lecture 11 wireless security. wireless networks standard wireless networks are standardized by ieee....
TRANSCRIPT
![Page 1: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/1.jpg)
Lecture 11Wireless security
![Page 2: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/2.jpg)
Wireless Networks Standard
• Wireless networks are standardized by IEEE.• Under 802 LAN MAN standards committee.
Application
Presentation
Session
Transport
Network
Data Link
Physical
ISO - OSI
Logical Link Control
Medium Access (MAC)
Physical (PHY)
IEEE 802 standards
![Page 3: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/3.jpg)
DSSS
• Direct Sequence Signaling (DSSS)
• Using one of 11 overlapping 22MHz channels, multiply the data by an 11-bit number to spread the 1M-symbol/sec data over 11MHz. It use the 2.4 GHz band
• Requires RF linearity over 11MHz• Spreading yields processing gain at receiver• Less immune to interference
![Page 4: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/4.jpg)
IEEE 802.11g
• Introduced in 2003
• Combine the feature of both standards (a,b)
• 100-150 feet range
• 54 Mbps Speed
• 2.4 GHz radio frequencies
• Compatible with ‘b’
![Page 5: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/5.jpg)
3G WiFi
Standard WCDMA,CDMA2000 IEEE 802.11
Max Speed 2 Mbps 54 MbpsOperations Cell phone companies Individuals, WISP
License Yes NoCoverage Area Several km About 100m
Advantages Range, mobility Speed, cheapDisadvantages Relatively slow Expensive Short range
Comparison 3G versus WiFi
![Page 6: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/6.jpg)
3G Wi-Max (Wider-Fi)
Standard WCDMA,CDMA2000 IEEE 802.16
Max Speed 2 Mbps 10 to 100 MbpsOperations Cell phone companies Individuals, WISP
License Yes Yes/NoCoverage Area Several km Several km
Advantages Range, mobility Speed, long range
Disadvantages Relatively slow Expensive Interference issues?
Comparison 3G versus WiMax
![Page 7: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/7.jpg)
MITM Attack
1. Attacker spoofes a disassociate message from the victim
2. The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address
3. The attacker connects to the real AP using victim’s MAC address
![Page 8: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/8.jpg)
WEP vs WPA vs WPA2
WEP WPA WPA2
Cript RC4 RC4 AES
Key rotation None Dynamic session keys
Dynamic session keys
Key distribution Manual inert over each device
Automatic distribution is possible
Automatic distribution is possible
Authentification Use WEP key 802.1x & EAP supported
802.1x & EAP supported
![Page 9: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/9.jpg)
Authentification (802.1x / EAP)
• EAP - Extensible Authentication Protocol• 802.1X parte din 802.11i• Must certify the user not only the devices • Mutual authentification• 802.1x
– authentification– Key management
• EAP– Model
• Addition to the Wi-Fi Protected Access. – Used in internal network.
• Extra security for enterprise and government Wi-Fi LANs.• Several versions available.
![Page 10: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/10.jpg)
DHCP Exchange
Filepeers
Controlle
d Port
Domain Controller
Certificate AuthoritySupplies client certs and
Certificate Revocation Lists (CRL)
EAP Connection
802.11/.1XAccess PointLaptop
Domain User/Machine
Certificate
ServerCertificate
RADIUS(IAS)
Uncontro
lled P
ort
802.1x
![Page 11: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/11.jpg)
802.1x Access Control
• Designed as a general purpose network access control mechanism• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet)
• Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not• AP forces the user into an unauthorized state • user send an EAP start message• AP return an EAP message requesting the user’s identity• Identity send by user is then forwared to the authentication server by AP• Authentication server authenticate user and return an accept or reject
message back to the AP• If accept message is return, the AP changes the client’s state to
authorized and normal traffic flows
![Page 12: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/12.jpg)
WLAN security methods comparision
Security typeSecurity
levelInstall &
maintenance
Integration & easiest to
use
WEP Static Low High High
IEEE 802.1X PEAP High Midle High
IEEE 802.1x TLS High Low High
![Page 13: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/13.jpg)
References
• Mustafa Ergen, IEEE 802.11 Overview, http://wow.eecs.berkeley.edu/ergen/docs/IEEE-802.11overview.ppt
• Greg Goldman, Is for “Wireless Fidelity” or IEEE 802.11 Standard, http://www.khirman.com/files/image/ppt/WiFi.ppt
• tcil-india.com/new/new.../TCIL%2010%20WiFi%20Technology.ppt
![Page 14: Lecture 11 Wireless security. Wireless Networks Standard Wireless networks are standardized by IEEE. Under 802 LAN MAN standards committee. Application](https://reader035.vdocuments.mx/reader035/viewer/2022062423/56649e9f5503460f94ba0f5b/html5/thumbnails/14.jpg)
No wireless is 100% secure!