Wireless%20LAN%20Security

1

• Wireless LAN Security
• Presented By
• SWAGAT SOURAV Roll EE 200118189
• Under the guidance of
• Mr. Siddhartha Bhusan Neelamani

2
Introduction

• It is also easy to interfere with wireless
  communications. A simple jamming transmitter can
  make communications impossible. For example,
  consistently hammering an access point with
  access requests, whether successful or not, will
  eventually exhaust its available radio frequency
  spectrum and knock it off the network.
• Advantages of WLAN
• Disadvantages WLAN

3
WLAN Authentication

• Wireless LANs, because of their broadcast
  nature, require the
  addition of
• User authentication
• Data privacy
• Authenticating wireless LAN clients.

Client Authentication Process
4
WLAN Authentication

• Types Of Authentication
• Open Authentication
• The authentication request
• The authentication response
• Shared Key Authentication
• requires that the client configure a static
  WEP key
• Service Set Identifier (SSID)
• MAC Address Authentication
• MAC address authentication verifies the clients
  MAC address against a locally configured list of
  allowed addresses or against an external
  authentication server

5
WLAN Authentication Vulnerabilities

• SSID
• An eavesdropper can easily determine the SSID
  with the use of an 802.11 wireless LAN packet
  analyzer, like Sniffer Pro.
• Open Authentication
• Open authentication provides no way for the
  access point to determine whether a client is
  valid.
• Shared Key Authentication Vulnerabilities
• The process of exchanging the challenge text
  occurs over the wireless link and is vulnerable
  to a man-in-the-middle attack
• MAC Address Authentication Vulnerabilities
• A protocol analyzer can be used to determine a
  valid MAC address

6
WEP Encryption

• WEP is based on the RC4 algorithm, which is a
  symmetric key stream cipher. The encryption keys
  must match on both the client and the access
  point for frame exchanges to succeed
• Stream Ciphers

Encrypts data by generating a key stream from the
key and performing the XOR function on the key
stream with the plain-text data
7
WEP Encryption

• Block Ciphers

Fragments the frame into blocks of predetermined
size and performs the XOR function on each block.
8
WEP Encryption Weaknesses

• There are two encryption techniques to overcome
  WEP encryption weakness
• Initialization vectors
• Feedback modes

• Initialization vectors

9
WEP Encryption Weaknesses

• Feedback Modes

10
WEP Encryption Weaknesses

• Statistical Key DerivationPassive Network
  Attacks
• A WEP key could be derived by passively
  collecting particular frames from a wireless LAN
• Inductive Key DerivationActive Network Attacks
• Inductive key derivation is the process of
  deriving a key by coercing information from the
  wireless LAN
• Initialization Vector Replay Attacks
• Bit-Flipping Attacks
• Static WEP Key Management Issues

11
Component of WLAN Security

• The Authentication Framework (802.1X)
• The EAP Authentication Algorithm
• Mutual Authentication
• User-Based Authentication
• Dynamic WEP Keys
• Data Privacy with TKIP (Temporal Key Integrity
  Protocol )
• A message integrity check (MIC
• Per-packet keying
• Broadcast Key Rotation

12
Future of WLAN Security

• AES (Advanced Encryption Standard )
• AES-OCB Mode

13
Future of WLAN Security

• AES-CCM Mode

14
Conclusion
Wireless LAN deployments should be made as secure
as possible. Standard 802.11 security is weak and
vulnerable to numerous network attacks. This
paper has highlighted these vulnerabilities and
described how it can be solved to create secure
wireless LANs. Some security enhancement features
might not be deployable in some situations
because of device limitations such as application
specific devices (ASDs such as 802.11 phones
capable of static WEP only) or mixed vendor
environments. In such cases, it is important that
the network administrator understand the
potential WLAN security vulnerabilities.
15

• Thank You!!!