420 likes | 522 Views
Justin Kontny, Chris Nassouri, and Matt Martens. Wireless Encryption and Beyond. History of Wireless Networks. The first generation wireless modems were created in the early 1980's by amateur radio operators.
E N D
Justin Kontny, Chris Nassouri, and Matt Martens Wireless Encryption and Beyond
History of Wireless Networks • The first generation wireless modems were created in the early 1980's by amateur radio operators. • These wireless data modems by adding a voice band data communication modem that had rates below 9600 bit/s to an already made short range radio system.
Second generation networks • Second generation wireless modems were created after the FCC announced that there would be experimental, non military use bands for spread spectrum technology. • These modems were able to prove data rates of hundreds of kbs.
Third Generation • The third generation wireless modems were directed towards compatibility with the current LAN that harbored data rates of Mbit/s.
Why security is needed • Unlike LAN networks Wireless networks can be attacked without “Physically” being connected via network jack. • Wireless signals are broadcasted beyond company walls. • If authentication is not required (no encryption) then anyone can connect to the access point.
Cryptography • Cryptography is method of taking legible and readable data and turning it into data that is unreadable. • The purpose of this is to assure a safe transaction of private data from one user to another. • When the other user receives the unreadable data, a secret key pass is used to convert it back to a legible state.
Cryptography • The science of cryptography is much older than computers. This method of security was created by Julias Caesar in the days of old Rome. • A very easy example of cryptography is to assign a letter to a progressively higher number. Doing this would give you, A=1 B=2 C=3 and so forth. • All through time, this has been used to keep secret data secure from falling into the wrong hands. • As time passes, cryptography is getting stronger and stronger.
DES Cryptography • A lot of cryptography methods use a secret key. The key is what allows someone to decrypt messages sent to them that have been made unreadable. • The most commonly used secret key system is Data Encryption Stands, also known as DES. • There is also Triple DES, which encrypts the data three times over.
Public Key Cryptography • An even more common method of cryptography is the public key system. • This method has two keys, which work together. • There are two keys, a public key and a private key. The public key is accessible to anyone and the secret key is only known by specific users. It allows the person sending the private data to use the public key to encrypt it but the only way to decrypt it is with the secret key.
Hash Functions • Hash functions offer a piece of mind to those who need to keep certain data safe. • It assures the receiver of the message that the message was sent by a trusted user or source. • Sometimes, hash functions are used with public and private key cryptography. Hash functions apply an algorithm to messages. This makes it so the message itself can not be recovered. It does not encrypt data for later decryption but it acts as a digital fingerprint for the message. • When the message is received, the hash function is re-read, to make sure the message had not been altered during sending.
Cryptography • Cryptography is a very reliable way of sending private data to another user safely. • If a hacker was to try and break a private key, they would have to spend months using the brute force method. • A brute force attack is the most commonly used attack, it attempts to crack the secret key. It works by trying a large number of key combinations, eventually trying every possible one.
Wireless Encryption • Wireless encryption is used to disguise plain text over a network. • Encryption is an algorithm used to encrypt and decrypt based on shared or private keys. • Encryption comes in different strengths and algorithms.
Wireless Encryption • WEP (wired equivalent protection) • WPA (Wi-Fi protected access) • WPA2 (New form of WPA) • PSK (Pre-shared key)
WEP • Wired Equivalent Protection • WEP is a security scheme to secure IEEE 802.11 wireless connections. The point of WEP is to try and keep a wireless connection secure but it can be easily cracked with certain softwares within a few moments. Basically, it is only good for protection against people who are looking for free Internet
WEP • Encryption 40bit, and 64 bit can communicate. • 128bit is the strongest • All computers must share the same pass-phrase dedicated to a single access point.
WEP • Pros to using WEP. • Some security is better than no security. • Most users can not bypass or crack WEP encryption.
Cons to using WEP • Even without the Pass-phrase a user can connect to an access point. Although connected without the pass-phrase no network resources may be accessed. • This allows for the capture of network traffic. Leading to security threats. This makes WEP easily crackable with software that is easily obtainable.
PSK and Security • In cryptography, a pre-shared key or PSK is a shared secret key that shared between the two points. • These points use some secure channel before it needs to be accessed. Most of these systems always always use the symmetric key cryptographic algorithm.
