Wireless Network Security
Wireless Network Security
Wireless Network Security
signal-hiding techniques
encryption
IEEE 802.1X
Various Techniques
Wireless Network Security
Techniques
IEEE 802.11 Terminology
Wireless Fidelity
(Wi-Fi) Alliance
802.11b
first 802.11 standard to gain broad industry acceptance
Distribution is the primary service used by stations to exchange MPDUs when the MPDUs must
traverse the DS to get from a station in one BSS to a station in another BSS.
For example, suppose a frame is to be sent from station 2 (STA 2) to station 7 (STA 7) in Figure
24.4 . The frame is sent from STA 2 to AP 1, which is the AP for this BSS. The AP gives the frame
to the DS, which has the job of directing the frame to the AP associated with STA 7 in the target
BSS. AP 2 receives the frame and forwards it to STA 7. How the message is transported through
the DS is beyond the scope of the IEEE 802.11 standard.
If the two stations that are communicating are within the same BSS, then the distribution service
logically goes through the single AP of that BSS.
The Integration service enables transfer of data between a station on an IEEE 802.11 LAN and a
station on an integrated IEEE 802.x LAN. The term integrated refers to a wired LAN that is physically
connected to the S and whose stations may be logically connected to an IEEE 802.11 LAN via the
integration service. The integration service takes care of any address translation and media
conversion logic required for the exchange of data.
Association-Related Services
transition types, based on mobility:
no transition
a station of this type is either stationary or moves only within
the direct communication range of the communicating stations
of a single BSS
BSS transition
station movement from one BSS to another BSS within the
same ESS; delivery of data to the station requires that the
addressing capability be able to recognize the new location of
the station
ESS transition
station movement from a BSS in one ESS to a BSS within
another ESS; maintenance of upper-layer connections
supported by 802.11 cannot be guaranteed
Services
Services
To deliver a message within a DS, the distribution service needs to know where the
destination station is located. Specifically, the DS needs to know the identity of the AP
to which the message should be delivered in order for that message to reach the
destination station. To meet this requirement, a station must maintain an association
with the AP within its current BSS. Three services relate to this requirement:
• Association: Establishes an initial association between a station and an AP. Before a
station can transmit or receive frames on a wireless LAN, its identity and address must
be known. For this purpose, a station must establish an association with an AP within a
particular BSS. The AP can then communicate this information to other APs within the
ESS to facilitate routing and delivery of addressed frames.
• Reassociation: Enables an established association to be transferred from one AP to
another, allowing a mobile station to move from one BSS to another.
• Disassociation: A notification from either a station or an AP that an existing
association is terminated. A station should give this notification before leaving an ESS
or shutting down. However, the MAC management facility protects itself against
stations that disappear without notification.
WEP Cracking
http://www.youtube.com/watch?v=77IBk-wUAVg
Wireless LAN Security
1. 2wireless stations in the same BSS communicating via the access point for that BSS.
2. 2 wireless stations (STAs) in same ad hoc IBSS communicating directly with each other.
4. A wireless station communicating with an end station on a wired network via its AP and the DS.
IEEE 802.11i security is concerned only with secure communication between the STA and its AP. In
case 1 in the preceding list, secure communication is assured if each STA establishes secure
communications with the AP. Case 2 is similar, with the AP functionality residing in the STA. For
case 3, security is not provided across the distribution system at the level of IEEE 802.11, but only
within each BSS. End-to-end security (if required) must be provided at a higher layer. Similarly, in
case 4, security is only provided between the STA and its AP.
IEEE 802.11i Phases of Operation
With these considerations in mind, Figure 24.6 depicts the five phases of operation for an RSN and maps them to the network
components involved. One new component is the authentication server (AS). The rectangles indicate the exchange of sequences
of MPDUs. The five phases are defined as follows:
• Discovery: An AP uses messages called Beacons and Probe Responses to advertise its IEEE 802.11i security policy. The STA uses
these to identify an AP for a WLAN with which it wishes to communicate. The STA associates with the AP, which it uses to select
the cipher suite and authentication mechanism when the Beacons and Probe Responses present a choice.
• Authentication: During this phase, the STA and AS prove their identities to each other. The AP blocks non-authentication traffic
between the STA &AS until the authentication transaction is successful. The AP does not participate in the authentication
transaction other than forwarding traffic between the STA and AS.
• Protected data transfer: Frames are exchanged between the STA and the end station through the AP. As denoted by the
shading and the encryption module icon, secure data transfer occurs between the STA and the AP only; security is not provided
end-to-end.
• Connection termination: The AP and STA exchange frames. During this phase, the secure connection is torn down and the
connection is restored to the original state.
IEEE 802.11i Phases of Operation
802.1X Access Control
MPDU Exchange
provides two
services:
Pseudorandom Function
Above illustrates the function PRF( K , A , B , Len ). The parameter K serves as the key input to HMAC.
The message input consists of four items concatenated together: the parameter A , a byte with value 0,
the parameter B , and a counter i . The counter is initialized to 0. The HMAC algorithm is run once,
producing a 160-bit hash value. If more bits are required, HMAC is run again with the same inputs,
except that i is incremented each time until the necessary number of bits is generated.
Can you crack WPA/WPA2?
http://www.youtube.com/watch?v=3P8l-PsvYak
• http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Question