Professional Documents
Culture Documents
"Wireless Lan Security": A Seminar Report
"Wireless Lan Security": A Seminar Report
A SEMINAR REPORT
ON
ECED, SVNIT
Year: 2014-15
SARDAR VALLABHBHAI NATIONAL INSTITUTE OF TECHNOLOGY
(SVNIT)
SURAT-395007
Acknowledgements
I am extremely grateful to Ms. U.D. Dalal , Head of Department, Department of electronics, and
SVNIT for providing all the required resources for my dissertation.
My heartfelt gratitude to my internal guide Mrs. Jigisha N. Patel, Associate professor, for his
valuable suggestions and guidance in the preparation of the dissertation seminar report.
We will be failing in duty if we do not acknowledge with grateful thanks to the author of
references and other literatures referred to in this report.
I express my thank to Mr. Z.M. Patel Project and seminar in-charge for UG and all staff
members and my friends for all the help and co-ordination extended in bringing out this report
successfully in time.
I am very much thankful to our parents who guided us in every step which we took. Finally, I
must thank GOD for giving me the environment to study, people to help, opportunities to enact
and potential to succeed.
CERTIFICATE
This is to certify that candidate Mr. Ravi Panchal bearing Roll No: U11EC044 of B.TECH IV,
7TH Semester has successfully and satisfactorily presented seminar & submitted the Report on
the topic entitled Wireless Lan Security for the partial fulfillment of the degree of Bachelor
of Technology (B.Tech) in Nov. 2014.
Guide: _____________
Head,
ECED, SVNIT.
(Seal of the Department)
INDEX
Chapter No.
Topic Name
Page No.
1.
INTRODUCTION
2.
3.
10
4.
5.
CONCLUSION
6.
REFRENCES
14
31
32
1.INTRODUCTION
In todays society, Information is increasingly important to our lives from the things of
Individuals to the national Security. has mastered the accurate information, which will be able to
occupy the dominant
users worldwide, a large part of them have internet access through wireless router termination
such as WIFI. Wireless LAN security is becoming a social problem. Before discussing the
wireless network security issues, you must know a fact that more than 70% of the network
security issue is caused due to human factors, such as information theft by acquaintances or
colleagues etc. There are not technical problems, and we discuss only the remaining 30% of
network security and technology-related issues.
Now a days Use of Internet is increasing exponentially with a lot of additive facilities like low
cost higher Bandwidth high speed data n now a days one more n best Advantage is there that is
Mobility . In earlier days If someone want to use Internet then he/she must connect it Device to
the Cable or wire in order to get permission and Connection But Now a days wireless
Connection is available in which no need to attach a cable , wire to its device just enable the
function and according to the internet facility and security one can access it. This is Called
Wireless Technology
for data transmission as the different in layout, Ethernet due to the need for access in every place
wiring, need larger quantities, because the spread of wireless LAN features the use of space to
complete the formation of the network need only a wireless signal transmitter. Second, users
access the network in different ways. Users accessing to the traditional needs physical Ethernet
cable, fixed location, and it is not flexible, users access the wireless local area need only be
within wireless signal range, you can move freely, very flexible.
On the Basis of Network Topology WLAN is divided into Two Category : one is access point
(APs)and the other is Ad-hoc
2.2 Ad-hoc
In Ad-hoc mode there is no need of Centralized access point for connecting each device to it like
in Infrastructure mode. Ad-hoc mode is like peer to peer mode . Devices directly connect with
each other in this mode packet transmit directly without going to Access point (Wireless Router).
communicate with access points that ever device is connected with access point . For small n
temporary connection Ad-hoc is used but for Large area n more permanent network
infrastructure mode is used.
