Scribd Logo
Upload

Welcome to Scribd!

  • Wireless Security 802.11i

    Uploaded by

    Sumithra Ilango
    3 views12 pages
    wireless security by sumithra.

    Original Title

    wireless security 802.11i

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    wireless security by sumithra.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views12 pages

    Wireless Security 802.11i

    Uploaded by

    Sumithra Ilango
    wireless security by sumithra.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Wireless security

    802.11i
    Wireless security

    Early security techniques - WEP ( wired equivalent


    privacy)
    WEP- seriously flawed & easily breakable.
    IEEE 802.11i # authentication
    # message integrity
    # confidentiality
    Wireless security

    802.11i newer & stronger algorithm.


    802.11i supports two modes:
    * personal mode
    * AS based mode
    Terminology

    Authentication Server (AS)


    Access Point (AP)
    Station (STA)
    Master Key (MK)
    Pairwise Master Key (PMK)
    Extensible authentication protocol (EAP)
    Cipher-block chaining with message authentication code (CBC-MAC)
    Personal mode

    Psk pre-shared key mode


    Provides weaker security , but more convenient & economical
    Wireless device & AP preconfigured by shared passphrase
    802.11is stronger authentication mode is based on the 802.1X framework
    For controlling access to a LAN which uses AS.
    AS &AP connected by secure channel
    but logically separate
    AP forwards authentication messages between wireless device &AS.
    Authentication protocol EAP
    EAP supports smart cards
    Kerberos
    OTP
    public key authentication
    both one sided & mutual authentication

    EG: EAP-TLS
    Result of successful authentication is a PAIRWISE MASTER KEY shared WIRELESS
    DEVICE AS AP
    Phases of operation
    Pairwise keys

    Master Key represents positive access decision


    Pairwise Master Key represents authorization to access 802.11 medium
    Pairwise Transient Key Collection of operational keys:
    $$ Key Confirmation Key (KCK) used to bind PMK to the AP, STA; used to prove
    possession of the PMK

    $$KeyEncryption Key (KEK) used to distribute Group Transient Key (GTK)


    $$Temporal Key (TK) used to secure data traffic
    Pairwise keys

    With PMK wireless device & AP execute a session key establishment protocol called 4-way
    handshake to establish a PAIRWISE TRANSIENT KEY.

    includes a session key called temporal


    key.
    Session key is used by protocolCCMP

    Provides 802.11is data confidentiality and integrity.


    Pairwise keys

    CCMP CTR to encrypt confidentiality plain text.

    CCMP uses MAC (message authentication code) as an authenticator.


    MAC algorithm is based on CBC( cipher block chaining).

    Secret
    Plain text
    value

    MAC
    ALGORITHM

    MAC to append to message


    WEP
    802.11i working
    protocols EAP
    Weaker personal mode
    Stronger AS mode
    Phase of operation
    Pairwise keys
    Thank you.

    You might also like