Network Security and Cryptography Topic 12 Wireless Security
![Network Security and Cryptography Topic 12: Wireless Security V 1. 0 © NCC Education Network Security and Cryptography Topic 12: Wireless Security V 1. 0 © NCC Education](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-1.jpg)
![Network Security and Cryptography Topic 11 – Lecture 1: Introduction to Wireless Security & Network Security and Cryptography Topic 11 – Lecture 1: Introduction to Wireless Security &](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-2.jpg)
![Wireless Security Topic 12 - 12. 3 Scope and Coverage This topic will cover: Wireless Security Topic 12 - 12. 3 Scope and Coverage This topic will cover:](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-3.jpg)
![Wireless Security Topic 12 - 12. 4 Learning Outcomes By the end of this Wireless Security Topic 12 - 12. 4 Learning Outcomes By the end of this](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-4.jpg)
![Wireless Security Topic 12 - 12. 5 Wireless Networks • A wireless network typically Wireless Security Topic 12 - 12. 5 Wireless Networks • A wireless network typically](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-5.jpg)
![Wireless Security Topic 12 - 12. 6 WLAN V 1. 0 © NCC Education Wireless Security Topic 12 - 12. 6 WLAN V 1. 0 © NCC Education](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-6.jpg)
![Wireless Security Topic 12 - 12. 7 Wireless Network Security • Essentially a broadcast Wireless Security Topic 12 - 12. 7 Wireless Network Security • Essentially a broadcast](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-7.jpg)
![Wireless Security Topic 12 - 12. 8 General Security Options • In closed networks Wireless Security Topic 12 - 12. 8 General Security Options • In closed networks](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-8.jpg)
![Wireless Security Topic 12 - 12. 9 WLAN Access Control • In 1997, the Wireless Security Topic 12 - 12. 9 WLAN Access Control • In 1997, the](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-9.jpg)
![Wireless Security Topic 12 - 12. 10 MAC Address Filtering • Usually implemented to Wireless Security Topic 12 - 12. 10 MAC Address Filtering • Usually implemented to](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-10.jpg)
![Wireless Security Topic 12 - 12. 11 Wired Equivalent Privacy (WEP) • Original security Wireless Security Topic 12 - 12. 11 Wired Equivalent Privacy (WEP) • Original security](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-11.jpg)
![Wireless Security Topic 12 - 12. 12 WEP Encryption • Uses the RC 4 Wireless Security Topic 12 - 12. 12 WEP Encryption • Uses the RC 4](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-12.jpg)
![Wireless Security Topic 12 - 12. 13 WEP Encryption Keys • A 64 -bit Wireless Security Topic 12 - 12. 13 WEP Encryption Keys • A 64 -bit](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-13.jpg)
![Wireless Security Topic 12 - 12. 14 Open System Authentication • Client device, e. Wireless Security Topic 12 - 12. 14 Open System Authentication • Client device, e.](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-14.jpg)
![Wireless Security Topic 12 - 12. 15 Shared Key Authentication • A five step Wireless Security Topic 12 - 12. 15 Shared Key Authentication • A five step](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-15.jpg)
![Wireless Security Topic 12 - 12. 16 Shared Key Authentication • After authentication the Wireless Security Topic 12 - 12. 16 Shared Key Authentication • After authentication the](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-16.jpg)
![Wireless Security Topic 12 - 12. 17 WEP Weaknesses • The 24 -bit IV Wireless Security Topic 12 - 12. 17 WEP Weaknesses • The 24 -bit IV](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-17.jpg)
![Network Security and Cryptography Topic 12 – Lecture 2: WPA, WPA 2 and Wireless Network Security and Cryptography Topic 12 – Lecture 2: WPA, WPA 2 and Wireless](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-18.jpg)
![Wireless Security Topic 12 - 12. 19 Wi-Fi Protected Access (WPA) • Aim: to Wireless Security Topic 12 - 12. 19 Wi-Fi Protected Access (WPA) • Aim: to](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-19.jpg)
![Wireless Security Topic 12 - 12. 20 IEEE 802. 11 i • Implemented as Wireless Security Topic 12 - 12. 20 IEEE 802. 11 i • Implemented as](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-20.jpg)
![Wireless Security Topic 12 - 12. 21 CCMP • More secure than the protocols Wireless Security Topic 12 - 12. 21 CCMP • More secure than the protocols](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-21.jpg)
