wireless security
play

Wireless Security Why This Works Integrity Attacks Availability - PowerPoint PPT Presentation

Dec 27, 2022 •360 likes •785 views

Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery

  1. Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 1 / 41

  2. Wireless Security What is Wireless Security? Wireless Security ■ Wireless Security The usual: confidentiality, integrity, Confidentiality ■ Integrity Wireless availability? Architecture Access Points Or Butler Lampson’s “Gold” (Au) standard: ■ Which AP? The Evil Twin authentication, authorization, audit? Attack Why This Works Both! ■ Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 2 / 41

  3. Confidentiality Obvious danger — it’s easy to intercept traffic Wireless Security ■ Wireless Security Obvious countermeasure — cryptography Confidentiality ■ Integrity Wireless But it’s harder to use here than it looks ■ Architecture Access Points Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 3 / 41

  4. Integrity At first glance, integrity seems ok Wireless Security ■ Wireless Security This is radio — how can an attacker change Confidentiality ■ Integrity Wireless messages in mid-packet? Architecture Access Points Solution: the “Evil Twin” (or “Sybil”) attack ■ Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 4 / 41

  5. Wireless Architecture The obvious architecture is pure peer-to-peer Wireless Security ■ Wireless Security — each machine has a radio, and talks directly Confidentiality Integrity Wireless to any other machine Architecture Access Points In fact, 802.11 (WiFi) can work that way, but ■ Which AP? The Evil Twin rarely does Attack Why This Works More common scenario: base stations (also ■ Integrity Attacks Availability known as access points) Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 5 / 41

  6. Access Points An ordinary wireless node associates with an Wireless Security ■ Wireless Security access point (AP) Confidentiality Integrity Wireless More precisely, it associates with the AP ■ Architecture Access Points having a matching network name (if specified) Which AP? The Evil Twin and the strongest signal Attack Why This Works If another AP starts sending a stronger signal ■ Integrity Attacks Availability (probably because the wireless node has Black Holes Battery Exhaustion moved), it will reassociate with the new access Battery Exhaustion WEP point War-Driving All transmissions from the laptop go to the ■ Network Access Control access point All transmissions to the laptop come from the ■ access point 6 / 41

  7. Which AP? Which AP is your laptop associated with? Wireless Security ■ Wireless Security Which network (SSID)? Confidentiality ■ Integrity Wireless Many people know neither ■ Architecture Access Points “My ISP is NETGEAR” ■ Which AP? The Evil Twin Those who specify anything specify the SSID ■ Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 7 / 41

  8. The Evil Twin Attack Simplest way: carry an access point with you Wireless Security ■ Wireless Security Simpler solution: many laptops can emulate Confidentiality ■ Integrity Wireless access points Architecture Access Points On Linux, use ■ Which AP? The Evil Twin iwconfig eth0 mode Master Attack Why This Works Force others to associate with your laptop, and ■ Integrity Attacks Availability send you all their traffic. . . Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 8 / 41

  9. Why This Works Conventionally, we worry about authenticating Wireless Security ■ Wireless Security the client to the server Confidentiality Integrity Wireless Here, we need to authenticate the server to ■ Architecture Access Points the client Which AP? The Evil Twin The infrastructure wasn’t designed for that; ■ Attack Why This Works more important, users don’t expect to check Integrity Attacks Availability for it (and have no way to do so in any event) Black Holes Battery Exhaustion How do you know what the access point’s key ■ Battery Exhaustion WEP should be? War-Driving Network Access Control 9 / 41

  10. Integrity Attacks We now see how to do integrity attacks Wireless Security ■ Wireless Security We don’t tinker with the packet in the air, we Confidentiality ■ Integrity Wireless attract it to our attack node Architecture Access Points You don’t go through strong security, you go ■ Which AP? The Evil Twin around it Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 10 / 41

  11. Availability Simple version: black-hole evil twin Wireless Security ■ Wireless Security Sophisticated version: battery exhaustion Confidentiality ■ Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 11 / 41

  12. Black Holes Emulate an access point Wireless Security ■ Wireless Security Hand out IP addresses Confidentiality ■ Integrity Wireless Do nothing with received packets ■ Architecture Access Points More subtly, drop 10-15% of them — ■ Which AP? The Evil Twin connections will work, but very slowly Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 12 / 41

  13. Battery Exhaustion “ Wi-Fi is also a power-hungry technology that Wireless Security Wireless Security can cause phone batteries to die quickly in some Confidentiality Integrity Wireless cases, within an hour or two of talk time. Architecture Access Points Which AP? When you turn on the Wi-Fi it does bring the The Evil Twin Attack battery life down, said Mike Hendrick, director of Why This Works Integrity Attacks product development for T-Mobile.” Availability Black Holes Battery Exhaustion Battery Exhaustion New York Times, 27 November 2006 WEP War-Driving Network Access Control 13 / 41

