SlideShare a Scribd company logo

Wireless lan security(10.8)

Download as PPTX, PDF
S
SubashiniRathinavel

This document discusses security issues with wireless LANs and various methods to improve security. It begins by explaining how wireless networks are vulnerable without proper security since there are no physical boundaries. It then describes several original IEEE 802.11 security features like authentication modes, SSIDs, and WEP. Potential attacks on wireless LANs are listed, and solutions like limiting transmission ranges, MAC address filtering, 802.1x authentication, VPNs, and the new 802.11i standard are outlined.

Related slideshows

Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
1 of 27
WIRELESS LAN SECURITY
INTRODUCTION  In a wired network one has to be physically connected to transfer or receive Data.  It is possible to control the users in the network by controlling the physical access.  Wireless Network means using a radio transmitter and receiver. With varying degrees, radio signals will penetrate most building materials.  Therefore it is NOT POSSIBLE to set up absolute physical boundary- and expect that no outsider will be able to intrude into the network.
 With wireless networks we have no control of who might be receiving and listening to the transmissions.  It could be someone in the building across the road, in a van parked in the parking lot or someone in the office above.  Therefore, it is important that we understand the vulnerabilities of the wireless LAN and take necessary precautions.  As a part of the original specification, IEEE 802.11 included several security features, such as open system and shared key authentication modes;  The Service Set Identifier (SSID);  Wired Equivalent Privacy (WEP).  Each of these features provides varying degrees of security.
Wireless lan security(10.8)
LIMITING RF TRANSMISSION  It is important to consider controlling the range of RF transmission by an access point.  It is possible to select proper transmitter/antenna combination that will help transmission of the wireless signal only to the intended coverage area.  Antennas can be characterized by 2 features  Directionality  Gain.  Omni-Directional Antennas - 360-degree coverage area  Directional Antennas Limit - better-defined areas
SERVICE SET IDENTIFIER (SSID)  SSID is used for the access point for association between the NIC (Network Interface Card) in the client and the AP.  It is a Network name (Id of the BSS or Cell) that identifies the area covered by an AP.  The AP periodically broadcasts its SSID as a part of the management frame (beacon packet). Beacon packet is necessary for clock synchronization.  Unfortunately, as management frames of 802.11 are always sent in the clear, an attacker can easily listen on the wireless media for the management frames and discover the SSID to conned to the AP.
 The SSID can be used as a security measure by configuring the AP to broadcast the beacon packet without its SSID.  The wireless station wishing to associate with the AP must have its SSID configured to that of the AP.  If die SSID is not known, management frames sent to the AP from the wireless station mil be rejected .It is also advised that the SSID of the AP is changed from the factory set defaults to some name. which is difficult to guess.
MAC ADDRESS ACCESS CONTROL  Many access support MAC address Filtering. This is Similar to IP Filtering.  The AP manages a list of MAC addresses that are allowed or disallowed in the wireless network.  The idea is that the MAC address of the network card is unique and static.  By controlling the access from known Address, the administrator can allow or restrict the access of network only to known clients.
Wireless lan security(10.8)
AUTHENTICATION MODES  Two types of client authentication are defined in 802.11:  Open System Authentication  Shared Key Authentication  0pen System Authentication is no authentication at all.  Shared Key authentication on the other hand (is based on the fact that both stations taking part in the authentication process have the same “shared key”.
 It is assumed that this key has been transmitted to both stations through some secure channels other than the wireless media itself.  In typical implementations, this is set manually on the client station and the AP .  The authenticating station receives a challenge text packet (created using the WEP Pseudo Random Number Generator (PRNG)) from the AP.  The station encrypts this PRNQ using the shared key, and sends it back to the AP.  If, after decryption, the challenge text matches then one-way authentication is successful.  To obtain mutual authentication, the process is repeated in the opposite direction
WEP (WIRED EQUIVALENT PRIVACY)  WEP was designed to protect users of a WLAN from casual eavesdropping and was intended to offer following facilities:  Reasonably strong encryption- It relies on the difficulty of recovering the secret key through a brute force attack. The difficulty grows with the key length.  Self-synchronizing-Each packet contains the information required to decrypt it. There is no need to deal with lost packets.  Efficient- It can be implemented in software with reasonable efficiency.  Exportable-Limiting the key length leads to a greater possibility of export beyond the US.
 The WEP algorithm is the RC4 cryptographic algorithm from RSA Data Security.  RC4 uses stream cipher technique.  It is a symmetric algorithm and uses the same key for both enciphering and deciphering the data.  For each transmission, the plaintext is bitwise XORed with a pseudorandom key stream to produce cipher text.  For decryption the process is reversed.
