Documente Academic
Documente Profesional
Documente Cultură
14 March, 2008
SKNCOE
1 Information Security - Session IV - Wire 07/19/17
SKNCOE
Contents
Wireless network
Security
WAP Wireless Application Protocol.
WEP Encryption and its vulnerabilities.
WPA Overcoming the vulnerabilities of WEP.
Mechanism, Advantages & Limitations of WPA and WPA2.
SKNCOE
2 Information Security - Session IV - Wire 07/19/17
SKNCOE
Wireless Network
SKNCOE
3 Information Security - Session IV - Wire 07/19/17
SKNCOE
WLAN
SKNCOE
4 Information Security - Session IV - Wire 07/19/17
SKNCOE
Using electromagnetic waves, WLANs transmit and receive data over the air.
Access points act as a central transmitter and receiver of WLAN radio signals.
SKNCOE
5 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
Wi-Fi Security
How do you encrypt your Access Point? There are
several flavors of encryption:
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
Devices come with a default system ID called the SSID (Service Set
Identifier). It is easy for a hacker to find out the default identifier.
SKNCOE
8 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
9 Information Security - Session IV - Wire 07/19/17
SKNCOE
Goals
SKNCOE
10 Information Security - Session IV - Wire 07/19/17
SKNCOE
Markup language
Similar to HTML, adapted to mobile devices
Script language
Similar to JavaScript, adapted to mobile devices
Protocol layers
Transport layer, security layer, session layer etc.
WAP Architecture
with WML-Script
WML Encoder CGI
WML Decks
WML- Scripts
WSP/WTP WMLScript HTTP etc.
Script
Compiler
WTAI
Protocol Adapters Content
Etc.
SKNCOE
12 Information Security - Session IV - Wire 07/19/17
SKNCOE
WAP Specifies
SKNCOE
13 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
14 Information Security - Session IV - Wire 07/19/17
SKNCOE
WEP uses initial vectors (IV), and shared keys to seed the
RC4 cipher.
SKNCOE
15 Information Security - Session IV - Wire 07/19/17
SKNCOE
While the secrete keys are common to all the nodes in the
wireless network, the IV is unique to each client.
The only means of sharing this key is publishing this key to a
distribution medium from where each and every user copies it to
the respective user machine which makes it potentially unsafe.
These IV's are 24bits in length and are generated by the wireless
Network just before the data is encrypted.
The IV used is appended to the top of the wireless frame
unencrypted.
Also use of cryptographically weak CRC mechanism further
makes this protocol vulnerable.
SKNCOE
16 Information Security - Session IV - Wire 07/19/17
SKNCOE
WEP
Can you believe that a WEP was cracked in less than a 60 seconds? Its not the safest.
First WEP versions have used the 64-bit shared key. 40 bits are for a shared secret
and 24 bits are for IV initialization vector. IV is used that receiver could decrypt the
frame.
Next improvement of first WEP key was the 128-bit shared WEP key. With that WEP
version 104 bits are used for the shared key and 24 for initialization vector.
IEEE proposed in 2004 a new version of WEP WEP2. It same as WEP but It only
increases time for cracking.
SKNCOE
17 Information Security - Session IV - Wire 07/19/17
SKNCOE
Cracking WEP
SKNCOE
18 Information Security - Session IV - Wire 07/19/17
SKNCOE
Limitations of WEP
1) Manual key management is a big security problem.
3) The same IV (initialization vector) can be used more than once. This feature
makes WEP very vulnerable, especially to collision-based attacks.
4) Most users usually do not change their keys. This gives hackers more time to
crack the encryption.
SKNCOE
19 Information Security - Session IV - Wire 07/19/17
SKNCOE
1) Length of IV (initialization vector) is now 48, comparing to WEPs 24. This gives
you over 500 trillion possible key combinations.
2) IV has much better protection with better encryption methods. This is prevention of
reuse of IV keys.
When you take all this into account, you can see that WPA is much better solution for
your wireless network.
SKNCOE
20 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
21 Information Security - Session IV - Wire 07/19/17
SKNCOE
WEP the same key could be used for weeks, months, or even years
before being changed, with WPA the key is changed with every
user and every frame, providing a target much harder to attack.
This change in the RC4 keys makes the detection these keys by the
automated tools more difficult.
SKNCOE
22 Information Security - Session IV - Wire 07/19/17
SKNCOE
WPA
The Wi-Fi Alliance created WPA to enable introduction of standard-
based secure wireless network products prior to the IEEE 802.11i
group finishing its work.
Data is encrypted using the RC4 stream cipher, with a 128-bit key
and a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is the Temporal Key
Integrity Protocol (TKIP), which dynamically changes keys as the
system is used.
WPA2 implements the full standard, but will not work with some
older network cards.
SKNCOE
23 Information Security - Session IV - Wire 07/19/17
SKNCOE
Then after that access point is waiting for the permission of server.
Then server gives some type encrypted key to access points and
access points gives it to client.
Then after that client gives decrypted key back to the server and if
it is proper then server gives full permission to client and access
points to use the server.
SKNCOE
24 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
Information Security - Session IV - Wire 07/19/17
SKNCOE
3) Has backward compatible WEP support for devices that are not
upgraded.
SKNCOE
29 Information Security - Session IV - Wire 07/19/17
SKNCOE
Disadvantages of WPA
SKNCOE
30 Information Security - Session IV - Wire 07/19/17
SKNCOE
THANKS To,
My Seminar Guide:
Prof P. N. Mahalle.
SKNCOE
31 Information Security - Session IV - Wire 07/19/17
SKNCOE
SKNCOE
32 Information Security - Session IV - Wire 07/19/17