DOC PREVIEW
SJSU CS 265 - Enhancing Wireless Security with WPA

This preview shows page 1-2-3-24-25-26 out of 26 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 26 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Enhancing Wireless Security with WPAAgendaOverview of WLANSecurity Mechanism – Wired Equivalent PrivacyWEP EncryptionWEP AuthenticationWEP WeaknessesPromise of WPA - Wireless Protected AccessWPA - Modes of OperationEnterprise Mode DiagramPSK Mode DiagramIssues of PSK ModeSecurity Mechanisms in WPA802.1X Authentication prevents end users from accessing Enterprise networksSimpler RepresentationMutual AuthenticationTKIP – Temporal Key Integrity ProtocolTKIP for Data PrivacyMichael Message Integrity CheckWEP vs. WPADrawbacks of WPAUpcoming WPA2Encryption Method Comparison TableConclusionsReferencesSlide 261Enhancing Wireless Security with WPACS-265 ProjectSection: 2 (11:30 – 12:20)Shefali JariwalaStudent ID0017906602AgendaOverview of WLAN WEP and its weaknessesPromise of WPA- Modes of Operations- Security MechanismsWhat is WPA2?Encryption Method Comparison TableConclusions3WLAN Standards• 802.11 1-2 Mbps speed 2.4 GHz band• 802.11a (Wi-Fi) 54 Mbps speed 5 GHz band• 802.11b (Wi-Fi) 11 Mbps speed 2.4 GHz band• 802.11g (Wi-Fi) 54 Mbps speed 2.4 GHz bandWLAN components• Wireless Clients• Access PointsRequirements for secure WLAN• Encryption and Data Privacy• Authentication and Access ControlOverview of WLAN4Security Mechanism – Wired Equivalent Privacy• Confidentiality, Access Control and Data Integrity• Both WEP Authentication and encryption are based on a secret key shared between AP and wireless client• WEP uses RC4 encryption algorithm Symmetric Key stream Cipher variable length key 64 bit = 40 bit WEP key and 24 bit random number known as IV to encrypt the data Encryption: stream cipher  plaintext = cipher text Sender sends the packet = cipher text + IV to receiver Decryption: WEP key and attached IV5WEP EncryptionWLAN security: Current and Future, Park, J.S; Dicoi, D.; IEEE Internet Computing, Volume:7, Issue:5, Sept-Oct, 2003, 60-656 Two modes of authentication: Open System ( “No Authentication”) Shared KeyWEP AuthenticationClient Access Point Authentication request Random challenge Encrypted RC Success/failure response7 A single key is used for all AP’s and wireless clients Static WEP key ~ Dynamic WEP Key Same key used for Access Control and Encryption which gives rise to problems Initialization Vector (IV) Reuse Ci = Pi  ksi and Ci’= Pi’  ksi’ Therefore, Ci  Ci’= Pi  Pi’  Known Plain text attacks WEP provides no replay protection When WEP was available it was not always turned onWEP Weaknesses8 stronger security solution via standards-based interoperable security specification known as WPA (Wi-Fi specification) WPA is a subset of 802.11i standard and maintains forward compatibility Run as software upgrade on AP’s and NIC’s and minimizes the impact of network performance Inexpensive in terms of cost/time to implement and addresses all WEP weaknesses Secure all versions of 802.11 devices including 802.11b, 802.11a and 802.11g Promise of WPA - Wireless Protected Access9 Enterprise Mode: - Requires an authentication server – RADIUS (Remote Authentication Dial In Service) for authentication and key distribution- RADIUS has centralized management of user credentials Pre-shared key (PSK) Mode: - Does not require authentication server- A “shared secret” is used for authentication to access point- vulnerable to dictionary attacksWPA - Modes of Operation10Enterprise Mode Diagramhttp://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf11PSK Mode Diagram http://www.wi-fi.org/opensection/pdf/whitepaper_wi-fi_security4-29-03.pdf12 Needed if no authentication server is in use “shared secret” – revealed, network security is compromised No standardized way of changing shared secret It increases the attacker’s effort to do decryption of messages The more complex the shared secret is, the better it is as there are less chances of dictionary attacksIssues of PSK Mode13Security Mechanisms in WPAhttp://www.intel.com/ebusiness/pdf/wireless/intel/wpa_cmt_security.pdf14802.1X Authentication prevents end users from accessing Enterprise networkshttp://www.mtghouse.com/MDC_WP_052603.pdf15Simpler RepresentationAuthenticator(Access Point)Initiates connectionSupplicant(Wireless Client)Port = enabledState = unauthorizedrequests identityresponds with identityResponse ACCEPT/REJECTSupplicant’sPort = enabledState = authorizedForwards the identityForwards Responserequests identity from RADIUSForwards the requestRADIUS passes its identityAccess points forwards the identity RADIUS16Mutual Authenticationhttp://www.mtghouse.com/MDC_WP_052603.pdf17 TKIP is responsible for generating the encryption key, encrypting the message and verifying its integrity TKIP ensures: - Encryption key changes with every packet - Encryption key is unique for every client - TKIP encryptions keys are 256 bit long WEP Encryption key = shared secret + IV TKIP packet comprises of: - 128 bit temporal key (shared by both clients and AP) - Client Device MAC address - 48 bit IV (Packet sequence number) to prevent known plain text attacks (WEP = 24 bit IV) TKIP – Temporal Key Integrity Protocol18 TKIP key mixing function + temporal key = per packet key Temporal keys - 128 bit, change frequently, definite life MAC Address + Temporal key + four most significant octets of the packet sequence number are fed into the S-Box to generate intermediate key Results in a unique encryption key Then, mix the intermediate key with two least significant octets of packet sequence number = 128 bit per packet key Each key encrypts only one packet of data and prevents weak key attacksTKIP for Data Privacy19 Used to enforce data integrity “Message Integrity Code” (MIC) = 64 bit message calc. using Michael’s algorithm MIC is inserted in the TKIP packet The sender and the receiver each compute MIC and then compare. MIC does not match = data is manipulated Detects potential packet content altercation due to transmission error or purposeful manipulation Uses 64 bit key and partitions the data into 32 bit blocks Various operations: shifts, XOR’s, additions Michael Message Integrity Check20WEP vs.


View Full Document

SJSU CS 265 - Enhancing Wireless Security with WPA

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Enhancing Wireless Security with WPA
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Enhancing Wireless Security with WPA and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Enhancing Wireless Security with WPA 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?