SlideShare a Scribd company logo

Wireless security using wpa2

Download as PPTX, PDF
Tushar Anand
Tushar Anand

This document discusses wireless security using WPA2. It begins by describing the types of wireless security including open networks, WEP, WPA, and WPA2. It then provides an overview of WPA2, including how it uses AES for encryption and integrity checking. The document compares WEP, WPA, and WPA2 and describes WPA2 authentication in personal and enterprise modes. It details how WPA2 generates keys through a 4-way handshake and uses AES in counter mode for encryption and CBC-MAC for integrity. The document concludes by discussing benefits and vulnerabilities of WPA2 as well as procedures to improve wireless security.

1 of 22
WIRELESS SECURITY USING WPA2 BY : TUSHAR ANAND KUMAR ECE-”D”, REGD. NO.: 1151016015
CONTENTS • Types of security in WLAN • Comparison of WEP,WPA,WPA2 • Evolution of wireless security standards • WPA 2 authentication ,encryption & decryption • Benefits & vulnerabilities • Solutions & conclusion
TYPES OF SECURITY IN WLAN • OPEN : No security configured X • WEP : Wired Equivalent privacy X • WPA: Wi-Fi Protected Access • WPA2: Advance Wi-Fi Protected Access
WIRELESS SECURITY STANDARDS
WPA2 OVERVIEW • Wi-Fi Protected Access 2 • Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i • Uses Advance Encryption Standard (AES) protocol • AES in Counter-Mode for encryption • AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
WI-FI PROTECTED ACCESS 2 Table: two types of WPA2
COMPARING WEP, WPA ,and WPA 2
AUTHENTICATION Two types of authentication • Personal mode • Enterprise mode
PERSONAL MODE AUTHENTICATION • Authentication performed between client and access point • PSK(Pre Shared Key) & SSID(Service Set Identification) is used • AP generates 256 bit from plain text pass phrase • PMK(Pairwise Master Key) is generated after authentication
ENTERPRISE MODE AUTHENTICATION • • Based on IEEE 802.1x standard Authentication performed between :- 1. Client 2. Access Point 3. Authentication Server • After authentication MK(Master Key) Is generated
WPA 2 KEY GENERATION • 4 way handshake initiated by AP • Confirms client’s knowledge of PMK in personal mode & MK in enterprise mode • Pairwise Transient Key created at client’s • Fresh PTK is derived at AP 1. Key confirmation key 2. Key encryption key 3. Temporal key
WPA 2 KEY GENERATION • Install encryption and integrity key • Control port are unblocked
WPA2 ENCRYPTION • Two Process happens 1. Data encryption 2. Data integrity • AES is used in encryption & authentication is a block symmetric cipher • CCM is new mode of operation for block cipher • Two underlying modes of CCM  Counter mode(CTR) achieves data encryption  Cipher block chaining message authentication code(CBCMAC) to provide data integrity
MESSAGE INTEGRITY CODE(MIC) • IV(Initialization Vector) encrypted with AES & TK to produce 128 bit result • 128 bit result is XOR with next 128 bits of data • Result of XOR is continued until all IV are exhausted • At end,first 64 bits are used to produce MIC Figure :AES CBC-MAC
WPA2 ENCRYPTION • Counter mode algorithm encrypts the data with MIC • Initialize counter for first time or increment counter. • First 128 bits are encrypted using AES & TK to produce 128 bits. • XOR is performed on result and first message block to give an first encrypted block. • Repeat until all 128 bit of blocks has been encrypted. Figure: AES counter mode
WPA2 DECRYPTION • It works in reverse using same algorithm for encryption the counter value is derived. • By using the counter mode algorithm and TK , the MIC and decrypted data are found out. • The data is processed by CBC-MAC to recalculate MIC • If MIC does not match then packet is dropped otherwise data is sent to network stack and to client
BENEFITS OF WPA2 • Provides solid wireless security model(RSN) • Encryption accomplished by a block cipher • Block cipher used is Advanced Encryption Standard (AES) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Key-caching • Pre-authentication
WPA2 VULNERABILITIES  Can’t stand in front of the physical layer attacks: RF jamming Data flooding Access points failure  Vulnerable to the Mac addresses spoofing
PROCEDURES TO IMPROVE WIRELESS SECURITY  Use wireless intrusion prevention system (WIPS)  Enable WPA-PSK  Use a good passphrase  Use WPA2 where possible  Change your SSID every so often  Wireless network users should use or upgrade their network to the latest security standard released
FUTURE SCOPE • A new standard IEEE 802.1W task group(TG) approved in March,2005  Main Goals Improve security by protecting the management frames and also being able to identify Spoofed management frames normally used to launch DoS attack
THANK YOU!
REFRENCES • “Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)” Paul By Arana • “The Evolution of 802.11 Wireless Security” INF 795 - Kevin Benton • “Wireless LAN Security Issues and Solutions” by Pan Feng at 2012 IEEE Symposium on Robotics and Applications(ISRA) • Security Improvements of IEEE 802.11i 4-way Handshake Scheme by Xiaodong Zha and Maode Ma ©2010 IEEE

