network access control and wirelessver.miun.se/courses/security/lectures/wireless.pdf ·...
TRANSCRIPT
Network Access Control and Wireless
Lennart Franked
Avdelningen för informationssystem och -teknologi (IST)Mittuniversitetet
December 4, 2014
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 1 / 42
Overview
1 Network Access Control (NAC) and IEEE 802.1XNetwork Access ControlExtensible Authentication ProtocolIEEE 802.1x
2 Wireless Network SecurityWireless Security
3 802.11 Wireless Overview802.11 - Wireless LANWireless LAN Security
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 2 / 42
Literature
The lecture covers chapter 5.1 - 5.3 and chapter 7 “Wireless NetworkSecurity” in [1]. To check that you have fully understood these chapters,you should solve problems 7.1, and 7.2
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 3 / 42
Network Access Control
Figure: [1].Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 4 / 42
Access RequestorNetwork Access Control
Figure: [1].
Access RequestorAccess Requestor, Client,Supplicants, peerAccess the network.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 5 / 42
Policy ServerNetwork Access Control
Figure: [1].
Policy ServerEnforce access restrictions.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 6 / 42
Network Access ServerNetwork Access Control
Figure: [1].
Network Access ServerControl access to Network.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 7 / 42
Network Access Enforcement MethodsNetwork Access Control
IEEE 802.1X - EAP over LAN.VLAN.Firewall.DHCP management.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 8 / 42
Network Access Enforcement MethodsNetwork Access Control
IEEE 802.1X - EAP over LAN.VLAN.Firewall.DHCP management.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 8 / 42
Network Access Enforcement MethodsNetwork Access Control
IEEE 802.1X - EAP over LAN.VLAN.Firewall.DHCP management.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 8 / 42
Network Access Enforcement MethodsNetwork Access Control
IEEE 802.1X - EAP over LAN.VLAN.Firewall.DHCP management.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 8 / 42
Extensible Authentication Protocol
Figure: [1].
Framework for network accessand authentication protocols.Mostly encountered in wirelessnetworks and PPP-connections.Extension to PPP
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 9 / 42
Extensible Authentication Protocol
Figure: [1].
Framework for network accessand authentication protocols.Mostly encountered in wirelessnetworks and PPP-connections.Extension to PPP
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 9 / 42
Extensible Authentication Protocol
Figure: [1].
Framework for network accessand authentication protocols.Mostly encountered in wirelessnetworks and PPP-connections.Extension to PPP
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 9 / 42
Authentication MethodsExtensible Authentication Protocol
Figure: [1].
EAP authentication methods.EAP-TLS.EAP-TTLS.EAP-GPSK.EAP-IKEv2.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 10 / 42
Authentication MethodsExtensible Authentication Protocol
Figure: [1].
EAP authentication methods.EAP-TLS.EAP-TTLS.EAP-GPSK.EAP-IKEv2.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 10 / 42
Authentication MethodsExtensible Authentication Protocol
Figure: [1].
EAP authentication methods.EAP-TLS.EAP-TTLS.EAP-GPSK.EAP-IKEv2.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 10 / 42
Authentication MethodsExtensible Authentication Protocol
Figure: [1].
EAP authentication methods.EAP-TLS.EAP-TTLS.EAP-GPSK.EAP-IKEv2.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 10 / 42
EAP ExchangesExtensible Authentication Protocol
Figure: EAP Protocol Exchange [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 11 / 42
EAP MessagesExtensible Authentication Protocol
Figure: EAP Message Flow [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 12 / 42
IEEE 802.1x
Figure: IEEE 802.1x operation [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 13 / 42
IEEE 802.1x EAPOL Message typesIEEE 802.1x
EAPOL-EAP – Encapsulated EAP packet.EAPOL-Start – Initiates the start of EAP authentication process.EAPOL-Logoff – Closes the EAP session.EAPOL-Key – Exchange key information.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 14 / 42
IEEE 802.1x EAPOL Message typesIEEE 802.1x
EAPOL-EAP – Encapsulated EAP packet.EAPOL-Start – Initiates the start of EAP authentication process.EAPOL-Logoff – Closes the EAP session.EAPOL-Key – Exchange key information.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 14 / 42
IEEE 802.1x EAPOL Message typesIEEE 802.1x
EAPOL-EAP – Encapsulated EAP packet.EAPOL-Start – Initiates the start of EAP authentication process.EAPOL-Logoff – Closes the EAP session.EAPOL-Key – Exchange key information.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 14 / 42
IEEE 802.1x EAPOL Message typesIEEE 802.1x
EAPOL-EAP – Encapsulated EAP packet.EAPOL-Start – Initiates the start of EAP authentication process.EAPOL-Logoff – Closes the EAP session.EAPOL-Key – Exchange key information.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 14 / 42
Overview
1 Network Access Control (NAC) and IEEE 802.1XNetwork Access ControlExtensible Authentication ProtocolIEEE 802.1x
2 Wireless Network SecurityWireless Security
3 802.11 Wireless Overview802.11 - Wireless LANWireless LAN Security
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 15 / 42
Wireless Security
Wireless Network Security
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 16 / 42
Security issuesWireless Security
Why wireless network are more susceptible to attacks.Broadcast communication allows eavesdropping.Jamming trafficMobile devicesImplemented on a variety of devices with limited memory andcomputational resources.Easy to access.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 17 / 42
Security issuesWireless Security
Why wireless network are more susceptible to attacks.Broadcast communication allows eavesdropping.Jamming trafficMobile devicesImplemented on a variety of devices with limited memory andcomputational resources.Easy to access.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 17 / 42
Security issuesWireless Security
Why wireless network are more susceptible to attacks.Broadcast communication allows eavesdropping.Jamming trafficMobile devicesImplemented on a variety of devices with limited memory andcomputational resources.Easy to access.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 17 / 42
Security issuesWireless Security
Why wireless network are more susceptible to attacks.Broadcast communication allows eavesdropping.Jamming trafficMobile devicesImplemented on a variety of devices with limited memory andcomputational resources.Easy to access.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 17 / 42
Security issuesWireless Security
Why wireless network are more susceptible to attacks.Broadcast communication allows eavesdropping.Jamming trafficMobile devicesImplemented on a variety of devices with limited memory andcomputational resources.Easy to access.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 17 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
Wireless Network ThreatsWireless Security
ThreatsAccidental AssociationMalicious AssociationAd hoc NetworksNontraditional NetworksMAC SpoofingMan-in-the-middle attacksDoSNetwork Injection
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 18 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
CountermeasureWireless Security
Signal-hiding techniquesI Hide SSID (Security by obscurity)I Reducing Signal Strength
Encryption (Confidentiality)AuthenticationMAC (Integrity)IEEE 802.1x
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 19 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Mobile device SecurityWireless Security
Lack of physical ControlUse of untrusted mobile devicesUse of untrusted networkUse of applications created by unknown partiesInteraction with other systemsUse of untrusted contentUse of location services
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 20 / 42
Overview
1 Network Access Control (NAC) and IEEE 802.1XNetwork Access ControlExtensible Authentication ProtocolIEEE 802.1x
2 Wireless Network SecurityWireless Security
3 802.11 Wireless Overview802.11 - Wireless LANWireless LAN Security
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 21 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
802.11 - Wireless LAN
IEEE 802 work group.I Develops standards for LAN.I 802.11 was formed 1990
Wi-Fi AllianceI Wireless Ethernet Compatibility Alliance (WECA)I Certifies compatibility between Wi-Fi vendors.I 802.11a,b,g,n,ac,adI Creates security standards as well.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 22 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
Terminology802.11 - Wireless LAN
Access pointBasic Service SetExtended Service SetDistribution SystemProtocol Data UnitService Data Unit
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 23 / 42
IEEE 802.11 protocol stack802.11 - Wireless LAN
Figure: 802.11 protocol stack [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 24 / 42
IEEE 802.11 Architectural Model802.11 - Wireless LAN
Figure: 802.11 Architectural Model [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 25 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
802.11 services802.11 - Wireless LAN
Table: IEEE 802.11 Services [1]
Service Provider Used to support
Association Distribution system MSDU deliveryReassociation Distribution system MSDU deliveryAuthentication Station LAN access and SecurityDeauthentication Station LAN access and SecurityPrivacy Station LAN access and SecurityDisassociation Distribution system MSDU deliveryDistribution Distribution system MSDU deliveryIntegration Distribution system MSDU deliveryMSDU delivery Station MSDU delivery
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 26 / 42
Security Comparison – Wired vs. WirelessWireless LAN Security
Wireless LANAny station within then range of a wireless AP can transmit and receivedata on the LAN.
Wired LANOnly devices with a physical connection to the network can send andreceive data on the LAN.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 27 / 42
Security Comparison – Wired vs. WirelessWireless LAN Security
Wireless LANAny station within then range of a wireless AP can transmit and receivedata on the LAN.
Wired LANOnly devices with a physical connection to the network can send andreceive data on the LAN.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 27 / 42
IEEE 802.11iWireless LAN Security
Wired Equivalent Privacy (WEP)Wi-Fi Protected Access (WPA)
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 28 / 42
IEEE 802.11iWireless LAN Security
Wired Equivalent Privacy (WEP)Wi-Fi Protected Access (WPA)
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 28 / 42
WEPWireless LAN Security
Use RC4 stream cipher.128 bit random number used as a challange.64 bit (40 bit user generated) or 128 bit (104 bit user generated) keysizes.24 bit initialization vector
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 29 / 42
WEPWireless LAN Security
Use RC4 stream cipher.128 bit random number used as a challange.64 bit (40 bit user generated) or 128 bit (104 bit user generated) keysizes.24 bit initialization vector
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 29 / 42
WEPWireless LAN Security
Use RC4 stream cipher.128 bit random number used as a challange.64 bit (40 bit user generated) or 128 bit (104 bit user generated) keysizes.24 bit initialization vector
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 29 / 42
WEPWireless LAN Security
Use RC4 stream cipher.128 bit random number used as a challange.64 bit (40 bit user generated) or 128 bit (104 bit user generated) keysizes.24 bit initialization vector
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 29 / 42
WEP Encryption processWireless LAN Security
Figure: WEP encryption process
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 30 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
Wi-Fi Protected Access (WPA)Wireless LAN Security
Replace WEP802.11i - Robust Security NetworkRSN services
I AuthenticationI Access ControlI Privacy with message integrity
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 31 / 42
WPAWireless LAN Security
Figure: Elements of 802.11i [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 32 / 42
WPAWireless LAN Security
Figure: 802.11i Phases of operation [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 33 / 42
802.11i - Discovery/Authentication phaseWireless LAN Security
Figure: Discovery, authentication and association [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 34 / 42
802.11i - Key HierarchiesWireless LAN Security
Figure: Key Hierarchies [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 35 / 42
Keys used in Wi-Fi Protected AccessWireless LAN Security
Pairwise KeysI Used for communication between a pair of devices.
Pre-Shared KeyI A secret key installed outside the scope of 802.11i
Master Session KeyI Master key generated using IEEE 802.1x EAPOL
Pairwise Master KeyI Derived from MSK or PSK
Pairwise Transient KeyI Consists of three keys:I Key Confirmation Key (KCK)I Key Encryption Key (KEK)I Temporal Key (TK)
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 36 / 42
Group KeysWireless LAN Security
Used for multicast communicationTwo keys are used
I Group Master Key - Used to generate Group Temporal KeyI Group Temporal Key - Used to encrypt the MPDUsI Changed every time a devices leaves the group.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 37 / 42
IEEE 802.11i Four-way HandshakeWireless LAN Security
Figure: Four-way handshake and Group Key Handshake [1]
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 38 / 42
Protected Data TransferWireless LAN Security
TKIP (Temporal Key Integrity Protocol)I Software backward compatible with WEP devicesI Message integrity using a MAC (Michael)I Encrypts data using RC4.
CCMP (Counter Mode-CBC MAC Protocol)I Use CBC-MAC for message integrityI Encrypts data using AES-CTR.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 39 / 42
IEEE 802.11i PRFWireless LAN Security
Used for amongst other things generating nonces.Built on the HMAC-SHA1 hash algorithm.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 40 / 42
IEEE 802.11i PRFWireless LAN Security
Figure: IEEE 802.11i PRF [1]Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 41 / 42
Referenser
[1] William Stallings. Network security essentials : applications andstandards. 5th ed. International Edition. Pearson Education, 2013.ISBN: 978-0-273-79336-6.
Lennart Franked (MIUN IST) Network Access Control and Wireless December 4, 2014 42 / 42