  14. Battery Exhaustion Send your enemy large “ping” packets Wireless Security ■ Wireless Security The reply packets will be just as big — and Confidentiality ■ Integrity Wireless transmitting such packets uses a lot of power Architecture Access Points The more you transmit, the more power — ■ Which AP? The Evil Twin often battery power — you use up Attack Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery Exhaustion WEP War-Driving Network Access Control 14 / 41

  15. Wireless Security WEP WEP — Using a Flawed Cipher in a Bad Way for the Wrong Application Datagrams and Stream Ciphers Key Setup Key Setup for WEP WEP Cryptanalysis of RC4 IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 15 / 41

  16. WEP — Using a Flawed Cipher in a Bad Way for the Wrong Application It was obvious from the start that some crypto Wireless Security ■ WEP was needed WEP — Using a Flawed Cipher in a Bad Way for the Choice: WEP — Wireline Equivalent Privacy ■ Wrong Application Datagrams and for 802.11 netorks Stream Ciphers Key Setup Many different mistakes ■ Key Setup for WEP Cryptanalysis of RC4 Case study in bad crypto design ■ IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 16 / 41

  17. Datagrams and Stream Ciphers WEP uses RC4 because RC4 is very efficient Wireless Security ■ WEP But 802.11 is datagram-oriented; there’s no WEP — Using a ■ Flawed Cipher in a Bad Way for the inter-packet byte stream to use Wrong Application Datagrams and Must rekey for every packet ⇒ Stream Ciphers Key Setup But you can’t reuse a stream cipher key on ■ Key Setup for WEP Cryptanalysis of RC4 different packets. . . IV Replay Packet Redirection Checksums The Biggest Flaw in WEP What WEP Should Have Been War-Driving Network Access Control 17 / 41

  18. Key Setup Wireless Security Per−Packet Key WEP WEP — Using a 24 bits 104 bits Flawed Cipher in a Bad Way for the Counter Provisioned Key Wrong Application Datagrams and Stream Ciphers Key Setup Actual Key Key Setup for WEP Cryptanalysis of RC4 IV Replay Packet Redirection Checksums The Biggest Flaw in RC4 WEP What WEP Should Have Been War-Driving Key stream Network Access Packet Control IV Encrypted Packet 18 / 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Writing a book on wireless security available online is like writing a book on safe Internet

Writing a book on wireless security available online is like writing a book on safe Internet

Agenda The purpose of this presentation is to: FIRST Technical Colloquium Uppsala, Sweden Give an overview of Wireless technology Highlight the security issues Securing Your associated with IEEE 802.11b Wireless LAN wireless LANs Suggest

413 views • 16 slides
Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor &

Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor &

Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor & Outdoor Wireless Security for Home Provides all-in-one DSL modem with Wi-Fi capability to residential customers Simplify setup to the

354 views • 21 slides
The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs Bluetooth Security and Cooperation in Wireless Networks Georg-August University Gttingen Security in Wireless Networks Wireless networks are

519 views • 48 slides
Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS

417 views • 29 slides
Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About It) Wade Trappe Agenda Agenda Tales from the Dark Side of Security Wireless in Particular Decomposing the Problem into Problems

697 views • 40 slides
Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Free Technology Workshop Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by Steven Gordon Bangkadi 3 rd floor IT Lab 10:30-13:30 Friday 18 July 2014 http://ict.siit.tu.ac.th/moodle/ _______

795 views • 48 slides
Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe Breaking Down the Issues (summary) Breaking Down the Issues (summary) Wireless is easy to sniff. We still need encryption services and key management.

533 views • 13 slides
Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info

Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info

Wireless Security System 868 MHz Oasis is a wireless kit Sirens Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info Keypads ja-80_oasis_en_09_2011.ppt_c1 Wireless Security System 868 MHz Wireless

392 views • 16 slides
Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Introduction Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5 March 2007 Ido Rosen Wireless Network Security Introduction Introduction 1 Overview Wireless LANs Ido Rosen Wireless Network

397 views • 8 slides
ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch Duke University Adapted from Chapter 24: Wireless Network Security by Dr. Hossein Saiedian at Univ. Kansas, which in turn was adapted from

452 views • 27 slides
CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
and its Discontents Introduction The purpose of this presentation is to provide an overview of

and its Discontents Introduction The purpose of this presentation is to provide an overview of

Wireless Security and its Discontents Introduction The purpose of this presentation is to provide an overview of the strengths and weaknesses of Wireless Security solutions. We will cover: - Real-world examples of Wireless Security application