![Wireless Security Topic 12 - 12. 22 Pre-shared Key (PSK) Mode • Also known Wireless Security Topic 12 - 12. 22 Pre-shared Key (PSK) Mode • Also known](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-22.jpg)
![Wireless Security Topic 12 - 12. 23 PSK Mode Weaknesses • Keys sent via Wireless Security Topic 12 - 12. 23 PSK Mode Weaknesses • Keys sent via](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-23.jpg)
![Wireless Security Topic 12 - 12. 24 Enterprise Mode • Designed for enterprise networks Wireless Security Topic 12 - 12. 24 Enterprise Mode • Designed for enterprise networks](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-24.jpg)
![Wireless Security Topic 12 - 12. 25 IEEE 802. 1 X • IEEE Standard Wireless Security Topic 12 - 12. 25 IEEE 802. 1 X • IEEE Standard](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-25.jpg)
![Wireless Security Topic 12 - 12. 26 EAP • The authentication framework utilised by Wireless Security Topic 12 - 12. 26 EAP • The authentication framework utilised by](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-26.jpg)
![Wireless Security Topic 12 - 12. 27 IEEE 802. 1 X Authentication • Initialisation Wireless Security Topic 12 - 12. 27 IEEE 802. 1 X Authentication • Initialisation](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-27.jpg)
![Wireless Security Topic 12 - 12. 28 IEEE 802. 1 X Authentication • Negotiation Wireless Security Topic 12 - 12. 28 IEEE 802. 1 X Authentication • Negotiation](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-28.jpg)
![Wireless Security Topic 12 - 12. 29 RADIUS • Protocol providing a centralised Authentication, Wireless Security Topic 12 - 12. 29 RADIUS • Protocol providing a centralised Authentication,](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-29.jpg)
![Wireless Security Topic 12 - 12. 30 RADIUS Functions • A RADIUS Server has Wireless Security Topic 12 - 12. 30 RADIUS Functions • A RADIUS Server has](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-30.jpg)
![Wireless Security Topic 12 - 12. 31 WPA 2 Sessions Key • WPA 2 Wireless Security Topic 12 - 12. 31 WPA 2 Sessions Key • WPA 2](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-31.jpg)
![Wireless Security Topic 12 - 12. 32 Wireless Network Architecture • When planning a Wireless Security Topic 12 - 12. 32 Wireless Network Architecture • When planning a](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-32.jpg)
![Wireless Security Topic 12 - 12. 33 Standalone Access Points • Functionality of each Wireless Security Topic 12 - 12. 33 Standalone Access Points • Functionality of each](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-33.jpg)
![Wireless Security Topic 12 - 12. 34 Standalone Access Points • Well suited in Wireless Security Topic 12 - 12. 34 Standalone Access Points • Well suited in](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-34.jpg)
![Wireless Security Topic 12 - 12. 35 Co-ordinated Access Points • Has “thin” access Wireless Security Topic 12 - 12. 35 Co-ordinated Access Points • Has “thin” access](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-35.jpg)
![Wireless Security Topic 12 - 12. 36 Co-ordinated Access Points • Configuration is done Wireless Security Topic 12 - 12. 36 Co-ordinated Access Points • Configuration is done](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-36.jpg)
![Wireless Security Topic 12 - 12. 37 Co-ordinated Access Points • Ideal where: - Wireless Security Topic 12 - 12. 37 Co-ordinated Access Points • Ideal where: -](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-37.jpg)
![Wireless Security Topic 12 - 12. 38 Benefits of Co-ordinated APs • • Lower Wireless Security Topic 12 - 12. 38 Benefits of Co-ordinated APs • • Lower](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-38.jpg)
![Wireless Security Topic 12 - 12. 39 References • Tanenbaum, A. S. (2003). Computer Wireless Security Topic 12 - 12. 39 References • Tanenbaum, A. S. (2003). Computer](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-39.jpg)
![Wireless Security Topic 12 - 12. 40 Topic 12 – Wireless Security Any Questions? Wireless Security Topic 12 - 12. 40 Topic 12 – Wireless Security Any Questions?](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-40.jpg)
- Slides: 40
![Network Security and Cryptography Topic 12 Wireless Security V 1 0 NCC Education Network Security and Cryptography Topic 12: Wireless Security V 1. 0 © NCC Education](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-1.jpg)
Network Security and Cryptography Topic 12: Wireless Security V 1. 0 © NCC Education Limited