10
Intrusion detection
11
3.1
3.1.2 Jamming
Denial of service attacks are also easily applied to wireless networks, where legitimate
traffic cannot reach clients or the access points because traffic overwhelms the
frequencies. An attacker with proper equipment and tools can easily flood the 2.4 GHz
frequencies
addition, cordless phones, Baby monitors and other devices that operate on 2.4 GHz band
can disrupt a wireless network using this frequency. These denials of service can
originate from outside the work area serviced by the access point, or can inadvertently
arrive from other installed on other work area that degrade the overall signal.
12
Wireless Clients
running TCP/IP services such as a Web server or file sharing are open to the same
exploits and misconfigurations as any user on a wired Network.
DOS(Denial of Service)- . DOS attacks can also be lucrative for criminals, some
of whom use these attacks to shake down businesses for anywhere from thousands to
millions of dollars. A wireless device floods other wireless client with bogus packets,
creating a denial of service attack. In addition duplicate IP or MAC address , both
intentional and accidental can cause disruption on the network.
methodically testing every possible password. The intruder gains access to the access
point once the password is guessed.
Managing a large number of access points and clients only complicate this issue,
encouraging lax security practices.
13
real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies
on security faults in challenge and handshake protocols to execute a de-authentication attack.
This attack forces AP-connected computers to drop their connections and reconnect with the
hackers soft AP (disconnects the user from the modem so they have to connect again using their
password which one can extract from the recording of the event). Man-in-the-middle attacks are
enhanced by software such as LAN jack and AirJack which automate multiple steps of the
process,
meaning
what
once
required
some
skill
can
now
be
done
by script
kiddies. Hotspots are particularly vulnerable to any attack since there is little to no security on
these networks.
know the exact plain text of a message is encrypted, he can use this to
build the correct encryption package. The process includes: Building a new message by
calculating CRC-32 change the initial bits of data to encrypt the message into a new
message in clear text and then send the packets to the access points or mobile terminal,
the packets will be treated as A correct data packet was received .This illegal traffic will
be injected into the network, thus increasing the load even lead to complete paralysis of
the entire Network system.
14
15
directly access it through a wireless service area. SSID is a sense that the function of a similar
password. Then provide the password authentication mechanism shielding the access of illegal
users to ensure the security of wireless local area network SSID broadcasting is usually out by
the AP such as window XP can use the built in scanning all the region view the current SSID
Taking into account security you can ban AP broadcast SSID number but that the wireless base
station must take the initiative to send the correct SSID number to associate with the AP.
Since Each
wireless card has a unique MAC address Physical address used to prevent
unauthorized user access. Adding control to access point that it only allow to enter particular
MAC address that are registered in it so we can maintain the AP through a group of physical
address access list to achieve physical address Filtering . However In theory the physical
address of IP packets can be forged so this is less secure authorization certification. Its a
hardware certification rather than the user authentication but This is helpful to prevent
non authorized user.
16
end point to another. However, it has been found that WEP is not as secure as once believed.
WEP is used at the two lowest layers of the OSI Model - the data link and physical layers; it
therefore does not offer end-to-end security.
17
finally the new ICV (ICV) compare with original ICV. In fig you can see the objects and the
detail of operations schematically:
The IV must be known to the recipient of the encrypted information to be able to decrypt it that
in WEP algorithm does this by transmitting the IV along with the packet. For two different
lengths (64, 128 bit) of keys IV is 24-bit.
Pre-Shared Key
is a simple 5- or 13-character password that is shared between the access point and all wireless
network users. This key is available by administrator an bye system auto generation. For the 64bit key the length of secret key is 40 bits and for 128-bit key the length is 104 bits.
18
PRNG
In WEP defined a method to create a unique secret key for each packet using the 5- or 13characters of the pre-shared key and three more pseudo-randomly selected characters picked by
the wireless hardware (IV).
For example, our Pre-shared key is "ARASH". This word would then be merged with "AHL" as
IV to create a secret key of "AHLARASH", which would be used in encryption operations of
packet. The next packet would still use "ARASH", but concatenate it this time with "ARA" to
create a new secret key of "ARAARASH". This process would randomly continue during the
transmission of data.
