bar camp presentation
TRANSCRIPT
WIRELESS TECHNOLOGYEXCERPTS FROM CWNA/CWSP
A QUICK INTRODUCTION
OUTLINE OF THIS PRESENTATION▸ Components▸ Measurements▸ Communication / Signal▸ Security▸ Questions and/or Applause
RADIO FREQUENCY CREATION
HOW A SIGNAL IS CREATED1. Data is sent to the Transmitter, which creates the wireless
medium.
2. Transmitter is responsible for the modulation of the signal (carrier signal) and the signal strength (Amplitude/Power).
3. The Antenna radiates the carrier signal in a pattern specific to the type of antenna and receive signals from air to propagate it back to the transmitter
SIGNAL DEMYSTIFIED
MEASUREMENTS▸ Equivalent Isotropic Radiated Power (EIRP) - Highest
signal strength that is transmitted from a particular antenna.▸ Antennas tend to focus the RF signal, altering the
effective output.▸ Decibel (dB) - a unit of comparison, NOT a unit of
power.▸ identifies the difference between 2 values.▸ A relative expression and a measurement in change
of power
SIGNAL DEMYSTIFIED
MEASUREMENTS CONTINUED▸ Decibel notations:
▸ dBi (decibel isotropic) - comparison of an antenna to an isotropic radiator (think antenna gain).
▸ dBd (decibel dipole) - comparison of an antenna to a dipole antenna (omnidirectional).
▸ dBi = dBd + 3▸ dBm - a signal comparison to 1 milliwatt of power.
SIGNAL DEMYSTIFIED
MEASUREMENTS MATH EXAMPLES▸ Problem: 2.4GHz AP transmitting at 100mW, Laptop is
100m (0.1Km) from AP. ▸ Solution: Laptop receives 0.000001mW or if we use
FSPL formula -> dB = 32.4 + (20log10(2400)) + (20log10(0.1)) or 80.004dB ~ 80dB of signal loss.
▸ dBm: 0dBm = 1mW then what would 100mW be?▸ dBm = 10 X log10(PmW) or +20dBm▸ the reverse formula is: PmW = 10(dBm/10)
RF SIGNAL
UNDERSTANDING SOME KEY METHODS AND WAVE FUNCTIONS▸ Manipulation of signal is called Keying Method.
▸ Aptitude Shift-Keying (ASK)▸ Frequency Shift-Keying (FSK)▸ Phase Shift-Keying (PSK)
RF SIGNAL
UNDERSTANDING SOME KEY METHODS AND WAVE FUNCTIONS▸ All RF signals will experience some type of degradation.
▸ Absorption - loss of attenuation due to various materials▸ Reflection - diversion or bouncing of a signal▸ Scattering - multiple reflections of signal in various directions▸ Refraction - bending of a signal as it passes through a medium of
different density.▸ Diffraction - bending of a signal around an object▸ Free Space Path Loss - loss of signal strength caused by natural
broadening of the waves (Beam Divergence)
SIGNAL PROPAGATION
RF TRANSMISSION METHODS▸ Narrowband
▸ uses very little bandwidth▸ more susceptible to interference and intentional
jamming▸ Spread Spectrum
▸ wide range of bandwidth▸ less susceptible to jamming and interference
SIGNAL PROPAGATION
TYPES OF SPREAD SPECTRUM▸ Frequency Hopping Spread Spectrum (FHSS)
▸ Components:▸ Hopping sequence - predefined pattern of
frequencies▸ Dwell time - measure of time of signal
transmission▸ Hop time - measure of time between transmission
signal change▸ Modulation (Gaussian Frequency Shift-Keying)
GFSK
FREQUENCY HOPPING SPREAD SPECTRUM COMPONENTS
SIGNAL PROPAGATION
TYPES OF SPREAD SPECTRUM▸ Direct Sequence Spread Spectrum (DSSS)
▸ Signal transmission is spread across the range of frequencies that make up that channel.
▸ The process of spreading the data is known as: Data Encoding.
▸ Modulation▸ Differential Binary Phase Shift-Keying (DBPSK)▸ Differential Quadrature Phase Shift-Keying (DQPSK)
SIGNAL PROPAGATION
ORTHOGONAL FREQUENCY DIVISION MULTIPLEXING (OFDM)▸ Most popular and used in either 5GHz or 2.4GHz range▸ Looks like Spread Spectrum, but it uses subcarriers
(52 separate closely and precisely spaced frequencies)
▸ More resistant to ISI and negative effects from multi-path interference.
▸ Utilizes harmonics overlap to cancel unwanted signals.▸ Modulation is BPSK or QPSK (at higher rates uses 16-
QAM or 64-QAM).
OFDM
2.4GHZ CHANNEL OVERLAY DIAGRAM
2.4GHZ CHANNEL OVERLAY DIAGRAM
SECURITY
THE CHALLENGE▸ Unauthorized access
▸ open systems for customers and consumers▸ data and information is in the open and easy to
view both in promiscuous mode and in attack mode
▸ Rogue AP’s▸ redirect traffic▸ out-signal the original transmission
CONNECTIVITY
PROCESS OF GETTING CONNECTED▸ It’s a 4 step process
1. Authentication‣ Open - no verification of identity (null
authentication)‣ Varied - open to join but data encrypted to outside‣ Private - some type of encryption / shared key
2. Association‣ becoming a part of the BSS
SECURITY
TYPES OF PROTECTION▸ Access Control
▸ MAC address filtering▸ Restrictions
▸ Encryption▸ Wireless Equivalent Protection (WEP)▸ Wi-Fi Protected Access (WPA)▸ Wi-Fi Protected Access v2 (WPA2)
▸ SSID Cloaking
SECURITY
VULNERABILITIES AND ATTACKS▸ Leaving the Default access (Passwords, set-up)▸ open Authentication and/or Authorization▸ Use of SNMP-managed devices (Simple Network
Management Protocol) in unsecured mode▸ Improper configuration of gateways, extenders, bridged
devices, etc.▸ MAC Spoofing and MAC Layer Attacks
▸ session hijacking, MITM, DoS and Disassociation(s)
SECURITY
ENCRYPTION TYPES AND DEFINITION▸ Static WEP
▸ Layer 2 encryption using RC4 streaming cipher▸ 64-bit and 128-bit encryption (24-bit IV)
▸ Weakness▸ IV Collision attacks - 24-bit IV is in clear text and repeats itself after
16 million.▸ RC4 Key-scheduling Algorithm uses 24-bit IV▸ Reinjection Attack▸ Bit-Flip Attack - ICV considered weak and packet can be
compromised
SECURITY
ENCRYPTION TYPES AND DEFINITION CONT.▸ Wi-Fi Protected Access (WPA)
▸ Temporal Key Integrity Protocol (TKIP) - 40-bit encryption and 128-bit key. Generates keys dynamically for each packet, avoiding some collisions.
▸ Message Integrity Check (MIC) - avoids the capturing, changing and resending the packets. Also uses the MIC as a seed for the mathematic encryption keys.
SECURITY
ENCRYPTION TYPES AND DEFINITION CONT.▸ Wi-Fi Protected Access 2 (WPA2)
▸ Advanced Encryption Standard (AES)▸ AES-CCMP
▸ Counter Mode with Cipher Block Chaining Authentication Code Protocol (CCMP)
▸ Message Integrity Check (MIC) - avoids the capturing, changing and resending the packets. Also uses the MIC as a seed for the mathematic encryption keys.