![Network Security and Cryptography Topic 11 Lecture 1 Introduction to Wireless Security Network Security and Cryptography Topic 11 – Lecture 1: Introduction to Wireless Security &](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-2.jpg)
Network Security and Cryptography Topic 11 – Lecture 1: Introduction to Wireless Security & WEP V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 3 Scope and Coverage This topic will cover Wireless Security Topic 12 - 12. 3 Scope and Coverage This topic will cover:](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-3.jpg)
Wireless Security Topic 12 - 12. 3 Scope and Coverage This topic will cover: • Security issues specific to wireless networks • Wireless security (WEP, WPA 2) • Secure network architectures for wireless deployments V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 4 Learning Outcomes By the end of this Wireless Security Topic 12 - 12. 4 Learning Outcomes By the end of this](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-4.jpg)
Wireless Security Topic 12 - 12. 4 Learning Outcomes By the end of this topic students will be able to: • Explain the vulnerabilities inherent in wireless networks • Deploy a secure network architecture for wireless access • Configure Access Control Lists • Encrypt and protect the wireless link V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 5 Wireless Networks A wireless network typically Wireless Security Topic 12 - 12. 5 Wireless Networks • A wireless network typically](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-5.jpg)
Wireless Security Topic 12 - 12. 5 Wireless Networks • A wireless network typically has a number of wireless-enabled devices connecting to an access point • Each access point connects to a wider network - In a home wireless network this wider network may be the Internet - In a business network this wider network is typically a LAN • Wireless networks are less secure than wired V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 6 WLAN V 1 0 NCC Education Wireless Security Topic 12 - 12. 6 WLAN V 1. 0 © NCC Education](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-6.jpg)
Wireless Security Topic 12 - 12. 6 WLAN V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 7 Wireless Network Security Essentially a broadcast Wireless Security Topic 12 - 12. 7 Wireless Network Security • Essentially a broadcast](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-7.jpg)
Wireless Security Topic 12 - 12. 7 Wireless Network Security • Essentially a broadcast network between access point and devices • Boundary of network is limited by signal strength • Signal can usually be received outside of the building in which the network is based • Access to network must be restricted • Transmissions must be encrypted V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 8 General Security Options In closed networks Wireless Security Topic 12 - 12. 8 General Security Options • In closed networks](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-8.jpg)
Wireless Security Topic 12 - 12. 8 General Security Options • In closed networks (home or an organisation) restrictions are put in place on access to the access point • In open, public networks there are no access restrictions so the network is isolated from all networks that need a level of security • End to end encryption may be used for secure traffic in wireless networks that are mixed V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 9 WLAN Access Control In 1997 the Wireless Security Topic 12 - 12. 9 WLAN Access Control • In 1997, the](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-9.jpg)
Wireless Security Topic 12 - 12. 9 WLAN Access Control • In 1997, the IEEE approved the IEEE 802. 11 WLAN standard • Access may be controlled via access to the access point (AP) • Only authorised devices can connect to the AP • One way: Media Access Control (MAC) address filtering V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 10 MAC Address Filtering Usually implemented to Wireless Security Topic 12 - 12. 10 MAC Address Filtering • Usually implemented to](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-10.jpg)
Wireless Security Topic 12 - 12. 10 MAC Address Filtering • Usually implemented to permit rather than prevent V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 11 Wired Equivalent Privacy WEP Original security Wireless Security Topic 12 - 12. 11 Wired Equivalent Privacy (WEP) • Original security](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-11.jpg)
Wireless Security Topic 12 - 12. 11 Wired Equivalent Privacy (WEP) • Original security component of 802. 11 • Aim: only authorized parties can view transmitted wireless information • Uses encryption to protect traffic • Designed as an efficient and reasonably strong security • Has numerous security flaws and has been superseded by Wi-Fi Protected Access (WPA) V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 12 WEP Encryption Uses the RC 4 Wireless Security Topic 12 - 12. 12 WEP Encryption • Uses the RC 4](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-12.jpg)
Wireless Security Topic 12 - 12. 12 WEP Encryption • Uses the RC 4 stream cipher for confidentiality • Uses the CRC-32 checksum for integrity • Secret keys can be 64 or 128 bits long - Some vendors do supply 256 -bit key version • Can hold up to four shared secret keys - One key is designated as the default key • Key size is one of the security limitations in WEP V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 13 WEP Encryption Keys A 64 bit Wireless Security Topic 12 - 12. 13 WEP Encryption Keys • A 64 -bit](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-13.jpg)
Wireless Security Topic 12 - 12. 13 WEP Encryption Keys • A 64 -bit WEP key has a 40 -bit key (10 hexadecimal characters) plus a 24 -bit initialisation vector (IV) • A 128 -bit WEP key has a 104 -bit key (26 hexadecimal characters) plus a 24 -bit IV • An IV is a continuously changing value used in combination with a secret key to encrypt data - Prevents sequences of identical text from producing the same exact ciphertext when encrypted V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 14 Open System Authentication Client device e Wireless Security Topic 12 - 12. 14 Open System Authentication • Client device, e.](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-14.jpg)
Wireless Security Topic 12 - 12. 14 Open System Authentication • Client device, e. g. laptop, does not provide any authentication to the Access Point - Any wireless-enabled device within range can authenticate with the Access Point • The effect is that no real authentication occurs • WEP encryption keys are used for encrypting data frames on the wireless network • The client must have the correct keys at this point V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 15 Shared Key Authentication A five step Wireless Security Topic 12 - 12. 15 Shared Key Authentication • A five step](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-15.jpg)
Wireless Security Topic 12 - 12. 15 Shared Key Authentication • A five step handshake process: 1. Authentication request from client to Access Point 2. Access Point replies with a clear-text challenge 3. Client encrypts challenge-text using the WEP key 4. Client sends encrypted text back in another authentication request 5. AP decrypts the response – if it matches the challenge-text, AP sends a positive reply V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 16 Shared Key Authentication After authentication the Wireless Security Topic 12 - 12. 16 Shared Key Authentication • After authentication the](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-16.jpg)
Wireless Security Topic 12 - 12. 16 Shared Key Authentication • After authentication the WEP key is used for encryption using RC 4 • Shared Key authentication is less secure than Open System authentication • The key used for the handshake can be derived by capturing the challenge frames • Both authentication mechanisms are weak V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 17 WEP Weaknesses The 24 bit IV Wireless Security Topic 12 - 12. 17 WEP Weaknesses • The 24 -bit IV](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-17.jpg)
Wireless Security Topic 12 - 12. 17 WEP Weaknesses • The 24 -bit IV is too short and repeats after some time - there is a 50% probability the same IV will repeat after 5000 packets • Packets can be replayed so that the access point broadcasts Ivs • With the right equipment, WEP can be cracked in a few minutes at most V 1. 0 © NCC Education Limited
![Network Security and Cryptography Topic 12 Lecture 2 WPA WPA 2 and Wireless Network Security and Cryptography Topic 12 – Lecture 2: WPA, WPA 2 and Wireless](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-18.jpg)
Network Security and Cryptography Topic 12 – Lecture 2: WPA, WPA 2 and Wireless Architecture V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 19 WiFi Protected Access WPA Aim to Wireless Security Topic 12 - 12. 19 Wi-Fi Protected Access (WPA) • Aim: to](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-19.jpg)
Wireless Security Topic 12 - 12. 19 Wi-Fi Protected Access (WPA) • Aim: to protect present and future wireless devices - Authentication - Encryption • Developed in response to the weaknesses in WEP • WPA implements most of the IEEE 802. 11 i standard • WPA 2 is fully compliant with the IEEE 802. 11 i standard - This has been incorporated into IEEE 802. 11 -2007 V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 20 IEEE 802 11 i Implemented as Wireless Security Topic 12 - 12. 20 IEEE 802. 11 i • Implemented as](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-20.jpg)
Wireless Security Topic 12 - 12. 20 IEEE 802. 11 i • Implemented as WPA 2 • Uses Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, also known as CCM mode Protocol (CCMP) - AES based block cipher - Replacing the RC 4 stream cipher of WEP • Has been mandatory for Wi-Fi certified devices since 2006 V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 21 CCMP More secure than the protocols Wireless Security Topic 12 - 12. 21 CCMP • More secure than the protocols](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-21.jpg)
Wireless Security Topic 12 - 12. 21 CCMP • More secure than the protocols in WEP & WPA • Uses a 128 -bit key • Uses a 128 -bit block size • Provides: - Data Confidentiality - only authorized parties have access - Authentication – proves user identity - Access control - in conjunction with layer management V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 22 Preshared Key PSK Mode Also known Wireless Security Topic 12 - 12. 22 Pre-shared Key (PSK) Mode • Also known](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-22.jpg)
Wireless Security Topic 12 - 12. 22 Pre-shared Key (PSK) Mode • Also known as Personal mode • Used for home and small office networks - No advanced server capabilities • Does not require an authentication server • Wireless network client devices authenticate directly with the access point • They all use the same 256 -bit key • Keys are automatically changed and authenticated after a set period of time V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 23 PSK Mode Weaknesses Keys sent via Wireless Security Topic 12 - 12. 23 PSK Mode Weaknesses • Keys sent via](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-23.jpg)
Wireless Security Topic 12 - 12. 23 PSK Mode Weaknesses • Keys sent via e-mail or other insecure methods • Changing the PSK key is awkward: - Must type new key on every wireless device - Must type new key on all access points • In order to allow a guest user to have access to a network the key must be given to that guest • PSK is a 64 -bit hexadecimal number generated from a passphrase - Passphrase could be open to dictionary attack V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 24 Enterprise Mode Designed for enterprise networks Wireless Security Topic 12 - 12. 24 Enterprise Mode • Designed for enterprise networks](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-24.jpg)
Wireless Security Topic 12 - 12. 24 Enterprise Mode • Designed for enterprise networks • Provides authentication using IEEE 802. 1 X and Extensible Authentication Protocol (EAP) • Requires a Remote Authentication Dial In User Service (RADIUS) authentication server or similar • More complex but provides additional security - For example against dictionary attacks V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 25 IEEE 802 1 X IEEE Standard Wireless Security Topic 12 - 12. 25 IEEE 802. 1 X • IEEE Standard](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-25.jpg)
Wireless Security Topic 12 - 12. 25 IEEE 802. 1 X • IEEE Standard for Port-based Network Access Control (PNAC) • Requires three parties: - a supplicant – the client device wishing to connect - an authenticator – the access point - an authentication server – a host running software that supports RADIUS and EAP • Client device only has access through the authenticator when validated and authorized V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 26 EAP The authentication framework utilised by Wireless Security Topic 12 - 12. 26 EAP • The authentication framework utilised by](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-26.jpg)
Wireless Security Topic 12 - 12. 26 EAP • The authentication framework utilised by wireless networks • Supplies functions and negotiation of authentication methods - Called EAP methods • Provides a secure authentication mechanism • Negotiates a secure private key between authenticator and client V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 27 IEEE 802 1 X Authentication Initialisation Wireless Security Topic 12 - 12. 27 IEEE 802. 1 X Authentication • Initialisation](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-27.jpg)
Wireless Security Topic 12 - 12. 27 IEEE 802. 1 X Authentication • Initialisation - when new supplicant detected, the port on the authenticator is enabled and set to the unauthorised state • Initiation - Authenticator transmits EAP-Request Identity frames - Supplicant listens and responds with an EAP-Response Identity frame containing an identifier, e. g. user ID - Authenticator then encapsulates this in a RADIUS Access -Request packet and sends to authentication server V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 28 IEEE 802 1 X Authentication Negotiation Wireless Security Topic 12 - 12. 28 IEEE 802. 1 X Authentication • Negotiation](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-28.jpg)
Wireless Security Topic 12 - 12. 28 IEEE 802. 1 X Authentication • Negotiation - Authentication server replies to the authenticator with EAP Request specifying the EAP Method - Authenticator encapsulates the EAP Request and transmits to supplicant • Authentication - If EAP Method is agreed, EAP Requests and Responses are sent between supplicant and authentication server until the server responds with EAP-Success message - Authenticator sets port to the authorised state and traffic is allowed V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 29 RADIUS Protocol providing a centralised Authentication Wireless Security Topic 12 - 12. 29 RADIUS • Protocol providing a centralised Authentication,](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-29.jpg)
Wireless Security Topic 12 - 12. 29 RADIUS • Protocol providing a centralised Authentication, Authorization, and Accounting (AAA) service • Management for the authorisation of computers wishing to connect to a network • Client/server protocol • Runs in the application layer of the OSI model • Uses UDP for transport - assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 30 RADIUS Functions A RADIUS Server has Wireless Security Topic 12 - 12. 30 RADIUS Functions • A RADIUS Server has](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-30.jpg)
Wireless Security Topic 12 - 12. 30 RADIUS Functions • A RADIUS Server has three main functions: - Authenticating users and/or devices and providing permission for them to access the network - Authorising users and/or devices for specific services on the network - Accounting for usage of network services V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 31 WPA 2 Sessions Key WPA 2 Wireless Security Topic 12 - 12. 31 WPA 2 Sessions Key • WPA 2](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-31.jpg)
Wireless Security Topic 12 - 12. 31 WPA 2 Sessions Key • WPA 2 creates a new session key with every association • The encryption key for each client is unique and specific to that client • Every packet is encrypted with a unique key • Never reusing keys is good security practice V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 32 Wireless Network Architecture When planning a Wireless Security Topic 12 - 12. 32 Wireless Network Architecture • When planning a](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-32.jpg)
Wireless Security Topic 12 - 12. 32 Wireless Network Architecture • When planning a wireless network you need to determine which WLAN architecture to adopt • Architecture comes in two main categories: - Standalone access points - Centrally coordinated access points • Both have benefits • Suited to different environments. V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 33 Standalone Access Points Functionality of each Wireless Security Topic 12 - 12. 33 Standalone Access Points • Functionality of each](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-33.jpg)
Wireless Security Topic 12 - 12. 33 Standalone Access Points • Functionality of each access point enables wireless services, authentication and security - V 1. 0 All access points operate independently Encryption/decryption at the access point Each access point has its own configuration file Large networks rely on a management application Network configuration is static and does not respond to changing network conditions © NCC Education Limited
![Wireless Security Topic 12 12 34 Standalone Access Points Well suited in Wireless Security Topic 12 - 12. 34 Standalone Access Points • Well suited in](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-34.jpg)
Wireless Security Topic 12 - 12. 34 Standalone Access Points • Well suited in environments where: - There is a small isolated wireless coverage area requiring only a few access points - There is a need for wireless bridging from a main building to another building • The operational overhead to manage and maintain a wireless network increases with the size of the network V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 35 Coordinated Access Points Has thin access Wireless Security Topic 12 - 12. 35 Co-ordinated Access Points • Has “thin” access](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-35.jpg)
Wireless Security Topic 12 - 12. 35 Co-ordinated Access Points • Has “thin” access points • Centralized controller handles: - V 1. 0 Roaming Authentication Encryption/decryption Load balancing RF monitoring Performance monitoring Location services © NCC Education Limited
![Wireless Security Topic 12 12 36 Coordinated Access Points Configuration is done Wireless Security Topic 12 - 12. 36 Co-ordinated Access Points • Configuration is done](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-36.jpg)
Wireless Security Topic 12 - 12. 36 Co-ordinated Access Points • Configuration is done at the controller • Adding additional APs is simple, just plug in to network • Redundancy can be provided through extra redundant controllers - Become active if problems with a neighbouring AP V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 37 Coordinated Access Points Ideal where Wireless Security Topic 12 - 12. 37 Co-ordinated Access Points • Ideal where: -](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-37.jpg)
Wireless Security Topic 12 - 12. 37 Co-ordinated Access Points • Ideal where: - There are large wireless coverage areas • requiring multiple radio ports • perhaps alongside smaller isolated coverage areas - Network self-healing is required - Redundancy is required V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 38 Benefits of Coordinated APs Lower Wireless Security Topic 12 - 12. 38 Benefits of Co-ordinated APs • • Lower](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-38.jpg)
Wireless Security Topic 12 - 12. 38 Benefits of Co-ordinated APs • • Lower operational costs. Ease of deployment and management Greater availability Easier to respond to changes in the network performance • Better return on investment • Fast client roaming • Better Quality-of-Service V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 39 References Tanenbaum A S 2003 Computer Wireless Security Topic 12 - 12. 39 References • Tanenbaum, A. S. (2003). Computer](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-39.jpg)
Wireless Security Topic 12 - 12. 39 References • Tanenbaum, A. S. (2003). Computer Networks. 4 th Edition. Prentice Hall. • Stallings, W. (2010). Cryptography and Network Security: Principles and Practice. 5 th Edition. Pearson Education. V 1. 0 © NCC Education Limited
![Wireless Security Topic 12 12 40 Topic 12 Wireless Security Any Questions Wireless Security Topic 12 - 12. 40 Topic 12 – Wireless Security Any Questions?](https://slidetodoc.com/presentation_image_h/d9e89a6a9708b9323627910553d16350/image-40.jpg)
Wireless Security Topic 12 - 12. 40 Topic 12 – Wireless Security Any Questions? V 1. 0 © NCC Education Limited
Wireless security in cryptography
Modulo table
криптографический модуль
Number theory in cyber security
Firewall in cryptography and network security
Authentication in cryptography and network security
Three classes of intruders in network security
Primitive root in cryptography
Cryptography and network security 6th edition pdf
Cryptography and network security pearson
Euler's theorem in cryptography and network security
Cryptography and network security 4th edition
Euler's theorem in cryptography and network security
Finite fields in cryptography and network security
Digital signature in cryptography and network security
Modular arithmetic in cryptography and network security
Pgp in cryptography and network security
Euler's theorem in cryptography and network security
Malicious software in cryptography
Introduction to cryptography and network security
Rsa algorithm in cryptography and network security
Introduction to cryptography and network security
What are wireless devices and the wireless revolution
Wireless security definition
Border security using wins
Security services in cryptography
What is a clincher sentence
Research problem example for students
Wireless security threats and vulnerabilities
Cryptography security services
Pigpen
The osi security architecture
Guide to network security
Electronic mail security in network security
Security guide to network security fundamentals
Security guide to network security fundamentals
Wireless network definition
Soho wireless network
Wireless network capacity
Wireless sensor network protocols
Wireless wide area network