THE ALGORITHM OPERATES AS FOLLOWS: 1. It is assumed that the secret key has been distributed to both the transmitting and receiving stations by some secure means. 2. On the transmitting station, the 40-bit secret key is concatenated with a 24-bit Initialization Vector (IV) to produce a seed for input into the WEP PRNG (Pseudo Random Number Generator). 3. The seed is passed into the PRNG to produce a stream (keystream) of pseudorandom octets. 4. The plaintext PDU is then XORed with the pseudo-random keystream to produce the cipher text PDU.
5. This cipher text PDU is then concatenated with the 24-bits IV and transmitted on the wireless media. 6. The receiving station reads the IV and concatenates it with the secret key, producing the seed that it passes to the PRNG. 7. The receiver's PRNG produces identical key stream used by the transmitting station- When this PRNG is XORed with the cipher text, the original plaintext PDU is produced. It is worth mentioning that the plaintext PDU is also protected with a CRC to prevent random tampering with the cipher text in transit.
POSSIBLE ATTACKS  The possible security attacks on Wireless LAN are:  Passive Attacks to decrypt traffic based on statistical analysis.  Active attacks to inject new traffic from unauthorized mobile stations, based on known plaintext.  Active attacks to decrypt traffic, based on tricking (lie access point.  Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real time automated decryption of all traffic.  Hijacking a session: Following successful authentication, it is possible to hijack the session.  Analysis suggests that though these attacks are not common, it is possible to perform them using inexpensive off-the-shelf equipment.
802. IX AUTHENTICATION  To prevent attacks on wireless LAN, the IEEE specification committee on 802.11 included the 802.1x authentication framework.  The 802.1x framework provides the link layer with extensible authentication, normally seen in higher layers.  802.1x requires three entities • The supplicant: Resides on the wireless LAN client • The authenticator: Resides on the access point. • The authentication server: Resides on the server authenticating the client (e.g., RADIUS Kerberos, or other servers).
 In a single network there could be many points of entry. These entries are through access points.  Once the link between a supplicant(wireless station) and an authenticator (AP) is achieved, the connection is passed to the authentication Server.  The AP authenticates the supplicant through the authentication server.  If the authentication is successful, the authentication server instructs the authenticator to allow the supplicant to access the network services.  The authenticator works like a gatekeeper.
Wireless lan security(10.8)
 The authenticator creates one logical port per client, based on the client association ID.  This logical port has two data paths;  The Uncontrolled data path allows network traffic through to the network.  The Controlled data path requires successful authentication to allow network traffic through.  Complete association with an AP involves three states: 1. Unauthenticated and unassociated 2. Authenticated and unassociated 3. Authenticated and associated
Wireless lan security(10.8)
 IEEE 802.1x offers flexibility in authentication and possible encryption .  After the link has been established, PPP(Point-to- Point Protocol) provides for an optional authentication proceeding to the network laver protocol phase. This is called EAP extensible Authentication Protocol.  Through the use of EAP, support for a number of authentication schemes may be added, including Smart cards, Kerberos, Public Key, One Time Passwords, CHAP (Challenge Handshake Authentication Protocol., or some other user- defined authentication systems.
 There are still some vulnerabilities in the EAP. To overcome this, a new standard is being proposed in IETF to override the EAP proposal.  This new standard is called PEAP ^Protected EAP). PEAP uses an additional phase of security over and above EAP
WIRELESS VPN  Virtual Private Network technology (VPN) has been used to secure communications among remote locations via the Internet since the 1990s.  It is now being extended to wireless LAN. VPNs were traditionally used to provide point-to-point encryption for long Internet connections between remote users and the enterprise networks.  VPNs have been deployed in wireless LANs as well .  When a wireless LAN client uses a VPN tunnel, communications data remains encrypted until it reaches the VPN gateway.
802.11I  Task Group "i" within IEEE 802.11, is developing a new standard for WLAN Security.  The proposed 802.11 standard is designed to embrace the authentication scheme of 802.1x and EAP while adding enhanced security features, including a new encryption scheme and dynamic key distribution.  Not only does it fix WEP, it takes Wireless LAN security to a higher level.  The proposed specification uses the Temporal Key Integrity Protocol (TKIP) to produce a 128- bit"temporal key" that allows different stations to use different keys to encrypt data.
 TKIP introduces sophisticated key generation functions, which encrypts every data packet sent over the air with its own unique encryption key. Consequently, TRIP greatly increases the complexity and difficulty of decoding the keys.  Intruders will not have enough time to collect sufficient data to decipher die key.  802.11i also endorses the Advanced Encryption Standard (AES) as a replacement for WEP encryption. AES has already been adopted as an official government standard by the US Departmentof Commerce
 .It uses a mathematical ciphering algorithm that employs variable key sizes of 128-,192- or 256-bits, making it far more difficult to decipher than WEP. AES, however, is not readily compatible with today's Wi-Fi Certified WLAN devices.  It requires new chipsets which, for WLAN customers, means new investments in wireless devices.  Those looking to build new WLANs will find it attractive.  Those with previously installed wireless networks must justify whether AES security is worth the cost of replacing equipment.

More Related Content

Wireless lan security(10.8)

  • 2. INTRODUCTION  In a wired network one has to be physically connected to transfer or receive Data.  It is possible to control the users in the network by controlling the physical access.  Wireless Network means using a radio transmitter and receiver. With varying degrees, radio signals will penetrate most building materials.  Therefore it is NOT POSSIBLE to set up absolute physical boundary- and expect that no outsider will be able to intrude into the network.
  • 3.  With wireless networks we have no control of who might be receiving and listening to the transmissions.  It could be someone in the building across the road, in a van parked in the parking lot or someone in the office above.  Therefore, it is important that we understand the vulnerabilities of the wireless LAN and take necessary precautions.  As a part of the original specification, IEEE 802.11 included several security features, such as open system and shared key authentication modes;  The Service Set Identifier (SSID);  Wired Equivalent Privacy (WEP).  Each of these features provides varying degrees of security.
  • 5. LIMITING RF TRANSMISSION  It is important to consider controlling the range of RF transmission by an access point.  It is possible to select proper transmitter/antenna combination that will help transmission of the wireless signal only to the intended coverage area.  Antennas can be characterized by 2 features  Directionality  Gain.  Omni-Directional Antennas - 360-degree coverage area  Directional Antennas Limit - better-defined areas
  • 6. SERVICE SET IDENTIFIER (SSID)  SSID is used for the access point for association between the NIC (Network Interface Card) in the client and the AP.  It is a Network name (Id of the BSS or Cell) that identifies the area covered by an AP.  The AP periodically broadcasts its SSID as a part of the management frame (beacon packet). Beacon packet is necessary for clock synchronization.  Unfortunately, as management frames of 802.11 are always sent in the clear, an attacker can easily listen on the wireless media for the management frames and discover the SSID to conned to the AP.
  • 7.  The SSID can be used as a security measure by configuring the AP to broadcast the beacon packet without its SSID.  The wireless station wishing to associate with the AP must have its SSID configured to that of the AP.  If die SSID is not known, management frames sent to the AP from the wireless station mil be rejected .It is also advised that the SSID of the AP is changed from the factory set defaults to some name. which is difficult to guess.
  • 8. MAC ADDRESS ACCESS CONTROL  Many access support MAC address Filtering. This is Similar to IP Filtering.  The AP manages a list of MAC addresses that are allowed or disallowed in the wireless network.  The idea is that the MAC address of the network card is unique and static.  By controlling the access from known Address, the administrator can allow or restrict the access of network only to known clients.
  • 10. AUTHENTICATION MODES  Two types of client authentication are defined in 802.11:  Open System Authentication  Shared Key Authentication  0pen System Authentication is no authentication at all.  Shared Key authentication on the other hand (is based on the fact that both stations taking part in the authentication process have the same “shared key”.
  • 11.  It is assumed that this key has been transmitted to both stations through some secure channels other than the wireless media itself.  In typical implementations, this is set manually on the client station and the AP .  The authenticating station receives a challenge text packet (created using the WEP Pseudo Random Number Generator (PRNG)) from the AP.  The station encrypts this PRNQ using the shared key, and sends it back to the AP.  If, after decryption, the challenge text matches then one-way authentication is successful.  To obtain mutual authentication, the process is repeated in the opposite direction
  • 12. WEP (WIRED EQUIVALENT PRIVACY)  WEP was designed to protect users of a WLAN from casual eavesdropping and was intended to offer following facilities:  Reasonably strong encryption- It relies on the difficulty of recovering the secret key through a brute force attack. The difficulty grows with the key length.  Self-synchronizing-Each packet contains the information required to decrypt it. There is no need to deal with lost packets.  Efficient- It can be implemented in software with reasonable efficiency.  Exportable-Limiting the key length leads to a greater possibility of export beyond the US.
  • 13.  The WEP algorithm is the RC4 cryptographic algorithm from RSA Data Security.  RC4 uses stream cipher technique.  It is a symmetric algorithm and uses the same key for both enciphering and deciphering the data.  For each transmission, the plaintext is bitwise XORed with a pseudorandom key stream to produce cipher text.  For decryption the process is reversed.
  • 14. THE ALGORITHM OPERATES AS FOLLOWS: 1. It is assumed that the secret key has been distributed to both the transmitting and receiving stations by some secure means. 2. On the transmitting station, the 40-bit secret key is concatenated with a 24-bit Initialization Vector (IV) to produce a seed for input into the WEP PRNG (Pseudo Random Number Generator). 3. The seed is passed into the PRNG to produce a stream (keystream) of pseudorandom octets. 4. The plaintext PDU is then XORed with the pseudo-random keystream to produce the cipher text PDU.
  • 15. 5. This cipher text PDU is then concatenated with the 24-bits IV and transmitted on the wireless media. 6. The receiving station reads the IV and concatenates it with the secret key, producing the seed that it passes to the PRNG. 7. The receiver's PRNG produces identical key stream used by the transmitting station- When this PRNG is XORed with the cipher text, the original plaintext PDU is produced. It is worth mentioning that the plaintext PDU is also protected with a CRC to prevent random tampering with the cipher text in transit.
  • 16. POSSIBLE ATTACKS  The possible security attacks on Wireless LAN are:  Passive Attacks to decrypt traffic based on statistical analysis.  Active attacks to inject new traffic from unauthorized mobile stations, based on known plaintext.  Active attacks to decrypt traffic, based on tricking (lie access point.  Dictionary-building attack that, after analysis of about a day's worth of traffic, allows real time automated decryption of all traffic.  Hijacking a session: Following successful authentication, it is possible to hijack the session.  Analysis suggests that though these attacks are not common, it is possible to perform them using inexpensive off-the-shelf equipment.
  • 17. 802. IX AUTHENTICATION  To prevent attacks on wireless LAN, the IEEE specification committee on 802.11 included the 802.1x authentication framework.  The 802.1x framework provides the link layer with extensible authentication, normally seen in higher layers.  802.1x requires three entities • The supplicant: Resides on the wireless LAN client • The authenticator: Resides on the access point. • The authentication server: Resides on the server authenticating the client (e.g., RADIUS Kerberos, or other servers).
  • 18.  In a single network there could be many points of entry. These entries are through access points.  Once the link between a supplicant(wireless station) and an authenticator (AP) is achieved, the connection is passed to the authentication Server.  The AP authenticates the supplicant through the authentication server.  If the authentication is successful, the authentication server instructs the authenticator to allow the supplicant to access the network services.  The authenticator works like a gatekeeper.
  • 20.  The authenticator creates one logical port per client, based on the client association ID.  This logical port has two data paths;  The Uncontrolled data path allows network traffic through to the network.  The Controlled data path requires successful authentication to allow network traffic through.  Complete association with an AP involves three states: 1. Unauthenticated and unassociated 2. Authenticated and unassociated 3. Authenticated and associated
  • 22.  IEEE 802.1x offers flexibility in authentication and possible encryption .  After the link has been established, PPP(Point-to- Point Protocol) provides for an optional authentication proceeding to the network laver protocol phase. This is called EAP extensible Authentication Protocol.  Through the use of EAP, support for a number of authentication schemes may be added, including Smart cards, Kerberos, Public Key, One Time Passwords, CHAP (Challenge Handshake Authentication Protocol., or some other user- defined authentication systems.
  • 23.  There are still some vulnerabilities in the EAP. To overcome this, a new standard is being proposed in IETF to override the EAP proposal.  This new standard is called PEAP ^Protected EAP). PEAP uses an additional phase of security over and above EAP
  • 24. WIRELESS VPN  Virtual Private Network technology (VPN) has been used to secure communications among remote locations via the Internet since the 1990s.  It is now being extended to wireless LAN. VPNs were traditionally used to provide point-to-point encryption for long Internet connections between remote users and the enterprise networks.  VPNs have been deployed in wireless LANs as well .  When a wireless LAN client uses a VPN tunnel, communications data remains encrypted until it reaches the VPN gateway.
  • 25. 802.11I  Task Group "i" within IEEE 802.11, is developing a new standard for WLAN Security.  The proposed 802.11 standard is designed to embrace the authentication scheme of 802.1x and EAP while adding enhanced security features, including a new encryption scheme and dynamic key distribution.  Not only does it fix WEP, it takes Wireless LAN security to a higher level.  The proposed specification uses the Temporal Key Integrity Protocol (TKIP) to produce a 128- bit"temporal key" that allows different stations to use different keys to encrypt data.
  • 26.  TKIP introduces sophisticated key generation functions, which encrypts every data packet sent over the air with its own unique encryption key. Consequently, TRIP greatly increases the complexity and difficulty of decoding the keys.  Intruders will not have enough time to collect sufficient data to decipher die key.  802.11i also endorses the Advanced Encryption Standard (AES) as a replacement for WEP encryption. AES has already been adopted as an official government standard by the US Departmentof Commerce
  • 27.  .It uses a mathematical ciphering algorithm that employs variable key sizes of 128-,192- or 256-bits, making it far more difficult to decipher than WEP. AES, however, is not readily compatible with today's Wi-Fi Certified WLAN devices.  It requires new chipsets which, for WLAN customers, means new investments in wireless devices.  Those looking to build new WLANs will find it attractive.  Those with previously installed wireless networks must justify whether AES security is worth the cost of replacing equipment.