Wireless lan
sajan45
996 views
15 slides
Oct 15, 2014
Slide 1 of 15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Presentation
Wireless lan or WLAN commonly known as wifi network. its about all the basic feature and functions of it.
Slide Content
[1]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Wireless LAN Security
Presented By
SWAGAT SOURAV Roll # EE 200118189
Under the guidance of
Mr. Siddhartha Bhusan Neelamani
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Wireless LAN Security
Presented By
SWAGAT SOURAV Roll # EE 200118189
Under the guidance of
Mr. Siddhartha Bhusan Neelamani
[2]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
•It is also easy to interfere with wireless communications. A
simple jamming transmitter can make communications
impossible. For example, consistently hammering an
access point with access requests, whether successful or
not, will eventually exhaust its available radio frequency
spectrum and knock it off the network.
• Advantages of WLAN
• Disadvantages WLAN
Introduction
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
•It is also easy to interfere with wireless communications. A
simple jamming transmitter can make communications
impossible. For example, consistently hammering an
access point with access requests, whether successful or
not, will eventually exhaust its available radio frequency
spectrum and knock it off the network.
• Advantages of WLAN
• Disadvantages WLAN
Introduction
[3]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication
• Wireless LANs, because of their broadcast nature, require the
addition of:
User authentication
Data privacy
• Authenticating wireless LAN clients.
Client Authentication Process
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication
• Wireless LANs, because of their broadcast nature, require the
addition of:
User authentication
Data privacy
• Authenticating wireless LAN clients.
Client Authentication Process
[4]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication
•Types Of Authentication
Open Authentication
• The authentication request
• The authentication response
Shared Key Authentication
• requires that the client configure a static WEP key
Service Set Identifier (SSID)
MAC Address Authentication
•MAC address authentication verifies the client’s MAC
address against a locally configured list of allowed
addresses or against an external authentication server
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication
•Types Of Authentication
Open Authentication
• The authentication request
• The authentication response
Shared Key Authentication
• requires that the client configure a static WEP key
Service Set Identifier (SSID)
MAC Address Authentication
•MAC address authentication verifies the client’s MAC
address against a locally configured list of allowed
addresses or against an external authentication server
[5]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication Vulnerabilities
• SSID
An eavesdropper can easily determine the SSID with the use of an
802.11 wireless LAN packet analyzer, like Sniffer Pro.
• Open Authentication
Open authentication provides no way for the access point to
determine whether a client is valid.
• Shared Key Authentication Vulnerabilities
The process of exchanging the challenge text occurs over the
wireless link and is vulnerable to a man-in-the-middle attack
• MAC Address Authentication Vulnerabilities
A protocol analyzer can be used to determine a valid MAC
address
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WLAN Authentication Vulnerabilities
• SSID
An eavesdropper can easily determine the SSID with the use of an
802.11 wireless LAN packet analyzer, like Sniffer Pro.
• Open Authentication
Open authentication provides no way for the access point to
determine whether a client is valid.
• Shared Key Authentication Vulnerabilities
The process of exchanging the challenge text occurs over the
wireless link and is vulnerable to a man-in-the-middle attack
• MAC Address Authentication Vulnerabilities
A protocol analyzer can be used to determine a valid MAC
address
[6]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption
• WEP is based on the RC4 algorithm, which is a symmetric
key stream cipher. The encryption keys must match on both
the client and the access point for frame exchanges to succeed
Stream Ciphers
Encrypts data by generating a key stream from the key and
performing the XOR function on the key stream with the plain-text
data
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption
• WEP is based on the RC4 algorithm, which is a symmetric
key stream cipher. The encryption keys must match on both
the client and the access point for frame exchanges to succeed
Stream Ciphers
Encrypts data by generating a key stream from the key and
performing the XOR function on the key stream with the plain-text
data
[7]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption
Block Ciphers
Fragments the frame into blocks of predetermined size and performs
the XOR function on each block.
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption
Block Ciphers
Fragments the frame into blocks of predetermined size and performs
the XOR function on each block.
[8]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• There are two encryption techniques to overcome WEP
encryption weakness
Initialization vectors
Feedback modes
• Initialization vectors
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• There are two encryption techniques to overcome WEP
encryption weakness
Initialization vectors
Feedback modes
• Initialization vectors
[9]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Feedback Modes
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Feedback Modes
[10]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Statistical Key Derivation—Passive Network Attacks
A WEP key could be derived by passively collecting particular frames
from a wireless LAN
• Inductive Key Derivation—Active Network Attacks
Inductive key derivation is the process of deriving a key by coercing
information from the wireless LAN
Initialization Vector Replay Attacks
Bit-Flipping Attacks
• Static WEP Key Management Issues
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
WEP Encryption Weaknesses
• Statistical Key Derivation—Passive Network Attacks
A WEP key could be derived by passively collecting particular frames
from a wireless LAN
• Inductive Key Derivation—Active Network Attacks
Inductive key derivation is the process of deriving a key by coercing
information from the wireless LAN
Initialization Vector Replay Attacks
Bit-Flipping Attacks
• Static WEP Key Management Issues
[11]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Component of WLAN Security
• The Authentication Framework (802.1X)
• The EAP Authentication Algorithm
Mutual Authentication
User-Based Authentication
Dynamic WEP Keys
• Data Privacy with TKIP (Temporal Key Integrity Protocol )
A message integrity check (MIC
Per-packet keying
Broadcast Key Rotation
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Component of WLAN Security
• The Authentication Framework (802.1X)
• The EAP Authentication Algorithm
Mutual Authentication
User-Based Authentication
Dynamic WEP Keys
• Data Privacy with TKIP (Temporal Key Integrity Protocol )
A message integrity check (MIC
Per-packet keying
Broadcast Key Rotation
[12]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security
• AES (Advanced Encryption Standard )
AES-OCB Mode
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security
• AES (Advanced Encryption Standard )
AES-OCB Mode
[13]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security
AES-CCM Mode
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Future of WLAN Security
AES-CCM Mode
[14]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Conclusion
Wireless LAN deployments should be made as secure
as possible. Standard 802.11 security is weak and
vulnerable to numerous network attacks. This paper has
highlighted these vulnerabilities and described how it
can be solved to create secure wireless LANs.
Some security enhancement features might not be
deployable in some situations because of device
limitations such as application specific devices (ASDs
such as 802.11 phones capable of static WEP only) or
mixed vendor environments. In such cases, it is
important that the network administrator understand the
potential WLAN security vulnerabilities.
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Conclusion
Wireless LAN deployments should be made as secure
as possible. Standard 802.11 security is weak and
vulnerable to numerous network attacks. This paper has
highlighted these vulnerabilities and described how it
can be solved to create secure wireless LANs.
Some security enhancement features might not be
deployable in some situations because of device
limitations such as application specific devices (ASDs
such as 802.11 phones capable of static WEP only) or
mixed vendor environments. In such cases, it is
important that the network administrator understand the
potential WLAN security vulnerabilities.
[15]
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Thank
You!!!
N
a
t
i
o
n
a
l
I
n
s
t
i
t
u
t
e
o
f
S
c
i
e
n
c
e
&
T
e
c
h
n
o
l
o
g
y
WIRELESS LAN SECURITY
Swagat Sourav
Thank
You!!!
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 996
- Slides 15
- Favorites 1
- Age 4066 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views