More Related Content

Wireless security using wpa2

  • 1. WIRELESS SECURITY USING WPA2 BY : TUSHAR ANAND KUMAR ECE-”D”, REGD. NO.: 1151016015
  • 2. CONTENTS • Types of security in WLAN • Comparison of WEP,WPA,WPA2 • Evolution of wireless security standards • WPA 2 authentication ,encryption & decryption • Benefits & vulnerabilities • Solutions & conclusion
  • 3. TYPES OF SECURITY IN WLAN • OPEN : No security configured X • WEP : Wired Equivalent privacy X • WPA: Wi-Fi Protected Access • WPA2: Advance Wi-Fi Protected Access
  • 5. WPA2 OVERVIEW • Wi-Fi Protected Access 2 • Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i • Uses Advance Encryption Standard (AES) protocol • AES in Counter-Mode for encryption • AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
  • 6. WI-FI PROTECTED ACCESS 2 Table: two types of WPA2
  • 7. COMPARING WEP, WPA ,and WPA 2
  • 8. AUTHENTICATION Two types of authentication • Personal mode • Enterprise mode
  • 9. PERSONAL MODE AUTHENTICATION • Authentication performed between client and access point • PSK(Pre Shared Key) & SSID(Service Set Identification) is used • AP generates 256 bit from plain text pass phrase • PMK(Pairwise Master Key) is generated after authentication
  • 10. ENTERPRISE MODE AUTHENTICATION • • Based on IEEE 802.1x standard Authentication performed between :- 1. Client 2. Access Point 3. Authentication Server • After authentication MK(Master Key) Is generated
  • 11. WPA 2 KEY GENERATION • 4 way handshake initiated by AP • Confirms client’s knowledge of PMK in personal mode & MK in enterprise mode • Pairwise Transient Key created at client’s • Fresh PTK is derived at AP 1. Key confirmation key 2. Key encryption key 3. Temporal key
  • 12. WPA 2 KEY GENERATION • Install encryption and integrity key • Control port are unblocked
  • 13. WPA2 ENCRYPTION • Two Process happens 1. Data encryption 2. Data integrity • AES is used in encryption & authentication is a block symmetric cipher • CCM is new mode of operation for block cipher • Two underlying modes of CCM  Counter mode(CTR) achieves data encryption  Cipher block chaining message authentication code(CBCMAC) to provide data integrity
  • 14. MESSAGE INTEGRITY CODE(MIC) • IV(Initialization Vector) encrypted with AES & TK to produce 128 bit result • 128 bit result is XOR with next 128 bits of data • Result of XOR is continued until all IV are exhausted • At end,first 64 bits are used to produce MIC Figure :AES CBC-MAC
  • 15. WPA2 ENCRYPTION • Counter mode algorithm encrypts the data with MIC • Initialize counter for first time or increment counter. • First 128 bits are encrypted using AES & TK to produce 128 bits. • XOR is performed on result and first message block to give an first encrypted block. • Repeat until all 128 bit of blocks has been encrypted. Figure: AES counter mode
  • 16. WPA2 DECRYPTION • It works in reverse using same algorithm for encryption the counter value is derived. • By using the counter mode algorithm and TK , the MIC and decrypted data are found out. • The data is processed by CBC-MAC to recalculate MIC • If MIC does not match then packet is dropped otherwise data is sent to network stack and to client
  • 17. BENEFITS OF WPA2 • Provides solid wireless security model(RSN) • Encryption accomplished by a block cipher • Block cipher used is Advanced Encryption Standard (AES) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Key-caching • Pre-authentication
  • 18. WPA2 VULNERABILITIES  Can’t stand in front of the physical layer attacks: RF jamming Data flooding Access points failure  Vulnerable to the Mac addresses spoofing
  • 19. PROCEDURES TO IMPROVE WIRELESS SECURITY  Use wireless intrusion prevention system (WIPS)  Enable WPA-PSK  Use a good passphrase  Use WPA2 where possible  Change your SSID every so often  Wireless network users should use or upgrade their network to the latest security standard released
  • 20. FUTURE SCOPE • A new standard IEEE 802.1W task group(TG) approved in March,2005  Main Goals Improve security by protecting the management frames and also being able to identify Spoofed management frames normally used to launch DoS attack
  • 22. REFRENCES • “Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)” Paul By Arana • “The Evolution of 802.11 Wireless Security” INF 795 - Kevin Benton • “Wireless LAN Security Issues and Solutions” by Pan Feng at 2012 IEEE Symposium on Robotics and Applications(ISRA) • Security Improvements of IEEE 802.11i 4-way Handshake Scheme by Xiaodong Zha and Maode Ma ©2010 IEEE