Wireless Network Security

Similar documents
Chapter 17. Wireless Network Security

Chapter 24 Wireless Network Security

Network Encryption 3 4/20/17

WPA-GPG: Wireless authentication using GPG Key

Configuring Layer2 Security

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

802.11r or Fast Transition (FT) for fast secure Roaming

Wireless Network Security

Table of Contents 1 WLAN Security Configuration Commands 1-1

802.11r Fast Transition Roaming

Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Configuring a WLAN for Static WEP

Lab Configure Enterprise Security on AP

Chapter - 6 WIRELESS NETWORK SECURITY

WPA Passive Dictionary Attack Overview

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Wireless technology Principles of Security

1 FIVE STAGES OF I.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Configuring the Client Adapter through Windows CE.NET

Troubleshooting WLANs (Part 2)

Configuring a VAP on the WAP351, WAP131, and WAP371

Security in IEEE Networks

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Wireless Network Security

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Wireless LAN Security. Gabriel Clothier

Physical and Link Layer Attacks

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Configuring a Wireless LAN Connection

Wireless Attacks and Countermeasures

The RNS (Robust Secure Network) IE must be enabled with an AES Cipher.

Configuring WLANsWireless Device Access

WLAN Roaming and Fast-Secure Roaming on CUWN

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Configuring the Client Adapter through the Windows XP Operating System

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

IEEE i and wireless security

Wireless Security K. Raghunandan and Geoff Smith. Technology September 21, 2013

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

FAQ on Cisco Aironet Wireless Security

Configuring WEP and WEP Features

Configuring the Client Adapter through the Windows XP Operating System

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Basic Wireless Settings on the CVR100W VPN Router

WLAN The Wireless Local Area Network Consortium

The security of existing wireless networks

Network Security: WLAN Mobility. Tuomas Aura CS-E4300 Network security Aalto University, Autumn 2017

COSC4377. Chapter 8 roadmap

Wireless Security i. Lars Strand lars (at) unik no June 2004

Securing Wireless LANs with Certificate Services

Oct 2007 Version 1.01

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Configuring WLANs CHAPTER

Selecting transition process for WLAN security

Configuring Authentication Types

05 - WLAN Encryption and Data Integrity Protocols

Authentication and Security: IEEE 802.1x and protocols EAP based

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

WL-5420AP. User s Guide

What is Eavedropping?

Wireless Security Security problems in Wireless Networks

Bluetooth SIG Liaison Report May 2009

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Creating Wireless Networks

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

802.11b/g Access Point WL-8000AP

Troubleshooting WLANs

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

COPYRIGHTED MATERIAL. Contents

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

An Efficient WLAN Initial Access Authentication Protocol

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Configuring Management Frame Protection

SAGEM Wi-Fi 11g USB ADAPTER Quick Start Guide

Wireless Technologies

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Secure Wireless LAN Design and Deployment

Overview of Security

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

Configuring r BSS Fast Transition

TopGlobal MB8000 Hotspots Solution

Network Security and Cryptography. 2 September Marking Scheme

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Wireless Networked Systems

LESSON 12: WI FI NETWORKS SECURITY

3 Data Link Layer Security

Content. Chapter 1 Product Introduction Package Contents Product Features Product Usage... 2

"$% "& & Thanks and enjoy! JFK/KWR. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. 8: Network Security 8-1

Table of Contents. Chapter1 About g Wireless LAN USB Adapter...1

WAP9112/9114 Quick Start Guide

Appendix E Wireless Networking Basics

b/g/n 1T1R Wireless USB Adapter. User s Manual

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach

Secure Initial Access Authentication in WLAN

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Transcription:

Wireless Network Security Wireless LAN Security Slide from 2 nd book 1

802.11 Wireless LAN Security Stations in LAN are connected physically while in WLAN any station in the radio range is connected, so in WLAN extra care should be considered because 1. Authentication in LAN is much robust since all sending stations are wired and already known. 2. Privacy problem in WLAN, since any station comes in the range of WLAN can send and receive messages. The original 802.11 specification included a set of security features for privacy and authentication that were quite weak. Wi-Fi Protected Access (WPA) as a Wi-Fi standard. WPA is a set of security mechanisms that eliminates most 802.11 security issues. The final form of the 802.11i standard is referred to as Robust Security Network (RSN).

