wireless networks and protocols
play

Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel - PowerPoint PPT Presentation

Nov 12, 2023 •269 likes •775 views

WNP-MPR-Sec 1 Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Sec 2 Topics Scheduled for Today Authentication and access control Security basic

  1. WNP-MPR-Sec 1 Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto

  2. WNP-MPR-Sec 2 Topics Scheduled for Today … ♦ Authentication and access control » Security – basic concepts » WLAN » 3GPP networks: GSM, GPRS, UMTS

  3. WNP-MPR-Sec 3 SECURITY - BASIC CONCEPTS

  4. WNP-MPR-Sec 4 Symmetric Cryptography ♦ Ex: RC4, AES 4

  5. WNP-MPR-Sec 5 Digest/Hash ♦ Input » variable length message ♦ Output » a fixed-length bit string (the hash) ♦ Used to guarantee message integrity and source identification ♦ Ex: MD5, SHA1 5

  6. WNP-MPR-Sec 6 Public Key Cryptography – Confidenciality 6

  7. WNP-MPR-Sec 7 Public Key Cryptography - Authentication (digital signature) 7

  8. WNP-MPR-Sec 8 Public Key Distribution Problem Ataque MIM: (8) Kpriv Alice [Kpub Alice [“Logo pelas 19h”]]=“ Logo pelas 19h ” (3) “ Logo pelas 20h ” (1) Kpub Alice (2) Kpub Carol Alice Carol Bob (7) Kpub Alice [“Logo pelas 19h”] (4) Kpub Carol [“Logo pelas 20h”] (5) Kpriv Carol [Kpub Carol [“Logo pelas 20h”]]=“ Logo pelas 20h ” (6) “ Logo pelas 20h ” è “ Logo pelas 19h ” O que a Alice julga ter acontecido: (4) Kpriv Alice [Kpub Alice [“Logo pelas 19h”]]=“ Logo pelas 19h ” (2) “ Logo pelas 19h ” (1) Kpub Alice Alice Bob (3) Kpub Alice [“ Logo pelas 19h ”] 8

  9. WNP-MPR-Sec 9 Certification Authority 9

  10. WNP-MPR-Sec 10 SSL/TLS ♦ SSL (Secure Socket Layer) – Developed by Netscape ♦ TLS 1.x (Transport Layer Security) – IETF ♦ Transparent to application protocols ♦ Server/client can authenticate using certificates ♦ But, due to certificate costs » Servers è authenticated by certificates » Clients è authenticated at the application layer (e.g. passwords) 10

  11. WNP-MPR-Sec 11 SSL/TLS – Typical Procedure Client: » connects to a TLS-enabled server requesting secure connection presents a list of supported CipherSuites (ciphers, hash functions) » Server: » picks the strongest CipherSuite; notifies the client about the decision Server: » sends back its identification as a Digital Certificate » Certificate: [server name, server's public encryption key , trusted certificate authority (CA)] Client: » Contacts CA and verifies if certificate is authentic Client: » encrypts a random number (RN) with the server's public key (PbK) » sends it to server Server » Decrypts RN using its private key (PvK) Client  Server: generate key material for encryption/decryption Client: authenticates near the server

  12. WNP-MPR-Sec 12 802.11 SECURITY

  13. WNP-MPR-Sec 13 802.11 Security ♦ “Minimum” security  WEP (Wired Equivalent Privacy) ♦ Station authentication » Open mode è no authentication » Shared Mode – AP sends challenge è station returns the challenge encrypted with the WEP key ♦ Confidentiality è frames are encrypted with RC4 ♦ Integrity è CRC32 13

  14. WNP-MPR-Sec 14 WEP - Encryption IV WEP Key SDU ICV WEP PRNG (crc32) (RC4) XOR Header IV Cryptogram FCS Frame 802.11 Keystream 14

  15. WNP-MPR-Sec 15 WEP - Decryption IV WEP Key SDU ICV WEP PRNG (RC4) XOR Check values ICV Header IV Cryptogram FCS Frame 802.11 Keystream 15

  16. WNP-MPR-Sec 16 WEP Vulnerabilities ♦ Same IV and WEP key  same keystream » IV too short (24 bits) » No mechanism for WEP key update ♦ Same keystream: » SDU2 ⊕ SDU1 = cryptogram1 ⊕ cryptogram2 » If SDU1 is known (ICMP, TCP ack, …) then » SDU2 = cryptogram1 ⊕ cryptogram2 ⊕ SDU1 16

  17. WNP-MPR-Sec 17 WEP Vulnerabilities (2) » RC4 key = IV (3 bytes) + WEP key (5 or 13 bytes) ♦ Weak IVs help breaking the WEP key » Weak IVs: i:ff:X ♦ Ex: Weak IVs for WEP keys of 40 bits » 3:ff:X, 4:ff:X, 5:ff:X, 6:ff:X, 7:ff:X 17

  18. WNP-MPR-Sec 18 WEP Vulnerabilities (3) ♦ Integrity Check Value based on CRC32 (linear) ♦ WEP does not authenticate nor check the integrity of the frame header » Station can change the MAC address ♦ AP is not authenticated » Rogue AP ♦ WEP does not control the frame sequence » Replay attacks ♦ Same key for every station » Traffic can be eavesdropped or even changed by any station knowing the WEP key 18

  19. WNP-MPR-Sec 19 WEP Vulnerabilities (4) ♦ Manufacturers put additional barriers » Authentication by SSID – Station monitors the medium and wait for another station to associate to see the SSID » Access control by MAC address – Station sees the MAC address of allowed stations and clone their address 19

  20. WNP-MPR-Sec 20 802.1X – Access Control Before the Traffic 802.1X authentication Other traffic ( blocked ) After the Traffic 802.1X authentication Other traffic ( unblocked )

  21. WNP-MPR-Sec 21 EAP – Extensible Authentication Protocol Token AKA/ TLS Methods SIM Card » Encapsulates authentication » Runs over any link layer EAP but thought for PPP » Messages PPP 802.3 802.11 Links Requests , Responses bytes 1 1 2 1 variable Code | Identifier | Length | Type | Type-Data EAP Identity Request EAP Identity Response EAP Auth Request STA EAP Auth Response Authenticator EAP-Success

  22. WNP-MPR-Sec 22 802.1X with Radius 22

  23. WNP-MPR-Sec 23 Dynamic WEP ♦ Uses 802.1X ♦ User authentication » Support of multiple authentication methods » Centralized database with users’ credentials, independent of APs ♦ Enables also AP authentication ♦ Authenticaton keys ≠ encryption keys ♦ Periodic update of WEP keys 23

  24. WNP-MPR-Sec 24 Dynamic WEP (2) 1. Authentication through an 802.1X EAP method 2. Generation of MPPE key 2. Generation of MPPE key (Microsoft Point-to-Point Encryption) 6. Station decrypts the WEP 4. Generation of WEP key key with the MPPE key 5. AP encrypts the WEP key with the MPPE key and sends it over EAPOL-KEY 3. MPPE key encrypted with RADIUS key 7. Station applies the WEP 8. AP applies the WEP key key 9. 802.11 data frames are unblocked and encrypted with WEP 24

  25. WNP-MPR-Sec 25 802.11i ♦ WEP failure  IEEE 802.11i ♦ Authentication/Access Control » Pre-shared key (PSK) » With Authentication Server , using 802.1X ♦ Key Management » Temporary Keys » Authentication keys ≠ Encryption keys ♦ Data encryption » CCMP (Counter mode Cipher block Chaining MAC protocol) – Based on the AES cipher algorithm » TKIP (Temporal Key Integrity Protocol) – Based on the RC4 cipher algorithm (same as WEP) ♦ Infraestructured and ad-hoc modes 25

  26. WNP-MPR-Sec 26 Wi-Fi Protected Access ♦ WPA » Based on Draft 3.0 of 802.11i (2002) » Short term solution for legacy equipments » No support for CCMP nor ad-hoc mode » TKIP reuses the WEP HW (RC4 cipher algorithm) – Firmware upgrade ♦ WPA2 » Supports 802.11i » Long term solution 26

  27. WNP-MPR-Sec 27 Authentication methods (802.1X) ♦ Requires Authentication Server ♦ Most popular Wi-Fi authentication methods » EAP-TLS » EAP-TTLS » PEAP 27

  28. WNP-MPR-Sec 28 EAP-TLS ♦ Uses TLS to authenticate both server and user through certificates ♦ Mandatory in WPA ♦ Cons: » Certificates are expensive » User identity goes in clear in the user’s certificate TLS (authentication of server and user) EAP RADIUS 802.1X (EAPoL) UDP/IP 802.11 ST AP AS 28

  29. WNP-MPR-Sec 29 Tunneled authentication ♦ Two phase authentication » TLS tunnel authenticates the Authentication Server » User is autenticated over the TLS tunel – Support of weaker methods for user’s authentication – Certificates are optional – User’s identity goes encrypted ♦ EAP-TTLS, PEAP 29

  30. WNP-MPR-Sec 30 EAP-TTLS MS-CHAP ♦ EAP- Tunneled TLS PAP, CHAP, EAP, … (User authentication) TLS (Server authentication) EAP RADIUS 802.1X (EAPoL) UDP/IP 802.11 ST AP AS 30

  31. WNP-MPR-Sec 31 PEAP ♦ Protected Extensible Authentication Protocol ♦ v0  Microsoft, v1  Cisco ♦ PEAPv0/EAP-MSCHAPv2 – the most popular MSCHAPv2, TLS, … (user authentication) EAP TLS (server authentication) EAP RADIUS 802.1X (EAPoL) UDP/IP ST 802.11 AP AS 31

  32. WNP-MPR-Sec 32 Key Management ♦ Master Key (MK) generated by Authentication Server ♦ Pairwise Master Key (PMK) generated from MK ♦ PMK sent to the AP through the AAA protocol (RADIUS) ♦ Generation of the Pairwise Transient Key (PTK) through the 4-way handshake ♦ Group key handshake (GTK) Group key handshake generated by the AP and sent though the Group key 32 handshake

  33. WNP-MPR-Sec 33 Key Management (2) Encrypted with PTK PTK = Hash(PMK, Anonce, Snonce, MACaddr STA , MACaddr AP ) 33

  34. WNP-MPR-Sec 34 TKIP Key Encryption generation » Diminui correlação entre a keystream e a chave de cifragem 34

  35. WNP-MPR-Sec 35 Data frames – WEP, TKIP, and CCMP Encrypted Authenticated 802.11 Header ICV IV / KeyID Data 4 octets 4octets >=0 octets Encrypted Authenticated Authenticated 802.11 Header IV / KeyID Extented IV ICV Data MIC 4octets 4 octets 4 octets >=0 octets 8 octets Encrypted Authenticated Authenticated IV / KeyID Extented IV MIC 802.11 Header Data 4octets 4 octets 8 octets >=0 octets 35

  36. WNP-MPR-Sec 36 Integridade das mensagens ♦ ICV = CRC32 not really a signature ♦ MIC  signature/hash 36

  37. WNP-MPR-Sec 37 GSM

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad

Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad

Wireless networks 1 Overview Wireless networks basics IEEE 802.11 (Wi-Fi) a/b/g/n ad Hoc MAC protocols ad Hoc routing DSR AODV 2 Wireless Networks Autonomous systems of mobile hosts connected by wireless links Nodes are

1.3k views • 102 slides
Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Multiple Access

Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Multiple Access

Outline Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Multiple Access Technique Medium Access Control Application Designing Issues of MAC protocols Classification of MAC protocols Classification of

306 views • 14 slides
Principles and Protocols for Power Control in Wireless Ad Hoc Networks Vikas Kawadia and P. R.

Principles and Protocols for Power Control in Wireless Ad Hoc Networks Vikas Kawadia and P. R.

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS: SPECIAL ISSUES ON WIRELESS AD HOC NETWORKS 1 Principles and Protocols for Power Control in Wireless Ad Hoc Networks Vikas Kawadia and P. R. Kumar Department of Electrical and Computer

313 views • 13 slides
Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

WNP-MPR-Fundaments 1 Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Fundaments 2 Topics Scheduled for Today Introduction to Wireless Networks and Protocols

1.16k views • 97 slides
Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on Problems Data transfer DHCP Encapsula$on Security IPv6 Adapted from J. Schiller,

441 views • 29 slides
Application Layer Protocols Applications: communicating distributed processes end-user

Application Layer Protocols Applications: communicating distributed processes end-user

Wireless Networks III: advanced concepts Hans-Peter Schwefel and Tatiana K. Madsen Mm1 IP Mobility Support (HPS) Mm2 Wireless TCP (HPS) Mm3 Wireless applications, SIP & IMS (HPS) Mm4 Ad-hoc Networks I (TKM) Mm5

544 views • 37 slides
When Users Interfere with Protocols Prospect Theory in Wireless Networks WINLAB Narayan B.

When Users Interfere with Protocols Prospect Theory in Wireless Networks WINLAB Narayan B.

When Users Interfere with Protocols Prospect Theory in Wireless Networks WINLAB Narayan B. Mandayam (joint work with Tianming Li) Motivation: Engineered System Design Current radio technologies and associated communication protocols are

665 views • 28 slides
Wireless Networks L ecture 10: LAN MAC Protocols Wireless versus Wired Peter Steenkiste CS and

Wireless Networks L ecture 10: LAN MAC Protocols Wireless versus Wired Peter Steenkiste CS and

Wireless Networks L ecture 10: LAN MAC Protocols Wireless versus Wired Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste Outline Data link fundamentals And what changes in

743 views • 11 slides
Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

WNP-MPR-mip-mesh 1 Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-mip-mesh 2 Topics Scheduled for Today Convergence and interoperability of wireless systems:

1.15k views • 96 slides
Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 Advanced Topics in Wireless Networks Our focus: MANETs Multi-hop routing: unicast multicast infrastructure access Our focus: MANETs

894 views • 26 slides
Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

WNP-MPR-qos 1 Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-qos 2 Topics Scheduled for Today Quality of Service Characterization and models Case studies

818 views • 49 slides
Wireless Wireless Medium Access Control Medium Access Control Protocols Protocols

Wireless Wireless Medium Access Control Medium Access Control Protocols Protocols

Wireless Wireless Medium Access Control Medium Access Control Protocols Protocols Telecomunicazioni Undergraduate course in Electrical Engineering University of Rome La Sapienza Rome, Italy 2007-2008 Classification of of wireless

597 views • 35 slides
1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

Outline Outline What is wireless? Overview Wireless parameters Cellular architecture Wireless Networks Wireless Networks Media multiple access Wireless LAN 802.11 MANET Mobile Ad-hoc NETworks Amnon Jonas

525 views • 13 slides
MASTER'S THESIS Routing Protocols in Wireless Ad-hoc Networks - A Simulation Study Tony Larsson,

MASTER'S THESIS Routing Protocols in Wireless Ad-hoc Networks - A Simulation Study Tony Larsson,

1998:362 MASTER'S THESIS Routing Protocols in Wireless Ad-hoc Networks - A Simulation Study Tony Larsson, Nicklas Hedman Civilingenjrsprogrammet 1998:362 ISSN: 1402-1617 ISRN: LTU-EX--98/ 362--SE Masters thesis in Computer

1.42k views • 84 slides
Adaptive Protocols for Information Dissemination in Wireless Sensor Networks Joanna Kulik, Wendi

Adaptive Protocols for Information Dissemination in Wireless Sensor Networks Joanna Kulik, Wendi

Adaptive Protocols for Information Dissemination in Wireless Sensor Networks Joanna Kulik, Wendi Rabiner, and Hari Balakrishnan Massachusetts Institute of Technology Cambridge, MA 02139 jokulik,wendi,hari Email: @mit.edu

329 views • 15 slides
Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da

WNP-MPR-Fundaments 1 Wireless Networks and Protocols MAP-Tele Manuel P. Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Fundaments 2 Professors Adriano Moreira (WNP Coordinator) Universidade do Minho Manuel P.

1.17k views • 102 slides
the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

AAA Support by the RADIUS and the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26, 2016 Overview 1. Authentication, Authorization and Accounting (AAA). 2. AAA Services, Protocols and Architecture. 3.

1.7k views • 40 slides
VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private network that encompasses links across shared or public networks like the Internet. Enable to send data between two computers across a shared or

942 views • 19 slides
PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where

PPP The point-to-point protocol 2005/03/11 (C) Herbert Haas PPP versus SLIP PPP Where is PPP used What is the task of LCP What is the task of NCP SLIP Serial Line IP Predecessor of PPP We don't even think of it

519 views • 10 slides
AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to

AAA 1 Authentication uthentication : who is actually the person (computer) we are talking to Authorization uthorization : does the person (computer) we are talking to have the necessary privileges to the source / use of service / ...

1.32k views • 71 slides
Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists of individual systems that are connected to each other. SLIP and PPP Basically, it is wide are network that is built up from point-to-point

412 views • 4 slides
Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where

Authentication and Secure Communication Jeff Chase Duke University technology people Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

1.19k views • 60 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides

More recommend