Chapter 24 Wireless Network Security

Similar documents
Chapter 17. Wireless Network Security

Wireless Network Security

Wireless Network Security

Network Encryption 3 4/20/17

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Network Security Spring 2015

IEEE i and wireless security

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Network Security Spring 2016

05 - WLAN Encryption and Data Integrity Protocols

WPA Passive Dictionary Attack Overview

Chapter - 6 WIRELESS NETWORK SECURITY

Wireless technology Principles of Security

WPA-GPG: Wireless authentication using GPG Key

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Appendix E Wireless Networking Basics

Table of Contents 1 WLAN Security Configuration Commands 1-1

COPYRIGHTED MATERIAL. Contents

Configuring Layer2 Security

What is Eavedropping?

Wireless Attacks and Countermeasures

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Wireless LAN Security. Gabriel Clothier

WLAN The Wireless Local Area Network Consortium

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

Troubleshooting WLANs (Part 2)

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Configuring a WLAN for Static WEP

Security in IEEE Networks

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Link Security A Tutorial

Wireless Networked Systems

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018

Wireless Security i. Lars Strand lars (at) unik no June 2004

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

Wireless Network Security

WLAN Roaming and Fast-Secure Roaming on CUWN

Cisco Wireless LAN Controller Module

Chapter 1 Describing Regulatory Compliance

Standard For IIUM Wireless Networking

FAQ on Cisco Aironet Wireless Security

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Securing a Wireless LAN

Physical and Link Layer Attacks

Secure Wireless LAN Design and Deployment

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

WIRELESS LAN SECURITY AND IEEE I

Exam Questions CWSP-205

Secure Initial Access Authentication in WLAN

LESSON 12: WI FI NETWORKS SECURITY

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Frequently Asked Questions WPA2 Vulnerability (KRACK)

TestsDumps. Latest Test Dumps for IT Exam Certification

CSE 713: Wireless Networks Security Principles and Practices. Ad hoc networks security and sensor networks security (1 hour)

Securing Wireless LANs with Certificate Services

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

IPSec. Overview. Overview. Levente Buttyán

Improved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Configuring Security Solutions

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Wireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013

Authentication and Security: IEEE 802.1x and protocols EAP based

The security of existing wireless networks

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Configuring WEP and WEP Features

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Fast and Secure Roaming in WLAN

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Configuring the Client Adapter through Windows CE.NET

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless KRACK attack client side workaround and detection

The IPsec protocols. Overview

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Lab Configure Enterprise Security on AP

Status of P Sub-Specification

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

Configuring a VAP on the WAP351, WAP131, and WAP371

Wi-Fi Scanner. Glossary. LizardSystems

Security and Authentication for Wireless Networks

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

COSC4377. Chapter 8 roadmap

Network Security and Cryptography. December Sample Exam Marking Scheme

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

THOUGHTS ON TSN SECURITY

Configuring Authentication Types

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Wireless# Guide to Wireless Communications. Objectives

Transcription:

Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically involves broadcast communications, which is far more susceptible to eavesdropping and jamming than wired networks Wireless networks are also more vulnerable to active attacks that exploit vulnerabilities in communications protocols o Mobility Wireless devices are far more portable and mobile, thus resulting in a number of risks o Resources Some wireless devices, such as smartphones and tablets, have sophisticated operating systems but limited memory and processing resources with which to counter threats, including denial of service and malware o Accessibility Some wireless devices, such as sensors and robots, may be left unattended in remote and/or hostile locations, thus greatly increasing their vulnerability to physical attacks 1

Endpoint Access point Figure 24.1 Wireless Networking Components Wireless Network Threats Accidental association Malicious association Ad hoc networks Nontraditional networks Identity theft (MAC spoofing) Man-in-the middle attacks Denial of service (DoS) Network injection Securing Wireless Transmissions Principal threats are eavesdropping, altering or inserting messages, and disruption Countermeasures for eavesdropping: o Signal-hiding techniques o Encryption The use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions 2

Securing Wireless Networks The main threat involving wireless access points is unauthorized access to the network Principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control o The standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network Use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors Wireless Network Security Techniques Use encryption Allow only specific computers to access your wireless network Use anti-virus and anti-spyware software and a firewall Change your router s pre-set password for administration Turn off identifier broadcasting Change the identifier on your router from the default Mobile Device Security An organization s networks must accommodate: o Growing use of new devices Significant growth in employee s use of mobile devices o Cloud-based applications Applications no longer run solely on physical servers in corporate data centers o De-perimeterization There are a multitude of network perimeters around devices, applications, users, and data o External business requirements The enterprise must also provide guests, third-party contractors, and business partners network access using various devices from a multitude of locations 3

