4. Why security is more of a concern in
wireless?
ƒ no inherent physical protection
physical connections between devices are
replaced by logical associations
sending and receiving messages do not need
physical access to the network infrastructure
(cables, hubs, routers, etc.
5. Why security is more of a concern in
wireless?
ƒ broadcast communications
wireless usually means radio, which has a
broadcast nature
transmissions can be overheard by anyone in
range – anyone can generate transmissions,
• which will be received by other devices in
range
• which will interfere with other nearby
transmissions and may prevent their correct
reception (jamming)
6. Why security is more of a concern in
wireless?
eavesdropping is easy
injecting bogus messages into the network is
easy
replaying previously recorded messages is easy
illegitimate access to the network and its
services is easy
denial of service is easily achieved by jamming
7. Wi-Fi Security Threats
Wireless technology doesn’t remove any old security
issue, but introduces new ones
Eavesdropping
Man-in-the-middle attacks
Denial of Service
8. Eavesdropping
Easy to perform, most impossible to detect
By default , everything is transmitted in clear text
-Username, passwds,content...
-No secuirty offered by the transmission medium
Different tools available on the internet
-Network sniffers, protocol analysers
-Passwd collectors
With the right equipment, it’s possible to eavesdrop
traffic from few kilometres away
9. Man In The Middle Attack
Attacker spoofs a disassociate message from the
victim
The victim starts to look for a new access point, and
the attacker advertises his own AP on a different
channel, using he real Aps MAC address
The attacker connects to the real
AP using victim’s MAC address
10. Denial of Service
Attack on transmission regency used
Frequency jamming
Not very technical, but works
Attack on MAC layer
Spoofed deauthentication / disassociatin messages
Can target on specific user
Attacks on higher layer protocol(TCP/IP protocol)
SYN Flooding
13. Unsecured/Open
Leaving your Wi-Fi unsecured is synonymous with
leaving your front door wide open, so anyone could
simply walk in.
Leaving your Wi-Fi unsecured also transmits data
packets between users and the router in unencrypted
format, which makes these data packets easy to
intercept and read.
14. WEP
(Wired Equivalent Privacy)
Default encryption protocol
Based on RC4 encryption algorithm
with a secret key of 40 bits or 104 bits being
combined with a 24-bit Initialisation Vector(IV) to
encrypt the plaintext message M and its checksumthe ICV (Integrity check value)
The encrypted message C was therefore determined
using the following formula:
C = [ M || ICV(M) ] + [ RC4(K || IV) ]
16. What’s wrong with WEP?
IV values can be reused
IV length is too short
Weak keys are susceptible to attack
Master keys are used directly
Key Management and updating is poorly provided
Message integrity checking is ineffective
17. WPA
(Wifi Protected access)
Introduced to correct the inherent weaknesses of
WEP
Data is encrypted using the RC4 stream cipher, with a
128-bit key and a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is the
Temporal Key Integrity Protocol (TKIP), which
dynamically changes keys as the system is used.
When combined with the much larger IV, this defeats
the well-known key recovery attacks on WEP.
18. TKIP packet is comprised of three parts:
1. A 128-bit temporal key that is shared by both
clients and access points.
2. An MAC address of a client device.
3. A 48-bit initialization vector describes a packet
sequence number.
19. TKIP packet
This combination guarantees various wireless clients
use different keys.
In order to be compatible with existing hardware,
TKIP uses the same encryption algorithm (RC4) as
WEP. As such, only software or firmware upgrade is
required to implement TKIP. Compared with WEP,
TKIP changes the temporal keys every10000 packets.
This dynamic distribution leaves potential hackers
little room to crack TKIP key.
In general, most security experts believe that TKIP is a
stronger encryption than WEP. However, they also
agree that TKIP should be an interim solution because
of its use of RC4 algorithm.
20. A summary of WPA benefits
In general, the security advantages of WPA over WEP
are:
• Apply stronger network access control through
mutual authentication
• Support better security technologies like 802.1X,
EAP, RADIUS and preshared keys
• Adopt dynamic keys in TKIP to establish better key
management
• Enforce data integrity through Michael Message
Integrity Check
• Provide forward compatibility to ultimate wireless
security solution, 802.11i
21. WPA potential security issues:
There are still potential encryption weaknesses in
TKIP. Fortunately, the successful crack is expected to
be heavy and expensive.
Performance may be sacrificed potentially due to a
more complex and computation intensive
authentication and encryption protocols.
22. WPA2
Wi-Fi Protected Access 2
Was ratified in 2004 as a solution to the key encryption
problems contained in WEP and WPA.
A couple of small flaws appeared in WPA2, which
require a quality of service attack or physical positioning
between the user and router, but neither of these flaws
are considered a severe threat that exposes user data.
WPA2 offers two encryption algorithms: AES and TKIP.
TKIP is essentially WPA encryption, so for the benefits of
WPA2 encryption, you should choose AES.
Another option on most routers is to choose both,
which allows the stronger security of AES when
applicable, but uses the weaker TKIP when compatibility
issues arise.
23. Wi-Fi security tips
Use a strong password.
Don't broadcast your SSID.
Use good wireless encryption.
Restrict access by MAC address.
Shut down the network when it's not being used
Monitor your network for intruders.
Cover the bases.
26. Conclusion
Wireless security has undergone major evolutions in
last 7 years. WEP, the original security standard, is
widely considered as broken. The IEEE 802.11 Group,
the Wi-Fi Alliance and major network equipment
vendors like Cisco are all working together to develop
a new level of security standards.
27. References
SANS Institute InfoSec Reading Room
www.sans.org/readingroom/whitepapers/wireless/evolution-wirelesssecurity-80211-networks-wep-wpa-80211-standards1109
802.11ac: The Fifth Generation of Wi-Fi Technical
White Paper
http://www.cisco.com/en/US/prod/collateral/wireles
s/ ps5678/ps11983/white_paper_c11713103_ns767_Networking_Solutions
White_Paper.html
In Last 2 slots of seminar we have seen .In todays seminar I’ll be emphasizing on security of wifi as security is essential part of any technologyWi-Fi can be less secure than wired connections (such as Ethernet) because an intruder does not need a physical connection.
Content for today/s seminar is
Due to wireless nature there is no inherent physical protection
Evesdropping-Eavesdropping is the act of secretly listening to the private conversation of others without their consentMITM-An attack where a user gets between the sender and receiver of information and sniffs any information being sent. DOS- a denial-of-service attack (DoS attack) is an attempt to make a machine or network resource unavailable to its intended users.
Easy to perform, lmost impossible to detectBy default , everything is transmitted in clear text-Username, passwds,content...-Nosecuirty offered by the transmission mediumDifferent tools available on the internet-Network snffers, protocol analysers-Passwd collectors
confidentiality – messages sent must be encrypted authenticity – origin of messages received must be verified replay detection – freshness of messages received must be checked integrity – modifying messages on-the-fly (during radio transmission) is not so easy, but possible … – integrity of messages received must be verified access control – access to the network services should be provided only to legitimate entities
Open- means no password. Anyone can get access .WEP uses secret keys to encrypt data. Both AP and the receiving stations must know the secret keys.WPA – It uses Temporal Key Integrity Protocol (TKIP)WPA 2-Uses the Advanced Encryption Standard (AES)
WEP (Wired Equivalent Privacy) was the default encryption protocol introduced in the first IEEE 802.11 standard back in 1999. It is based on the RC4 encryption algorithm, with a secret key of 40 bits or 104 bits being combined with a 24-bit Initialisation Vector (IV) to encrypt the plaintext message M and its checksum – the ICV (Integrity Check Value). The encrypted message C was therefore determined using the following formula: C = [ M || ICV(M) ] + [ RC4(K || IV) ] where || is a concatenation operator and + is a XOR operator
As u can see here this is a cipher text
What’s wrong with WEP?IV values can be reusedIn fact the standard does not specify that the value needs to change at all. Reusing keys is a major cryptographic weakness in any security system.IV length is too short24 bit keys allow for around 16.7 million possibilities. Sounds a lot, but on a busy network this number can be achieved in a few hours. Weak keys are susceptible to attackCertain keys value combinations, ’Weak IVs’, do not produce sufficiently random data for the first few bytes. This is the basis of the highly publicized attacks on WEP and the reason that keys can be discovered.Manufacturers often deliberately disallow Weak IV values. This is good in that it reduces the chances of a hacker capturing weak keys, but also has the effect of reducing the already limited key possibilities further, increasing the chance of reuse of keys.Master keys are used directlyFrom a cryptographic point of view using master keys directly is not at all recommended. Master keys should only be used to generate other temporary keys. WEP is seriously flawed in this respect.Key Management and updating is poorly provided forAdministration of WEP keys is not well designed and difficult to do on large networks. Users tend to change keys very infrequently which gives a potential hacker lots of time to collect enough packets to launch an attack.Message integrity checking is ineffectiveWEP does have a message integrity check but hackers can change messages and recompute a new value to match. This makes the checking ineffective against tampering.ConclusionAlthough WEP is far from an ideal security solution you should still use it. Some security is better than none. A determined attacker may be able to discover your keys given time and enough weak IVs, but that’s no reason to leave all of your doors open.
Wi-Fi Protected Access, or WPA, was introduced to correct the inherent weaknesses of WEP. Although it does improve security, it has its own problems. The encryption key used by WPA relies on a passphrase, the service set identification name (SSID), SSID length and a random value. The majority of the information used to create this 256-bit key is readily known, so a would-be hacker needs only guess the passphrase to have access to the network. Dictionary attacks systematically attempt numerous combinations of words, characters and phrases to guess this passphrase. It was determined that a passphrase comprised of less than 20 characters could be defeated.
However, WPA also presents some potential security issues:
Wireless networking can be kind of scary from a security standpoint. It opens up whole new attack vectors that were not present with wired network infrastructures. That doesn't mean you can't do it securely, however, and I aim to give you some ideas that can help you in that regard.Don't broadcast your SSID. -Use good wireless encryption. -WEP is not exactly "good" encryption. With a freely available tool like aircrack, you can sniff wireless traffic protected by WEP and crack security on that network in a matter of minutes. WPA is the current, common encryption standard you should probably be using -- though, of course, you should use something stronger as soon as it becomes available to you. Technology is advancing every day, on both sides of the encryption arms race, after all.Restrict access by MAC address. -restricting the MAC addresses allowed to connect to the network helps ensure you are not one of the "low hanging fruits" that people prefer to attack. Shut down the network when it's not being used-If you have the sort of network that does not need to be running twenty-four hours a day, seven days a week, you can reduce the availability of it to security crackers by turning it off when it isn't in use.Monitor your network for intruders. You should always make sure you have an eye on what's going on, that you are tracking attack trends. The more you know about what malicious security crackers are trying to do to your network, the better the job of defending against them you can do. Collect logs on scans and access attempts, use any of the hundreds of statistics generating tools that exist to turn those logs into more useful information, and set up your logging server to email you when something really anomalous happens. Cover the bases. Make sure you have some kind of good firewall running, whether on a wireless router or on a laptop you use to connect to wireless networks away from home
Last but not the leastI would like to point out this question in my presentation. Is Wi-fi Safe for Human?Wifi health effects on the human body are commonly dismissed because we love the convenience. Wi-Fi dangers are ignored. After all we can walk around our house with our laptop and not lose connection. No messy inconvenient cords. We can keep up with mails and conduct our work at coffee shops, airports, hotels, even hospitals. Who wants to give up ths kind of convenience?Nd yet, have we stopped to think about the fact that there was no safety testing conducted before it went into used.
Here are some of the most common symptoms people report when exposed to microwave radiation from cell phones and towers