Wireless Security Security problems in Wireless Networks

Similar documents
The security of existing wireless networks

Overview of Security

How Insecure is Wireless LAN?

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless Network Security Spring 2015

The Final Nail in WEP s Coffin

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Network Security Spring 2016

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Advanced WiFi Attacks Using Commodity Hardware

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Wireless Attacks and Countermeasures

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Wireless technology Principles of Security

Overview of IEEE b Security

Stream Ciphers. Stream Ciphers 1

LESSON 12: WI FI NETWORKS SECURITY

CS263: Wireless Communications and Sensor Networks

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Security and Authentication for Wireless Networks

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Wireless Network Security

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Security in IEEE Networks

Network Encryption 3 4/20/17

Wireless KRACK attack client side workaround and detection

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

05 - WLAN Encryption and Data Integrity Protocols

GPRS security. Helsinki University of Technology S Security of Communication Protocols

BreezeACCESS VL Security

Configuring Cipher Suites and WEP

Chapter 24 Wireless Network Security

Wireless LAN Security (RM12/2002)

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

COSC4377. Chapter 8 roadmap

What is Eavedropping?

Advanced Security and Mobile Networks

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

CSE 713: Wireless Networks Security Principles and Practices. Ad hoc networks security and sensor networks security (1 hour)

From wired internet to ubiquitous wireless internet

Analyzing Wireless Security in Columbia, Missouri

EEC-682/782 Computer Networks I

Security Setup CHAPTER

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

WPA Migration Mode: WEP is back to haunt you

Worldwide Release. Your world, Secured ND-IM005. Wi-Fi Interception System

CS 393/682 Network Security

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Burglarproof WEP Protocol on Wireless Infrastructure

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Chapter 8 Network Security

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

S. Erfani, ECE Dept., University of Windsor Network Security

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Security of WiFi networks MARCIN TUNIA

CE Advanced Network Security Wireless Security

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Router at Home

HACKING & INFORMATION SECURITY Presents: - With TechNext

Wireless Network Security

FAQ on Cisco Aironet Wireless Security

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

INSTITUTO DE MATEMÁTICA E ESTATÍSTICA UNIVERSIDADE DE SÃO PAULO. GSM Security. MAC Computação Móvel

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless Networking Basics. Ed Crowley

Chapter 17. Wireless Network Security

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

HOST Authentication Overview ECE 525

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

The WiMAX Technology

Wireless LAN Security. Gabriel Clothier

Security in Mobile Ad-hoc Networks. Wormhole Attacks

IEEE Technical Tutorial. Introduction. IEEE Architecture

Computer Networks. Wenzhong Li. Nanjing University

WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

T Cryptography and Data Security. Lecture 11 Bluetooth Security. Outline

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Wireless and Mobile Network Investigation

Attack & Defense in Wireless Networks

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Lab Configure Enterprise Security on AP

Summary on Crypto Primitives and Protocols

A Passive Approach to Wireless NIC Identification

Wireless Security i. Lars Strand lars (at) unik no June 2004

BackTrack 5 Wireless Penetration Testing

Security functions in mobile communication systems

Transcription:

Wireless Security Security problems in Wireless Networks

Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security in wireless networks are challenging Wireless links are open to all entities no physical protection of links anyone can send and receive from the channel Links are broadcast in nature overhearing signals, generating collisions Power and computing resource on are usually limited Many wired solutions are not practical 2

Example Attacks Eavesdropping the transmission Injecting bogus messages Replaying previous recorded message Unauthorized access to services Denial of service Signal jamming 3

Protecting Wireless Networks Confidentiality Messages sent over wireless links must be always encrypted Integrity The original of messages must be verified No one can modify messages without being detected The freshness of the messages must be ensured Availability Service shall be always available Jamming has to be handled 4

Security Attacks Weakness in wireless systems Design level and implementation level Attacks at different layers Physical layer: jamming MAC layer: jamming, selfish behavior Network layer: routing, selfish behavior 5

Physical Layer Radio signal comes with noise SNR must be good enough for decoding Jamming Constant jamming Inject noise signal continuously Reactive jamming Jam only when there are signals in the air More effective, but you need to detect the presence of radio signal 6

