wireless security
play

Wireless Security CSE497b - Spring 2007 Introduction Computer and - PowerPoint PPT Presentation

Jan 26, 2023 •300 likes •526 views

Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger At the mall ... 2

  1. Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. At the mall ... 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  3. Wireless Networks • Network supported by radio communications .. • Alphabet soup of standards, most on 802.11 • .. destroys the illusion of a hard perimeter. 3 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  4. Why you should fear Simon Byers ... • Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation. • ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries. 4 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  5. Wireless LANs • Access point networks (ranging to about 300 feet) • All devices connect to the central access point • Pro: very easy to setup and maintain, simple protocols • Con: reliability/speed drops as you get away from AP or contention increases. 5 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  6. Ad hoc Networks (a.k.a peer-to-peer) • Devices collaboratively work together to support network communication • Network topology changes in response to moving devices, e.g., bluetooth • Pro: highly flexible and responsive to changes in environment • Con: complex, subject to traffic manipulation by malicious peers 6 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  7. Devices • Laptops (canonical wireless devices) • Desktops, mobile phones, .... • Bluetooth 7 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  8. Attacks on Wireless Networks • DOS • Planted devices • Hijacked connections • Eavesdropping • Somebody is "in the wire" ... 8 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  9. Threats • This is an open network ... • ... to which anyone can connect. • What security is necessary? – Authentication? – Confidentiality? – Integrity? – Privacy? – DOS Protection? – Accountability (traceability)? 9 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page Page

  10. Security Mechanisms • Note: this is just a network with different threats, so implementing security is very similar to network security • Authentication – Q: What are you authenticating in a wireless network? – Methods: password/passphrase, smartcard, etc. – Tools: radius, Kerberos, PKI services .... • Confidentiality/Integrity – Typically implemented via some transport protocol – IPsec (just implement a VPN -- this is what PSU does) Page 10 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  11. Wireless Security Approaches • MAC Authentication • WEP (Wired Equivalent Privacy) • 802.11i (WPA - Wifi Protected Access) • EAP/LEAP (Extensible Authentication Protocol) • WAP (Wireless Application Protocol) 11 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  12. MAC Authentication • Create a list of MAC addresses – media access layer, e.g., ether 00:0a:95:d5:74:6a – Only these devices are allowed on network • Attack – Listen on network for MAC address use -- laptop – Masquerade as that MAC address (easy to do, many devices programmable) – ... can wait for it to go off line to avoid conflict, but not necessary • ARP Security limitations ether 00:0a:95:d5:74:6a Page 12 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  13. WEP (Wired Equivalent Privacy) • Keys – Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or) – 26 char hexadecimal + 24-bit IV = 128-bit WEP – Ability to send packets is essentially authentication • integrity used as authentication – Built into the vast majority of home wireless routers Page 13 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  14. The WEP Flaw (greatly simplified) Protocol • Passphrase Key k p • Initialization vector iv i • Plaintext data d 1 , d 2 (for separate blocks 1 and 2) • Traf fi c Key k ti = k p || iv i • Ciphertext = E ( k ti , d i ) = RC 4( k ti ) ⊕ d i Attack • Assume iv 1 = iv 2 • Only 17 million IVs ( 2 24 ), so IV of two packets can be found ( ≈ one in 4096) ( RC 4( k t 1 ) ⊕ d 1 ) ⊕ ( RC 4( k t 1 ) ⊕ d 2 ) = d 1 ⊕ d 2 Page 14 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  15. 802.11i (WPA - Wifi Protected Access) • Solution to problems with WEP • Two modes of operation – Pre-shared key mode -- WEP like, shared key derived from single network passphrase – Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users • Protocol fixes to WEP – increase IV size to 48 bits – TKIP - change keys every so often -- T emporal K ey I ntegrity P rotocol – improved integrity (stop using CRC and start using MAC) – WPA2: AES instead of RC4 Page 15 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  16. WAP (Wireless Application Protocol) • A set of protocols for implementing applications over thin (read wireless) pipes. • Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices – reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats • Wireless Markup Language (XML-based language) – reduce the footprint of the rendering engine (browser) • Security : WTLS – SSL/TLS protocol -- public keys, key negotiation, etc. • Success in Japan, little elsewhere (currently) Page 16 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  17. EAP/LEAP • Extensible Authentication Protocol – Challenge response - auth. only – Bolts onto other authentication mechanisms, e.g., Kerberos, RADIUS – Passes authentication information onto other protocols (WEP, WAP) – LEAP: Cisco implementation/modifications (security problems are possibly serious) – Standards: EAP-MD5, EAP-TLS – PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols Page 17 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  18. Bluetooth • A standard for building very small personal area networks (PANs) • Connects just everything you can name: PDAs, phones, keyboards, mice, your car • Very short range range network: 1 meter, 10 meters, 100 meters (rare) • Advertised as solution to "too many cables" • Authentication – "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?) Page 18 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  19. Bluetooth Security • Everything really works off the PIN • Attacks have progressively been successful at identifying vulnerabilities in the way PINs are used, can be reverse engineered • Privacy: know what is on and how public it is ... • Problem: Cambridgeshire, England • Problem: Bluetooth rifle Page 19 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

  20. RFIDs • Radio Frequency Identification (RFID) • identity-providing transponders • Passive : no external power - backscatter (Walmart) • Active : internal power (SpeedPass) • History: a soviet listening device (1945), alied FoF (1939) • Privacy/Security anyone? • Q: How do you control who is accessing your information? • A: You don’t (currently) • Security measures • Rolling code (one time tokens) • Crypto-protocols, limited range, ... CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger 20

