Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Similar documents
Wireless LANs. ITS 413 Internet Technologies and Applications

CSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1

Wireless Communication and Networking CMPT 371

Wireless technology Principles of Security

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

ECE 435 Network Engineering Lecture 8

Wireless Protocols. Training materials for wireless trainers

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Communication and Networking CMPT 371

Data Communications. Data Link Layer Protocols Wireless LANs

Mobile Communications Chapter 7: Wireless LANs

Local Area Networks NETW 901

Wireless LAN -Architecture

Wireless and Mobile Networks

IEEE Technical Tutorial. Introduction. IEEE Architecture

Wireless Attacks and Countermeasures

Chapter 6 Wireless and Mobile Networks

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Mobile Communications Chapter 7: Wireless LANs

Computer Networks. Wireless LANs

Topic 2b Wireless MAC. Chapter 7. Wireless and Mobile Networks. Computer Networking: A Top Down Approach

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

Chapter 6 Medium Access Control Protocols and Local Area Networks

Wireless Technologies

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

WIMAX. WIMAX (Worldwide Interoperability for Microwave Access ): Field of application:

Mohammad Hossein Manshaei 1393

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Chapter 10: Wireless LAN & VLANs

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

Shared Access Networks Wireless. 1/27/14 CS mywireless 1

Network+ Guide to Networks 6 th Edition. Chapter 8 Wireless Networking

CSCD 433/533 Advanced Networking

Wireless and Mobile Networks 7-2

Wireless Networks. Lecture 4: Wireless Networking Devices. Assistant Teacher Samraa Adnan Al-Asadi 1

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

WIRELESS LANS. By: M. Habibullah Pagarkar Mandar Gori Rajesh Jaiswal

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

Lecture 6. Reminder: Homework 2, Programming Project 2 due on Thursday. Questions? Tuesday, September 13 CS 475 Networks - Lecture 6 1

How Insecure is Wireless LAN?

1. INTRODUCTION. Wi-Fi 1

Last Lecture: Data Link Layer

Lecture 23 Overview. Last Lecture. This Lecture. Next Lecture ADSL, ATM. Wireless Technologies (1) Source: chapters 6.2, 15

Computer Communication III

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

Chapter 7. Basic Wireless Concepts and Configuration. Part I

Overview of Security

Table of Contents 1 WLAN Service Configuration 1-1

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

IT220 Network Standards & Protocols. Unit 6: Chapter 6 Wireless LANs

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

ECE 4450:427/527 - Computer Networks Spring 2017

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

Wi-Fi Scanner. Glossary. LizardSystems

Bluetooth. 3.3 Latest Technology in Wireless Network. What is BLUETOOTH: Bluetooth 2/17/2016

Configuring a VAP on the WAP351, WAP131, and WAP371

Guide to Wireless Communications, Third Edition. Objectives

Wireless Networking Basics. Ed Crowley

Author: Bill Buchanan. Wireless LAN. Unit 2: Wireless Fundamentals

CSCD 433 Network Programming Fall Lecture 7 Ethernet and Wireless

Data and Computer Communications. Chapter 13 Wireless LANs

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Naveen Kumar. 1 Wi-Fi Technology

Chapter 3.1 Acknowledgment:

U S E R M A N U A L b/g PC CARD

Ethernet. Lecture 6. Outline. Ethernet - Physical Properties. Ethernet - Physical Properties. Ethernet

Advanced Security and Mobile Networks

Wireless Network Defensive Strategies

CSC 4900 Computer Networks: Wireless Networks

Wireless Local Area Network (IEEE )

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Module 6: Wireless Mobile Networks

Introduction to IEEE

Wireless Local Area Networks (WLAN)

Wireless# Guide to Wireless Communications. Objectives

Wireless LAN USB Super G 108 Mbit. Manual

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

Data Communication & Networks G Session 5 - Main Theme Wireless Networks. Dr. Jean-Claude Franchitti

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

WL-5420AP. User s Guide

Nomadic Communications WLAN MAC Fundamentals

NT1210 Introduction to Networking. Unit 6: Chapter 6, Wireless LANs

Mobile and Sensor Systems

Appendix E Wireless Networking Basics

Wireless Local Area Networks. Networks: Wireless LANs 1

Chapter 7: Wireless LANs

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

CPSC 826 Internetworking. Wireless and Mobile Networks. Wireless Networks Wireless Hosts

Chapter 7: Wireless LANs

Architecture. Copyright :I1996 IEEE. All rights reserved. This contains parts from an unapproved draft, subject to change

WLAN. Right, Gentlemen. The aim of our presentation is to give you detailed information on the topic WLAN (Wireless Local Area Network).

