wireless network security
play

Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 - PowerPoint PPT Presentation

Jan 01, 2023 •333 likes •623 views

Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 1 Wireless Devices - Benefits and Risks Benefits Risks Allow Mobility Suffers from all the risks of wired networks Greater flexibility, efficiency and

  1. Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 1

  2. Wireless Devices - Benefits and Risks ♦ Benefits ♦ Risks – Allow Mobility – Suffers from all the risks of wired networks – Greater flexibility, efficiency and reduced – Communication media wiring costs (air) is open – Enable new – Mobility and applications from retail compactness raise settings, shop floor & physical security first responders concerns. CS 6204, Spring 2005 2

  3. Wireless Technology Overview ♦ Wireless Wide Area Networks e.g. 2G Cellular, 3G, CDPD, GSM, Mobitex … ♦ Wireless Local Area Networks e.g. 802.11, HiperLAN ♦ Wireless Personal Area Networks e.g. Bluetooth, IR ♦ Wireless Devices e.g. Laptops, PDA, Pagers, Cell Phones, Smart Phones … CS 6204, Spring 2005 3

  4. 802.11 Overview ♦ Physical Layer Direct Sequence Spread Spectrum (DSSS), Frequency Hopping Spread Spectrum (FHSS), Orthogonal Frequency Division Multiplexing (OFDM), infrared (IR). ♦ Frequency Band 2.4 GHz (ISM band) and 5 GHz. ♦ Data Rates 1 Mbps, 2 Mbps, 5.5 Mbps (11b), 11 Mbps (11b), 54 Mbps (11a) ♦ Data and Network Security: RC4-based stream encryption algorithm for confidentiality, authentication, and integrity. Limited key management. (AES is being considered for 802.11i.) ♦ Operating Range Up to 150 feet indoors and 1500 feet outdoors. ♦ Positive Aspects: Ethernet speeds without wires; many different products from many different companies. Wireless client cards and access point costs are decreasing. ♦ Negative Aspects: Poor security in native mode; throughput decrease with distance and load. CS 6204, Spring 2005 4

  5. 802.11 Overview ♦ Infrastructure mode: – Clients connect via an Access Point (AP) – Coverage area of AP is called BSS (Basic Service Set) – AP’s can be connected by wired or wireless means. Total coverage area is called ESS (Extended Service Set) ♦ Ad-hoc mode: – Clients connect to each other directly – Coverage area is called IBSS (Independent BSS) CS 6204, Spring 2005 5

  6. 802.11 Security ♦ Security provided by WEP (Wired Equivalent Privacy) Protocol ♦ No end to end security, only for the wireless portion ♦ Authentication: Verify Identity of communicating clients ♦ Confidentiality: Provides privacy achieved by wired network. Protects against passive attacks (eavesdropping) ♦ Integrity: Message is not modified in transit between client and AP CS 6204, Spring 2005 6

  7. 802.11 Authentication Open Shared ♦ ♦ Two stage challenge response One stage challenge-response ♦ A station is allowed to join a ♦ Based on RC4 stream cipher network without any identity ♦ Station is allowed to join based verification. Station just on knowledge of a shared secret responds with a MAC address ♦ Does not provide mutual ♦ Only “authentication” method authentication. Only client is required by the standard authenticated, AP is not. ♦ Vulnerable to Man in the middle attacks ♦ Not required by the standard CS 6204, Spring 2005 7

  8. 802.11 Privacy and Integrity ♦ Confidentiality - Data encrypted only for wireless portion from client to Access Point (AP) ♦ Integrity - CRC is used to detect message tampering ♦ Uses the RC4 symmetric key, stream cipher algorithm to generate a pseudo- random data sequence. This “key stream” is simply added modulo 2 (exclusive-OR-ed) to the data to be transmitted ♦ Key size is 40bits. Most vendors provide 104bit keys ♦ 24 bit Initialization Vector is used as a part of the encryption CS 6204, Spring 2005 8

  9. 802.11 Vulnerabilities ♦ Suffers from flawed implementation of RC4 and is vulnerable irrespective of key length ♦ IV generation is not specified ♦ IV is transmitted in clear text on all packets ♦ Keys not chosen randomly (based on passphrase rather than mouse movements / computer noise) ♦ CRC not fundamentally cryptographically secure unlike secure hash algorithms ♦ Key management kept out of the standard. – No secure mechanism to change Keys frequently. – Keys are set statically, shared or left at default values CS 6204, Spring 2005 9

  10. Taxonomy of Security Attacks ♦ Passive Attacks – Does not modify content – Difficult to detect ♦ Active Attacks – Modifies the content – Detectable, but not necessarily preventable CS 6204, Spring 2005 10

  11. 802.11 Security Attacks ♦ Security features are not frequently enabled. The AP is not secure out of the box ♦ Passive eavesdropping - Can be launched from outside the building ♦ Traffic analysis - Open source tools (AirSnort, WEPcrack) available which sniff the traffic and crack the encryption keys. ♦ Active attack using systematically modified packets to see when the AP acknowledges ♦ Rouge AP which masquerades as legitimate one can collect passwords and other data. Often deployed by insiders without knowledge of IT staff ♦ Physical security of AP needed. Most can be reset with a pin and default passwords are widely know or are not enabled ♦ Denial of Service attacks by sending continuous jamming signal CS 6204, Spring 2005 11