  21. NIST Evaluation • Any vulnerability in a wired network is present in the wireless network • Many new ones: protocols, systems more public and vulnerable • Recommendations: – Disable file and directory sharing – Turn off APs when not in use – Use robust passwords, 128-bit encryption – Audit, audit, audit – VPNs are a good ... Page 21 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Writing a book on wireless security available online is like writing a book on safe Internet

Writing a book on wireless security available online is like writing a book on safe Internet

Agenda The purpose of this presentation is to: FIRST Technical Colloquium Uppsala, Sweden Give an overview of Wireless technology Highlight the security issues Securing Your associated with IEEE 802.11b Wireless LAN wireless LANs Suggest

413 views • 16 slides
Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor &

Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor &

Wireless Security for Hotspots & Home PCCW Feb, 2009 Ubiquitous Wireless Indoor & Outdoor Wireless Security for Home Provides all-in-one DSL modem with Wi-Fi capability to residential customers Simplify setup to the

354 views • 21 slides
Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion

Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion

Wireless Security Wireless Security Confidentiality Integrity Wireless Architecture Access Points Which AP? The Evil Twin Attack Wireless Security Why This Works Integrity Attacks Availability Black Holes Battery Exhaustion Battery

785 views • 41 slides
The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs

The security of existing wireless networks Cellular networks GSM o UMTS o WiFi LANs Bluetooth Security and Cooperation in Wireless Networks Georg-August University Gttingen Security in Wireless Networks Wireless networks are

519 views • 48 slides
Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking

Wireless LAN Security Setup & Optimizing Wireless Client in Linux Hacking and Cracking Wireless LAN Setup Host Based AP ( hostap ) in Linux & freeBSD Securing & Managing Wireless LAN : Implementing 802.1x EAP-TLS

417 views • 29 slides
Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About It) Wade Trappe Agenda Agenda Tales from the Dark Side of Security Wireless in Particular Decomposing the Problem into Problems

697 views • 40 slides
Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Free Technology Workshop Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by Steven Gordon Bangkadi 3 rd floor IT Lab 10:30-13:30 Friday 18 July 2014 http://ict.siit.tu.ac.th/moodle/ _______

795 views • 48 slides
Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe

Security in Pervasive Wireless Security in Pervasive Wireless Systems Systems Wade Trappe Breaking Down the Issues (summary) Breaking Down the Issues (summary) Wireless is easy to sniff. We still need encryption services and key management.

533 views • 13 slides
Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info

Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info

Wireless Security System 868 MHz Oasis is a wireless kit Sirens Wireless Security System 868 MHz RFID cards Vloit text Vloit text + Control Panel info Keypads ja-80_oasis_en_09_2011.ppt_c1 Wireless Security System 868 MHz Wireless

392 views • 16 slides
Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Introduction Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5 March 2007 Ido Rosen Wireless Network Security Introduction Introduction 1 Overview Wireless LANs Ido Rosen Wireless Network

397 views • 8 slides
ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch Duke University Adapted from Chapter 24: Wireless Network Security by Dr. Hossein Saiedian at Univ. Kansas, which in turn was adapted from

452 views • 27 slides
CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
and its Discontents Introduction The purpose of this presentation is to provide an overview of

and its Discontents Introduction The purpose of this presentation is to provide an overview of

Wireless Security and its Discontents Introduction The purpose of this presentation is to provide an overview of the strengths and weaknesses of Wireless Security solutions. We will cover: - Real-world examples of Wireless Security application

425 views • 38 slides
Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of many small devices consisting of a battery, radio communications, microcontroller, and sensors. Sensor nodes Task manager Gateway node 2

934 views • 44 slides
Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Wireless Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Disclaimer Wireless networks come with so much security related issues that an entire

564 views • 31 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to

Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to

Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to reinforce an understanding of the AHP prioritization technique. Situation Description: We are analysts at Blodgers Communications . We are

653 views • 3 slides
GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005

GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005

GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005 GS1 GS1 is a global organization dedicated to the design and implementation of global standards, technologies and solutions to improve the

518 views • 9 slides
ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New

ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New

World Class Standards ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New Initiatives IoT European Research Cluster (IERC) Standardisation Coordinator C oordination a nd S upport A ction for G lobal R

1.48k views • 24 slides
Building an IT Taxonomy with Co- occurrence Analysis, Hierarchical Clustering, and

Building an IT Taxonomy with Co- occurrence Analysis, Hierarchical Clustering, and

Building an IT Taxonomy with Co- occurrence Analysis, Hierarchical Clustering, and Multidimensional Scaling Chia-jung Tsui, Ping Wang , Kenneth R. Fleischmann, Asad B. Sayeed, Amy Weinberg, and Douglas Oard The abundance of IT is a challenges

203 views • 9 slides
An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

335 views • 31 slides
Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL:

Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL:

Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL: www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/ E-mail: p.cheung@imperial.ac.uk PYKC 16 June 2020 Topic 18 Slide 1 DE 1.3 - Electronics 1 Linking between analogue and

307 views • 20 slides
Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang

Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang

Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang Integrated Data Systems Department Siemens Corporate Research Princeton, New Jersey 31st International Conference on Very Large Databases August 31,

646 views • 26 slides
Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University IS Components Natawut Nupairoj, Ph.D. 1 Logical View Feedback Control

169 views • 14 slides

More recommend