1 / 37

Chapter 24

Chapter 24. Wireless Network Security. Privat e Tour. In between lecture and lab class today at 10.45, we will get an insight into an enterprise network and wireless security as Michael Doherty demonstrates the system at UU for protecting the Wireless Infrastructure. Security News.

nevan
Download Presentation

Chapter 24

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 24 Wireless Network Security

  2. Private Tour • In between lecture and lab class today at 10.45, we will get an insight into an enterprise network and wireless security as Michael Doherty demonstrates the system at UU for protecting the Wireless Infrastructure.

  3. Security News

  4. Wireless Security Overview • concerns for wireless security are similar to those found in a wired environment • security requirements are the same: • confidentiality, integrity, availability, authenticity, accountability • most significant source of risk is the underlying communications medium

  5. Wireless Networking Components

  6. Wireless Network Threats

  7. Securing Wireless Transmissions • principal threats are eavesdropping, altering or inserting messages, and disruption • countermeasures for eavesdropping: • signal-hiding techniques • encryption • the use of encryption and authentication protocols is the standard method of countering attempts to alter or insert transmissions

  8. Securing Wireless Networks • the main threat involving wireless access points is unauthorized access to the network • principal approach for preventing such access is the IEEE 802.1X standard for port-based network access control • the standard provides an authentication mechanism for devices wishing to attach to a LAN or wireless network • use of 802.1X can prevent rogue access points and other unauthorized devices from becoming insecure backdoors

  9. Wireless Network Security Techniques

  10. IEEE 802.11 Terminology

  11. Wireless Fidelity(Wi-Fi) Alliance • 802.11b • first 802.11 standard to gain broad industry acceptance • Wireless Ethernet Compatibility Alliance (WECA) • industry consortium formed in 1999 to address the concern of products from different vendors successfully interoperating • later renamed the Wi-Fi Alliance • term used for certified 802.11b products is Wi-Fi • has been extended to 802.11g products • Wi-Fi Protected Access (WPA) • Wi-Fi Alliance certification procedures for IEEE802.11 security standards • WPA2 incorporates all of the features of the IEEE802.11i WLAN security specification

  12. IEEE 802 Protocol Architecture

  13. General IEEE 802 MPDU Format

  14. IEEE 802.11 Extended Service Set

  15. IEEE 802.11 Services

  16. Distribution of Messages Within a DS • the two services involved with the distribution of messages within a DS are: • distribution • integration

  17. Association-Related Services • transition types, based on mobility: • no transition • a station of this type is either stationary or moves only within the direct communication range of the communicating stations of a single BSS • BSS transition • station movement from one BSS to another BSS within the same ESS; delivery of data to the station requires that the addressing capability be able to recognize the new location of the station • ESS transition • station movement from a BSS in one ESS to a BSS within another ESS; maintenance of upper-layer connections supported by 802.11 cannot be guaranteed

  18. Services

  19. WEP Cracking • http://www.youtube.com/watch?v=77IBk-wUAVg

  20. Wireless LAN Security • Wired Equivalent Privacy (WEP) algorithm • 802.11 privacy • Wi-Fi Protected Access (WPA) • set of security mechanisms that eliminates most 802.11 security issues and was based on the current state of the 802.11i standard • Robust Security Network (RSN) • final form of the 802.11i standard • Wi-Fi Alliance certifies vendors in compliance with the full 802.11i specification under the WPA2 program

  21. Elements of IEEE 802.11i

  22. IEEE802.11iPhases of Operation

  23. IEEE802.11iPhasesof Operation

  24. 802.1X Access Control

  25. MPDU Exchange • authentication phase consists of three phases: • connect to AS • the STA sends a request to its AP that it has an association with for connection to the AS; the AP acknowledges this request and sends an access request to the AS • EAP exchange • authenticates the STA and AS to each other • secure key delivery • once authentication is established, the AS generates a master session key and sends it to the STA

  26. IEEE 802.11i Key Hierarchies

  27. IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols

  28. Phases of Operation

  29. Temporal Key Integrity Protocol (TKIP) • designed to require only software changes to devices that are implemented with the older wireless LAN security approach called WEP • provides two services:

  30. Pseudorandom Function

  31. Can you crack WPA/WPA2? • WPA/WPA2 supports many types of authentication beyond pre-shared keys. • aircrack-ng can ONLY crack pre-shared keys. • So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, do not bother trying to crack it.

  32. Can you crack WPA/WPA2? • There is another important difference between cracking WPA/WPA2 and WEP. This is the approach used to crack the WPA/WPA2 pre-shared key. • Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs like when cracking WEP encryption, does not speed up the attack. • The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network. Although not absolutely true, for the purposes of learning how to hack, consider it true. • Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack the pre-shared key.

  33. Can you crack WPA/WPA2? • The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. • The impact of having to use a brute force approach is substantial. Because it is very compute intensive, a computer can only test 50 to 300 possible keys per second depending on the computer CPU. It can take hours, if not days, to crunch through a large dictionary. If you are thinking about generating your own password list to cover all the permutations and combinations of characters and special symbols. • IMPORTANT This means that the passphrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key. • There is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.

  34. Cracking WPA/WPA2 • http://www.youtube.com/watch?v=3P8l-PsvYak There are lots of tutorials online on how to do this using Linux. • http://www.aircrack-ng.org/doku.php?id=cracking_wpa

  35. Question • What kind of types of denial-of-service (DOS) attacks may be performed on IEEE 802.11 wireless networks at different layers of the protocol stack?

  36. Answer • At the physical layer, a device may generate random RF noise, making the medium appear constantly busy. • At the datalink (MAC) layer, a device may generate random packets, which violates the ‘‘polite’’ RTS/CTS sequence. • At the network layer, any device may masquerade as an access-point and gather and drop packets. • At the application layer, an application may naively perform a large file transfer, dominating the medium.

  37. Summary • wireless security overview • wireless network threats • wireless security measure • IEEE 802.11 wireless LAN overview • Wi-Fi alliance • IEEE 802 protocol architecture • IEEE 802.11 network components and architectural model • IEEE 802.11 services • IEEE 802.11i • IEEE 802.11i Services • IEEE 802.11i Phases of Operation • Discovery Phase • Authentication Phase • Key Management Phase • Protected Data Transfer Phase • the IEEE 802.11i Pseudorandom Function

More Related