Wireless LAN Security

WIRELESS LAN SECURITY
National Institute of Science & Technology
Wireless LAN Security

Presented By
SWAGAT SOURAV Roll # EE 200118189
Under the guidance of

Mr. Siddhartha Bhusan Neelamani
Swagat Sourav [1]

Introduction
• It is also easy to interfere with wireless communications. A

simple jamming transmitter can make communications
impossible. For example, consistently hammering an
access point with access requests, whether successful or
not, will eventually exhaust its available radio frequency
spectrum and knock it off the network.
• Advantages of WLAN
• Disadvantages WLAN
Swagat Sourav [2]

WLAN Authentication
• Wireless LANs, because of their broadcast nature, require the

addition of:
User authentication
Data privacy
• Authenticating wireless LAN clients.
Client Authentication Process
Swagat Sourav [3]

WLAN Authentication
• Types Of Authentication
 Open Authentication
• The authentication request
• The authentication response
 Shared Key Authentication
• requires that the client configure a static WEP key
 Service Set Identifier (SSID)
 MAC Address Authentication
• MAC address authentication verifies the client’s MAC
address against a locally configured list of allowed
addresses or against an external authentication server
Swagat Sourav [4]

WLAN Authentication Vulnerabilities

• SSID
An eavesdropper can easily determine the SSID with the use of an
802.11 wireless LAN packet analyzer, like Sniffer Pro.
• Open Authentication
Open authentication provides no way for the access point to
determine whether a client is valid.
• Shared Key Authentication Vulnerabilities

The process of exchanging the challenge text occurs over the
wireless link and is vulnerable to a man-in-the-middle attack
• MAC Address Authentication Vulnerabilities

A protocol analyzer can be used to determine a valid MAC
address
Swagat Sourav [5]
WEP Encryption
• WEP is based on the RC4 algorithm, which is a symmetric

key stream cipher. The encryption keys must match on both
the client and the access point for frame exchanges to succeed
 Stream Ciphers
Encrypts data by generating a key stream from the key and

performing the XOR function on the key stream with the plain-text
data
Swagat Sourav [6]
WEP Encryption
 Block Ciphers
Fragments the frame into blocks of predetermined size and performs

the XOR function on each block.
Swagat Sourav [7]

WEP Encryption Weaknesses

• There are two encryption techniques to overcome WEP

encryption weakness
Initialization vectors
Feedback modes
• Initialization vectors
Swagat Sourav [8]


• Feedback Modes
Swagat Sourav [9]


• Statistical Key Derivation—Passive Network Attacks

A WEP key could be derived by passively collecting particular frames
from a wireless LAN
• Inductive Key Derivation—Active Network Attacks

Inductive key derivation is the process of deriving a key by coercing
information from the wireless LAN
 Initialization Vector Replay Attacks

 Bit-Flipping Attacks
• Static WEP Key Management Issues
Swagat Sourav [10]

Component of WLAN Security

• The Authentication Framework (802.1X)

• The EAP Authentication Algorithm
 Mutual Authentication
 User-Based Authentication
 Dynamic WEP Keys
• Data Privacy with TKIP (Temporal Key Integrity Protocol )

 A message integrity check (MIC
 Per-packet keying
 Broadcast Key Rotation
Swagat Sourav [11]

Future of WLAN Security

• AES (Advanced Encryption Standard )

 AES-OCB Mode
Swagat Sourav [12]

Future of WLAN Security

 AES-CCM Mode
Swagat Sourav [13]

Conclusion
Wireless LAN deployments should be made as secure

as possible. Standard 802.11 security is weak and
vulnerable to numerous network attacks. This paper has
highlighted these vulnerabilities and described how it
can be solved to create secure wireless LANs.
Some security enhancement features might not be
deployable in some situations because of device
limitations such as application specific devices (ASDs
such as 802.11 phones capable of static WEP only) or
mixed vendor environments. In such cases, it is
important that the network administrator understand the
potential WLAN security vulnerabilities.
Swagat Sourav [14]

Thank You!!!
Swagat Sourav [15]

Wireless LAN Security

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Wireless LAN Security

Загружено:

Авторское право:

Доступные форматы

WIRELESS LAN SECURITY

National Institute of Science & Technology

Wireless LAN Security

Under the guidance of

Swagat Sourav [1]

• It is also easy to interfere with wireless communications. A

Swagat Sourav [2]

• Wireless LANs, because of their broadcast nature, require the

Client Authentication Process

Swagat Sourav [3]

Swagat Sourav [4]

WLAN Authentication Vulnerabilities

• Shared Key Authentication Vulnerabilities

• MAC Address Authentication Vulnerabilities

• WEP is based on the RC4 algorithm, which is a symmetric

Encrypts data by generating a key stream from the key and

Fragments the frame into blocks of predetermined size and performs

Swagat Sourav [7]

WEP Encryption Weaknesses

• There are two encryption techniques to overcome WEP

Swagat Sourav [8]

WEP Encryption Weaknesses

Swagat Sourav [9]

WEP Encryption Weaknesses

• Statistical Key Derivation—Passive Network Attacks

• Inductive Key Derivation—Active Network Attacks

 Initialization Vector Replay Attacks

Swagat Sourav [10]

Component of WLAN Security

• The Authentication Framework (802.1X)

• Data Privacy with TKIP (Temporal Key Integrity Protocol )

Swagat Sourav [11]

Future of WLAN Security

• AES (Advanced Encryption Standard )

Swagat Sourav [12]

Future of WLAN Security

Swagat Sourav [13]

Wireless LAN deployments should be made as secure

Swagat Sourav [14]

Swagat Sourav [15]

Вам также может понравиться