Upload
arpit-agarwal
View
218
Download
0
Embed Size (px)
Citation preview
8/2/2019 wi-fi new
1/30
Wi-Fi Technology& its Security
By:
Sandeep Kr. GangwarEC-09
8/2/2019 wi-fi new
2/30
Introduction
Wireless Technology is an alternative to WiredTechnology, which is commonly used, forconnecting devices in wireless mode
Wi-Fi (Wireless Fidelity) is a generic term thatrefers to the IEEE 802.11 communicationsstandard for Wireless Local Area Networks(WLANs)
Wi-Fi Network connect computers to each other,to the internet and to the wired network
8/2/2019 wi-fi new
3/30
The Wi-Fi Technology
Wi-Fi Networks use Radio Technologies totransmit & receive data at high speed:
IEEE 802.11b IEEE 802.11a
IEEE 802.11g
8/2/2019 wi-fi new
4/30
IEEE 802.11b
Appear in late 1999
Operates at 2.4GHz radio spectrum
11 Mbps (theoretical speed) - within 30 m Range
4-6 Mbps (actual speed)
100 -150 feet range
Most popular, Least Expensive
Interference from mobile phones and Bluetoothdevices which can reduce the transmissionspeed
8/2/2019 wi-fi new
5/30
IEEE 802.11a
Introduced in 2001
Operates at 5 GHz (less popular)
54 Mbps (theoretical speed) 15-20 Mbps (Actual speed)
50-75 feet range
More expensive Not compatible with 802.11b
8/2/2019 wi-fi new
6/30
IEEE 802.11g
Introduced in 2003
Combine the feature of both standards(a,b)
100-150 feet range
54 Mbps Speed
2.4 GHz radio frequencies Compatible with b
8/2/2019 wi-fi new
7/30
Elements of a WI-FI Network
Access Point (AP) - The AP is a wireless LANtransceiver or base station that can connect one or many
wireless devices simultaneously to the Internet
Wi-Fi cards - They accept the wireless signal and relayinformation.They can be internal and external.(e.g PCMCIA
Card for Laptop and PCI Card for Desktop PC)
Safeguards - Firewalls and anti-virus software protectnetworks from uninvited users and keep information secure
8/2/2019 wi-fi new
8/30
How a Wi-Fi Network Works
Basic concept is same as Walkie talkies
A Wi-Fi hotspot is created by installing an access pointto an internet connection
An access point acts as a base station When Wi-Fi enabled device encounters a hotspot the
device can then connect to that network wirelessly
A single access point can support up to 30 users and
can function within a range of 100 150 feet indoors andup to 300 feet outdoors
Many access points can be connected to each other viaEthernet cables to create a single large network
8/2/2019 wi-fi new
9/30
Wi-Fi Network Topologies
AP-based topology (Infrastructure Mode)
Peer-to-peer topology (Ad-hoc Mode)
Point-to-multipoint bridge topology
8/2/2019 wi-fi new
10/30
AP-based topology
The client communicate through Access Point
BSA-RF coverage provided by an AP
ESA-It consists of 2 or more BSA
ESA cell includes 10-15% overlap to allow
roaming
8/2/2019 wi-fi new
11/30
Peer-to-peer topology
AP is not required
Client devices withina cell cancommunicate directly
with each other
It is useful for settingup of a wireless
network quickly andeasily
8/2/2019 wi-fi new
12/30
Point-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANsin other buildings even if the buildings are milesapart.These conditions receive a clear line of sightbetween buildings. The line-of-sight range varies basedon the type of wireless bridge and antenna used as well
as the environmental conditions
8/2/2019 wi-fi new
13/30
Wi-Fi Applications
Home
Small Businesses
Large Corporations & Campuses Health Care
Wireless ISP (WISP)
Travellers
8/2/2019 wi-fi new
14/30
Wi-Fi Security Threats
Wireless technology doesnt remove anyold security issues, but introduces newones
Eavesdropping
Man-in-the-middle attacks
Denial of Service
8/2/2019 wi-fi new
15/30
Eavesdropping
Easy to perform, almost impossible to detect
By default, everything is transmitted in clear text
Usernames, passwords, content
No security offered by the transmission medium
Different tools available on the internet
Network sniffers, protocol analysers
Password collectors With the right equipment, its possible to
eavesdrop traffic from few kilometers away
8/2/2019 wi-fi new
16/30
MITM Attack
1. Attacker spoofes adisassociate messagefrom the victim
2. The victim starts to
look for a new accesspoint, and the attackeradvertises his own APon a different channel,using the real APs
address3. The attacker connects
to the real AP usingvictims address
8/2/2019 wi-fi new
17/30
Denial of Service
Attack on transmission frequecy used
Frequency jamming
Attack on MAC layer
can target one specific user
Attacks on higher layer protocol (TCP/IP protocol)
8/2/2019 wi-fi new
18/30
Wi-Fi Security
The requirements for Wi-Fi networksecurity can be broken down into twoprimary components:
Authentication
User Authentication
Server Authentication
Privacy
8/2/2019 wi-fi new
19/30
Authentication
Keeping unauthorized users off the network User Authentication
Authentication Server is used
Use of username and password
Establishing a encrypted channel before sendingusername and password
Server Authentication
Digital Certificate is used
Validation of digital certificate occurs automaticallywithin client software
8/2/2019 wi-fi new
20/30
Wi-Fi Security Techniques
Service Set Identifier (SSID)
Wired Equivalent Privacy (WEP)
802.1X Access Control
Wireless Protected Access (WPA)
8/2/2019 wi-fi new
21/30
Service Set Identifier (SSID)
SSID is used to identify an 802.11 network
It can be pre-configured or advertised inbeacon broadcast
It is transmitted in clear text
Provide very little security
8/2/2019 wi-fi new
22/30
Wired Equivalent Privacy (WEP)
Provide same level of security as by wirednetwork
Uses RC4 encryption with pre-shared keys and
24 bit initialization vectors (IV) key schedule is generated by concatenating the
shared secret key with a random generated 24-bit IV
32 bit ICV (Integrity check value) No. of bits in keyschedule is equal to sum of
length of the plaintext and ICV
8/2/2019 wi-fi new
23/30
802.1x Access Control
Designed as a general purpose network access controlmechanism
Authentication is done with the RADIUS server, which tells theaccess point whether access to controlled ports should beallowed or not
AP forces the user into an unauthorized state
user send an EAP start message
AP return an EAP message requesting the users identity
Identity send by user is then forwared to the authenticationserver by AP
Authentication server authenticate user and return an accept orreject message back to the AP
If accept message is return, the AP changes the clients state toauthorized and normal traffic flows
8/2/2019 wi-fi new
24/30
802.1x Access Control
8/2/2019 wi-fi new
25/30
Wireless Protected Access (WPA)
WPA is a specification of standard based, interoperable securityenhancements that strongly increase the level of data protection andaccess control for existing and future wireless LAN system
TKIP (Temporal Key Integrity Protocol) encryption
RC4, dynamic encryption keys (session based) 48 bit IV per packet key mixing function
Fixes all issues found from WEP
Uses Message Integrity Code (MIC)
Ensures data integrity Old hardware should be upgradeable to WPA
8/2/2019 wi-fi new
26/30
Wireless Protected Access(WPA)(cont.)
WPA comes in two flavors WPA-PSK
use pre-shared key
For home environments Single master key used for all users
WPA Enterprise For large organisation
Most secure method Unique keys for each user
Separate username & password for each user
8/2/2019 wi-fi new
27/30
8/2/2019 wi-fi new
28/30
Advantages
Mobility
Ease of Installation
Flexibility
Cost Reliability
Security
Use unlicensed part of the radio spectrum
Roaming
Speed
8/2/2019 wi-fi new
29/30
Limitations
Interference
Degradation in performance
High power consumption Limited range
8/2/2019 wi-fi new
30/30
THANK
YOU