19
Notice, The length of additional bits to message is the actual bit position of the highest bit in W.
For
example,
if
your
is
10011
then
the
length
of
zero
bits
is
4,
not5(124+023+022+121+120) . As an example:
Then the result is 1110, it means the checksum or ICV is 1110.
RC4
RC4 that is not specific to WEP; it is a random generator, also known as a key stream generator
or a stream cipher, and was developed in RSA Laboratories in 1987. RC4 works by logically
XORing the key to the data. In the fig. 3 you can see the operation of RC4 simply:
Keywords
20
21
indicate the presence of weak keys. The attacker captures "interesting packets" filtering for IVs
that suggest weak keys, then analyses them and only has to try a small number of keys to gain
access to the network. Because all original IP packets start with a known value, it's easy to know
when he/she has the right key. To determine a 104-bit WEP key, he/she has to capture between
2,000 and 4,000 interesting packets. On a fairly busy network the capture of the interesting 5,000
packets might not pose any difficulty and can be achieved in a short period of time.
[2]
22
require new hardware. Like WEP, TKIP uses the RC4 stream cipher as the encryption and
decryption processes and all involved parties must share the same secret key. This secret key
must be 128 bits and is called the "Temporal Key" (TK). TKIP also uses an Initialization Vector
(IV) of 48-bit and uses it as a counter. Even if the TK is shared, all involved parties generate a
different RC4 key stream. Since the communication participants perform a 2-phase generation of
a unique "Per-Packet Key" (PPK) that is used as the key for the RC4 key stream.
TKIP is a TGi's response to the need to do something to improve security for equipment that
already deployed in 802.11. TGi has proposed TKIP as a mandatory-to-implement security
enhancement for 802.11, and patches implementing it will likely be available for most equipment
in late 2002.
TKIP is a suite of algorithms wrapping WEP, to achieve the best security that can be obtained
given the problem design constraints. The TKIP algorithms are designed explicitly for
implementation on legacy hardware, hopefully without unduly disrupting performance. TKIP
adds four new algorithms to WEP:
A new IV sequencing discipline, to remove replay attacks from the attacker's arsenal;
A per-packet key mixing function, to de-correlate the public IVs from weak keys; and
A re-keying mechanism, to provide fresh encryption and integrity keys, undoing the
threat of attacks stemming from key reuse.
The remainder of this section analyses each of the TKIP components, and the next section
indicates how they are intended to work together to rescue WEP.
23
TKIP is an acronym for Temporal Key Integrity Protocol. The name is something of a
misnomer. The TKIP re-keying mechanism updates what are called temporal keys, which are
consumed by the WEP encryption engine and by the Michael integrity function.
Cisco's Lightweight EAP (LEAP) uses mutual password authentication between the station
and AP. Because LEAP's challenge/response isn't encrypted, it's vulnerable to offline
dictionary attacks.
EAP-TLS requires mutual certificate authentication between stations and servers. EAP is
protected from eavesdropping by a TLS tunnel. The price paid for tighter security is a
certificate on every station.
24
EAP-TTLS and Protected EAP (PEAP) authenticate servers by certificate and stations by
passwords, made safe by tunneling over TLS. Logins known to your RADIUS server,
Active Directory or domain controller can be reused by 802.1X to simplify WLAN
deployment.
25
26
The standard also describes the conditions under which the AAA key management requirements
described in RFC 4962 can be satisfied
Moreover, EAP-TTLS and PEAP aren't foolproof. They can be tricked into sending identity or
credentials without the protection of the TLS tunnel. A man-in-the-middle attack can intercept
and use these values to access your WLAN.
[5]
replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP
implements a 64-bit Message Integrity Check (MIC)
To be able to run on legacy WEP hardware with minor upgrades, TKIP uses RC4 as its cipher.
