WIRELESS LAN SECURITY

National Institute of Science & Technology

Wireless LAN Security
Presented By
SWAGAT SOURAV Roll # EE 200118189

Under the guidance of Mr. Siddhartha Bhusan Neelamani

Swagat Sourav

[1]

consistently hammering an access point with access requests. For example. • • Advantages of WLAN Disadvantages WLAN Swagat Sourav [2] . will eventually exhaust its available radio frequency spectrum and knock it off the network.WIRELESS LAN SECURITY National Institute of Science & Technology Introduction • It is also easy to interfere with wireless communications. whether successful or not. A simple jamming transmitter can make communications impossible.

WIRELESS LAN SECURITY National Institute of Science & Technology WLAN Authentication • Wireless LANs. require the addition of: User authentication Data privacy • Authenticating wireless LAN clients. because of their broadcast nature. Client Authentication Process Swagat Sourav [3] .

WIRELESS LAN SECURITY National Institute of Science & Technology WLAN Authentication • Types Of Authentication  Open Authentication • The authentication request • The authentication response  Shared Key Authentication • requires that the client configure a static WEP key  Service Set Identifier (SSID)  MAC Address Authentication • MAC address authentication verifies the client’s MAC address against a locally configured list of allowed addresses or against an external authentication server Swagat Sourav [4] .

• Shared Key Authentication Vulnerabilities The process of exchanging the challenge text occurs over the wireless link and is vulnerable to a man-in-the-middle attack • MAC Address Authentication Vulnerabilities A protocol analyzer can be used to determine a valid MAC address Swagat Sourav [5] .11 wireless LAN packet analyzer.WIRELESS LAN SECURITY National Institute of Science & Technology WLAN Authentication Vulnerabilities • SSID An eavesdropper can easily determine the SSID with the use of an 802. • Open Authentication Open authentication provides no way for the access point to determine whether a client is valid. like Sniffer Pro.

The encryption keys must match on both the client and the access point for frame exchanges to succeed  Stream Ciphers Encrypts data by generating a key stream from the key and performing the XOR function on the key stream with the plain-text data Swagat Sourav [6] .WIRELESS LAN SECURITY National Institute of Science & Technology WEP Encryption • WEP is based on the RC4 algorithm. which is a symmetric key stream cipher.

WIRELESS LAN SECURITY National Institute of Science & Technology WEP Encryption  Block Ciphers Fragments the frame into blocks of predetermined size and performs the XOR function on each block. Swagat Sourav [7] .

WIRELESS LAN SECURITY National Institute of Science & Technology WEP Encryption Weaknesses • There are two encryption techniques to overcome WEP encryption weakness Initialization vectors Feedback modes • Initialization vectors Swagat Sourav [8] .

WIRELESS LAN SECURITY National Institute of Science & Technology WEP Encryption Weaknesses • Feedback Modes Swagat Sourav [9] .

WIRELESS LAN SECURITY National Institute of Science & Technology WEP Encryption Weaknesses • Statistical Key Derivation—Passive Network Attacks A WEP key could be derived by passively collecting particular frames from a wireless LAN • Inductive Key Derivation—Active Network Attacks Inductive key derivation is the process of deriving a key by coercing information from the wireless LAN  Initialization Vector Replay Attacks  Bit-Flipping Attacks • Static WEP Key Management Issues Swagat Sourav [10] .

WIRELESS LAN SECURITY National Institute of Science & Technology Component of WLAN Security • The Authentication Framework (802.1X) • The EAP Authentication Algorithm  Mutual Authentication  User-Based Authentication  Dynamic WEP Keys • Data Privacy with TKIP (Temporal Key Integrity Protocol )  A message integrity check (MIC  Per-packet keying  Broadcast Key Rotation Swagat Sourav [11] .

WIRELESS LAN SECURITY National Institute of Science & Technology Future of WLAN Security • AES (Advanced Encryption Standard )  AES-OCB Mode Swagat Sourav [12] .

WIRELESS LAN SECURITY National Institute of Science & Technology Future of WLAN Security  AES-CCM Mode Swagat Sourav [13] .

WIRELESS LAN SECURITY National Institute of Science & Technology Conclusion Wireless LAN deployments should be made as secure as possible. Standard 802.11 phones capable of static WEP only) or mixed vendor environments. This paper has highlighted these vulnerabilities and described how it can be solved to create secure wireless LANs. it is important that the network administrator understand the potential WLAN security vulnerabilities. In such cases. Some security enhancement features might not be deployable in some situations because of device limitations such as application specific devices (ASDs such as 802. Swagat Sourav [14] .11 security is weak and vulnerable to numerous network attacks.

WIRELESS LAN SECURITY National Institute of Science & Technology Thank You!!! Swagat Sourav [15] .

Sign up to vote on this title
UsefulNot useful