MAC Layer Fingerprinting physical devices user privacy: tracking a specific user location privacy: determine the location of a specific device/user Three methods Using clock skew Using radio frequency characteristics Using RSS signature Fingerprinting could be used for legitimate purpose It could be fooled by attackers 7

MAC Layer Jamming Constant jamming Send packets continuously Reactive jamming Send packets to corrupt existing transmission Selfish behavior Manipulate MAC protocol to maximize bandwidth Send packets without any back-off timer 8

Network Layer Sybil attacks Node replication attacks Wormhole attacks Selective routing Routing black-hole Identify privacy Location privacy 9

Case Studies GSM security WiFi security Bluetooth security 10

GSM Security Main security component subscriber authentication challenge-response protocol based on a long-term key shared with the home network operator support roaming without leaking long-term key Other security components Confidentiality of the communication Messages are always encrypted with proper keys user privacy Temporary identifiers during the network access 11

The SIM Card Subscribers must establish security associations with the network Subscriber Identify Module (SIM card) Tamper resistant Information are destroyed if there is any physical tampering Protected by a PIN code Removable from the phone Contain all data specific to an end user Identity, PIN, secret keys, phone logs,... 12

GSM Authentication Mobile Station Visited Network Home network Identity (IMSI) K R Identity (IMSI) (Ke, R, S) Ke S K R R Ke S S S = S? 13

Issues Focus on the protection of wireless communication the wired part is not considered The visited network has all the data except the master secret key Privacy of users are of great concern Successful attacks have been reported Fake base stations Cloning of the SIM card Tamper-resistance is not 100% guarantee 14

WiFi Security WEP (Wired Equivalent Privacy) Part of 802.11 specification Focus on the protection of wireless part Make sure that it is at least as secure as a simple wired LAN (without extra protection) Not intended for strong security Services include access control to the wired network Done through the access point (AP) message confidentiality and integrity 15

WEB Authentication A user device needs to authenticate itself to the AP Based on a preset key between the device and the AP You need to get this key before joining the WiFi network The protocol STA->AP: request AP->STA: challenge (r) //128 bits long STA->AP: response (e k (r)) AP->STA: Success/Fail 16

WEP Encryption Based on RC4 (by Rivest for RSA 1987) Encryption procedure For each message RC4 is initialized with the shared secret and IV IV (24 bits) changes for every message RC4 produces a pseudo-random byte sequence This byte sequence is XORed to the message Integrity Protection Based on an encrypted CRC value Compute an ICV and append it to the message The message and ICV are encrypted together 17

Detailed Protocol Encryption IV, K^(Message ICV) Decryption Extract IV K^(the remaining part) -> recovered message -> (Message ICV ) Checks if Message and ICV matches K= RC4(IV secret key) The pseudo random byte sequence 18

WEP Keys Shared keys A default key for encryption/decryption You can have multiple default keys But in practice, we often use one default key users use the same key for access They can decrypt each other s message Key mapping keys Individual keys for users AP maintains a table of keys shared with users An index is used to determine which one to use 19

WEP Flaws Access point is not authenticated A user may establish connection with a rogue AP Traffic to and from users may intercepted Impersonation during authentication Protocol AP->STA: r STA->AP: IV r^k Attacker can recompute K and impersonate STA AP->attacker: r attack->ap: IV r ^K 20

WEP Flaws Replay attack IV does not have to be increased after each message IV can be reused FIX: increase IV by 1 for every message ICV problem CRC used for computing ICV is a linear function CRC(X^Y)=CRC(X)^CRC(Y) Attacker intercept ((M CRC(M)) ^ K) And XOR it with (M ^ M CRC(M ^ M)) Where M is the target message 21

WEP Flaws IV reuse Assume it increases by 1 for every message) However, IV is 24 bits long -> 16,777,216 possibilities After 16M messages, IV will be reused e.g., 11Mbps AP-> 700 packets per second -> 7 hours Weak RC4 keys Due to the user of IV, RC4 will use a lot of keys during message transmission However, some of the keys are weak RC4 output is not random in the beginning Attacker can thus recover shared secret if a weak key is computed WEP encryption will be broken after a few million of messages 22

Bluetooth Security Short-range radio communication Hard to eavesdrop PIN is used for establishment of keys However, PIN is 4-digit value You can easily crack it off-line Privacy issues Fixed and unique device address 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback