authentication vectors from HE to SN Authentication data response AV(1..n) Generate authentication vectors AV(1..n) Store authentication vectors Select authentication vector AV(i) User authentication request RAND(i) AUTN(i) Verify AUTN(i) Compute RES(i) User authentication response RES(i) Authentication and key establishment Compare RES(i) and XRES(i) Compute CK(i) and IK(i) Select CK(i) and IK(i)
45 WNMC-MPR-Sec 45 Generation of an Authentication Vector by HE/AuC Generate SQN Generate RAND SQN AMF RAND K f1 f2 f3 f4 f5 MAC XRES CK IK AK AUTN := SQN AK AMF MAC AV := RAND XRES CK IK AUTN
46 User authentication function in the USIM WNMC-MPR-Sec 46 RAND AUTN f5 SQN AK AMF MAC AK K SQN f1 f2 f3 f4 XMAC RES CK IK Verify MAC = XMAC Verify that SQN is in the correct range
47 WNMC-MPR-Sec 47 Scope of Ciphering MS BSS/UTRAN SGSN Scope of GPRS ciphering Scope of UMTS ciphering Ciphering Algorithm» A/Gb mode: GPRS Encryption Algorithm (GEA) Kc is an input to the algorithm» Iu mode: UMTS Encryption Algorithm (UEA) CK is an input to the algorithm
48 Release 99+ HLR/AuC Quintets CK, IK Kc RES SRES Triplets WNMC-MPR-Sec 48 Release 99+ VLR/SGSN Release 98- VLR/SGSN CK, IK Kc CK, IK Kc RES SRES CK IK [Kc] [Kc] [Kc] UTRAN GSM BSS RAND AUTN RES RAND AUTN RES RAND [AUTN] SRES RAND SRES ME capable of UMTS AKA ME not capable of UMTS AKA ME CK, IK Kc CK, IK Kc Kc Kc CK, IK Kc CK, IK Kc CK, IK Kc RES SRES CK, IK Kc RES SRES USIM UMTS security GSM security
The security of existing wireless networks
Security and Cooperation in Wireless Networks Cellular networks o o GSM UMTS WiFi LANs Bluetooth Security in Wireless Networks Wireless networks are more vulnerable to security issues: Broadcast communications
More informationCity Research Online. Permanent City Research Online URL:
Komninos, N. & Dimitriou, T. (2006). Adaptive authentication and key agreement mechanism for future cellular systems. Paper presented at the 15th IST Mobile & Wireless Communications Summit, 04-08 June
More informationETSI TS V3.5.0 ( )
TS 133 102 V3.5.0 (2000-07) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Security Architecture (3G TS 33.102 version 3.5.0 Release 1999) 1 TS 133 102 V3.5.0 (2000-07)
More informationSecurity functions in mobile communication systems
Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts
More informationWPA-GPG: Wireless authentication using GPG Key
Università degli Studi di Bologna DEIS WPA-GPG: Wireless authentication using GPG Key Gabriele Monti December 9, 2009 DEIS Technical Report no. DEIS-LIA-007-09 LIA Series no. 97 WPA-GPG: Wireless authentication
More informationETSI TS V3.4.0 ( )
TS 133 103 V3.4.0 (2000-10) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Integration Guidelines (3GPP TS 33.103 version 3.4.0 Release 1999) 1 TS 133 103 V3.4.0
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationWireless Network Security
Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationFrom wired internet to ubiquitous wireless internet
WlanSmartcard.org Technical Committee Wireless LAN A primer guide. Paris, February 5 th Pascal.Urien@enst.fr From wired internet to ubiquitous wireless internet 1 Classical intranet. Network access is
More informationSecurity in IEEE Networks
Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013 Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set
More informationFAQ on Cisco Aironet Wireless Security
FAQ on Cisco Aironet Wireless Security Document ID: 68583 Contents Introduction General FAQ Troubleshooting and Design FAQ Related Information Introduction This document provides information on the most
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #7 More WiFi Security 2015 Patrick Tague 1 Class #7 Continuation of WiFi security 2015 Patrick Tague 2 Device Private WiFi Networks AP Local AAA
More informationContents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications
Royal Holloway, University of London, IC3 Network Security, 13 November 2006 Contents GSM and UMTS Security Introduction to mobile telecommunications Second generation systems - GSM security Third generation
More informationWireless Network Security Spring 2016
Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1 Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project
More informationLink & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Outline Network Security EECE 412 Link & end-to-end protocols SSL/TLS WPA Copyright 2004 Konstantin Beznosov 2 Networks Link and End-to-End Protocols
More informationNetwork Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti Piero[at]studioreti.it 802-1-X-EAP-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by copyright
More informationChapter 17. Wireless Network Security
Chapter 17 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s, to develop a protocol & transmission specifications for wireless LANs (WLANs) Demand
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCsci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.