TKIP also provides a rekeying (Rekeying normally refers to the ability to change a lock so that a
different key may operate it. Rekeying is done when a lock owner may be concerned that
unauthorized persons have keys to the lock) mechanism. TKIP ensures that every data packet is
sent with a unique encryption keyKey mixing increases the complexity of decoding the keys by
giving an attacker substantially less data that has been encrypted using any one key. WPA2 also
implements a new message integrity code, MIC. The message integrity check prevents forged
packets from being accepted. Under WEP it was possible to alter a packet whose content was
known even if it had not been decrypted.
27
Conclusion Of WEP
In this research we explain the structure of WEP in sender and receiver side and try to describe
about all steps verbally and practically at the same time. Then discuss about all major problems
in WEP as IV length and RC-4 algorithm and key management. Finally explain about
improvement and solutions that submitted till now like TKIP, Mickael and EAP method.
28
as aircrack-ng can crack a weak passphrase in less than a minute. Other WEP/WPA crackers
are Air Snort and Auditor Security Collection .[20] Still, WPA Personal is secure when used with
good passphrases or a full 64-character hexadecimal key.
29
The disadvantage with the end-to-end method is, it may fail to cover all traffic. With encryption
on the router level or VPN, a single switch encrypts all traffic, even UDP and DNS lookups.
With end-to-end encryption on the other hand, each service to be secured must have its
encryption "turned on", and often every connection must also be "turned on" separately. For
sending emails, every recipient must support the encryption method, and must exchange keys
correctly. For Web, not all web sites offer https, and even if they do, the browser sends out IP
addresses in clear text.
30
Typical server -based communications systems do not include end-to-end encryption. These
systems can only guarantee protection of communications between clients and servers , not
between the communicating parties themselves. Examples of non-E2EE systems are Google Talk
, Facebook , and Dropbox . Some such systems, for example Lava Bit and SecretInk, have even
described themselves as offering "end-to-end" encryption when they do not. Some systems
which normally offer end-to-end encryption have been discovered to contain a back door , which
causes negotiation of the encryption key between the communicating parties to be subverted, for
example Skype Voltage .
31
5. Conclusion
Generally wireless LAN proved to be a reliable and reasonably fast mobile networking
solution. For most purposes the bandwidth it provides should suffice,although cabled LANs
offer more possibilities to extend the bandwidth . In situations where mobility is as a good
criterion as bandwidth, a wireless LAN should certainly be considered a serious option.
Wireless security is the prevention of unauthorized access or damage to computers
using wireless networks. Many laptop computers have wireless cards pre-installed. The
ability to enter a network while mobile has great benefits. However, wireless networking is
prone to some security issues.] Hackers have found wireless networks relatively easy to break
into, and even use wireless technology to hack into wired networks.
Different technique
Network like WEP and WAP . WAP is more secured than WEP because of its encryption
technique. Its provide only two layer security both layer 2 and layer 3 encryption methods
are not good enough for protecting valuable data like passwords and personal emails. Those
technologies add encryption only to parts of the communication path, still allowing people to
spy on the traffic if they have gained access to the wired network somehow
End-to-end encryption (E2EE), which is non-certified Point-to-point encryption, is a digital
communications paradigm of uninterrupted protection of data traveling between two
communicating parties. It involves the originating party encrypting data to be readable only
by the intended recipient, and the receiving party decrypting it, with no involvement in said
encryption by third parties. The intention of end-to-end encryption is to prevent
intermediaries, such as Internet providers or application service providers, from being able to
discover or tamper with the content of communications. End-to-end encryption generally
includes protections of both confidentiality and integrity
32
6. References
1. Ref: "Network Security Tips". Cisco. Retrieved 2011-04-19.
2. "The Hidden Downside Of Wireless Networking".
3. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=5189832
4. http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
5. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=5189832&tag=1#ref_2
6. A presentation by Brian Murgatroyd to the SFPG