WiWi-Fi Technology

Agenda
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡

Introduction WiWi-Fi Technologies WiWi-Fi Architecture WiWi-Fi Network Elements How a Wi-Fi Network Works WiWiWi-Fi Network Topologies WiWi-Fi Configurations Applications of Wi-Fi WiWiWi-Fi Security Advantages/ Disadvantages of Wi-Fi Wi-

Introduction
‡

Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode. mode. WiWi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications 802. standard for Wireless Local Area Networks (WLANs). (WLANs). WiWi-Fi Network connect computers to each other, to the internet and to the wired network. network.

‡

‡

The Wi-Fi Technology WiWiWi-Fi Networks use Radio Technologies to transmit & receive data at high speed: speed:
‡ ‡ ‡

IEEE 802.11b IEEE 802.11a IEEE 802.11g

IEEE 802.11b ‡ ‡ ‡ ‡ ‡ ‡ ‡ Appear in late 1999 Operates at 2. Least Expensive Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.4GHz radio spectrum 11 Mbps (theoretical speed) . .within 30 m Range 4-6 Mbps (actual speed) 100 -150 feet range Most popular.

IEEE 802.11a ‡ ‡ ‡ ‡ ‡ ‡ ‡ Introduced in 2001 Operates at 5 GHz (less popular) 54 Mbps (theoretical speed) 1515-20 Mbps (Actual speed) 5050-75 feet range More expensive Not compatible with 802.11b .

b) 100100-150 feet range 54 Mbps Speed 2.11g ‡ ‡ ‡ ‡ ‡ ‡ Introduced in 2003 Combine the feature of both standards (a.4 GHz radio frequencies Compatible with µb¶ .IEEE 802.

802.Wide angle .11 Physical Layer There are three sublayers in physical layer: layer: ‡ ‡ ‡ Direct Sequence Spread Spectrum (DSSS) Frequency Hoping Spread Spectrum (FHSS) Diffused Infrared (DFIR) .

Adjacent channels overlap one another 22channels. non-overlapping.4 GHz band into 11 22-MHz channels. Data is sent across one of these 22 MHz channels without hopping to other channels. with three of the 11 being completely non-overlapping. .DSSS ‡ Direct sequence signaling technique divides the 2. channels. partially.

11 Data Link Layer The data link layer consists of two sublayers : ‡ ‡ Logical Link Control (LLC) Media Access Control (MAC).IEEE 802. allowing for very simple bridging from wireless to IEEE wired networks.11 uses the same 802. WLANs. 48802 LANs.2 LLC and 48-bit addressing as other 802. 802. 802. . but the MAC is unique to WLANs. (MAC).

11 Media Access Control ‡ Carrier Sense Medium Access with collision avoidance protocol (CSMA/CA) ‡ ‡ ‡ Listen before talking Avoid collision by explicit Acknowledgement (ACK) Problem: Problem: additional overhead of ACK packets. so slow performance ‡ Request to Send/Clear (RTS/CTS) protocol ‡ ‡ to Send Solution for ³hidden node´ problem Problem: Problem: Adds additional overhead by temporarily reserving the medium.802. so used for large size packets only retransmission would be expensive .

point. The beacon includes information regarding which stations have traffic waiting for them The client awake on beacon notification and receive its data ‡ Power Save Polling Mode ‡ ‡ ‡ ‡ .) ‡ Power Management ‡ ‡ MAC supports power conservation to extend the battery life of portable devices Power utilization modes ‡ Continuous Aware Mode ‡ Radio is always on and drawing power Radio is ³dozing´ with access point queuing any data for it The client radio will wake up periodically in time to receive regular beacon signals from the access point.802.11 Media Access Control(cont.

802.) ‡ ‡ Fragmentation CRC checksum ‡ Each pkt has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit ‡ Association & Roaming .11 Media Access Control(cont.

.(e.Elements of a WI-FI Network WI‡ The AP is a wireless LAN transceiver or ³base station´ that can connect one or many wireless devices simultaneously to the Internet. They accept the wireless signal and relay information. Internet.g PCMCIA external. secure. Card for Laptop and PCI Card for Desktop PC) Access Point (AP) - ‡ WiWi-Fi cards - ‡ Safeguards - Firewalls and anti-virus software protect antinetworks from uninvited users and keep information secure.They can be internal and external. information.(e.

How a Wi-Fi Network Works Wi‡ ‡ ‡ ‡ ‡ ‡ Basic concept is same as Walkie talkies. Many access points can be connected to each other via Ethernet cables to create a single large network. station. outdoors. network. talkies. A single access point can support up to 30 users and can function within a range of 100 ± 150 feet indoors and up to 300 feet outdoors. An access point acts as a base station. A Wi-Fi hotspot is created by installing an access point Wito an internet connection. When Wi-Fi enabled device encounters a hotspot the Widevice can then connect to that network wirelessly. . connection. wirelessly.

WiWi-Fi Network Topologies ‡ APAP-based topology (Infrastructure Mode) Peer-toPeer-to-peer topology (Ad-hoc Mode) (AdPoint-toPoint-to-multipoint bridge topology ‡ ‡ .

AP.APAP-based topology ‡ ‡ ‡ ‡ The client communicate through Access Point. . ESAESA-It consists of 2 or more BSA. Point. BSA. ESA cell includes 10-15% overlap to allow 10-15% roaming. roaming. BSABSA-RF coverage provided by an AP.

Peer-toPeer-to-peer topology ‡ ‡ ‡ AP is not required. . Client devices within a cell can communicate directly with each other. easily. It is useful for setting up of a wireless network quickly and easily. other.

These conditions receive a clear line of sight between buildings. apart.Point-toPoint-to-multipoint bridge topology This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart. conditions. . The line-of-sight range varies based buildings. line-ofon the type of wireless bridge and antenna used as well as the environmental conditions.

WiWi-Fi Configurations .

WiWi-Fi Configurations .

WiWi-Fi Configurations .

WiWi-Fi Applications ‡ ‡ ‡ ‡ ‡ ‡ Home Small Businesses or SOHO Large Corporations & Campuses Health Care Wireless ISP (WISP) Travellers .

but introduces new ones ‡ ‡ ‡ Eavesdropping Man-in-theMan-in-the-middle attacks Denial of Service .WiWi-Fi Security Threats ‡ Wireless technology doesn¶t remove any old security issues.

content .. . almost impossible to detect By default. everything is transmitted in clear text ‡ ‡ Usernames.Eavesdropping ‡ ‡ Easy to perform. it¶s possible to eavesdrop traffic from few kilometers away . passwords.. No security offered by the transmission medium Network sniffers. protocol analysers . Password collectors ‡ Different tools available on the internet ‡ ‡ ‡ With the right equipment. .

MITM Attack 1. 3. 2. and the attacker advertises his own AP on a different channel. Attacker spoofes a disassociate message from the victim The victim starts to look for a new access point. using the real AP¶s MAC address The attacker connects to the real AP using victim¶s MAC address .

but works Spoofed deauthentication / disassociation messages can target one specific user SYN Flooding ‡ Attack on MAC layer ‡ ‡ ‡ Attacks on higher layer protocol (TCP/IP protocol) ‡ .Denial of Service ‡ Attack on transmission frequecy used ‡ ‡ Frequency jamming Not very technical.

WiWi-Fi Security The requirements for Wi-Fi network Wisecurity can be broken down into two primary components: components: ‡ Authentication   User Authentication Server Authentication ‡ Privacy .

Authentication ‡ ‡ Keeping unauthorized users off the network User Authentication ‡ ‡ ‡ Authentication Server is used Username and password Risk: ‡ ‡ Data (username & password) send before secure channel established Prone to passive eavesdropping by attacker Establishing a encrypted channel before sending username and password ‡ Solution ‡ .

.) ‡ Server Authentication ‡ ‡ Digital Certificate is used Validation of digital certificate occurs automatically within client software .Authentication (cont.

1X Access Control Wireless Protected Access (WPA) IEEE 802.11i ‡ ‡ ‡ ‡ .WiWi-Fi Security Techniques ‡ Service Set Identifier (SSID) Wired Equivalent Privacy (WEP) 802.

Service Set Identifier (SSID) ‡ ‡ ‡ SSID is used to identify an 802.11 network It can be pre-configured or advertised in prebeacon broadcast It is transmitted in clear text ‡ Provide very little security .

of bits in keyschedule is equal to sum of length of the plaintext and ICV .11 802.Wired Equivalent Privacy (WEP) ‡ ‡ ‡ ‡ ‡ ‡ Provide same level of security as by wired network Original security solution offered by the IEEE 802. No. standard Uses RC4 encryption with pre-shared keys and 24 bit RC4 preinitialization vectors (IV) key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV 2432 bit ICV (Integrity check value) No.

stations.) ‡ ‡ ‡ ‡ ‡ 64 bit preshared key-WEP key128 bit preshared key-WEP2 key-WEP2 Encrypt data only between 802.Wired Equivalent Privacy (WEP) (cont.11 stations. the wired side of the network (between access point) WEP is no longer valid Security Issue with WEP ‡ Short IV ‡ Static key Offers very little security at all .once it enters 802.

802. which ´tells´ the access point whether access to controlled ports should be allowed or not ‡ ‡ ‡ ‡ ‡ ‡ AP forces the user into an unauthorized state user send an EAP start message AP return an EAP message requesting the user¶s identity Identity send by user is then forwared to the authentication server by AP Authentication server authenticate user and return an accept or reject message back to the AP If accept message is return.1x Access Control ‡ ‡ ‡ Designed as a general purpose network access control mechanism ‡ Not Wi-Fi specific Wi- Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet) Authentication is done with the RADIUS server. the AP changes the client¶s state to authorized and normal traffic flows .

1x Access Control .802.

‡ User Authentication ‡ ‡ 802. interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system. 802.Wireless Protected Access (WPA) ‡ WPA is a specification of standard based. system. dynamic encryption keys (session based) ‡ ‡ ‡ TKIP (Temporal Key Integrity Protocol) encryption ‡ 48 bit IV per packet key mixing function ‡ Fixes all issues found from WEP Ensures data integrity ‡ ‡ Uses Message Integrity Code (MIC) Michael ‡ Old hardware should be upgradeable to WPA .1x EAP RC4 RC4.

Wireless Protected Access (WPA)(cont.) ‡ WPA comes in two flavors ‡ WPAWPA-PSK ‡ ‡ ‡ use pre-shared key preFor SOHO environments Single master key used for all users For large organisation Most secure method Unique keys for each user Separate username & password for each user ‡ WPA Enterprise ‡ ‡ ‡ ‡ .

if WPA equipment sees two packets with invalid MICs within a second. used.WPA and Security Threats ‡ Data is encrypted ‡ Protection against eavesdropping and man-in-theman-in-themiddle attacks Attack based on fake massages can not be used. and stops all activity for a minute Only two packets a minute enough to completely stop a wireless network ‡ Denial of Service ‡ ‡ ‡ . it disassociates all its clients. As a security precaution.

11i ‡ ‡ ‡ ‡ Provides standard for WLAN security Authentication ‡ 802.802. AP. Will require new hardware . 802.1x AES protocol is used Data encryption ‡ ‡ Secure fast handoff-This allow roaming handoffbetween APs without requiring client to fully reauthenticate to every AP.

Advantages ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ Mobility Ease of Installation Flexibility Cost Reliability Security Use unlicensed part of the radio spectrum Roaming Speed .

Limitations ‡ ‡ ‡ ‡ Interference Degradation in performance High power consumption Limited range .