WEP Weakness Csci388 Wireless and Mobile Security Access Control:, EAP, and Xiuzhen Cheng cheng@gwu.edu 1. IV is too short and not protected from reuse 2. The per packet key is constructed from the IV,
More informationEXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.
CWNP EXAM - PW0-204 Certified Wireless Security Professional (CWSP) Buy Full Product http://www.examskey.com/pw0-204.html Examskey CWNP PW0-204 exam demo product is here for you to test the quality of
More informationAuthentication and Security: IEEE 802.1x and protocols EAP based
Authentication and Security: IEEE 802.1x and protocols EAP based Pietro Nicoletti piero[at]studioreti.it 802-1-X-2008-Eng - 1 P. Nicoletti: see note pag. 2 Copyright note These slides are protected by
More informationThe following chart provides the breakdown of exam as to the weight of each section of the exam.
Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationWireless Security i. Lars Strand lars (at) unik no June 2004
Wireless Security - 802.11i Lars Strand lars (at) unik no June 2004 802.11 Working Group 11 of IEEE 802 'Task Groups' within the WG enhance portions of the standard: 802.11 1997: The IEEE standard for
More informationPrivate Identification, Authentication and Key Agreement Protocol with Security Mode Setup
Private Identification, Authentication and Key Agreement Protocol with Security Mode Setup Farshid Farhat, Somayeh Salimi, Ahmad Salahi ICT Security Faculty Iran Telecommunication Research Centre Tehran,
More informationNetwork Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol
Bibliography General principles about Radius server Bibliography Network System Radius Protocol Claude Duvallet University of Le Havre Faculty of Sciences and Technology 25 rue Philippe Lebon - BP 540
More informationSecure 3G user authentication in ad-hoc serving networks
Louisiana State University LSU Digital Commons LSU Master's Theses Graduate School 2005 Secure 3G user authentication in ad-hoc serving networks Lyn L. Evans Louisiana State University and Agricultural
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E Configuring the Client Adapter through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in
More informationConfiguring the Client Adapter through Windows CE.NET
APPENDIX E Configuring the Client Adapter through Windows CE.NET This appendix explains how to configure and use the client adapter with Windows CE.NET. The following topics are covered in this appendix:
More informationWireless Security Security problems in Wireless Networks
Wireless Security Security problems in Wireless Networks Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security
More informationWLAN Roaming and Fast-Secure Roaming on CUWN
802.11 WLAN Roaming and Fast-Secure Roaming on CUWN Contents Introduction Prerequisites Requirements Components Used Background Information Roaming with Higher-Level Security WPA/WPA2-PSK WPA/WPA2-EAP
More informationWireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities
Wireless Security Comp Sci 3600 Security Outline 1 2 3 Wired versus wireless Endpoint Access point Figure 24.1 Wireless Networking Components Locations and types of attack Outline 1 2 3 Wired Equivalent
More informationETSI TS V3.1.0 ( )
ETSI TS 133 103 V3.1.0 (2000-01) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Integration Guidelines (3G TS 33.103 version 3.1.0 Release 1999) (3G TS 33.103 version
More informationWireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013
Wireless Security K. Raghunandan and Geoff Smith Stevens Institute t of Technology September 21, 2013 Topics Cyber Security hacking community Familiarity with IP networks What is the security yprocess
More informationConfiguring the Client Adapter through the Windows XP Operating System
APPENDIX E through the Windows XP Operating System This appendix explains how to configure and use the client adapter with Windows XP. The following topics are covered in this appendix: Overview, page
More informationSecuring a Wireless LAN
Securing a Wireless LAN This module describes how to apply strong wireless security mechanisms on a Cisco 800, 1800, 2800, or 3800 series integrated services router, hereafter referred to as an access
More informationExam Questions CWSP-205
Exam Questions CWSP-205 Certified Wireless Security Professional https://www.2passeasy.com/dumps/cwsp-205/ 1.. What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism
More informationKey Management Protocol for Roaming in Wireless Interworking System
IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.8, August 2007 59 Key Management Protocol for Roaming in Wireless Interworking System Taenam Cho, Jin-Hee Han and Sung-Ik
More informationSecure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.
Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography T K Mohanta 1, R K Samantaray 2, S Panda 3 1. Dept.of Electronics & Communication.Engg, Sudhananda Engg & Research
More informationGPRS Security for Smart Meters
GPRS Security for Smart Meters Martin Gilje Jaatun 1, Inger Anne Tøndel 1, and Geir M. Køien 2 1 Department of Software Engineering, Safety and Security SINTEF ICT NO-7465 Trondheim, Norway {martin.g.jaatun,inger.a.tondel}@sintef.no
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationETSI TR V ( )
TR 131 900 V14.0.0 (2017-04) TECHNICAL REPORT Universal Mobile Telecommunications System (UMTS); LTE; SIM/USIM internal and external interworking aspects (3GPP TR 31.900 version 14.0.0 Release 14) 1 TR
More informationCOPYRIGHTED MATERIAL. Contents
Contents Foreword Introduction xxv xxvii Assessment Test xxxviii Chapter 1 WLAN Security Overview 1 Standards Organizations 3 International Organization for Standardization (ISO) 3 Institute of Electrical
More informationConfiguring Authentication Types
CHAPTER 11 This chapter describes how to configure authentication types on the access point. This chapter contains these sections: Understanding Authentication Types, page 11-2, page 11-10 Matching Access
More informationWireless Networking Basics. Ed Crowley
Wireless Networking Basics Ed Crowley 2014 Today s Topics Wireless Networking Economic drivers and Vulnerabilities IEEE 802.11 Family WLAN Operational Modes Wired Equivalent Privacy (WEP) WPA and WPA2
More informationWireless Network Security
Wireless Network Security Wireless LAN Security Slide from 2 nd book 1 802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so
More informationUsing EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer
Using EAP-TTLS and WPA EAP-TTLS Authentication Security on a Wireless Zebra Tabletop Printer Q. What is EAP-TTLS? A. Extensible Authentication Protocol- Tunneled Transport Level Security is an IEEE 802.1x
More informationUsing PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer
Using PEAP and WPA PEAP Authentication Security on a Zebra Wireless Tabletop Printer Q. What is PEAP? A. Protected Extensible Authentication Protocol is an IEEE 802.1x EAP security method that uses an
More informationIEEE i and wireless security
Blog IEEE 802.11i and wireless security David Halasz 8/25/2004 10:00 PM EDT 0 comments post a comment Tweet Share 1 2 IEEE's wireless security amendment adds stronger encryption, authentication, and key
More informationImproved One-Pass IP Multimedia Subsystem Authentication for UMTS
Improved One-Pass IP Multimedia Subsystem Authentication for UMTS Lili Gu RMIT University Melbourne, Australia l.gu@student.rmit.edu.au Abstract As defined in the 3GPP specifications, a UMTS user device
More informationWIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security
Objectives: 1) Understanding the basic operations of WLANs 2) WLAN security 3) Wireless body area networks (IEEE 802.15.6) Readings: 1. Kurose & Ross, Computer Networking: A Top-Down Approach (6th Edition),
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationOpen System - No/Null authentication, anyone is able to join. Performed as a two way handshake.
Five components of WLAN Security 1. Data Privacy 1. Privacy is important because transmission occurs over the air in freely licensed bands. The Data can be sniffed by anyone within range. 2. Eavesdropping
More informationNetwork Security 1. Module 7 Configure Trust and Identity at Layer 2
Network Security 1 Module 7 Configure Trust and Identity at Layer 2 1 Learning Objectives 7.1 Identity-Based Networking Services (IBNS) 7.2 Configuring 802.1x Port-Based Authentication 2 Module 7 Configure
More informationWireless Networked Systems
Wireless Networked Systems CS 795/895 - Spring 2013 Lec #5: Medium Access Control High Throughput, Security Tamer Nadeem Dept. of Computer Science High Throughput Networks (802.11n) Slides adapted from
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationMobile WiMAX Security
WHITE PAPER WHITE PAPER Makes Mobile WiMAX Simple Mobile WiMAX Security Glossary 3 Abstract 5 Introduction to Security in Wireless Networks 6 Data Link Layer Security 8 Authentication 8 Security Association
More informationNomadic Communications Labs. Alessandro Villani
Nomadic Communications Labs Alessandro Villani avillani@science.unitn.it Security And Wireless Network Wireless Security: Overview Open network Open network+ MAC-authentication Open network+ web based
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #3 Telecom Security from 1G to 4G Basics of Telecom Security Different players in the mobile ecosystem have different security concerns Security concerns
More informationEP B1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION
(19) (11) EP 1 432 271 B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent:.06. Bulletin /26 (1) Int Cl.: H04W 12/06 (09.01) H04L 9/32 (06.01) H04W 12/02
More informationAppendix E Wireless Networking Basics
Appendix E Wireless Networking Basics This chapter provides an overview of Wireless networking. Wireless Networking Overview The FWG114P v2 Wireless Firewall/Print Server conforms to the Institute of Electrical
More informationNomadic Communications Labs
Nomadic Communications Labs Alessandro Villani avillani@science.unitn.it Security And Wireless Network Wireless Security: Overview Open network Open network+ MAC-authentication Open network+ web based
More informationWPA Passive Dictionary Attack Overview
WPA Passive Dictionary Attack Overview TakehiroTakahashi This short paper presents an attack against the Pre-Shared Key version of the WPA encryption platform and argues the need for replacement. What
More informationAuthentication Across Heterogeneous Networks
Authentication Across Heterogeneous Networks Miroslav Živković, Milind M. Buddhikot, Ko Lagerberg, and Jeroen van Bemmel In the beyond third-generation (3G) vision, the convergence of different access
More informationWireless technology Principles of Security
Wireless technology Principles of Security 1 Wireless technologies 2 Overview This module provides an introduction to the rapidly evolving technology of wireless LANs (WLANs). WLANs redefine the way the
More informationClearPass QuickConnect 2.0
ClearPass QuickConnect 2.0 User Guide Copyright 2013 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo,
More informationSecurity analysis of WLAN roaming solutions
Security analysis of WLAN roaming solutions Jacob Ferm jacob.ferm@gmail.com Lunds Tekniska Högskola Advisor: Ben Smeets, ben.smeets@eit.lth.se Johan Almbladh, johan.almbladh@anyfinetworks.com August 19,
More informationPROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL
Q&A PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL This document answers questions about Protected Extensible Authentication Protocol. OVERVIEW Q. What is Protected Extensible Authentication Protocol? A.
More informationThe Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.