  12. Risk Mitigation ♦ Defense-in-depth ♦ Cost-benefit analysis of the methods ♦ Management Policies – Specify who can use and deploy WLAN – Specify limitations on access and physical security – Guidelines on reporting theft and loss of equipment – Guidelines on encryption and key management – Define scope and frequency of security audit CS 6204, Spring 2005 12

  13. Risk Mitigation ♦ Operational Countermeasures – Provide Physical security to AP – Use Photo-ID, Biometrics, Smart cards to restrict access – Set the power and range of wireless equipment – Use tools to map wireless coverage ♦ Technical Countermeasures – AP configuration - change default password – Establishing the proper default encryption – Controlling reset function CS 6204, Spring 2005 13

  14. Risk Mitigation ♦ Technical countermeasures – Using MAC ACL functionality – Change SSID. Disable the broadcast – Maximize Beacon Interval – Changing default cryptographic keys – Using SNMPv3 – Change default Channel (avoid interference) – Install all Software patches and upgrades – Third party security assessments CS 6204, Spring 2005 14

  15. Risk Mitigation ♦ Use Personal Firewalls ♦ Intrusion Detection Systems should be used and properly configured ♦ Virtual Private Networks – Provides strongest protection – Based on higher layers (IPSec) CS 6204, Spring 2005 15

  16. Emerging Security Standards ♦ WiFi Protected Access (WPA) – Not perfect. Short term measure – Can be implemented in software – 802.1X port-based access control. Provides a framework to allow the use of robust upper layer authentication protocols. – Integrated with RADIUS, Diameter, Kerberos – Temporal Key Integrity Protocol (TKIP) extends the IV space, allows for per-packet key construction, provides cryptographic integrity, and provides key derivation and distribution. ♦ 802.11 TG i is working on long term solution – Requires hardware and protocol changes – Enhanced AES based ciphers – Protects against forgeries, replay attacks CS 6204, Spring 2005 16

  17. Wireless Personal Area Networks ♦ Eliminate cables between stationary and mobile devices – e.g. keyboard, mouse, speaker, printer, fax, head phones,PDA, Smart Phones… ♦ Facilitate both data and voice communication ♦ Ad-hoc networks and data synchronicity between devices – Two bluetooth laptops /PDA’s can exchange files CS 6204, Spring 2005 17

  18. Bluetooth(802.15) Specs ♦ Physical Layer Frequency Hopping Spread Spectrum (FHSS). ♦ Frequency Band 2.4 – 2.4835 GHz (ISM band). ♦ Hop Frequency 1,600 hops/sec. ♦ Data Rate 1 Mbps (raw). Higher bit rates are anticipated. ♦ Data and Network Security: Three modes of security (none, link- level, and service level), two levels of device trust, and three levels of service security. Stream encryption for confidentiality, challenge- response for authentication. PIN-derived keys and limited management. ♦ Operating Range About 10 meters (30 feet); can be extended to 100 meters. ♦ Throughput Up to approximately 720 kbps. ♦ Positive Aspects: No wires and cables for many interfaces. Ability to penetrate walls and other obstacles. Costs are decreasing with a $5 cost projected. Low power and minimal hardware. ♦ Negative Aspects: Possibility for interference with other ISM band technologies. Relatively low data rates. Signals leak outside desired boundaries. CS 6204, Spring 2005 18

  19. Bluetooth Security Features ♦ Frequency hopping makes eavesdropping slightly more difficult ♦ Range can be easily limited by power to safe distances ♦ Provides Authentication, Authorization and Confidentiality for the wireless portion of traffic ♦ Auditing or non-repudiation are not provided CS 6204, Spring 2005 19

  20. Security Modes ♦ Security Mode 1 - No security ♦ Security Mode 2 - Service-level enforced security – Security Manager controls access to services and devices after a channel is established – Security Manager contains access control policies and can interface with other protocols and users ♦ Security Mode 3 - Link level enforced security – Devices are authenticated based on a shared secret link key – Unidirectional or mutual authentication is possible CS 6204, Spring 2005 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of many small devices consisting of a battery, radio communications, microcontroller, and sensors. Sensor nodes Task manager Gateway node 2

934 views • 44 slides
Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Introduction Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5 March 2007 Ido Rosen Wireless Network Security Introduction Introduction 1 Overview Wireless LANs Ido Rosen Wireless Network

397 views • 8 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Disclaimer Wireless networks come with so much security related issues that an entire

564 views • 31 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security

A NEW HOD BASED INTRUSION DETECTION SYSTEM FOR WIRELESS SENSOR NETWORK IK2206: Internet Security and Privacy Sumanta Saha Md. Safiqul Islam Md. Sakhawat Hossen W IRELESS A D H OC N ETWORK Wireless ad hoc networks are autonomous nodes that

