WLAN 1 WLAN Security Requirements for Secure Wireless

  • Slides: 16
Download presentation
WLAN 보안 1

WLAN 보안 1

WLAN Security • Requirements for Secure Wireless LANs – Authentication – Access Control –

WLAN Security • Requirements for Secure Wireless LANs – Authentication – Access Control – Data Privacy – Data Integrity – Protection Against Replay 2

Wireless LAN • IEEE 802. 11 Standards Frequency Band Modulation # of antena Max

Wireless LAN • IEEE 802. 11 Standards Frequency Band Modulation # of antena Max Speed 802. 11 2. 4 GHz FHSS/DSSS 1 2 Mbps 802. 11 a 5 GHz OFDM 1 54 Mbps 802. 11 b 2. 4 GHz HR-DSSS 1 11 Mbps 802. 11 g 2. 4 GHz OFDM 1 54 Mbps 802. 11 n 2. 4 GHz / 5 GHz OFDM 1~4 600 Mbps 3

MAC address Authentication Attack • Strengths (장점) – MAC 주소를 기반으로 AP에 접속하고자 하는

MAC address Authentication Attack • Strengths (장점) – MAC 주소를 기반으로 AP에 접속하고자 하는 Station들을 제어 • Weaknesses (단점) – MAC 주소는 쉽게 위조 가능 – 무선랜 네트워크를 모니터링(sniffing)함으로써 쉽게 MAC 주소를 획득 – 공격자들은 무선랜 통신을 계속 감시 가능 – MAC 주소의 Brute-force 공격이 가능 – Man in the middle attack 기술로 네트워크가 공격에 노출 - TOOL - Windows üAiro. Peek : Wireless Network Management Tool üSMAC : MAC address Changer - Linux üKismet : Wireless Network Sniffing Tool ümacchanger : MAC address Changer 5

MAC Address Attack 6

MAC Address Attack 6

Rogue AP – Spoofing Attack 8

Rogue AP – Spoofing Attack 8

802. 11 Passive Monitoring Access Point ki ns i zim ext d e: eart

802. 11 Passive Monitoring Access Point ki ns i zim ext d e: eart m l rna ord: c e Us ssw Pa Station Attacker Passive Monitoring Captures data 9

802. 11 Man in the Middle Attack • Attacker broadcasts spoofed AP SSID and

802. 11 Man in the Middle Attack • Attacker broadcasts spoofed AP SSID and MAC Address • Station unknowingly connects to attacker • MIM attacks can always be established • But if strong authentication and encryption are used, attacker will be nothing more than a bridge. Station Access Point Station MAC Address Attacker AP MAC Address Station MAC Address AP MAC Address 11

Authentication and Encryption Standards Credentials Certificate Username/Password TLS Authentication Protocols PEAP 802. 1 x

Authentication and Encryption Standards Credentials Certificate Username/Password TLS Authentication Protocols PEAP 802. 1 x Encryption Algorithms RC 4 AES Encryption Standards WEP WPA-TKIP 802. 11 i WEP: Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server 13

Evolution of WLAN Security – WEP: not adequate – IEEE formed a Task Group

Evolution of WLAN Security – WEP: not adequate – IEEE formed a Task Group “i” to develop 802. 11 i standard • Objective: to produce a detailed specification to enhance the security features for WLANs IEEE 802 Working group IEEE 802. 11 WLAN WG IEEE 802. 11 i WLAN security Robust Security Network RSN TSN 14 Transitional Security Network

Access Control and Authentication – 802. 1 X / EAP – Initially designed for

Access Control and Authentication – 802. 1 X / EAP – Initially designed for wired networks but is now applicable to WLANs. – Provides port-based access control and mutual authentication between client and APs via an authentication server. – 802. 1 X standard is comprised of three elements • A supplicant: the client (laptop, PDA, …) who wants to be authenticated • An authenticator: the AP, which acts as an intermediary between a supplicant and an authentication server. • An authentication server: such as a RADIUS (Remote Access Dial-In User Service) server. Station Supplicant Access Point Authenticator 15 RADIUS Server Authorizer

Thank you for your joining this semester 16

Thank you for your joining this semester 16