Security Threats Lack of physical security controls Use of untrusted networks Use of untrusted mobile devices Use of applications created by unknown parties Interaction with other systems Use of untrusted content Use of location services Mobile device is configured with security mechanisms and parameters to conform to organization security policy Traffic is encrypted; uses SSL or IPsec VPN tunnel Application/ database server Mobile device configuration server Authentication/ access control server Firewall Firewall limtts scope of data and application access Authentication and access control protocols used to verify device and user and establish limits on access Figure 24.2 Mobile Device Security Elements 4

Wireless Fidelity (Wi-Fi) Alliance 802.11b o First 802.11 standard to gain broad industry acceptance Wireless Ethernet Compatibility Alliance (WECA) o Industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating o Later renamed the Wi-Fi Alliance Term used for certified 802.11b products is Wi-Fi o Has been extended to 802.11g products Wi-Fi Protected Access (WPA) o Wi-Fi Alliance certification procedures for IEEE802.11 security standards o WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification General IEEE 802 functions Specific IEEE 802.11 functions Logical Link Control Flow control Error control Medium Access Control Physical Assemble data into frame Addressing Error detection Medium access Encoding/decoding of signals Bit transmission/ reception Transmission medium Reliable data delivery Wireless access control protocols Frequency band definition Wireless signal encoding Figure 24.3 IEEE 802.11 Protocol Stack MAC Control Destination MAC Address Source MAC Address MAC Service Data Unit (MSDU) CRC MAC header MAC trailer Figure 24.4 General IEEE 802 MPDU Format 5

Distribution System AP 2 AP 1 Basic Service Set (BSS) STA 1 Basic Service Set (BSS) STA 8 STA 2 STA4 STA 6 STA 7 STA 3 Figure 24.5 IEEE 802.11 Extended Service Set Distribution of Messages Within a DS The two services involved with the distribution of messages within a DS are: o Distribution o Integration Distribution The primary service used by stations to exchange MPDUs when the MPDUs must traverse the DS to get from a station in one BSS to a station in another BSS Integration Enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802x LAN Service enables transfer of data between a station on an IEEE 802.11 LAN and a station on an integrated IEEE 802.x LAN 6

Association-Related Services Transition types, based on mobility: o No transition A station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS o BSS transition Station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station o ESS transition Station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteed Services Association Establishes an initial association between a station and an AP Reassociation Enables an established association to be transferred from one AP to another, allowing a mobile station to move from one BSS to another Disassociation A notification from either a station or an AP that an existing association is terminated Wireless LAN Security Wired Equivalent Privacy (WEP) algorithm o 802.11 privacy Wi-Fi Protected Access (WPA) o Set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard Robust Security Network (RSN) o Final form of the 802.11i standard Wi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 program 7

Robust Security Network (RSN) Services Access Control Authentication and Key Generation Confidentiality, Data Origin Authentication and Integrity and Replay Protection Protocols IEEE 802.1 Port-based Access Control Extensible Authentication Protocol (EAP) TKIP CCMP (a) Services and Protocols Robust Security Network (RSN) Services Confidentiality Integrity and Data Origin Authentication Key Generation Algorithms TKIP (RC4) NIST Key Wrap CCM (AES- CTR) CCM TKIP HMAC- HMAC- (AES- (Michael SHA-1 MD5 CBC- MIC) MAC) HMAC- RFC SHA-1 1750 (b) Cryptographic Algorithms CBC-MAC = Cipher Block Block Chaining Message Authentication Code (MAC) CCM Counter Mode with Cipher Block Chaining Message Authentication Code CCMP Counter Mode with Cipher Block Chaining MAC Protocol TKIP = Temporal Key Integrity Protocol Figure 24.6 Elements of IEEE 802.11i STA AP AS End Station Phase 1 - Discovery Phase 2 - Authentication Phase 3 - Key Management Phase 4 - Protected Data Transfer Phase 5 - Connection Termination Figure 24.7 IEEE 802.11i Phases of Operation STA AP AS Station sends a request Probe request to join network AP sends possible Probe response security parameter (security capabilties set Open system per the security policy) Station sends a authentication request request to perform null authentication Open system authentication response AP performs null authentication Station sends a request to Association request associate with AP with security parameters Association response AP sends the associated security parameters Station sets selected security parameters 802.1X controlled port blocked 802.1x EAP request 802.1x EAP response Access request (EAP request) Extensible Authentication Protocol Exchange Accept/EAP-success key material 802.1x EAP success 802.1X controlled port blocked Figure 24.8 IEEE 802.11i Phases of Operation: Capability Discovery, Authentication, and Association 8

