CSE 713: Wireless Networks Security Principles and Practices

Similar documents
CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

FAQ on Cisco Aironet Wireless Security

Wireless technology Principles of Security

Chapter 24 Wireless Network Security

Wireless Attacks and Countermeasures

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

What is Eavedropping?

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Security in IEEE Networks

Wireless Networking Basics. Ed Crowley

Overview of Security

Chapter 1 Describing Regulatory Compliance

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Configuring Layer2 Security

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Wireless Security i. Lars Strand lars (at) unik no June 2004

How Insecure is Wireless LAN?

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

COPYRIGHTED MATERIAL. Contents

Appendix E Wireless Networking Basics

Network Encryption 3 4/20/17

Wireless# Guide to Wireless Communications. Objectives

Wireless LAN Security. Gabriel Clothier

LESSON 12: WI FI NETWORKS SECURITY

Wireless Network Security

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Chapter 5 Local Area Networks. Computer Concepts 2013

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Wireless Security Security problems in Wireless Networks

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

WIRELESS LOCAL AREA NETWORK SECURITY USING WPA2-PSK

05 - WLAN Encryption and Data Integrity Protocols

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Standard For IIUM Wireless Networking

Configuring a VAP on the WAP351, WAP131, and WAP371

Securing Your Wireless LAN

Exam Questions CWSP-205


802.1x. ACSAC 2002 Las Vegas

Wireless Network Security Spring 2015

Certified Wireless Network Administrator

Chapter 17. Wireless Network Security

Securing a Wireless LAN

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Configuring the Client Adapter through the Windows XP Operating System

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Wireless Network Security Spring 2016

Wireless Network Security

Overview of IEEE b Security

Network Access Flows APPENDIXB

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Distributed Systems. Lecture 14: Security. 5 March,

Wireless Technologies

How Secure is Wireless?

Physical and Link Layer Attacks

Configuring the Client Adapter through Windows CE.NET

Wireless Network Security Fundamentals and Technologies

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

5 Tips to Fortify your Wireless Network

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Authentication and Security: IEEE 802.1x and protocols EAP based

COMP327 Mobile Computing Session: Lecture Set 6 - Personal Area Networks and Wireless Connections - Part 2

CHAPTER 8 SECURING INFORMATION SYSTEMS

Wireless LAN Security (RM12/2002)

Configuring the Client Adapter

A Secure Wireless LAN Access Technique for Home Network

Stream Ciphers. Stream Ciphers 1

CS 393/682 Network Security

Configuring Cipher Suites and WEP

CSE 713: Wireless Networks Security Principles and Practices. Ad hoc networks security and sensor networks security (1 hour)

Security and Authentication for Wireless Networks

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Advanced Security and Mobile Networks

THOUGHTS ON TSN SECURITY

Security Setup CHAPTER

Telecommunications 3 Module 6

Wednesday, May 16, 2018

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

TestsDumps. Latest Test Dumps for IT Exam Certification

Detecting & Eliminating Rogue Access Point in IEEE WLAN

The Case for Secure Communications

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

Securing Wireless LANs with Certificate Services

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Wi-Fi Scanner. Glossary. LizardSystems

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

WarDriving. related fixed line attacks war dialing port scanning

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

Seamless Yet Secure -Hotspot Roaming

CIS 5373 Systems Security

Wireless g AP. User s Manual

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Transcription:

CSE 713: Wireless Networks Security Principles and Practices Shambhu Upadhyaya Computer Science and Engineering University at Buffalo Introductory Lecture January 30, 2017 Acknowledgments DoD Capacity Building Grant NSF Capacity Building Grant Cisco Equipment Grant Anusha Iyer, Pavan Rudravaram, Himabindu Challapalli, Parag Jain, Mohit Virendra, Sunu Mathew, Murtuza Jadliwala, Madhu Chandrasekaran, Ameya Sanzgiri, Tamal Biswas (former students) 2 1

Seminar Presentations General introduction Wireless security challenges 802.11i basics Topics description (Module 1, End of Week 1) TKIP and AES-CCMP (Module 2) Ad hoc networks security and sensor networks security (Module 2, End of Week 2) Security Principles (Module 3, End of Week 3) In-depth look into advanced topics Energy-aware computing Smart grid security IoT security (Module 4, End of Week 4) Student presentations (Week 5 onwards) 3 A Typical Wireless Security Course Introduction to wireless networking (1 week) Introduction to security issues in wireless networks (2 weeks) Overview of challenges, threats and hacking methodologies (1 week) Wireless technologies and security mechanisms 802.11, WEP, 802.11i, 802.1x, EAP, Radius, Upper layer authentication (4 weeks) Advanced topics WPA, RSN, TKIP, AES-CCMP, MANETs, Sensor networks, (4 weeks) Countermeasures and mitigation (1 week) Policy and analysis (1 week) 4 2

Seminar Course Grading Prerequisites A course on Computer Networks and basic knowledge of computer security Some programming experience is essential Course webpage http://www.cse.buffalo.edu/faculty/shambhu/cs e71317/ Grading Presentations Research, Projects, any term papers Attendance mandatory 5 Lab Projects (Hands-on) Setting up wireless networks with hybrid technology Setting up multi-hop networks in the lab Packet Analysis & Spoofing WildPacket s AiroPeek, Ethereal/Wireshark, etc. RF Jamming & Data Flooding, DOS attacks Get an idea on AP vulnerabilities, iphones Information Theft Implement a covert channel through a wireless communication path, how easy or difficult? Layered Wireless Security Lightweight Extensible Authentication Protocol (LEAP) system of Cisco Key Management Authentication, confidentiality Network survivability Admission control, graceful migration, etc. 6 3

Why Wireless? No way to run the cable, remote areas Convenience of less hardware e.g., Conferences Temporary setups Costs of Cabling too expensive Scalability and Flexibility - Easy to grow Reduced cost of ownership - initial costs the same as the wired networks Mobility 7 Mobility and Security Increased mobility has become way of life Wireless is at the first and last miles Presents itself to security problems Proper security must be practiced A new security culture needs to emerge across the entire Internet user community Hacker ethic destructiveness is inquisitiveness must be resisted Instead, proper online security habits must be practiced 8 4

What Would Constitute a Typical Wireless Security Course Components of the course Threat model Security protocol Keys and passwords Key entropy Authentication Authorization Encryption Trust issues Detection models 9 Security and Privacy Wireless infrastructure Less physical assets to protect But there is no locked door on the airways Infrastructure protection In Government hands Being public asset, government feels responsible National security Military is often the originator of digital security measures Regulations are likely to thwart privacy FBI s Carnivore program automated snooping tool, unpopular Similar to wiretapping, but sniff email, designed in 1999, Violated free speech and civil rights?, Program abandoned completely in Jan. 2005 NSA s Prism Program Clandestine mass electronic surveillance data mining program (2007) Existence was leaked by Edward Snowden in June 2013 10 5

Wireless Networks Cellular Networks (CDMA, OFDMA, GSM) 1G, 2G, 3G, 4G, 5G, Main function is to send voice (make calls), but data over voice applications (WAP, GPRS) have been developed to enable web surfing from cell phones Data Networks (802.11, 802.15, 802.16, 802.20 - Mobile Broadband Wireless Access (MBWA) ) Main function is to send data, but voice over data applications have also been developed (e.g., VOIP) Emphasis of the course is on Data Networks 802.11: WLANs, MANETs, Sensor Networks 802.11 is a STANDARD with different implementations 802.11 only tells about how to access the channel, how to back-off to prevent collisions, how to send a packet over the air 11 Wireless Network Types Fixed networks Point-to-point to network Nomadic networks Point-to-multipoint network Computing devices are somewhat mobile 802.11b, 802.11g, 802.11a support this Becoming quite commonplace coffee shop Mobile networks Must support high velocity mobility, 802.16e, 802.20 and CDMA 2000 standards 12 6

802.11 Variants Variation Operating Frequency Bandwidth Disadvantages 802.11 24GHz 2.4GHz 2 Mbps Less Bandwidth 802.11b 2.4 GHz 11 Mbps Lack of QoS and multimedia support 802.11g 2.4 GHz 20 Mbps Same as 802.11b 802.11a 5 GHz 54 Mbps More Expensive and less range 802.11h 5 GHz 54 Mbps Same as 802.11a 802.11n 2.4 GHz or 5 GHz 200 Mbps Expensive 802.11e QoS Support to 802.11 LAN 802.11f access point communications among multiple vendors 802.11i Enhance security and authentication mechanism for 802.11 mac 13 Wireless Networks Deployment Strategies Two modes of operation of 802.11 devices Infrastructure mode Ad hoc mode An Ad hoc network between two or more wireless devices without Access point (AP) Infrastructure mode AP bridging wireless media to wired media AP handles station authentication and association to the wireless network 14 7

Infrastructure Mode Architecture 15 Ad-hoc Mode Architecture 16 8

17 Wireless Security Challenges What are the major challenges? 18 9

General Threats to WLANs Threats in wireless networks can be configured into the following categories: Errors and omissions Fraud and theft committed by authorized or unauthorized users of the system Employee sabotage Loss of physical and infrastructure support Malicious hackers Industrial espionage Malicious code Threats to personal privacy 19 Vulnerabilities in Wireless Networks Vulnerabilities in wireless networks include: Existing vulnerabilities of wired networks apply to wireless networks as well Sensitive information that is not encrypted (or is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed Denial of service (DoS) attacks may be directed at wireless connections or devices Sensitive data may be corrupted during improper synchronization 20 10

Vulnerabilities, Contd.. Malicious entities may be able to violate the privacy of legitimate users and be able to track their actual movements Handheld devices are easily stolen and can reveal sensitive information Interlopers, from inside id or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations 21 Wi-Fi Evil Twins Evil twins are a significant menace to threaten the security of Internet users Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin There are no good solutions against it Strong authentication and encryption could be good defenses 22 11

WLAN - Security Problems Attacks in WLANs can be classified as: Passive Attacks An attack in which an unauthorized party simply gains access to an asset and does not modify its content Eavesdropping Traffic Analysis Active Attacks An attack whereby an unauthorized party makes modifications to a message, data stream, or file Masquerading Replay Message Modification Denial of Service (DoS) 23 WLAN Security Goals There are four goals one should aim for when installing a wireless network Access control - Only authorized users should be allowed to use the wireless network Data integrity - The network traffic should be secure against tampering Confidentiality - The user should be protected against a third party listening to the conversation Availability of service - The service should be secured against Denial of Service (DoS) attacks 24 12

Basic WLAN Security Mechanisms Security Problems - 802.11 family faces the same problems Sniffing and War driving Following security mechanisms exist Service Set Identifier (SSID) MAC Address filtering Open System Authentication Shared Key Authentication Wired Equivalent Privacy (WEP) protocol 802.11 products are shipped by the vendors with all security mechanisms disabled!! Allows any wireless node (NIC) to access the network Walk around and gain access to the network 25 Open System Authentication The default authentication protocol for 802.11 Authenticates anyone who requests authentication (null authentication) End Node Authentication Request Access Point Authentication Response 26 13

Shared Key Authentication This assumes that each station has received a secret shared key through a secure channel independent from the 802.11 network Stations authenticate through shared knowledge of the secret key Use of shared key authentication requires implementation of the Wired Equivalent Privacy algorithm Authentication Request Authentication Challenge End Station Authentication Response Authentication Result Access Point 27 Wired Equivalence Privacy (WEP) Designed to provide confidentiality to a wireless network similar to that of standard LANs WEP is essentially the RC4 symmetric key cryptographic algorithm (same key for encrypting and decrypting) Transmitting station concatenates 40 bit key with a 24 bit Initialization Vector (IV) to produce pseudorandom key stream Plaintext is XORed with the pseudorandom key stream to produce ciphertext 28 14

Wired Equivalence Privacy (WEP) Ciphertext is concatenated with IV and transmitted over the wireless medium Receiving station reads the IV, concatenates it with the secret key to produce local copy of the pseudorandom key stream Received ciphertext is XORed with the key stream generated to get back the plaintext 29 WEP Encryption Algorithm 30 15

WEP Decrypting Algorithm 31 WEP Problems There is no key management provision in the WEP protocol WEP has been broken! Walker (Oct 2000), Borisov et al. (Jan 2001), Fluhrer-Mantin -Shamir (Aug 2001) Unsafe at any key size: Testing reveals WEP encapsulation remains insecure whether its key length is 1 bit or 1000 or any other size More about this at: https://mentor.ieee.org/802.11/documents/ 32 16

802.11i Basics The wireless security standards 33 802.11i The New Security Standard New generation of Security Standards Standard d was ratified in June, 2004 and incorporated into 802.11-2007 standard Defines a security mechanism that operates between the Media Access Control (MAC) sublayer and the Network layer Introduced a new type of wireless network called RSN RSN - Robust Security Networks Based on AES (Advanced Encryption Standard) along with 802.1X and EAP (Extensible Authentication Protocol) Needs RSN compatible hardware to operate 34 17

802.11i Contd To ensure a smooth transition from current networks to 802.11i, TSN (Transitional Security Networks) were defined where both RSN and WEP can operate in parallel Due to the requirements of RSN for a different hardware, Wi-Fi Alliance defined WPA WPA - Wi-Fi Protected Access subset of RSN Can be applied to current WEP enabled devices as a software update Focuses on TKIP (Temporal Key Integrity Protocol) RSN and WPA share single security architecture Architecture covers Upper level authentication procedures Secret key distribution and key renewal 35 802.11i Contd Differences between WPA and RSN WPA defines a particular implementation of the network whereas RSN gives more flexibility RSN supports TKIP and AES whereas WPA has support only for TKIP WPA applied to infrastructure mode only RSN Applied to ad-hoc mode also Security Context Keys Security relies heavily on secret keys RSN Key hierarchy Temporal or session keys Master key 36 18

802.11i Contd Security Layers Wireless LAN layer Raw communication, advertising capabilities, encryption, decryption Access control layer Middle manager: manages the security context. Talks to the authentication layer to decide the establishment of security context and participates in generation of temporal keys Authentication layer Layer where the policy decisions are made and proof of identity is accepted or rejected 37 802.11i Contd 38 19

Access Control Methods Access Control Mechanism to separate authorized and unauthorized personnel Protocols used to implement Access Control in RSN and WPA are: 802.1X EAP RADIUS 39 Access Control Methods Elements of Access Control: Supplicant Authenticator Authorizer Steps in Access Control: Authenticator is alerted by the supplicant Supplicant identifies himself Authenticator requests authorization from authorizer Authorizer indicates Yes or No Authenticator allows or blocks device 40 20

802.1X Divides the network into three entities: Supplicant Authenticator Authentication Server Works between the supplicant (client) and the authenticator (network device) Medium independent (Wired, Wireless, Cable/Fiber) Uses EAP to support Multiple authentication methods like: EAP-TLS (certificates) PEAP/TTLS (password) 41 802.1X Components Supplicant PAE (Port Access Entity) Authentication Server 1 4 2 3 1 User activates link (i.e., connects to the access point) 2 Switch requests authentication server if user is authorized to access LAN 3 4 Authentication server responds with authority access Switch opens controlled port (if authorized) for user to access LAN 42 21

Role of RADIUS in WPA Remote Authentication Dial-In User Service De-Facto Standard For Remote Authentication PAP (Password Authentication Protocol) CHAP (Challenge Handshake Authentication Protocol) Used for communication between APs and AS RADIUS facilitates centralized user administration required for many applications, e.g., ISPs Perhaps not used in home installations WPA mandates the use of RADIUS authentication Optional for RSNs RSNs use Kerberos 43 Student Presentation Topics Secure Routing in Ad hoc Networks Key Management in Ad Hoc and Sensor Networks Attacks in Sensor Networks Trust Issues in Wireless Networks Mesh Networks Security Vehicular Networks Security Smart Grid Security Smartphone Security Internet of Things (IoT) Security 44 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback