Wireless Security - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Wireless Security

Description:

Data Integrity (checksum, anti-tampering) WEP. RC4 stream cipher ... Message Integrity Code (MIC) - 64-bit message calculated using 'Michael' ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 17
Provided by: ericg98
Learn more at: http://www.dc214.org
Category:

less

Transcript and Presenter's Notes

Title: Wireless Security


1
Wireless Security
  • Beyond WEP

2
Wireless Security
  • Privacy
  • Authorization (access control)
  • Data Integrity (checksum, anti-tampering)

3
WEP
  • RC4 stream cipher
  • WEP key (40 or 60 bit) combined with 24-bit
    Initialization Vector (IV)
  • Sender XORs stream cipher with data to encrypt
  • IV and ciphertext sent, decoded using IV and
    stored WEP key

4
WEP Vulnerabilities
  • Use of same WEP key among clients
  • Limited keyspace for IV (16,777,215)
  • With enough traffic, IVs are re-used
  • Possible to collect packets with same IV and
    crack WEP key - then open to data capture and
    MITM attacks
  • No key management - WEP key must be changed
    manually on each NIC

5
Attempts to secure WEP
  • Larger WEP key length (Lucent 104/128-bit, Agere
    152-bit, USRs 256-bit)
  • Just takes longer to retrieve WEP key
  • VPN
  • Can be difficult to achieve seamless routing when
    APs are crossed

6
Wi-Fi Alliance introduces WPA
  • 802.1X EAP mutual authentication or PSK
    (Pre-Shared Key)
  • TKIP for encryption
  • MMIC (Michael Message Integrity Check) for data
    integrity

7
802.1X EAP Mutual Authentication
  • Port-based access control
  • Mutual authentication via authentication server

8
802.1X EAP has three elements
  • Supplicant - client device
  • Authentication Server - RADIUS server or similar
  • Authenticator - intermediary between Supplicant
    and Authentication server (usually an AP)

9
Different types of EAP
  • LEAP - Cisco proprietary, uses username/password
    to authenticate against RADIUS
  • TLS - RFC 2716, uses X.509 certificates for
    authentication on both Supplicant and
    Authenticator
  • TTLS - Developed by Funk Software, Authenticator
    uses a certificate to identify itself, Supplicant
    can use username/password
  • PEAP - Authenticator uses certificate, Supplicant
    can use username/password

10
TKIP - Temporal Key Integrity Protocol
  • Fixes the flaw of key reuse in WEP
  • Comprised of three parts, guarantees clients us
    different keys
  • - 128-bit temporal key, shared by clients and
    APs
  • - MAC of client
  • - 48-bit IV describes packet sequence number

11
TKIP continued
  • Uses RC4 like WEP, so only software or firmware
    upgrade required
  • Changes temporal keys every 10,000 packets

12
Michael Message Integrity Check (MMIC)
  • Message Integrity Code (MIC) - 64-bit message
    calculated using Michael algortithm inserted in
    TKIP packet to detect content alteration
  • Protects both data and header
  • Implements a frame counter, which discourages
    replay attacks

13
Two modes of WPA
  • WPA Enterprise
  • WPA PSK (Pre-Shared Key)

14
WPA Enterprise
  • Requires RADIUS server
  • Uses RADIUS for both authentication and key
    distribution
  • Central management

15
WPA PSK
  • No RADIUS server required
  • Uses shared secret
  • Management is handled on the AP
  • - Vulnerable to dictionary attacks
  • - Still uses partial shared key

16
WPA Summary
  • Requires authentication using 802.1X
  • Keys change using TKIP
  • Header as well as payload protected by adding MIC
    to ICV
  • Frame counter to lower risk of replay attacks
  • Still a temporary stopgap to 802.11i and/or WPA2
    since it still uses RC4 and PSK uses shared key
Write a Comment
User Comments (0)
About PowerShow.com