CSCI-1680 Wireless Chen Avin

Functions of physical layer:

Public Wireless LAN Service.

Configuring the Radio Network

CHAPTER 8: LAN Standards

Transcription:

Protocol Analysis and Design 1

Networks 1. WIRELESS NETWORKS 2

Networks 1. WIRELESS NETWORKS 1.1 WiFi 802.11 3

Networks OSI Structure 4

Networks Infrastructure Networks BSS : Basic Set Service ESS : Extended Set Service 5

Networks Ad Hoc Networks IBSS : Independant Basic Set Service Peer-to-peer connections between stations 6

Networks The distribution services are: Association: when a station enter a new BSS, it establishes an association with the AP of this BSS, and if it is authentified, can send and receive data via this AP Dissociation: can be used by either a station or an AP Reassociation: it enables a station which already has an association with an AP to move from this AP to another one. Distribution: determines how frames have to routed to an AP. If the destination is local, we can send the frames directly. If not, they have to be transmitted via the wire network. Integration: if a frame has to be routed trough a network not using 802.11, this service does the translation 7

Networks The Intracell services are: - Authentication: used to establish the identity of others stations - Authentication cancelling: when a station wants to leave its network, its authentication is cancelled. - Privacy: it prevents the content of messages from being read by anyone other than the intended recipient. - Data delivery 8

Networks Standard 802.11a 802.11b 802.11f 802.11g 802.11i 802.11n Name Wi-Fi 5 Wi-Fi Roaming WWiSE (World- Wide Spectrum Efficienc y WiFi standards High Bandwith (54 Mbit/s théoriques, 30 Mbit/s réels) Frequency band :5 GHz. The most common Theorical bandwith 11 Mbit/s (6 Mbit/s real) Up to 300 meters if no barriers Band : 2,4 GHz with Description Enable the user to change his or her AP when moving, thanks to the Inter-Access point roaming protocol High Bandwith (54 Mbit/s,26 Mbit/s real) on the band of des 2,4 GHz. Devices using 802.11g can still work existing networks (most commonly 802.11b devices) This standard aims at improving security on wireless transmissions, thanks to the Advanced Encryption Standard (see 2 for more information about security) This is a new technology (april 2007), which should provide 540 Mbit/s (the real bandwith is 100 Mbit/s within a 90 meters area) 9

Networks CSMA/CA Radio networks : => hidden station => exposed station problem 10

Networks CSMA/CA Sender transmits short RTS (request to send) Packet Receiver replies with short CTS (clear to send) packet Hidden nodes will not transmit for specified duration: NAV 11

Networks Frame structure 802.11 supports three types of frames: management frames (00), control frames (01) and data frames (10). Management frames are used for station association, disassociation, timing and synchronization, authentication and desauthentication. Control frames are used for handshaking and positive acknowledgments during the data exchange. Data frames are used to exchange data. 12

Networks Current Issues and Challenges Interference Quality of Service Mobility 13

Networks 1. WIRELESS NETWORKS 1.2 WiMax - Worldwide Interoperability for Microwave Access 14

Networks Why? - Different environments: 802.11 has to deal with mobility 802.16 mostly connects buildings - 802.16 covers bigger areas => the strength of the radio signal can be very different, more complex problem of modulation 15

Networks - 802.16 has to connect more users per cell, and has to have a larger bandwidth - =>WiFi connections transmit up to 54 megabits per second /WiMAX should be able to handle up to 70 megabits per second WiFi's range is about 100 feet (30 m). WiMAX range will be about 30 miles (50 km) with wireless access. - The waves are different => adapt the physical layer. Waves can be absorbed by the rain, snow, or clouds, so we have to be careful about the errors. - 802.16 can perfectly handle real-time applications (such as voice or videos). 16

Networks A WiMAX tower, ~ cell-phone tower And a WiMAX receiver 2 forms of wireless service: - non-line-of-sight, WiFi sort of service, where a small antenna on your computer connects to the tower. lower frequency range - line-of-sight service, where a fixed dish antenna points straight at the WiMAX tower from a rooftop or pole higher frequencies. 17

Networks OSI Structure 18

Networks Frame structure the EC field indicates whether the data are encrypted or not the IC field tells us whether a final checksum is used or not the EK fields indicates the keys used for the encryption, if there is one the length field gives the length of the whole frame, including the header the Header CRC is a header checksum (calculated with a polynomial) 19

2. WiFi 802.11 20

Existing Protocols : SSID MAC Address Filtering WEP 21

SSID For Service Set IDentifier The first step in user s authentification Configurable identification that allows clients to communicate to the AP 22

SSID 23

SSID (and why it is quite inutile) AP have default SSID : «tsunami» for Cisco devices Devices unfortunately use to broadcast their SSID during beacon frames An attacker can discover your SSID by using a bruteforce dictionary attack 24

MAC Address Filtering Permit only a few MAC addresses to connect to the network Two ways : The AP has the list of authorized MAC addresses A RADIUS server is used to centralize the correct MAC addresses 25

MAC Address Filtering 26

MAC Address Filtering First possibility : Locally You have to administrate locally the authorization MAC addresses and it becomes a problem when the numbers of clients and APs grows. 27

MAC Address Filtering Second Possibility : RADIUS Server The entire list of authorized addresses can be found, not encrypted in the configuration file of the server 28

MAC Address Filtering The main problem is that the MAC address of the client is sent in clear : any intruder can sniff authorized MAC addresses and, then, changes his own address with proper tools 29

WEP Wired Equivalent Privacy 30

WEP SSID and MAC Addresses are transmitted in the clear text Encoding the data : SSID, MAC Address, data sent after the connection between the user and the server. 31

WEP It is an optional encryption standard implemented in the MAC Layer. So it is used at the 2 lowest layers, the data link and the physical layer. It is using a static key, a 64-bit one or a 128-bit one. 32

WEP in Action The NIC (Network Interface Card) encrypts the payload (frame body and CRC) of each 802.11 frame before transmission using an RC4 stream cipher provided by RSA. So 802.11 WEP only encrypts data between 802.11 stations. Once the frame enters the wired side of the network, such as between access points, WEP no longer applies. 33

WEP Wired Network Encoding only on the wireless network The same secret 34

Authentication Mechanism First Step A requesting station sends an Authentication frame to the intend responder announcing that it intends to use shared key authentication. 35

Authentication Mechanism Second Step Generate random number to challenge station The responder replies with the second Authentication frame having 128 bytes of random challenge text generated by the WEP engine in a standard form. 36

Authentication Mechanism Third Step Encrypt challenge using RC4 algorithm Generate random number to challenge station The requester copies the challenge in the third Authentication frame, encrypts the frame with it's secret key and sends it back to the responder. 37

Authentication Mechanism Fourth Step Encrypt challenge using RC4 algorithm Generate random number to challenge station Decrypt response to recover challenge Verify that challenge equate The responder then checks the ICV and if correct, it decrypts the contents of the challenge text field and compares them to that sent in frame 2. If the contents match, it sends a final frame announcing success. If the contents don't match or the ICV check fails, the final frame announces failure. 38

WEP Algorithm The secret key used in WEP algorithm is 40-bit long (or 104) with a 24-bit Initialization Vector (IV) that is concatenated to it for acting as the encryption/decryption key. 39

WEP Algorithm Encryption 40

WEP Algorithm Decryption 41

What s wrong with WEP? Relatively short IVs : for a large busy network, reoccurence of IV can happen within an hour or so Sniffing Static key : it is the same key for all the APs and the users of the network rarely changed 42

However WEP is better that nothing Most of the time, WEP is turned off 90% less intrusions Protecting many home and business networks from the general public 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback