Wireless Technology and Security - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Wireless Technology and Security

Description:

Short range wireless technology. Operates on unlicensed 2.4GHz radio frequency ... Wireless Technology. http://www.bluetooth.org ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 17
Provided by: justin97
Category:

less

Transcript and Presenter's Notes

Title: Wireless Technology and Security


1
Wireless Technology and Security
  • April 9, 2003

Justin Mencl CIS 492
2
Overview
  • Current Wireless Technology
  • Infrared, Bluetooth, Wi-Fi
  • Security Issues
  • Concerns
  • Problem with WEP
  • Resources

3
IrDA
  • Infrared (IrDA)
  • Uses beams of light ? line of sight communication
  • Data broadcast in straight line, 30 cone
  • User intervention required

4
Bluetooth
  • Short range wireless technology
  • Operates on unlicensed 2.4GHz radio frequency
  • Uses Frequency Hopping Spread Spectrum (FHSS)
  • Supported by more than 50 major companies
  • 3COM
  • Microsoft
  • Ericsson
  • Nokia

5
Bluetooth (cont.)
  • Devices
  • Access Points
  • Keyboard/Mice
  • Car Stereos, Hands Free Kits
  • Advantages
  • Inexpensive small radio module
  • Ease of use automatic connection between device

6
Wi-Fi
  • Most popular wireless LAN solution
  • Specified by IEEE 802.11
  • Includes 802.11a, 802.11b, 802.11g
  • Also uses radio frequencies 2.4GHz and 5Ghz
  • Uses Direct Sequence Spread Spectrum (DSSS)

7
Wi-Fi Flavors
  • IEEE 802.11b
  • Most popular flavor
  • Uses 2.4Ghz, 11 Mbps, Range of 1000 ft
  • IEEE 802.11a
  • Uses 5GHz frequency, 54 Mbps
  • Reduced range ? More access points needed
  • IEEE 802.11g
  • Uses 2.4GHz backward compatible with 802.11b
  • 54 Mbps

8
Wireless Security
  • IrDA minimal security concerns
  • Bluetooth
  • Uses stream cipher E0, more secure than Wi-Fi
  • Uses different keys for encryption and
    authentication
  • Wi-Fi
  • Uses stream cipher RC4(v, k)
  • Uses same keys for encryption and authentication

9
Wi-Fi Security Concerns
  • Wired Equivalency Protocol (WEP)
  • Used to encrypt data
  • WEP implementation
  • Secret key to encrypt packets before sending
  • Integrity Check before receiving packets

10
WEP Algorithm
  • Sender and receiver share secret key k
  • Compute checksum c(M)
  • Pick Init Vector v, generate keystream RC4(v, k)
  • XOR ltM, c(M) gt and keystream ? ciphertext
  • Transmit ciphertext
  • Use transmitted v and shared k to get keystream
    RC4(v, k)
  • XOR ciphertext with RC4(v, k) to get ltM, cgt
  • Check if cc(M)
  • If so, accept M as message transmitted

Taken from Security Of The WEP Algorithm, UC
Berkeley
11
WEP Pictorially
12
Problems With WEP
  • Uses cipher stream RC4(v, k)
  • Inherit security risk when using cipher streams
  • You must NEVER encrypt two messages with same
    keystream
  • Keystream is RC4(v, k) which depends only on v, k
  • k is fixed shared secret that changes rarely, if
    ever
  • v is 24 bit value ? only 224 values 16
    million
  • So after 16 million packets, you have to repeat a
    v value
  • Repeated v, same k ? repeated keystream

13
Other Problems
  • Passive attacks to decrypt traffic based on
    statistical analysis.
  • Active attack to inject new traffic from
    unauthorized mobile stations, based on known
    plaintext.
  • Active attacks to decrypt traffic, based on
    tricking the access point.
  • Dictionary-building attack that, after analysis
    of about a day's worth of traffic, allows
    real-time automated decryption of all traffic

14
WEP Fixes
  • Need both of the following
  • Long Init Vector v that never repeats for the
    lifetime of the shared secret
  • Stong Message Authentication Code in replace of
    the CRC which depends on key k and Init Vector v
  • Again, BOTH need to be done!

15
Is WEP Secure???
  • Dont rely solely on WEP for security
  • KSU CNS does!!!
  • CIS Department does not
  • Wireless Best Practices
  • Treat wireless network as a public network
  • Put wireless network OUTSIDE your firewall
  • Use VPN, IPSec, ssh

16
Resources
  • Wireless Technology
  • http//www.bluetooth.org
  • http//www.acsac.org/2002/case/wed-c-330-Innella.p
    df
  • http//www.ieee802.org
  • Security of the WEP Algorithm, UC Berkeley
  • Nikita Borisov, Ian Goldberg, and David Wagner
  • http//www.isaac.cs.berkeley.edu/isaac/wep-faq.htm
    l
  • http//www.cypherpunks.ca/bh2001
Write a Comment
User Comments (0)
About PowerShow.com