28-03-2011, 10:59 AM
[attachment=11135]
Wi-Fi Technology
Introduction
• Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode.
• Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs).
• Wi-Fi Network connect computers to each other, to the internet and to the wired network.
The Wi-Fi Technology
Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed:
• IEEE 802.11b
• IEEE 802.11a
• IEEE 802.11g
IEEE 802.11b
• Appear in late 1999
• Operates at 2.4GHz radio spectrum
• 11 Mbps (theoretical speed) - within 30 m Range
• 4-6 Mbps (actual speed)
• 100 -150 feet range
• Most popular, Least Expensive
• Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.
IEEE 802.11a
• Introduced in 2001
• Operates at 5 GHz (less popular)
• 54 Mbps (theoretical speed)
• 15-20 Mbps (Actual speed)
• 50-75 feet range
• More expensive
• Not compatible with 802.11b
IEEE 802.11g
• Introduced in 2003
• Combine the feature of both standards (a,b)
• 100-150 feet range
• 54 Mbps Speed
• 2.4 GHz radio frequencies
• Compatible with ‘b’
802.11 Physical Layer
There are three sublayers in physical layer:
• Direct Sequence Spread Spectrum (DSSS)
• Frequency Hoping Spread Spectrum (FHSS)
• Diffused Infrared (DFIR) - Wide angle
DSSS
• Direct sequence signaling technique divides the 2.4 GHz band into 11 22-MHz channels. Adjacent channels overlap one another partially, with three of the 11 being completely non-overlapping. Data is sent across one of these 22 MHz channels without hopping to other channels.
IEEE 802.11 Data Link Layer
The data page link layer consists of two sublayers :
• Logical Link Control (LLC)
• Media Access Control (MAC).
802.11 ses the same 802.2 LLC and 48-bit addressing as other 802 LANs, allowing for very simple bridging from wireless to IEEE wired networks, but the MAC is unique to WLANs.
802.11 Media Access Control
• Carrier Sense Medium Access with collision avoidance protocol (CSMA/CA)
• Listen before talking
• Avoid collision by explicit Acknowledgement (ACK)
• Problem: additional overhead of ACK packets, so slow performance
• Request to Send/Clear to Send (RTS/CTS) protocol
• Solution for “hidden node” problem
• Problem: Adds additional overhead by temporarily reserving the medium, so used for large size packets only retransmission would be expensive
• Power Management
• MAC supports power conservation to extend the battery life of portable devices
• Power utilization modes
• Continuous Aware Mode
• Radio is always on and drawing power
• Power Save Polling Mode
• Radio is “dozing” with access point queuing any data for it
• The client radio will wake up periodically in time to receive regular beacon signals from the access point.
• The beacon includes information regarding which stations have traffic waiting for them
• The client awake on beacon notification and receive its data
• Fragmentation
• CRC checksum
• Each pkt has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit
• Association & Roaming
Elements of a WI-FI Network
• Access Point (AP) - The AP is a wireless LAN transceiver or “base station” that can connect one or many wireless devices simultaneously to the Internet.
• Wi-Fi cards - They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)
• Safeguards - Firewalls and anti-virus software protect networks from uninvited users and keep information secure.
How a Wi-Fi Network Works
• Basic concept is same as Walkie talkies.
• A Wi-Fi hotspot is created by installing an access point to an internet connection.
• An access point acts as a base station.
• When Wi-Fi enabled device encounters a hotspot the device can then connect to that network wirelessly.
• A single access point can support up to 30 users and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors.
• Many access points can be connected to each other via Ethernet cables to create a single large network.
Wi-Fi Network Topologies
• AP-based topology (Infrastructure Mode)
• Peer-to-peer topology (Ad-hoc Mode)
• Point-to-multipoint bridge topology
AP-based topology
• The client communicate through Access Point.
• BSA-RF coverage provided by an AP.
• ESA-It consists of 2 or more BSA.
• ESA cell includes 10-15% overlap to allow roaming.
Peer-to-peer topology
• AP is not required.
• Client devices within a cell can communicate directly with each other.
• It is useful for setting up of a wireless network quickly and easily.
Point-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions.
Wi-Fi Configurations
Wi-Fi Applications
• Home
• Small Businesses or SOHO
• Large Corporations & Campuses
• Health Care
• Wireless ISP (WISP)
• Travellers
Wi-Fi Security Threats
• Wireless technology doesn’t remove any old security issues, but introduces new ones
• Eavesdropping
• Man-in-the-middle attacks
• Denial of Service
Eavesdropping
• Easy to perform, almost impossible to detect
• By default, everything is transmitted in clear text
• Usernames, passwords, content ...
• No security offered by the transmission medium
• Different tools available on the internet
• Network sniffers, protocol analysers . . .
• Password collectors
• With the right equipment, it’s possible to eavesdrop traffic from few kilometers away
MITM Attack
1. Attacker spoofes a disassociate message from the victim
2. The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address
3. The attacker connects to the real AP using victim’s MAC address
Denial of Service
• Attack on transmission frequecy used
• Frequency jamming
• Not very technical, but works
• Attack on MAC layer
• Spoofed deauthentication / disassociation messages
• can target one specific user
• Attacks on higher layer protocol (TCP/IP protocol)
• SYN Flooding
Wi-Fi Security
The requirements for Wi-Fi network security can be broken down into two primary components:
• Authentication
User Authentication
Server Authentication
• Privacy
Authentication
• Keeping unauthorized users off the network
• User Authentication
• Authentication Server is used
• Username and password
• Risk:
• Data (username & password) send before secure channel established
• Prone to passive eavesdropping by attacker
• Solution
• Establishing a encrypted channel before sending username and password
• Server Authentication
• Digital Certificate is used
• Validation of digital certificate occurs automatically within client software
Wi-Fi Security Techniques
• Service Set Identifier (SSID)
• Wired Equivalent Privacy (WEP)
• 802.1X Access Control
• Wireless Protected Access (WPA)
• IEEE 802.11i
Service Set Identifier (SSID)
• SSID is used to identify an 802.11 network
• It can be pre-configured or advertised in beacon broadcast
• It is transmitted in clear text
• Provide very little security
Wired Equivalent Privacy (WEP)
• Provide same level of security as by wired network
• Original security solution offered by the IEEE 802.11 standard
• Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV)
• key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV
• 32 bit ICV (Integrity check value)
• No. of bits in keyschedule is equal to sum of length of the plaintext and ICV
• 64 bit preshared key-WEP
• 128 bit preshared key-WEP2
• Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid
• Security Issue with WEP
• Short IV
• Static key
• Offers very little security at all
802.1x Access Control
• Designed as a general purpose network access control mechanism
• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet)
• Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not
• AP forces the user into an unauthorized state
• user send an EAP start message
• AP return an EAP message requesting the user’s identity
• Identity send by user is then forwared to the authentication server by AP
• Authentication server authenticate user and return an accept or reject message back to the AP
• If accept message is return, the AP changes the client’s state to authorized and normal traffic flows
• 802.1x Access Control
Wireless Protected Access (WPA)
• WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system.
• User Authentication
• 802.1x
• EAP
• TKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)
• 48 bit IV
• per packet key mixing function
• Fixes all issues found from WEP
• Uses Message Integrity Code (MIC) Michael
• Ensures data integrity
• Old hardware should be upgradeable to WPA
• WPA comes in two flavors
• WPA-PSK
• use pre-shared key
• For SOHO environments
• Single master key used for all users
• WPA Enterprise
• For large organisation
• Most secure method
• Unique keys for each user
• Separate username & password for each user
WPA and Security Threats
• Data is encrypted
• Protection against eavesdropping and man-in-the-middle attacks
• Denial of Service
• Attack based on fake massages can not be used.
• As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute
• Only two packets a minute enough to completely stop a wireless network
802.11i
• Provides standard for WLAN security
• Authentication
• 802.1x
• Data encryption
• AES protocol is used
• Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP.
• Will require new hardware
Advantages
• Mobility
• Ease of Installation
• Flexibility
• Cost
• Reliability
• Security
• Use unlicensed part of the radio spectrum
• Roaming
• Speed
Limitations
• Interference
• Degradation in performance
• High power consumption
• Limited range
Wi-Fi Technology
Introduction
• Wireless Technology is an alternative to Wired Technology, which is commonly used, for connecting devices in wireless mode.
• Wi-Fi (Wireless Fidelity) is a generic term that refers to the IEEE 802.11 communications standard for Wireless Local Area Networks (WLANs).
• Wi-Fi Network connect computers to each other, to the internet and to the wired network.
The Wi-Fi Technology
Wi-Fi Networks use Radio Technologies to transmit & receive data at high speed:
• IEEE 802.11b
• IEEE 802.11a
• IEEE 802.11g
IEEE 802.11b
• Appear in late 1999
• Operates at 2.4GHz radio spectrum
• 11 Mbps (theoretical speed) - within 30 m Range
• 4-6 Mbps (actual speed)
• 100 -150 feet range
• Most popular, Least Expensive
• Interference from mobile phones and Bluetooth devices which can reduce the transmission speed.