The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE
More informationGPRS security. Helsinki University of Technology S Security of Communication Protocols
GPRS security Helsinki University of Technology S-38.153 Security of Communication Protocols vrantala@cc.hut.fi 15.4.2003 Structure of the GPRS Network BSS GTP PLMN BSS-Base Station sub-system VLR - Visiting
More informationLink Security A Tutorial
Link Security A Tutorial Fortress Technologies, Inc. Slide 1 Five basic security services Data confidentiality Data integrity Access control and access rights Authentication/Roaming Non-repudiation These
More informationEfficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection
Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection Author: Jing-Lin Wu, Wen-Shenq Juang and Sian-Teng Chen Department of Information Management, Shih Hsin University,
More information4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions
4.4 IEEE 802.11 MAC Layer 4.4.1 Introduction 4.4.2 Medium Access Control 4.4.3 MAC Management 4.4.4 Extensions 4.4.3 802.11 - MAC management Synchronization try to find a LAN, try to stay within a LAN
More informationEXAM IN TTM4137 WIRELESS SECURITY
English Norwegian University of Science and Technology Department of Telematics EXAM IN TTM4137 WIRELESS SECURITY Contact person: Professor Danilo Gligoroski. (Tel. 95089319). Date of exam: December 04,
More informationUnderstand iwag Solution for 3G Mobile Data
Understand iwag Solution for 3G Mobile Data Contents Introduction Prerequisites Requirements Components Used Background Information Acronyms Explanation of Terminology Used Understand Mobility Services
More informationDefeating IMSI Catchers. Fabian van den Broek et al. CCS 2015
Defeating IMSI Catchers Fabian van den Broek et al. CCS 2015 Ren-Jay Wang CS598 - COMPUTER SECURITY IN THE PHYSICAL ckground 3GPP 3GPP 3 rd Generation Partnership Project Encompasses: GSM and related 2G
More informationNS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks
NS-AKA: An Improved and Efficient AKA Protocol for 3G (UMTS) Networks Neetesh Saxena, Narendra S. Chaudhari Abstract- In this paper, we propose an improved and efficient AKA protocol named NS-AKA to prevent
More informationConfiguring Layer2 Security
Prerequisites for Layer 2 Security, page 1 Configuring Static WEP Keys (CLI), page 2 Configuring Dynamic 802.1X Keys and Authorization (CLI), page 2 Configuring 802.11r BSS Fast Transition, page 3 Configuring
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationApplications of Cryptography in Wireless Communication
Applications of Cryptography in Wireless Communication Bergen 18th June 2003 Kaisa Nyberg Nokia Research Center 1 NOKIA Outline Mobile Networks GSM 3GPP UMTS Other RATs Bluetooth WLAN Key management If
More informationKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1 October 2017 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned 2 Overview
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationUSIM based Authentication Test-bed For UMTS-WLAN Handover 25 April, 2006
USIM based Authentication Test-bed For UMTS-WLAN Handover 25 April, 2006 Hyeyeon Kwon, Kyung-yul Cheon, Kwang-hyun Roh, Aesoon Park Electronics and Telecommunications Research Institute 161, Gajeong-dong,
More information02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel
TDC 363 Introductions to LANs Lecture 7 Wireless LAN 1 Outline WLAN Markets and Business Cases WLAN Standards WLAN Physical Layer WLAN MAC Layer WLAN Security WLAN Design and Deployment 2 The Mobile Environment
More informationCisco Wireless LAN Controller Module
Cisco Wireless LAN Controller Modules Simple and secure wireless deployment and management for small and medium-sized businesses (SMBs) and enterprise branch offices Product Overview Cisco Wireless LAN
More informationChapter 8 Network Security
Chapter 8 Network Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and
More informationQuestioning the Feasibility of UMTS GSM Interworking Attacks
Questioning the Feasibility of UMTS GSM Interworking Attacks Christoforos Ntantogian 1, Christos Xenakis 2 1 Department of Informatics and Telecommunications, University of Athens, Greece 2 Department
More information802.1x Port Based Authentication
802.1x Port Based Authentication Johan Loos Johan at accessdenied.be Who? Independent Information Security Consultant and Trainer Vulnerability Management and Assessment Wireless Security Next-Generation
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationSE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION. Table of Contents
SE-WL-PCI-03-11G PCI CARD DRIVERS INSTALLATION Table of Contents 1. Introduction...2 1.1 System Requirement...2 1.2 Objects Counting...2 2. Installation...2 2.1 Install Wireless PCI Adapter...3 2.2 Install
More informationCS 393/682 Network Security
CS 393/682 Network Security Nasir Memon Polytechnic University Module 9 Wireless LAN Security Course Logistics Start working on HW 6 Final homework. To be posted today. HW6 - Points for defending and attacking.
More informationSecurity Setup CHAPTER
CHAPTER 8 This chapter describes how to set up your bridge s security features. This chapter contains the following sections: Security Overview, page 8-2 Setting Up WEP, page 8-7 Enabling Additional WEP
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationKey Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017 Overview 1. Key reinstallation in 4-way handshake 2. Misconceptions and remarks
More information802.1x. ACSAC 2002 Las Vegas
802.1x ACSAC 2002 Las Vegas Jeff.Hayes@alcatel.com 802.1 Projects The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas:
More information