link-layer protection in 802.11i wlans with dummy authentication will mooney, robin jha
Post on 05-Jan-2016
220 Views
Preview:
TRANSCRIPT
Link-Layer Protection in 802.11i WLANs With Dummy Authentication
Will Mooney, Robin Jha
WLAN Overview
Basic securityVulnerabilityWPA & WPA-PSKWEP802.11 standardsIssues with 802.11iDummy AuthenticationPerformanceConclusion
Wireless LAN components Access point (AP) = bridge between wireless(802.11) and wired (802.3) networksWireless station (STA) = PC or other device with a wireless network interface card (NIC) RADIUS = Authentication Server EAP= Extensible Authentication Protocol CCMP= Encryption based on AES counter mode with CBC-MAC
WLANs
WLANs are vulnerable to specialized attacks.
Many of these attacks exploit technology weaknesses since 802.11 WLAN security is relatively new.
There are also many configuration weaknesses since some companies are not using the security features of WLANs on all their equipment.
VulnerabilitySome of the known wireless attack methods : Access attack Denial of Service (DoS) - logical attacks with spoofed signaling, signal jammingSSID(network name) sniffingWEP encryption key recovery attacksMAC address spoofingRogue AP attacks- unauthorized ingress routes
may bypass firewall
Open-Access Network
Open to everyone
Requires no authentication
Provides no protection
Vulnerable to fingerprinting, traffic analysis and eavesdropping
WEPWEP is “Wired Equivalent Privacy” or
“Wireless Encryption Protocol”It is the original wireless security protocol for
the 802.11 standard Based on the use of the same shared private
encryption key (or limited set of rotating keys) among all stations on a WLAN.Discovered recently that it is easy to decrypt if part of the key is known
WPA
The Wi-Fi Alliance released WPA (Wi-Fi Protected Access) intended to address some of the flaws.
The WPA solution addressed two critical shortfalls of the original WEP-based security standard:
Design weakness in the WEP protocol Lack of an effective key distribution method
WPA
Uses 802.1x (EAP) for authentication
Adds MIC (Message integrity check) and frame counter
Two modes: PSK and EnterprisePSK (Pre-Shared Key) suffers from similar key-management difficulties to WEPEnterprise Mode requires a RADIUS server
What is 802.11?
Refers to the family of specifications developed by the IEEE for wireless LAN technology.
It specifies an interface between a wireless client and a base station or between two clients connected wirelessly.
Dummy Authentication
1. The STA sends a request with its MAC address
2. The AP creates a ticket containing the STA's MAC address, a time stamp, a validity period, and a hash of those three things using its private key. This is sent with the AP's MAC address, a status code, and certificate.
Dummy Authentication (Cont.)
3. The computer validates the certificate and stores the ticket with AP's public key. Computer generates a random number and pre-session key, encrypts with AP's public key, and sends the AP its MAC address, ticket, random number, and the pre-session key encrypted with the random number.
4. AP verifies the ticket by the MAC address and checks that it is still in the validity period. If so, it sends back its MAC address, status code, and an encrypted pre-session key.
Dummy Authentication (Concluded)
5. If successful, then the pre-session key is used in communications. Otherwise, the process begins again.
Purpose of the Ticket
Reusable within validity period
Does not require storage resources of AP
Allows for a symmetric operation
Binds to the MAC address and prevents replay attacks
Results
There seemed to be a lack of testing
The “quantifiable” results:
Spoke of different attacks (flooding the AP at different points) and said they “believed our method can resist this attack”
What We Learned
Link layer protection in wireless networks
Basic information on wireless security we often use
How different attacks are performed on a wireless network
How NOT to test your project
Sources
Yang, Zhimin, Adam C. Champion, Boxuan Gu, Xiaole Bai, and Dong Xuan. "Link-Layer Protection in 802.11i WLANs with Dummy Authentication." WiSEC (2009): 1-8. Print.
top related