WPA: The Latest 802'11 Security - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

WPA: The Latest 802'11 Security

Description:

Algorithm is used throughout the world in some of the most secure ... Poor key generation (cracked encryption key) Poor duplicate checking (replay attacks) ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 23
Provided by: kellym55
Category:

less

Transcript and Presenter's Notes

Title: WPA: The Latest 802'11 Security


1
Welcome!
  • WPA The Latest 802.11 Security
  • by Jim Weikert, Product Manager, Locus
    Incorporated
  • Portland General Electric
  • Tuesday, March 23, 2004

2
Using a Good Tool Improperly
3
Concepts to Understand
  • Authentication
  • Verifying only authorized users are allowed to
    communicate
  • Encryption
  • Scrambling the data so that it cannot be
    deciphered by outsiders
  • Integrity Checking
  • Preventing unwanted data

4
The Good Tool Used Properly
  • 802.11 WEP encryption is based on a very strong
    and time-proven algorithm
  • Algorithm is used throughout the world in some of
    the most secure applications
  • SSL (Secure Socket Layer) Protocol is used for
    communications to and from secure websites
  • Oracle SQL

5
The Good Tool Used Improperly
  • WEP is an example of using a good tool improperly
  • Poor authentication (rogue access point)
  • Poor key generation (cracked encryption key)
  • Poor duplicate checking (replay attacks)

6
802.11 Industry Improvements
  • IEEE 802.11i
  • New IEEE standard for 802.11 security
  • WPA (Wi-Fi Protected Access)
  • The 802.11 industrys acronym for the improved
    security

7
The Good Tool Used Properly
  • Proper Authentication
  • Proper Encryption

8
WPA Proper Authentication
WEP
WPA
Dual Authentication Two-way Handshake
Open
Shared
9
WPA Proper Authentication
  • WEP shared
  • Only client authenticated itself to AP
  • Rogue AP could cause client to authenticate to
    it falsely and gain access to clients
    information
  • Dual authentication
  • Client and AP authenticate each other, verifying
    the link is appropriate

10
Key Generation
  • WEP System-wide Key
  • common for every radio
  • WPA Session Key
  • different for every pair
  • different for every station
  • generated for each session
  • derived from a seed called the passphrase

Key
Key
Key
Entered once or updated by user if they feel like
it.
11
Per-Packet Keying
  • Each packet is generated using a unique key
  • Much more difficult to get from data back to the
    key
  • Packet sequence number rollover
  • 24-bit sequence number with WEP would rollover
    leading to key re-use
  • 48-bit sequence number with WPA leads to new
    session key generation

12
Per Packet Keying (cont.)
Passphrase
Phase One Mixer
Intermediate Key
128-bit Temporal Key
Source MAC Address 00-01-50-F1-CD-73
Phase Two Mixer
Per-Packet Key
4 Bytes
48-bit Packet Sequence Number (24-bit with WEP)
2 Bytes
Encryption Algorithm
Data
Encrypted Data
13
Forgery Protection
Step 1 Stronger Algorithm
CRC Generator
Data Load
CRC
WEP
48-Bit Sequence Number
Michael
Message Integrity Check
MAC Address
Data Load
WPA
14
Forgery Protection
Step 2 Forgery Detection
  • Two forgeries in one second
  • Radio assumes it is under attack.
  • It deletes its session key, disassociates itself,
    then forces re-association.

15
Replay Prevention
Replays do not appear as a forgery
  • WEP
  • Overload the network by replaying a single packet

WPA Network is protected IV must increment or
packet is discarded
16
RADIUS Server
  • Authenticates clients before they are given
    access to the network
  • Negotiates keys

Network
Access Point
Client
Radius Server
17
Need for a RADIUS Server
  • Single point of key management
  • Centralized administration
  • Mix WEP/WPA amongst clients
  • Seamless roaming without re-authentication
  • Session time limits/time of day (user access
    policies)

18
The Good Tool Used Properly
  • Proper Authentication
  • Proper Encryption
  • Packet Key Generation
  • System Key Distribution
  • Forgery Protection
  • Replay Prevention

19
Scrutiny improves security
  • Security by obscurity is a flawed approach.
  • WPA has undergone great scrutiny by
    cryptographers.
  • Scrutiny is the best way to provide security in
    an open protocol.

20
More Security to Come
  • 802.11i addresses immediate improvements as well
    as long-term improvements
  • Immediate improvements seen in WPA (TKIP
    Encryption) can run on current hardware
  • Long-term improvements include new encryption
    algorithm AES (Advanced Encryption Standard)
    which is more computationally intensive and
    requires new hardware

21
Having the Best Security is Useless if...
  • It isnt turned on
  • like having locks on your doors but not using
    them
  • It is too complicated to understand
  • like having a security system for your house, but
    not knowing how to change the code

22
Questions?
  • Thank you!
  • Jim Weikert, Product Manager
  • (608) 270-0500 ext. 219
  • weikert_at_locusinc.com
  • Locus Industrial Radios
  • Madison, WI
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "WPA: The Latest 802'11 Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!