425 views • 38 slides
Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of many small devices consisting of a battery, radio communications, microcontroller, and sensors. Sensor nodes Task manager Gateway node 2

934 views • 44 slides
Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Disclaimer Wireless networks come with so much security related issues that an entire

564 views • 31 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction -

Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction -

Outline Wireless Ad Hoc & Sensor Networks Wireless Ad Hoc & Sensor Networks Introduction - Security Security challenges in Ad Hoc Networks y g Threats and Attacks Security Solutions Security Solutions

668 views • 15 slides
Target: Using Analytics to Improve Asset Protection Saurabh Bodas, Lin Chen, Jake Hill, Shelby

Target: Using Analytics to Improve Asset Protection Saurabh Bodas, Lin Chen, Jake Hill, Shelby

Target: Using Analytics to Improve Asset Protection Saurabh Bodas, Lin Chen, Jake Hill, Shelby Watson Acknowledgements Ed Tonkon , Zebra Technologies Jess Pena , Target Tanner Coghill , Target Lisa Bruno , RILA Ellen Jackson

895 views • 53 slides
Overfitting Validation process. Overfitting Ettore Lanzarone March 18, 2020 LESSON 3 Lesson 3

Overfitting Validation process. Overfitting Ettore Lanzarone March 18, 2020 LESSON 3 Lesson 3

Lesson 3 MEDICAL SUPPORT SYSTEMS FOR CHRONIC DISEASES Engineering and Management for Health University of Bergamo Overfitting Validation process. Overfitting Ettore Lanzarone March 18, 2020 LESSON 3 Lesson 3 Overfitting Linear

510 views • 23 slides
Aortic Stenosis Aortic Stenosis Etiology Congenital (bicuspid, unicuspid) Rheumatic

Aortic Stenosis Aortic Stenosis Etiology Congenital (bicuspid, unicuspid) Rheumatic

4/4/2014 TAVR: Evolution and Vascular Disclosures Implications Yerem Yeghiazarians, MD Associate Professor of Medicine NONE Leone-Perkins Family Endowed Chair in Cardiology University of California, San Francisco Vascular Symposium April

204 views • 9 slides
Links, Meaning, and Contexts: Making Sense & Using Logic Michael Buckland International UDC

Links, Meaning, and Contexts: Making Sense & Using Logic Michael Buckland International UDC

Links, Meaning, and Contexts: Making Sense & Using Logic Michael Buckland International UDC Consortium Seminar: Classification & Authority Control: Expanding Resource Discovery Lisbon, 29 October 2015 Thursday, 29 Oct 2015 UDCC Links,

315 views • 29 slides
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys Mathy Vanhoef and Frank Piessens,

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys Mathy Vanhoef and Frank Piessens,

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys Mathy Vanhoef and Frank Piessens, iMinds-DistriNet, KU Leuven USENIX Security 2016 Security of Wi-Fi group keys? Protect broadcast and multicast Wi-Fi frames: All clients share a

564 views • 29 slides
Wi-Fi Goes to Town : Rapid Picocell Switching for Wireless Transit Networks Speaker: Zhenyu Song

Wi-Fi Goes to Town : Rapid Picocell Switching for Wireless Transit Networks Speaker: Zhenyu Song

Wi-Fi Goes to Town : Rapid Picocell Switching for Wireless Transit Networks Speaker: Zhenyu Song Zhenyu Song, Longfei Shangguan, Kyle Jamieson {zhenyus, longfeis, kylej}@cs.princeton.edu This work is supported by the NSF grant No. 1617161 and

468 views • 32 slides
Webinar: Complying with Form AP Rules Jennifer Rand, Deputy Chief Auditor, OCA Lisa Calandriello,

Webinar: Complying with Form AP Rules Jennifer Rand, Deputy Chief Auditor, OCA Lisa Calandriello,

Webinar: Complying with Form AP Rules Jennifer Rand, Deputy Chief Auditor, OCA Lisa Calandriello, Associate Chief Auditor, OCA Caveat The views we express today are our own and do not necessarily reflect the views of the Board, individual Board

683 views • 47 slides
Decimeter-Level Localization with a Single WiFi Access Point Deepak Vasisht Swarun Kumar, Dina

Decimeter-Level Localization with a Single WiFi Access Point Deepak Vasisht Swarun Kumar, Dina

Decimeter-Level Localization with a Single WiFi Access Point Deepak Vasisht Swarun Kumar, Dina Katabi Indoor Localization is Cool! SpotFi [SIGCOMM 15], ToneTrack [Mobicom 15], Phaser [Mobicom 14], Tagoram [Mobicom 14], LTEye

720 views • 52 slides

More recommend