372 views • 15 slides
Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer Engineering University of Waterloo gbagnew@engmail.uwaterloo.ca Overview Wireless LANS 1. WLAN Standards and Characteristics Overview of

899 views • 72 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch Duke University Adapted from Chapter 24: Wireless Network Security by Dr. Hossein Saiedian at Univ. Kansas, which in turn was adapted from

452 views • 27 slides
SkyFi A fast and secure wireless network paradigm using VLC Current wireless standards Pros:

SkyFi A fast and secure wireless network paradigm using VLC Current wireless standards Pros:

SkyFi A fast and secure wireless network paradigm using VLC Current wireless standards Pros: Convenience Accessibility Cons: Speed Interference Visual Light Communication Security Speed Bandwidth Range Special use cases Our project

423 views • 13 slides
Covansys Technologies LLC A Trusted Partner in Wireless Network & IT Security Solutions The

Covansys Technologies LLC A Trusted Partner in Wireless Network & IT Security Solutions The

Covansys Technologies LLC A Trusted Partner in Wireless Network & IT Security Solutions The Demand for high bandwidth and stable reliable connectivity is on the rise. Enterprises are faced with challenge of meeting demand while remaining cost

350 views • 14 slides
ddurkee@connectingpoint.biz Security Policies Who has them? Do we need them? Wireless

ddurkee@connectingpoint.biz Security Policies Who has them? Do we need them? Wireless

Dan Durkee, Executive VP\Partner\Network Engineer Connecting Point Computer Center 303 S Third St, Bismarck, ND 58504 ddurkee@connectingpoint.biz Security Policies Who has them? Do we need them? Wireless Encryption Where have we

1.68k views • 56 slides
Writing a book on wireless security available online is like writing a book on safe Internet

Writing a book on wireless security available online is like writing a book on safe Internet

Agenda The purpose of this presentation is to: FIRST Technical Colloquium Uppsala, Sweden Give an overview of Wireless technology Highlight the security issues Securing Your associated with IEEE 802.11b Wireless LAN wireless LANs Suggest

413 views • 16 slides
Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on Problems Data transfer DHCP Encapsula$on Security IPv6 Adapted from J. Schiller,

441 views • 29 slides
Ubuntu-MD Nov 17, 2018 Presentation Pi3 as a Wireless Access Point, USB Network Print, Proxy

Ubuntu-MD Nov 17, 2018 Presentation Pi3 as a Wireless Access Point, USB Network Print, Proxy

Ubuntu-MD Nov 17, 2018 Presentation Pi3 as a Wireless Access Point, USB Network Print, Proxy (squid), OpenVPN (PiVPN), Media (Kodi), Security motion detection or Webserver. We will cover in detail the wireless access point and network print

600 views • 49 slides
1 Description Mur Modeling Prior to 4-way handshake, we assume:

1 Description Mur Modeling Prior to 4-way handshake, we assume:

Scenario: 802.11 Analysis of 4-way handshake protocol in IEEE 802.11i Wired Network Changhua He Stanford University Security ! Mar. 04, 2004 An example of a 802.11 wireless local area network History of Security Concerns Terms

285 views • 3 slides
Attacking RO-PUFs with Enhanced Challenge-Response Pairs Nils Wisiol and Marian Margraf

Attacking RO-PUFs with Enhanced Challenge-Response Pairs Nils Wisiol and Marian Margraf

Attacking RO-PUFs with Enhanced Challenge-Response Pairs Nils Wisiol and Marian Margraf {firstname.lastname}@fu-berlin.de 1. Physically Unclonable Functions 2. Ring Oscillator PUF with Enhanced Outline Challenge-Response Pairs 3.

197 views • 19 slides
Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical Unclonable Func1ons and Applica1ons: A Tutorial h8p://ieeexplore.ieee.org/document/6823677/ Edge Devices 1000s of them expected to be deployed Low power

1.06k views • 71 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Patrick

CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Patrick

1.09k views • 49 slides
Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy

Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy

Yubikey Discovery and fjrst use of Yubico's Yubikey Presented by : Maxime de Roucy mderoucy@linagora.com http:// dokuwiki. craoc.fr/ About myself (really quick I promise) Job Technical Account Manager OSSA Open Source

279 views • 17 slides
Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis

Web Authentication using Third-parties in Untrusted Environments Anna Vapen PhD Thesis Presentation 2016-09-30 Supervisors: Nahid Shahmehri, Niklas Carlsson ***** 3 Agenda 1. Background 2. Research problems 3. Analysis Web

607 views • 33 slides
CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*,

CAPTCHAs: The Good, the Bad, and the Ugly ISSE-GI SICHERHEIT 2010 Paul Baecher*, Marc Fischlin*, Lior Gordon, Robert Langenberg, Michael Ltzow, Dominique Schrder* * TU Darmstadt, supported by DFG Emmy Noether Program October 7, 2010 | 1

573 views • 21 slides
Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus

Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus

Datagram Transport Layer Security in Constrained Environments draft-hartke-core-codtls-01 Klaus Hartke Olaf Bergmann Datagram Transport Layer Security in Constrained Environments Smart Objects: want the security that DTLS provides

452 views • 18 slides

More recommend