PSK and Security (Cont.) • The characteristics of this key are determined by the system which uses it. Some system designs require that such keys be in a particular format. • It can be a password like 'bret13i', a pass phrase like 'Idaho hung gear id gene', or a hexadecimal string like '65E4 E556 8622 EEE1'. • The key is used by all the systems involved in the processe used to secure the traffic between the systems
PSK and Security (Cont.) • Since one weakpoint of the crypto system is the encryption algorithms key, the strength of the key is important, and since the strength of a key is in part dependent on its length, it is important to choose a key whose length is cryptographically secure. There are several tools available to help one choose a strong key. Diceware is one example
WPA • Wi-Fi protected access (WPA) is another class of systems used to secure wireless networks. • Created in response to a number of serious weaknesses identified in WEP encryption. • WPA is designed for use with an IEEE 802.1X authentication server. It distributes different keys to each user. • It can also be used in a less secure PSK mode where every user is given the same pass-phrase.
WPA • Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). • One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. • When combined with the much larger initialization vector, this defeats the well-known key recovery attacks on WEP.
WPA • WPA provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is unsecure and it is possible to alter the payload and update the message CRC without knowing the WEP key. • A more secure message authentication code is used in WPA. It is an algorithm named "Michael". • The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.
WPA • By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a wireless LAN far more difficult. • The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards.
WPA • Due to inevitable weaknesses of Michael, TKIP will shut down the network for one minute if two frames are discovered that fail the Michael check after passing all other integrity checks that would have caught noisy frames. • It will then require generation of new keys and re-authentication when the network restarts, forcing the attacker to start over.
WPA2 • Strong encryption and authentication support for infrastructure and ad-hoc networks (WPA is limited to infrastructure networks) • Reduced overhead in key derivation during the wireless LAN authentication exchange • Support for opportunistic key caching to reduce the overhead in roaming between access points • Support for the CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) encryption mechanism based on the Advanced Encryption Standard (AES) cipher as an alternative to the TKIP protocol.
WPA2 • As of March 2006, the WPA2 certification became mandatory for all new equipment certified by the Wi-Fi Alliance, ensuring that any reasonably modern hardware will support both WPA and WPA2.
WPA2 • By leveraging the RC4 cipher (also used in the WEP protocol), the IEEE 802.11i task group was able to improve the security of legacy networks with TKIP while the IEEE 802.11i amendment was completed. • It is important to note, however, that TKIP was designed as an interim solution for wireless security, with the goal of providing sufficient security for 5 years while organizations transitioned to the full IEEE 802.11i security mechanism. • While there have not been any catastrophic weaknesses reported in the TKIP protocol, organizations should take this design requirement into consideration and plan to transition WPA networks to WPA2 to take advantage of the benefits provided by the RSN architecture.
Algorithms and Encryption • Algorithms are mathematical procedures for performing encryption on data. • Through the use of an algorithm, information is made into meaningless cipher text and requires the use of a key to transform the data back into its original form.
Algorithms and Encryption (Cont.) • There are many different types of security algorithms which include Blowfish, AES, RC4, RC5, and RC6. • Blowfish is a symmetric encryption algorithm designed by Bruce Schneier in 1993 as an alternative to existing encryption algorithms, such as DES. Blowfish is a 64-bit block cipher that uses a key length that can vary between 32 and 448 bits.
Algorithms and Encryption (Cont.) • AES is short for Advanced Encryption Standard. It is a symmetric 128-bit block data encryption technique developed byJoan Daemen and Vincent Rijmen. • The U.S government adopted the algorithm as its encryption technique in October 2000, replacing the DES encryption it used. AES works at multiple network layers simultaneously.
Algorithms and Encryption (Cont.) • RC4 a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.
Algorithms and Encryption (Cont.) • RC5 is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. Allowable choices for the block size are 32 bits, 64 bits, and 128 bits. The number of rounds can range from 0 to 255, while the key can range from 0 bits to 2040 bits in size. • RC5 does three things • Key expansion, encryption, and decryption.
Algorithms and Encryption (Cont.) • RC6 is a block cipher based on RC5. • RC6 is a parameterized algorithm where the block size, the key size, and the number of rounds are variable. RC6 adds two features to RC5. • The inclusion of integer multiplication and the use of four 4-bit working registers instead of RC5’s two 2-bit registers.
Future of Wireless Security • The future for wireless networking is not only to have the computer hooked up to another computer but for a whole house to be able to be run through a main computer. • Wireless grows day by day and engineers are trying to find a way to have just about everything wireless. • This concept has been giving a name in retail businesses and is called the “Wireless Revolution.” • As far as security goes, there’s no telling what the newest form of security could be. The reason for this is because wireless security is updated as new attacks are created.