1 / 29

WIRELESS LAN SECURITY AND LABORATORY DESIGNS

WIRELESS LAN SECURITY AND LABORATORY DESIGNS. Yasir Zahur T. Andrew Yang University of Houston – Clear Lake 17 th CCSC Southeastern Conference Georgia Perimeter College - Dunwoody, GA. Agenda. Introduction Standards & Specifications Vulnerabilities Alternate Security Solutions

Download Presentation

WIRELESS LAN SECURITY AND LABORATORY DESIGNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WIRELESS LAN SECURITY AND LABORATORY DESIGNS Yasir Zahur T. Andrew Yang University of Houston – Clear Lake 17th CCSC Southeastern Conference Georgia Perimeter College - Dunwoody, GA CCSCSE 2003

  2. Agenda • Introduction • Standards & Specifications • Vulnerabilities • Alternate Security Solutions • Laboratory Setup CCSCSE 2003

  3. Where Does WLAN Fit ? CCSCSE 2003

  4. Source: http://www.jiwire.com/?cid=95&kw=802.11&se=google(Nov. 6, 2003) CCSCSE 2003

  5. Growth of WLAN CCSCSE 2003

  6. Infrastructure Mode of WLAN CCSCSE 2003

  7. Typical WLAN Architecture CCSCSE 2003

  8. IEEE 802.11 Standards CCSCSE 2003

  9. Interferences (802.11b) 2.4GHz Cordless Phone Some other wireless network Microwave oven Access Point CCSCSE 2003

  10. IEEE 802.11b Specifications(a brief overview) • Transmission of approximately 11 Mbps of data • Half Duplex protocol • Use of CSMA/CA (collision avoidance) instead of CSMA/CD (collision detection) • Total of 14 frequency channels. FCC allows channels 1 through 11 within the U.S in 2.4 GHz ISM band • Only channels 1, 6 and 11 can be used without causing interference between access points • Wired Equivalent Privacy (WEP) based on Symmetric RC4 Encryption algorithm • Use of Service Set Identifier (SSID) as network identifier CCSCSE 2003

  11. General WLAN Vulnerabilities • Eavesdropping • Invasion and Resource Stealing • Traffic Redirection • Denial Of Service Attack • Rogue Access Point • No per packet authentication • No central authentication, authorization, and accounting (AAA) support CCSCSE 2003

  12. 802.11b Vulnerabilities • MAC address based authentication • One-Way authentication • SSID • Static WEP Keys • WEP key vulnerabilities • Manual Key Management • Key Size • Initialization Vector • Decryption Dictionaries CCSCSE 2003

  13. WEP Encryption CCSCSE 2003

  14. IEEE 802.1x • IEEE 802.1x is a port based authentication protocol. • It forms the basis for IEEE 802.11i standard. • There are three different types of entities in a typical 802.1x network including a supplicant, an authenticator, and an authentication server. • In an un-authorized state, the port allows only DHCP and EAP (Extensible Authentication Protocol) traffic to pass through. CCSCSE 2003

  15. EAPOL Exchange CCSCSE 2003

  16. IEEE 802.1x – Pros / Cons • Dynamic Session Key Management • Open Standards Based • Centralized User Administration • User Based Identification • Absence Of Mutual Authentication • Lack of clear communication between 802.11 and 802.11i state machines and message authenticity CCSCSE 2003

  17. Absence Of Mutual Authentication • Supplicant always trusts the Authenticator but not vice versa • This opens the door for “MAN IN THE MIDDLE ATTACK” CCSCSE 2003

  18. Session Hijack Attack 802.11 State Machine 802.11i State Machine CCSCSE 2003

  19. Session Hijack Attack(…cont) CCSCSE 2003

  20. Alternate Solutions • Virtual Private Networks (VPN) • User Authentication • Encryption • Cisco LEAP • Mutual Authentication • Per Session based Keys • Secure Socket Layer (SSL) • Encryption • Digital Certificates CCSCSE 2003

  21. WEP Attack CCSCSE 2003

  22. Man In The Middle & Session Hijack Attacks CCSCSE 2003

  23. Cisco LEAP Setup LEAP Enabled Client LEAP Enabled Access Point AAA Server CCSCSE 2003

  24. VPN Setup VPN Client Pass Through Access Point VPN Server CCSCSE 2003

  25. SSL Setup SSL Client Pass Through Access Point SSL Server CCSCSE 2003

  26. A Specialized Computer Security Lab • NSF CCLI A&I grant: 2003-2005 • Two Focuses: • DCSL: Distributed Computer Security Lab Between UHCL and UHD Possibly extended to other small or medium-sized colleges Customizable testbed for various security-related experiments/projects • Module-based Computer Security Courseware Design On-going Looking for collaborators, courseware developers, users, … CCSCSE 2003

  27. CCSCSE 2003

  28. Computer Security Courseware • Module-based Computer Security Courseware Design Units: Modules, submodules, artifacts, … CCSCSE 2003

  29. References • John Pescatore, “Wireless Networks: Can Security Catch Up With Business?” • Arunesh Mishra, William A. Arbaugh, “An Initial Security Analysis of the IEEE 802.1x Standard”, Department Of Computer Science, University Of Maryland, Feb 06 2002 • WLAN Association, “Wireless Networking Standards and Organizations”, WLANA Resource Center, April 17 2002 • Cisco Networks, “Cisco Aironet Response to University of Maryland’s paper” • John Vollbrecht, David Rago, and Robert Moskowitz. “Wireless LAN Access Control and Authentication”, White Papers at Interlink Networks Resource Library, 2001 • Nikita Borisov, Ian Goldberg, and David Wagner “Security of WEP Algorithm”, ISAAC, Computer Science Department, University Of California Berkely CCSCSE 2003

More Related