Uncontrolled port Authentication server Access point Station Controlled port Controlled port To other wireless stations on this BSS To DS Figure 24.9 802.1X Access Control MPDU Exchange Authentication phase consists of three phases: o Connect to AS The STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS o EAP exchange Authenticates the STA and AS to each other o Secure key delivery Once authentication is established, the AS generates a master session key and sends it to the STA Out-of-band path EAP method path PSK AAAK or MSK Pre-shared key AAA key 256 bits User-defined 256 bits EAP cryptoid authentication Legend PMK No modification Pairwise master key Possible truncation 256 bits following EAP authentication PRF (pseudo-random or PSK function) using HMAC-SHA-1 PTK Pairwise transient key 384 bits (CCMP) During 4-way handshake 512 bits (TKIP) KCK KEK TK EAPOL key confirmation key EAPOL key encryption key Temporal key 128 bits 128 bits 128 bits (CCMP) 256 bits (TKIP) These keys are components of the PTK (a) Pairwise key hierarchy GMK (generated by AS) Group master key 256 bits Changes periodically or if compromised GTK Group temporal key 40 bits, 104 bits (WEP) 128 bits (CCMP) 256 bits (TKIP) Changes based on policy (disassociation, deauthentication) (b) Group key hierarchy Figure 24.10 IEEE 802.11i Key Hierarchies 9

(Table can be found on page 757 in the textbook.) STA AP AP s 802.1X controlled port blocked Message 2 delivers another nonce to the AP so that it can also generate the PTK. It demonstrates to the AP that the STA is alive, ensures that the PTK is fresh (new) and that there is no man-in-the-middle Message 4 serves as an acknowledgement to Message 3. It serves no cryptographic function. This message also ensures the reliable start of the group key handshake. Message 1 EAPOL-key (Anonce, Unicast) Message 1 delivers a nonce to the STA so that it can generate the PTK. Message 2 EAPOL-key (Snonce, Unicast, MIC) Message 3 EAPOL-key (Install PTK, Unicast, MIC) Message 3 demonstrates to the STA that the authenticator is alive, ensures that the PTK is fresh (new) and that there is no Message 4 man-in-the-middle. EAPOL-key (Unicast, MIC) AP s 802.1X controlled port unblocked for unicast traffic The STA decrypts the GTK and installs it for use. Message 2 is delivered to the AP. This frame serves only as an acknowledgment to the AP. Message 1 EAPOL-key (GTK, MIC) Message 2 EAPOL-key (MIC) Message 1 delivers a new GTK to the STA. The GTK is encrypted before it is sent and the entire message is integrity protected The AP installs the GTK. Figure 24.11 IEEE 802.11i Phases of Operation: Four-Way Handshake and Group Key Handshake Temporal Key Integrity Protocol (TKIP) Designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP Provides two services: Message integrity Adds a message integrity code to the 802.11 MAC frame after the data field Data confidentiality Provided by encrypting the MPDU 10

Counter Mode-CBC MAC Protocol (CCMP) Intended for newer IEEE 802.11 devices that are equipped with the hardware to support this scheme Provides two services: Message integrity Data confidentiality Uses the cipherblock-chaining message authentication code (CBC-MAC) Uses the CTR block cipher mode of operation with AES for encryption A 0 B i + 1 K HMAC-SHA-1 R = HMAC-SHA-1(K, A 0 B i) Figure 24.12 IEEE 802.1 1i Pseudorandom Function Summary Wireless Security o Wireless network threats o Wireless security measures Mobile device security o Security threats o Mobile device security strategy IEEE 802.11 wireless LAN overview o The Wi-Fi alliance o IEEE 802 protocol o IEEE 802.11 network components and architectural model o IEEE 802.11 services IEEE 802.11i wireless LAN security IEEE 802.11i services IEEE 802.11i phases of operation Discovery phase Authentication phase Key management phase Protected data transfer phase The IEEE 802.11i pseudorandom function 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback