CCSCSE 2003 1 WIRELESS LAN SECURITY AND WIRELESS LAN SECURITY AND LABORATORY DESIGNS LABORATORY DESIGNS Yasir Zahur T. Andrew Yang University of Houston – Clear Lake 17 17 th th CCSC Southeastern Conference CCSC Southeastern Conference Georgia Perimeter College - Dunwoody, GA Georgia Perimeter College - Dunwoody, GA
WIRELESS LAN SECURITY AND LABORATORY DESIGNS. Yasir Zahur T. Andrew Yang University of Houston – Clear Lake 17 th CCSC Southeastern Conference Georgia Perimeter College - Dunwoody, GA. Agenda. Introduction Standards & Specifications Vulnerabilities Alternate Security Solutions - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
CCSCSE 2003 1
WIRELESS LAN SECURITY AND WIRELESS LAN SECURITY AND LABORATORY DESIGNS LABORATORY DESIGNS
Yasir Zahur T. Andrew Yang
University of Houston – Clear Lake
1717thth CCSC Southeastern Conference CCSC Southeastern ConferenceGeorgia Perimeter College - Dunwoody, GAGeorgia Perimeter College - Dunwoody, GA
IEEE 802.11 StandardsIEEE 802.11 StandardsStandard Description Current Status
IEEE 802.11 Standard for WLAN operations at data rates up to 2 Mbps in the 2.4-GHz ISM band
Approved in July 1997
IEEE 802.11a Standard for WLAN operations at data rates up to 54 Mbps in the 5-GHz UNII band
Approved in Sept 1999. End-user products began hipping in early 2002
IEEE 802.11b Standard for WLAN operations at data rates up to 11 Mbps in the 2.4-GHz ISM band
Sept 1999. End-user products began shipping in early 2000
IEEE 802.11g High-rate extension to 802.11b allowing for
data rates up to 54 Mbps in the 2.4-GHz
ISM band
Draft standard adopted Nov 2001.
Full ratification expected late 2002
or early 2003
IEEE 802.11e Enhance the 802.11 MAC to improve and manage Quality of Service, provide classes of service, and enhanced security and
authentication mechanisms. These enhancements should provide the quality required for services such as IP telephony and video
streaming
Still in development, i.e., in the task group (TG) stage
IEEE 802.11f Develop recommended practices for an Inter- access Point Protocol (IAPP) which provides the necessary capabilities to
achieve multi-vendor AP interoperability across a DS supporting IEEE P802.11 Wireless LAN Links
Still in development, i.e., in the task group (TG) stage
IEEE 802.11i Enhance the 802.11 Medium Access Control (MAC) to enhance security and authentication mechanisms
Still in development, i.e., in the task group (TG) stage
CCSCSE 2003 9
Interferences (802.11b)Interferences (802.11b)
2.4GHzCordless
Phone
Access Point
Some other wireless network
Microwave oven
CCSCSE 2003 10
IEEE 802.11b SpecificationsIEEE 802.11b Specifications (a brief overview)(a brief overview)
Transmission of approximately 11 Mbps of data Half Duplex protocol Use of CSMA/CA (collision avoidance) instead of CSMA/CD (collision
detection) Total of 14 frequency channels. FCC allows channels 1 through 11
within the U.S in 2.4 GHz ISM band Only channels 1, 6 and 11 can be used without causing interference
between access points Wired Equivalent Privacy (WEP) based on Symmetric RC4 Encryption
algorithm Use of Service Set Identifier (SSID) as network identifier
CCSCSE 2003 11
General WLAN VulnerabilitiesGeneral WLAN Vulnerabilities
• Eavesdropping• Invasion and Resource Stealing • Traffic Redirection • Denial Of Service Attack • Rogue Access Point • No per packet authentication • No central authentication, authorization, and
accounting (AAA) support
CCSCSE 2003 12
802.11b Vulnerabilities802.11b Vulnerabilities
• MAC address based authentication• One-Way authentication • SSID • Static WEP Keys • WEP key vulnerabilities
o Manual Key Management o Key Size o Initialization Vector o Decryption Dictionaries
CCSCSE 2003 13
WEP EncryptionWEP Encryption
CCSCSE 2003 14
IEEE 802.1xIEEE 802.1x
IEEE 802.1x is a port based authentication protocol. It forms the basis for IEEE 802.11i standard. There are three different types of entities in a typical 802.1x network
including a supplicant, an authenticator, and an authentication server. In an un-authorized state, the port allows only DHCP and EAP
(Extensible Authentication Protocol) traffic to pass through.
Dynamic Session Key Management Open Standards Based Centralized User Administration User Based Identification Absence Of Mutual Authentication Lack of clear communication between 802.11 and 802.11i
state machines and message authenticity
CCSCSE 2003 17
Absence Of Mutual AuthenticationAbsence Of Mutual Authentication
Supplicant always trusts the Authenticator but not vice versa This opens the door for “MAN IN THE MIDDLE ATTACK”