wireless data network security dr. n. usha rani, vp, development nmsworks software pvt. ltd. 2 aug,...
TRANSCRIPT
![Page 1: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/1.jpg)
Wireless Data Network Security
Dr. N. Usha Rani,VP, Development
NMSWorks Software Pvt. Ltd.2 Aug, 2007
![Page 2: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/2.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 3: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/3.jpg)
Wireless Technologies for Data Networks
• Communications industry driven by largely by services
• Convenience inherent in wireless technology has seen the growth of– WLAN – Data services– Cellular – Predominantly voice service with data
service provided as add-on– WiMax – Data/voice services for wide area
![Page 4: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/4.jpg)
User Expectations
• Eliminate physical and logical barriers– Eliminate house wiring– Eliminate tethering to outlets (access from
anywhere)– High speed
• Mobility– Anytime Anywhere Service
• Low cost communication– Affordable telephone, TV, PC, and appliances– Enable new applications
![Page 5: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/5.jpg)
Challenges to growth of wireless
• Power• Bandwidth• Range• Reliability• QoS• Management• Interoperability • Economics• Security
![Page 6: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/6.jpg)
Well known vulnerabilities
• “War (Wide Area Roaming) driving” and listening in on a WLAN connection – Access to a WLAN network is inherently
much easier than to a fixed network– Motorists, pedestrians access private
WLANS– Open source attack software (eg.,
NetStumbler)
• Denial of service attacks due to jamming
![Page 7: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/7.jpg)
Security Attack Example
![Page 8: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/8.jpg)
Some reasons
• Flaws in the standard design itself– Eavesdropping because rogue Access Points
are easily installed– Security specifications in the standard are
usually optional and can be turned off– Flaws in the security protocol
• Weakness in the cryptography used in the standard
![Page 9: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/9.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 10: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/10.jpg)
WLAN Uses
• Key drivers are mobility and accessibility
• Easily change work locations in the office
• Internet access at airports, cafes, conferences, etc.
![Page 11: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/11.jpg)
Source: LBL
![Page 12: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/12.jpg)
Enterprise WLAN
InternetInternetLayer 2/3Switch
802.11802.3
IP
• Layer 2/3 switch is traditional Ethernet hub• AP (Access Point) performs security functions
AP
User
![Page 13: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/13.jpg)
802.11 sublayers
PHY
MAC
Higher layers
802.11a802.11b802.11g
802.11d802.11e802.11h802.11i
802.11c802.11f
![Page 14: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/14.jpg)
IEEE 802.11 Standards
802.11a 54 Mbps data rate 5 GHz
802.11b 11 Mbps data rate at 2.4 GHz
802.11e Addresses QoS issues
802.11f Addresses multi-vendor AP interoperability
802.11g Higher data rate extension to 54 Mbps in the 2.4 GHz
802.11h Dynamic frequency selection and transmit power control for operation of 5 GHz products
802.11i Addresses security issues
802.11j Addresses channelization in Japan’s 4.9 GHz band
802.11k Manages medium and network resources more efficiently
![Page 15: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/15.jpg)
Standard
Frequency
Mechanism
Max Data Rate
Notes
802.11 2.4 GHz FHSS/DSSS
2 Mbps First std., limited rate
802.11a 5 GHz OFDM 54 Mbps Shortest range, more non-overlapping chls
802.11b 2.4 GHz DSSS 11 Mbps Widely used, low speeds
802.11g 2.4 GHz OFDM 54 Mbps Higher rates, higher range at 2.4 GHz
PHY Characteristics
![Page 16: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/16.jpg)
Physical layer
• OFDM (Orthogonal Frequency Division Multiplexing)
• DSSS (Direct Sequence Spread Spectrum)
• FHSS (Frequency Hopping Spread Spectrum)
• Multiple channels each 20 MHz • Uses unlicensed frequency bands
![Page 17: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/17.jpg)
Distance & Speed
• NLOS range – About 70 to 100 m depending on the PHY• LOS range with directional antennas
– Can be 10s of kms
![Page 18: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/18.jpg)
MAC
• MAC similar to 802.3 Ethernet and 802.2 LLC• 802.3 – CSMA-CD, 802.11 – CSMA-CA• CSMA/CD
– Before transmit, listen for activity on the network– If medium busy, wait to transmit– On medium clear, start transmitting– During transmission, monitor for collision– If collision detected
• Abort• Wait for random time (backoff increases exponentially
with number of collisions)• Retransmit
![Page 19: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/19.jpg)
CSMA/CA
• In wireless, can not transmit and receive at the same time – Instead of CD, on medium idle delay a
random amount of time (random backoff), then transmit
– To take care of wireless errors and collisions, receiver sends immediate ACK
![Page 20: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/20.jpg)
CSMA/CA
![Page 21: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/21.jpg)
Architecture
STA1STA2
STA3
STA1 STA2 STA1 STA2
AP APBSS BSS
IBSS
STA – Wireless clientCell – Coverage provided by APBSS – Stations + APIBSS – Stations operate in ad-hoc modeESS – Collection of cells in an infrastructure network
STA – StationBSS – Basic Svc SetIBSS – Independent BSSESS – Extended Svc Set
![Page 22: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/22.jpg)
Operation of WiFi
• Access point links a wireless network to a wired network (via LAN, ADSL or WAN interface)
• Stations or clients are laptops, desktops or wireless handheld device with wireless NIC
• An AP has a “network name” or Service Set Identifier (SSID)
• AP periodically broadcasts SSID to advertise itself
• A client having the same SSID can connect to the network
![Page 23: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/23.jpg)
Adhoc Mesh between villages
20 m
5 m
10 m
• Terrain and trees => tower in each village• Cost of tower >> cost of WiFi
5 m
![Page 24: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/24.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 25: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/25.jpg)
WiMax - Introduction
• Ever increasing demand for broadband wireless access to compete with DSL, cable etc.
• Provides fixed, nomadic and mobile wireless broadband access with non-LOS
• High capacity (upto 96 Mbps) and high range (upto 3 kms NLOS)
![Page 26: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/26.jpg)
WiMax - Applications
• Provide backhaul for proliferating WiFi hotspots and aggregating traffic to high speed internet backbone
• Provide telephone access in hard to reach rural areas and cellular backhaul
• Support nomadic and mobile subscribers
![Page 27: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/27.jpg)
Capability and Reach
• Simultaneous support for hundreds of SMEs with E1 connectivity and thousands of homes/SOHOs with DSL connectivity
• Potential of low cost and flexibility• Scalable solution to meet increasing
bandwidth demands• Cost effective answer to requirements
ranging from– high end requirements such as triple play– Rural communities and businesses, for basic
broadband Internet access
![Page 28: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/28.jpg)
What is WiMax?
• Worldwide Interoperability for Microwave Access
• Based on technology standard defined by IEEE (802.16) for broadband wireless access for MANs
• Non-profit industry body to promote the technology and ensure interoperability between different vendor products
![Page 29: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/29.jpg)
WiMax Components
• Base station (BS) connected to public networks
• Subscriber station (SS) typically serves a building – office or residence
• BS serves several SSes with different QoS priorities etc. simultaneously
![Page 30: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/30.jpg)
Architecture
![Page 31: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/31.jpg)
802.16 standard
• Original standard based on DOCSIS/HFC in wireless domain
802.16- 2001
802.16a - 2003
802.16d- 2004
802.16e - 2005
802.16c - 2002
• Original fixed wireless broadband, • 10 – 66 GHz• LOS only• PMP applications
802.16 AmendmentWiMAX System Profiles
10 - 66 GHz
• Extension for 2-11 GHz: • non-line-of-sight• PMP applications
• Adds WiMAX System Profiles • Errata for 2-11 GHz
• Enhancements to support mobility
![Page 32: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/32.jpg)
Channel characteristics• 10-66 GHz (millimetre microwave)
– Very weak multipath components (LOS is required)
– Rain attenuation is a major issue– Single-carrier PHY
• 2-11 GHz (centimetre microwave)– Multipath– NLOS– Single and multi-carrier PHYs
![Page 33: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/33.jpg)
Physical layer characteristics
• Flexible Channel Sizes (1.75 MHz -- 20 MHz)
• Designed to support smart antenna systems – useful in reducing interference and increasing system gain
• Adaptive coding – QPSK, 16-QAM, 64-QAM for higher data rates depending on signal quality
• Data rate depends on channel size and coding
![Page 34: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/34.jpg)
Licensed License-Exempt
Better QoS Fast Rollout
Better NLOS reception at lower frequencies
Lower Costs
Higher barriers for entrance
More worldwide options
Licensed vs Unlicensed spectrum
![Page 35: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/35.jpg)
MAC layer• Supports challenging service delivery
environment– Efficient use of bandwidth– High bandwidth, 100s of users per channel– Continuous and bursty traffic
• Protocol independent (IP, ATM, Ethernet…)• Multiple PHYs• Security
![Page 36: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/36.jpg)
MAC layer• Supports Point-To-Multipoint (PMP) and
Mesh (PP) topologies– PMP: Traffic flows between Base Station (BS)
and Subscriber Stations (SS)– Uplink connection from SS to BS– Downlink from BS to numerous SS’es– Mesh
• TDM/TDMA with scheduling of transmissions by BS
• Connection-oriented – a Connection Id (CID) assigned to each connection
• Supports QoS
![Page 37: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/37.jpg)
WiMAX Operation
![Page 38: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/38.jpg)
Feature 802.16a 802.11b 802.11 a/g
Application BWA Wireless LAN
Wireless LAN
Frequency band
2-11 GHz, licensed and unlicensed
2.4 Ghz unlicensed
2.4 GHz(g) 5 GHz (a) unlicensed
Channel bandwidth
1.25 to 20 MHz
20 MHz 20 MHz
Bw efficiency
~4.0 bps/Hz ~.44 bps/Hz ~2.7 bps/Hz
FEC Reed Solomon
None Convolutional code
Mobility 802.16e In development
In development
Mesh Yes Proprietary Proprietary
Encryption Mandatory Optional Optional
![Page 39: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/39.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 40: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/40.jpg)
The need for security
• Prior to this “computer era”, information felt to be valuable was protected by physical
and administrative means
![Page 41: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/41.jpg)
Acknowledged and known surveillance systems
• Carnivore is a network traffic interceptor • Is deployed at ISPs• The traffic of interest can be filtered out
from the mainstream traffic • Magic lantern is a key stroke logger• FBI motto:
In God we trust, the rest we monitor…….
![Page 42: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/42.jpg)
Hacking no longer esoteric
• Hackers develop tools that are freely available, accessible and easy to use
• Anyone with browser access can download them from common sites like rootshell.com, securityfocus.com, insecure.org
![Page 43: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/43.jpg)
Goals of security
• Provide confidentiality of sensitive information – only intended persons can see the information
• Authenticate legitimate entities – make sure they are who they claim to be• Provide access control - prevent
unauthorized entry to information systems
![Page 44: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/44.jpg)
Goals of security
• Enforce non-repudiation of transactions – an entity cannot later disavow a transaction
• Ensure availability of systems and services to legitimate users
![Page 45: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/45.jpg)
A classification of attacks
• Most security attacks can be classified into one of the following generic types– Interruption– Interception– Modification– Fabrication
![Page 46: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/46.jpg)
Electronic security services and mechanisms
• Most mechanisms that provide the services of confidentiality, integrity, authentication, access control and non-repudiation are cryptography based
• Ensuring availability is difficult• Availability of systems and services
requires other mechanisms as well
![Page 47: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/47.jpg)
Technologies to implement electronic
security services
• Identification, authentication: passwords, biometrics, cryptography based techniques
• Confidentiality: Cryptography• Access control: ACLs, Access control
matrices, cryptography based techniques, firewalls
• Integrity: Checksums, hash functions• Non-repudiation: Cryptography based
techniques
![Page 48: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/48.jpg)
Ensuring availability
• Provision for alternate network paths• Provision for redundancy of critical servers and services
• Computing power• Storage
• Provision for redundancy of data and within data
![Page 49: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/49.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 50: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/50.jpg)
Security attacks in WLANs
• Physical layer– Jamming
• MAC layer attacks• Security protocol design weaknesses• We shall consider mainly protocol
design weaknesses
![Page 51: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/51.jpg)
Possible DoS attacks
• DOS attack on CSMA– Send small packets rapidly so that
legitimate users feel carrier is not available– Similar virtual sense carrier attack possible
• Deauthentication/Disassociation attack– Rogue AP can sit between AP and clients
and send de-authentication/disassociation messages
![Page 52: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/52.jpg)
Wired Equivalent Privacy
• 802.11 specifies Wired Equivalent Privacy• Aims at providing
– Confidentiality• Uses RC4 (standard specifies 64 bit key)
– Access control– Integrity of data – Authentication
• Challenge-Response using same encryption primitive
• Unfortunately, as we shall see, none of the aims were achieved!
![Page 53: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/53.jpg)
Wired Equivalent Privacy
• Standard finalized in 1999• Soon after, in the year 2001 there were 3 major
papers that demonstrated great weaknesses in WEP
1. Intercepting Mobile Communications: The Insecurity of 802.11(Borisov, Goldberg, and Wagner 2001) (Berkeley paper)
2. Your 802.11 Wireless Network Has No Clothes(Arbaugh, Shankar, and Wan 2001) (Maryland paper)
3. Weaknesses in the Key Scheduling Algorithm of RC4(Fluhrer, Mantin, and Shamir 2001) (FMS attack)
![Page 54: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/54.jpg)
Wired Equivalent Privacy
• The Berkeley paper shows that even without the secret key, WEP security goals can be compromised– Discussed in detail in this presentation
• The Maryland paper mainly concentrates on weaknesses in 802.11 itself
• FMS is a devastating attack to recover the RC4 key itself from a knowledge of ciphertext and IV
• Implies that WEP is useless for secure use
![Page 55: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/55.jpg)
Header Payload ICVPayload
802.11 Frame
WEP
ICV computed – 32-bit CRC of payload RC4, a stream cipher is applied on this
payload This is a well-known cipher, and the
designers were wise to choose it
CRC
32
ICV = Integrity Check Value
![Page 56: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/56.jpg)
Concat
IV
Key
SeedRC4
Key stream
CRCPlaintext
Concat
ICV
Ciphertext
IV
WEP frame
IV – Initialization Vector, one per packetKey – Shared secret keyICV – Integrity check value
WEP encryption
![Page 57: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/57.jpg)
Concat
IV
Key
SeedRC4
Key stream
Plaintext
IV
IV – Initialization Vector, one per packetKey – Shared secret keyICV – Integrity check value
Ciphertext
ICV
CRCPlaintextICV’
If ICV’ = ICV, integritypreserved
WEP decryption
![Page 58: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/58.jpg)
Stream ciphers – some pitfalls• C = P KS• Key streams must never be reused
– C1 C2 = (P1 KS) (P2 KS) = P1 P2• => if a part of one plaintext is known, corresponding part of
the other can be obtained
• Forgery is easy – Bit flip attack– If P2 = P1 X– Then C2 = C1 X
• WEP solution to above– ICV – Prevents forgery
• Checksum on the data prevents bit flipping– IV – Prevents key reuse
• Each packet a new key that starts a new stream is used
![Page 59: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/59.jpg)
Points to ponder• The keystream for WEP is RC4(IV,K), which depends
only on IV and K– k is a fixed shared secret - every user in WLAN shares the
same k
• So the keystream depends only on IV– If two packets ever get transmitted with the same value of IV
means keystream reuse
• Since IV gets transmitted in the clear for each packet, the adversary can even easily tell when a value of IV is reused (a "collision").
• At most 2^24, or about 16 million possible values of IV• After 16 million packets, you have to repeat one!
![Page 60: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/60.jpg)
In practice
• Many 802.11 cards reset their IV counter to 0 every time they were activated, and incremented by 1 for each packet transmitted
• This means that low IV values get reused at the beginning of every wireless session
• IV collisions possible between packets sent by different people!
![Page 61: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/61.jpg)
Dictionary attack• Suppose the adversary knows both the
ciphertext and the plaintext for some packets encrypted with a given IV v
• Reveals the keystream RC4(k,v) by XORing the plaintext and the ciphertext
• Keystream can be stored in a table, indexed by IV
• The next time a packet with an IV stored in the table is seen, just look up the keystream, XOR it against the packet, and read the data!
• Vulnerability to attack independent of key size
![Page 62: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/62.jpg)
Weaknesses in data integrity check
• CRC is a poor choice– Used to detect random errors; they are useless
against malicious errors.
• CRC-32 has two main properties of importance here:– It is independent of the shared secret and the IV– It is linear: crc(M XOR D) = crc(M) XOR crc(D)
• Can be exploited to modify/inject messages undetected
![Page 63: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/63.jpg)
WEP Authentication• The goal is for the AP to verify that a client joining
the network really knows the shared secret key k• The AP sends a challenge string to the client• The client sends back the challenge, WEP-
encrypted with the shared secret k• The base station checks if the challenge is
correctly encrypted, and if so, accepts the client=> the adversary has now just seen both the
plaintext and the ciphertext of this challenge!• This is enough not only to inject packets (as in
the previous attack), but to execute the authentication protocol
![Page 64: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/64.jpg)
Shortcomings of WEP
• Encryption wasn’t being used properly.• There was no means to prevent message forgeries• Encryption keys were reused, allowing others to
read data without knowing the encryption key.• Authentication didn’t work, transmitting in the
open everything needed for an attacker to authenticate
![Page 65: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/65.jpg)
Learnings
• Designing security protocols is hard!
• Better to reuse old designs where possible– PPTP had some of the same problems as WEP– IPSec had to deal with many of the same issues
• The design process should be public and inviting review
![Page 66: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/66.jpg)
WPA
• Wi-Fi Protected Access (WPA™) was an interim standard adopted by the Wi-Fi Alliance
• WPA supports – authentication through 802.1X (known as WPA
Enterprise) or with a preshared key (known as WPA Personal)
– a new encryption algorithm known as the Temporal Key Integrity Protocol (TKIP)
– a new integrity algorithm known as Michael
![Page 67: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/67.jpg)
802.11i
• IEEE 802.11i standard formally replaces Wired Equivalent Privacy (WEP) and the other security features of the original IEEE 802.11 standard
• Two basic subsystems:– Data privacy mechanism
• TKIP (a protocol patching WEP), applies to legacy systems• AES-based protocol (long term), needs new hardware
– Security association management• RSN negotiation procedures, to establish a security context• IEEE 802.1X authentication, replacing IEEE 802.11
authentication• IEEE 802.1X key management, to provide cryptographic keys
![Page 68: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/68.jpg)
Data Privacy Summary WEP TKIP CCMP
Cipher RC4 RC4 AES Key Size 40 or 104 bits 128 bits 128 bits
encryption,64 bit auth
Key Life 24-bit IV, wrap 48-bit IV 48-bit IVPacket Key Concat. Mixing Fn Not NeededData Integrity CRC-32 Michael CCMHeader integrity None Michael CCMReplay None Use IV Use IVKey Mgmt. None EAP-based EAP-based
![Page 69: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/69.jpg)
802.11i Operational Phases
Data protection
802.1X authentication
802.1X key management RADIUS-based key distribution
Security capabilities discovery
Authentication Server
Access Point
Station
![Page 70: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/70.jpg)
Purpose of each phase Discovery
Determine promising parties with whom to communicate AP advertises network security capabilities to STAs
802.1X authentication Centralize network admission policy decisions at the AS STA determines whether it does indeed want to
communicate Mutually authenticate STA and AS Generate Master Key as a side effect of authentication Use master key to generate session keys = authorization
token
![Page 71: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/71.jpg)
Three roles- supplicant, authenticator, authentication server
802.1x authentication
![Page 72: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/72.jpg)
802_11i_states.png
Derive pairwise transient keys
Derive pairwise transient keys
![Page 73: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/73.jpg)
Key management
• 802.11i specifies a key hierarchy - different keys for different purposes– Pairwise Master Key (PMK), which is the same as
the pre-shared key or is created during authentication
– For unicast transmissions, unicast keys are defined for authentication, encryption, and integrity
• Derived from a PMK
– Group keys are used for the communication among a group of devices
• RADIUS-based key distribution– AS moves (not copies) session key (Pairwise Master Key)
to STA’s AP
![Page 74: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/74.jpg)
Data Protection: AES - CCMP• 802.11i requires support for the AES Counter Mode-
Cipher Block Chaining Message Authentication Code Protocol (CCMP)
• AES Counter Mode - block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key
• The CBC-MAC algorithm produces a message integrity code (MIC) that provides data origin authentication and data integrity for the wireless frame.
• Packet Number field in the wireless frame provides replay protection
![Page 75: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/75.jpg)
Challenges ahead
• Important to protect the control messages in a wireless network
• 802.11i keying and authentication are too slow to support real-time applications such as voice - the 802.11r task group has been created to solve this problem
• The Wi-Fi Alliance initiative to properly certify 802.11i referred to as WPA2
![Page 76: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/76.jpg)
Summary
• Not all the security features advertised in the retail boxes of the 802.11 devices are effective
• The WEP protocol has several important weaknesses
• Many vendors offer software upgrade to WPA in their 802.11 products line
• Current and future wireless network users need to use 802.11i
• Treat WLAN network as being in untrusted Internet!
![Page 77: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/77.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 78: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/78.jpg)
Threats in WiMAX • Service availability
– Rain– Jamming
• MAC layer– Sniffing– Masquerading– Content alteration– DOS attacks
• Next node in a mesh architecture is trusted
![Page 79: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/79.jpg)
Security sublayer of MAC
• The main focus of the Privacy Sublayer is on protecting service providers against theft of service
• Privacy layer only protects data at the Open System Interconnection (OSI) layer two level (not end-to-end encryption of user data)
• Both physical and higher layer security technologies would need to be integrated
![Page 80: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/80.jpg)
Authentication
• SS’es have manufacturer supplied digital certificates
• These are sent by SS to BS in Authorization Request and Authentication messages– Authorization request also contains SS’es
cryptographic capability
• If SS is authorized to join network, BS sends an Authorization Key encrypted with SS’es public key
![Page 81: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/81.jpg)
Security Associations (SA)
• SA maintains security state relevant to a connection
• Data SA type and authorization SA type• Only data SA type explicitly defined
– A 16-bit SA identifier, or SAID.– A cipher (DES, CBC) to protect the data exchanged over
the connection. – Two traffic encryption keys (TEKs) to encrypt data: the
current operational key and a TEK for when the current key expires.
– Two 2-bit key identifiers, one for each TEK.– A TEK lifetime. – A 64-bit initialization vector for each TEK. – An indication of the type of data SA. Primary SAs are
established during link initialization; static SAs are configured on the BS; and dynamic SAs
![Page 82: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/82.jpg)
Authorization SA
• An X.509 certificate identifying the SS• A 160-bit authorization key (AK). • A 4-bit quantity to identify the AK.• An AK lifetime, ranging from one to 70
days• A key encryption key (a 112-bit Triple-
DES key) for distributing TEKs• Downlink HMAC key• Uplink HMAC key• List of data SA’s
![Page 83: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/83.jpg)
Data privacy• After exchange of Authentication Key, traffic
encryption keys (TEKs) are exchanged
KEK = Truncate-128(SHA1(((AK| 044) xor 5364)
Downlink HMAC key = SHA1((AK|044) xor 3A64)
Uplink HMAC key = SHA1((AK|044) xor 5C64)
![Page 84: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/84.jpg)
Data Key Exchange
• Traffic Encryption Key (TEK)• TEK is generated by BS randomly• TEK is encrypted with one of
– Triple-DES (use 128 bits KEK)– RSA (use SS’s public key)– AES (use 128 bits KEK)
• Key Exchange message is authenticated by HMAC-SHA1 – (provides Message Integrity and AK confirmation)
![Page 85: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/85.jpg)
Replay protection
• The BS is responsible for maintaining keying information for all Sas
• BS always prepared to send an AK to an SS upon request.
• BS has two active AKs during an AK transition period - the two active keys have overlapping lifetimes.
• Responsibility of SS to initiate rekeying request
![Page 86: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/86.jpg)
TEK rekeying
• The BS maintains two sets of active TEKs per SA ID
• The two generations of TEKs have overlapping lifetimes determined by TEK Lifetime
• The newer TEK has a key sequence number one greater (modulo 4) than that of the older TEK.
• Each TEK becomes active halfway through the lifetime of its predecessor and expires halfway through the lifetime of its successor.
• It is the responsibility of the SS to update its keys in a timely fashion
![Page 87: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/87.jpg)
Key life times
![Page 88: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/88.jpg)
Some flaws
• Only one-way authentication– SS authenticates to BS– No protection against rogue BS
• Authentication key generation purely from BS side – no contribution of SS
• TEK uses 2-bit sequence number– Sequence number repeated every 4 keys!
• Increases vulnerability to replay
![Page 89: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/89.jpg)
Recommendations
• Use AES CCMP mode• Two-way authentication using EAP • Low cost re-authentication during
roaming
![Page 90: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/90.jpg)
WEP 802.11i 802.16
Authentication
Two-way,weak, shared key
Two-way, strong, shared key
One way, strong, based on public key
Crypto RC4 AES CCMP DES
Message integrity
CRC CCM HMAC
Replay None IV Periodic rekeying
Key mgmt None EAP based PKM
![Page 91: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/91.jpg)
Organization
• Introduction• WLAN technology• WiMax technology• Network security• Security issues in WLAN• Security issues in WiMax• Conclusions• References
![Page 92: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/92.jpg)
Conclusions
• Wireless - A spectrum of opportunities• WiFi
– Simple, mature, inexpensive, widely deployed– Useful for hotspots, building WLANs– Very inefficient use of frequency and bandwidth– Four security options – no security, WEP, WPA, WPA2
(802.11i) In most networks, weakest link= no security
• WiMAX– Flexible, evolving, expensive, experimental– Useful for WLANs and WMANs – Good for broadband and voice in rural areas – More efficient use of frequency and bandwidth– Security built in from the start– Expected to be inexpensive in 2-3 years
![Page 93: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/93.jpg)
Open issues
• Performance impact of security– Even lightweight WEP degrades
performance
• Architecture for strong security in heterogeneous WiFi network– use of security gateway which grants access
based on level of station’s security?
• Mutual authentication between SS and BS based on Identity based cryptography?
![Page 94: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/94.jpg)
References
• Wireless Communications and Networks (William Stallings, 2002)
• Intercepting Mobile Communications: The Insecurity of 802.11(Borisov, Goldberg, and Wagner 2001)
• Your 802.11 Wireless Network Has No Clothes (Arbaugh, Shankar, and Wan 2001)
• Weaknesses in the Key Scheduling Algorithm of RC4(Fluhrer, Mantin, and Shamir 2001)
• The IEEE 802.11b Security Problem, Part 1 (Joseph Williams,2001 IEEE)
• An IEEE 802.11 Wireless LAN Security White Paper (Jason S. King, 2001)
![Page 95: Wireless Data Network Security Dr. N. Usha Rani, VP, Development NMSWorks Software Pvt. Ltd. 2 Aug, 2007](https://reader036.vdocument.in/reader036/viewer/2022081506/56649e615503460f94b5c30f/html5/thumbnails/95.jpg)
References• IEEE Std. 802.16-2001, IEEE Standard for Local and
Metropolitan Area Networks, part 16, “Air Interface for Fixed Broadband Wireless Access Systems,” IEEE Press, 2001.
• FIPS PUB 197, Advanced Encryption Standard (AES), Nat’l Inst. of Standards and Technology, Nov. 2001, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
• L. Blunk and J. Vollbrecht, “PPP Extensible Authentication Protocol (EAP),” RFC 3748, Internet Eng. Task Force, 2004.
• D. Whiting, R. Housley, and N. Ferguson, “Counter with CBC-MAC (CCM),” RFC 3610, Internet Eng. Task Force, Sept. 2003.
• R. Housley, “Advanced Encryption Standard (AES) Key Wrap Algorithm,” RFC 3394, IETF, Sept. 2002.