802.11i RSN Services and Protocols The 802.11i RSN security specification defines the following services: Authentication: A protocol is used to define an exchange between a user and an AS that provides mutual authentication and generates temporary keys to be used between the client and the AP over the wireless link. Access control: This function enforces the use of the authentication function, routes the messages properly, and facilitates key exchange. It can work with a variety of authentication protocols. Privacy with message integrity: MAC-level data (e.g., an LLC PDU) are encrypted, along with a message integrity code that ensures that the data have not been altered. 3

802.11i Phases of Operation IEEE 802.11i security is concerned only with Station and Access Point. The five phase are: Discovery: 1. An AP uses messages called Beacons and Probe Responses to advertise its IEEE 802.11i security policy. 2. The STA uses these to identify an AP for a WLAN with which it wishes to communicate. 3. The STA associates with the AP, which it uses to select the cipher suite and authentication mechanism when the Beacons and Probe Responses present a choice.

802.11i Phases of Operation Authentication: the STA and AS (Authentication) prove their identities to each other. The AP blocks non-authentication traffic between the STA and AS until the authentication transaction is successful. The AP does not participate in the authentication transaction other than forwarding traffic between the STA and AS.

802.11i Phases of Operation Key generation and distribution: The AP and the STA perform several operations that cause cryptographic keys to be generated and placed on the AP and the STA. Frames are exchanged between the AP and STA only 6

802.11i Phases of Operation Protected data transfer: Frames are exchanged between the STA and the end station through the AP. As denoted by the shading and the encryption module icon, secure data transfer occurs between the STA and the AP only; security is not provided end-to-end. 7

802.11i Phases of Operation Connection termination: The AP and STA exchange frames. During this phase, the secure connection is torn down and the connection is restored to the original state.. 8

802.11i Discovery Phases The purpose of this phase is for an STA and an AP to 1. Recognize each other 2. Agree on a set of security capabilities Confidentiality MPDU integrity protocols Authentication method Cryptography key management approach 3. Establish an association for future communication using those security capabilities Discovery phase consists of three exchanges: 1. Network and security capability discovery. 2. Open system authentication. 3. Association. 9

802.11i Discovery Phases 1. Network and security capability discovery. AP priodicaly broadcast its security capabilities through Beacon frame. SATS discover the access point by either 1. Monitoring Beacon frame. 2. Sending Prob frame. 10

802.11i Discovery Phases 2. Open system authentication STA & AP exchange their IDs 3.Association To Agree on set of security suit to be used. 11

802.11i Authentication Phases The authentication phase enables mutual authentication between an STA and an authentication server (AS) located in the DS. Authentication is designed to 1. allow only authorized stations to use the network 2. and to provide the STA with assurance that it is communicating with a legitimate network Authentication phase consists of three exchanges: 1. Connect to AS. 2. EAP exchange. 3. Secure Key Delivery. 12

802.11i Authentication Phases 1. Connect to AS. STA sends To it AP a request for connection to the AS. AP acknowledge this request this request and forward it to AS. 2. EAP ( Extensible authentication protocol) exchange : This exchange authenticates STA and AS. 3. Secure Key Delivery: After authentication AS will generate Master key session (MSK) and send it to STA. All cryptographic keys used by STA will be derived from MSK. 13

During the key management phase, a variety of cryptographic keys are generated and distributed to STAs. Pairwise keys are used for communication between a pair of devices, typically between an STA and an AP. 802.11i Key Management Phases These keys form a hierarchy, beginning with a master key from which other keys are derived dynamically and used for a limited period of time. 1. A pre-shared key (PSK) is a secret key shared by the AP and a STA 2. The other alternative is the master session key (MSK), which is generated using the IEEE 802.1X protocol during the authentication phase, as described previously. 14

802.11i Key Management Phases The pairwise master key (PMK) is derived from the master key as follows: 1. If a PSK is used, then the PSK is used as the PMK; 2. if a MSK is used, then the PMK is derived from the MSK by truncation (if necessary). By the end of the authentication phase (on EAP Success message), both the AP and the STA have a copy of their shared PMK. The PMK is used to generate the pairwise transient key (PTK), to be used for communication between an STA and AP after they have mutually authenticated. PTK = HMAC( PMK the MAC addresses of the STA and AP nonces ). 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback