-
8/2/2019 wi-fi new
1/30
Wi-Fi Technology& its Security
By:
Sandeep Kr. GangwarEC-09
-
8/2/2019 wi-fi new
2/30
Introduction
Wireless Technology is an alternative to WiredTechnology, which
is commonly used, forconnecting devices in wireless mode
Wi-Fi (Wireless Fidelity) is a generic term thatrefers to the
IEEE 802.11 communicationsstandard for Wireless Local Area
Networks(WLANs)
Wi-Fi Network connect computers to each other,to the internet
and to the wired network
-
8/2/2019 wi-fi new
3/30
The Wi-Fi Technology
Wi-Fi Networks use Radio Technologies totransmit & receive
data at high speed:
IEEE 802.11b IEEE 802.11a
IEEE 802.11g
-
8/2/2019 wi-fi new
4/30
IEEE 802.11b
Appear in late 1999
Operates at 2.4GHz radio spectrum
11 Mbps (theoretical speed) - within 30 m Range
4-6 Mbps (actual speed)
100 -150 feet range
Most popular, Least Expensive
Interference from mobile phones and Bluetoothdevices which can
reduce the transmissionspeed
-
8/2/2019 wi-fi new
5/30
IEEE 802.11a
Introduced in 2001
Operates at 5 GHz (less popular)
54 Mbps (theoretical speed) 15-20 Mbps (Actual speed)
50-75 feet range
More expensive Not compatible with 802.11b
-
8/2/2019 wi-fi new
6/30
IEEE 802.11g
Introduced in 2003
Combine the feature of both standards(a,b)
100-150 feet range
54 Mbps Speed
2.4 GHz radio frequencies Compatible with b
-
8/2/2019 wi-fi new
7/30
Elements of a WI-FI Network
Access Point (AP) - The AP is a wireless LANtransceiver or base
station that can connect one or many
wireless devices simultaneously to the Internet
Wi-Fi cards - They accept the wireless signal and
relayinformation.They can be internal and external.(e.g PCMCIA
Card for Laptop and PCI Card for Desktop PC)
Safeguards - Firewalls and anti-virus software protectnetworks
from uninvited users and keep information secure
-
8/2/2019 wi-fi new
8/30
How a Wi-Fi Network Works
Basic concept is same as Walkie talkies
A Wi-Fi hotspot is created by installing an access pointto an
internet connection
An access point acts as a base station When Wi-Fi enabled device
encounters a hotspot the
device can then connect to that network wirelessly
A single access point can support up to 30 users and
can function within a range of 100 150 feet indoors andup to 300
feet outdoors
Many access points can be connected to each other viaEthernet
cables to create a single large network
-
8/2/2019 wi-fi new
9/30
Wi-Fi Network Topologies
AP-based topology (Infrastructure Mode)
Peer-to-peer topology (Ad-hoc Mode)
Point-to-multipoint bridge topology
-
8/2/2019 wi-fi new
10/30
AP-based topology
The client communicate through Access Point
BSA-RF coverage provided by an AP
ESA-It consists of 2 or more BSA
ESA cell includes 10-15% overlap to allow
roaming
-
8/2/2019 wi-fi new
11/30
Peer-to-peer topology
AP is not required
Client devices withina cell cancommunicate directly
with each other
It is useful for settingup of a wireless
network quickly andeasily
-
8/2/2019 wi-fi new
12/30
Point-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANsin other
buildings even if the buildings are milesapart.These conditions
receive a clear line of sightbetween buildings. The line-of-sight
range varies basedon the type of wireless bridge and antenna used
as well
as the environmental conditions
-
8/2/2019 wi-fi new
13/30
Wi-Fi Applications
Home
Small Businesses
Large Corporations & Campuses Health Care
Wireless ISP (WISP)
Travellers
-
8/2/2019 wi-fi new
14/30
Wi-Fi Security Threats
Wireless technology doesnt remove anyold security issues, but
introduces newones
Eavesdropping
Man-in-the-middle attacks
Denial of Service
-
8/2/2019 wi-fi new
15/30
Eavesdropping
Easy to perform, almost impossible to detect
By default, everything is transmitted in clear text
Usernames, passwords, content
No security offered by the transmission medium
Different tools available on the internet
Network sniffers, protocol analysers
Password collectors With the right equipment, its possible
to
eavesdrop traffic from few kilometers away
-
8/2/2019 wi-fi new
16/30
MITM Attack
1. Attacker spoofes adisassociate messagefrom the victim
2. The victim starts to
look for a new accesspoint, and the attackeradvertises his own
APon a different channel,using the real APs
address3. The attacker connects
to the real AP usingvictims address
-
8/2/2019 wi-fi new
17/30
Denial of Service
Attack on transmission frequecy used
Frequency jamming
Attack on MAC layer
can target one specific user
Attacks on higher layer protocol (TCP/IP protocol)
-
8/2/2019 wi-fi new
18/30
Wi-Fi Security
The requirements for Wi-Fi networksecurity can be broken down
into twoprimary components:
Authentication
User Authentication
Server Authentication
Privacy
-
8/2/2019 wi-fi new
19/30
Authentication
Keeping unauthorized users off the network User
Authentication
Authentication Server is used
Use of username and password
Establishing a encrypted channel before sendingusername and
password
Server Authentication
Digital Certificate is used
Validation of digital certificate occurs automaticallywithin
client software
-
8/2/2019 wi-fi new
20/30
Wi-Fi Security Techniques
Service Set Identifier (SSID)
Wired Equivalent Privacy (WEP)
802.1X Access Control
Wireless Protected Access (WPA)
-
8/2/2019 wi-fi new
21/30
Service Set Identifier (SSID)
SSID is used to identify an 802.11 network
It can be pre-configured or advertised inbeacon broadcast
It is transmitted in clear text
Provide very little security
-
8/2/2019 wi-fi new
22/30
Wired Equivalent Privacy (WEP)
Provide same level of security as by wirednetwork
Uses RC4 encryption with pre-shared keys and
24 bit initialization vectors (IV) key schedule is generated by
concatenating the
shared secret key with a random generated 24-bit IV
32 bit ICV (Integrity check value) No. of bits in keyschedule is
equal to sum of
length of the plaintext and ICV
-
8/2/2019 wi-fi new
23/30
802.1x Access Control
Designed as a general purpose network access
controlmechanism
Authentication is done with the RADIUS server, which tells
theaccess point whether access to controlled ports should beallowed
or not
AP forces the user into an unauthorized state
user send an EAP start message
AP return an EAP message requesting the users identity
Identity send by user is then forwared to the
authenticationserver by AP
Authentication server authenticate user and return an accept
orreject message back to the AP
If accept message is return, the AP changes the clients state
toauthorized and normal traffic flows
-
8/2/2019 wi-fi new
24/30
802.1x Access Control
-
8/2/2019 wi-fi new
25/30
Wireless Protected Access (WPA)
WPA is a specification of standard based, interoperable
securityenhancements that strongly increase the level of data
protection andaccess control for existing and future wireless LAN
system
TKIP (Temporal Key Integrity Protocol) encryption
RC4, dynamic encryption keys (session based) 48 bit IV per
packet key mixing function
Fixes all issues found from WEP
Uses Message Integrity Code (MIC)
Ensures data integrity Old hardware should be upgradeable to
WPA
-
8/2/2019 wi-fi new
26/30
Wireless Protected Access(WPA)(cont.)
WPA comes in two flavors WPA-PSK
use pre-shared key
For home environments Single master key used for all users
WPA Enterprise For large organisation
Most secure method Unique keys for each user
Separate username & password for each user
-
8/2/2019 wi-fi new
27/30
-
8/2/2019 wi-fi new
28/30
Advantages
Mobility
Ease of Installation
Flexibility
Cost Reliability
Security
Use unlicensed part of the radio spectrum
Roaming
Speed
-
8/2/2019 wi-fi new
29/30
Limitations
Interference
Degradation in performance
High power consumption Limited range
-
8/2/2019 wi-fi new
30/30
THANK
YOU
