Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
3 views21 pages

Chapter - 7 Security in WLAN

Uploaded by

Zahir Jafer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views21 pages

Chapter - 7 Security in WLAN

Uploaded by

Zahir Jafer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

Wireless Network & Mobile

Computing
Chapter – 7
Security in wlan
Outline
• Introduction to WLAN Security objectives
• The 802.11 Open System Authentication
• Services in a security protocol suite
• Security Services overview
• WEP
• WAP
• WAPv2
WLAN Security objectives
• Private wired networks are relatively secured
– The medium is privately owned
– Can be securely configured and controlled
• The internet is relatively unsecured
– Many entry points not under control
– We can use IPSec or SSL tunnels – secure communication
over unsecured medium
• Link the internet, wireless is not inherently secure
– Radio waves emanate in all directions, outside of intended
boundaries
– A suite of protocol can secure communications over this
unsecured medium.
The 802.11 Open System
Authentication
Services in a Security Protocol Suite

WEP, WPA, WPAv2 and even IPSec provides the


following services
• Encryption – Prevents others from viewing data
• Anti Replay – prevents others from changing data
• Authentication – Share your data with appropriate
parties
• Key Management – Distribute keys to end points, so
they can encrypt/hash data
Security Protocols : Encryption
Convert legible data to cipher data
• Triple Data Encryption Standard (3DES)
• Rivest Cipher 4(RC4)
• Advanced Encryption Standard (AES)
Security Protocols : Anti - Replay
Each frame data pattern is unique
• Hashing algorithm adds encrypted fingerprint value to frame header
• Cipher Block Chaining Message Authentication Code
• MIC – Message Integrity Check
Security Protocols : Authentication

WLAN Authentication serves two primary objectives


• Only allow user with proper credentials to access gains
– Static Pre Shared Key(PSK)
– Dynamic 802.1x
Security Protocols : Keys

Generate and Distribute keys


• Encrypt and add a hash value to each transmitted
frame.
• Decrypt and check the hash value for each received
frame.
Comparison of standard and
protocols
WEP
• Stands for Wired Equivalent Privacy
• Designed to encrypt data over radio waves
• Provides 3 critical pieces of security
 Confidentiality (Encryption)
 Authentication
 Integrity

• Uses RC4 encryption algorithm


 Symmetric key stream cipher
 64-bit shared RC4 keys, 40-bit WEP key, 24-bit
plaintext Initialization Vector (IV)
WEP Encryption and Integrity

The process involves combining the IV and Secret Key to create a seed, which is then
used by a PRNG to generate a key sequence. The plaintext is processed by a CRC-32
algorithm to create an Integrity Check Value. Finally, the key sequence is XORed with
the plaintext and Integrity Check Value to produce the ciphertext. The IV is transmitted
along with the ciphertext.

IV[ IV
Key
Seed PRNG Sequence
XOR Ciphertext
Secret Key

CRC-32 Integrity
Plaintext Algorithm Check value

Plaintext
Cont...
• IV[: Initialization Vector.
• Secret Key: A secret key used for encryption.
• Seed: The combination of IV and Secret Key.
• PRNG: Pseudo-Random Number Generator, generates a
key sequence from the seed.
• Plaintext: The original, unencrypted data.
• CRC-32 Algorithm: Used to generate an Integrity
Check Value for the plaintext.
• Integrity Check Value: Ensures the integrity of the
plaintext.
• XOR: A bitwise operation that combines the Key
Sequence with the Plaintext and Integrity Check
Value.
• Ciphertext: The encrypted data.
• IV: Initialization Vector, included in the
Why WEP is Weak?
• Weakness in key management
 Single key for all access points and client radios
 Static unless manually changed
 Authentication and encryption keys are the same
• Shared key authentication failure
 No knowledge of secret to gain network access
Why WEP is Weak?..
• Weakness in Encryption
 Short 24-bit IV, reuse mandatory
 Weak per-packet key derivation - exposes RC4 protocol to
weak key attacks. Given c1 and c2 with same IV, c1 c2=
p1p2 [p1 S  p2  S], leading to statistical attacks to
recover plaintexts
 Short 40-bit encryption scheme
• No forgery protection
 Using CRC-32 checksum possible to recomputed matching
ICV for changed data bits
• No protection against replays
WPA

• WPA - Wireless Protected Access


• Strong, standards based, interoperable security for Wi-
Fi
• Addresses all known weaknesses of WEP
• Subset of forthcoming IEEE 802.11i standard
• Designed to run as a software upgrade on most Wi-Fi
certified products.
Security Mechanisms in WPA -
TKIP
• Uses TKIP (Temporal Key Integrity Protocol)
Encryption.
• Suite of algorithms wrapping WEP
• Adds 4 new algorithms to WEP:
1. New cryptographic message integrity code (MIC)
called Michael - to defeat forgeries
2. New IV sequencing discipline - to remove replay
attacks
3. A re-keying mechanism – to provide fresh encryption
and integrity keys
4. A per-packet key mixing function
• Phase 1 (Eliminates same key use by all links) - Combines
MAC address and temporal key. Input to S-box to produce
intermediate key
• Phase 2 (De-correlates IVs and per-packet keys) - Packet
sequence number encrypted under the intermediate key using
a fiestel cipher to produce 128-bit per packet key.
WPA Modes of Operation - Pre-
shared key vs. Enterprise
• Pre-shared Key Mode for home/SOHO users
 Does not require authentication server
 “Shared Secret” or password entered manually in the AP and
wireless client.
 WPA takes over automatically.
 Only the clients with matching passwords are allowed to join
the network.
 The password automatically kicks off the TKIP encryption
process.
• Enterprise Mode for corporate users
 Requires an authentication server like RADIUS
 Centralized management of user credentials
WPA modes of operation –
Enterprise Mode

Access Point

Internet

Authentication server
Tools Available

• Arisnort
• Airckrack-ng
• Aircrack – ptw
• wepLab
• Airplay-ng
• Webcrack
• And more
Thank You

You might also like