IEEE 802.11a
• Introduced in 2001
• Operates at 5 GHz (less popular)
• 54 Mbps (theoretical speed)
• 15-20 Mbps (Actual speed)
• 50-75 feet range
• More expensive
• Not compatible with 802.11b
IEEE 802.11g
• Introduced in 2003
• Combine the feature of both standards (a,b)
• 100-150 feet range
• 54 Mbps Speed
• 2.4 GHz radio frequencies
• Compatible with ‘b’
802.11 Physical Layer
There are three sublayers in physical layer:
• Direct Sequence Spread Spectrum (DSSS)
• Frequency Hoping Spread Spectrum (FHSS)
• Diffused Infrared (DFIR) - Wide angle
DSSS
• Direct sequence signaling technique divides the 2.4 GHz band into 11 22-MHz channels. Adjacent channels overlap one another partially, with three of the 11 being completely non-overlapping. Data is sent across one of these 22 MHz channels without hopping to other channels.
IEEE 802.11 Data Link Layer
The data page link layer consists of two sublayers :
• Logical Link Control (LLC)
• Media Access Control (MAC).
802.11 ses the same 802.2 LLC and 48-bit addressing as other 802 LANs, allowing for very simple bridging from wireless to IEEE wired networks, but the MAC is unique to WLANs.
802.11 Media Access Control
• Carrier Sense Medium Access with collision avoidance protocol (CSMA/CA)
• Listen before talking
• Avoid collision by explicit Acknowledgement (ACK)
• Problem: additional overhead of ACK packets, so slow performance
• Request to Send/Clear to Send (RTS/CTS) protocol
• Solution for “hidden node” problem
• Problem: Adds additional overhead by temporarily reserving the medium, so used for large size packets only retransmission would be expensive
• Power Management
• MAC supports power conservation to extend the battery life of portable devices
• Power utilization modes
• Continuous Aware Mode
• Radio is always on and drawing power
• Power Save Polling Mode
• Radio is “dozing” with access point queuing any data for it
• The client radio will wake up periodically in time to receive regular beacon signals from the access point.
• The beacon includes information regarding which stations have traffic waiting for them
• The client awake on beacon notification and receive its data
• Fragmentation
• CRC checksum
• Each pkt has a CRC checksum calculated and attached to ensure that the data was not corrupted in transit
• Association & Roaming
Elements of a WI-FI Network
• Access Point (AP) - The AP is a wireless LAN transceiver or “base station” that can connect one or many wireless devices simultaneously to the Internet.
• Wi-Fi cards - They accept the wireless signal and relay information.They can be internal and external.(e.g PCMCIA Card for Laptop and PCI Card for Desktop PC)
• Safeguards - Firewalls and anti-virus software protect networks from uninvited users and keep information secure.
How a Wi-Fi Network Works
• Basic concept is same as Walkie talkies.
• A Wi-Fi hotspot is created by installing an access point to an internet connection.
• An access point acts as a base station.
• When Wi-Fi enabled device encounters a hotspot the device can then connect to that network wirelessly.
• A single access point can support up to 30 users and can function within a range of 100 – 150 feet indoors and up to 300 feet outdoors.
• Many access points can be connected to each other via Ethernet cables to create a single large network.
Wi-Fi Network Topologies
• AP-based topology (Infrastructure Mode)
• Peer-to-peer topology (Ad-hoc Mode)
• Point-to-multipoint bridge topology
AP-based topology
• The client communicate through Access Point.
• BSA-RF coverage provided by an AP.
• ESA-It consists of 2 or more BSA.
• ESA cell includes 10-15% overlap to allow roaming.
Peer-to-peer topology
• AP is not required.
• Client devices within a cell can communicate directly with each other.
• It is useful for setting up of a wireless network quickly and easily.
Point-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANs in other buildings even if the buildings are miles apart.These conditions receive a clear line of sight between buildings. The line-of-sight range varies based on the type of wireless bridge and antenna used as well as the environmental conditions.
Wi-Fi Configurations
Wi-Fi Applications
• Home
• Small Businesses or SOHO
• Large Corporations & Campuses
• Health Care
• Wireless ISP (WISP)
• Travellers
Wi-Fi Security Threats
• Wireless technology doesn’t remove any old security issues, but introduces new ones
• Eavesdropping
• Man-in-the-middle attacks
• Denial of Service
Eavesdropping
• Easy to perform, almost impossible to detect
• By default, everything is transmitted in clear text
• Usernames, passwords, content ...
• No security offered by the transmission medium
• Different tools available on the internet
• Network sniffers, protocol analysers . . .
• Password collectors
• With the right equipment, it’s possible to eavesdrop traffic from few kilometers away
MITM Attack
1. Attacker spoofes a disassociate message from the victim
2. The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address
3. The attacker connects to the real AP using victim’s MAC address
Denial of Service
• Attack on transmission frequecy used
• Frequency jamming
• Not very technical, but works
• Attack on MAC layer
• Spoofed deauthentication / disassociation messages
• can target one specific user
• Attacks on higher layer protocol (TCP/IP protocol)
• SYN Flooding
Wi-Fi Security
The requirements for Wi-Fi network security can be broken down into two primary components:
• Authentication
User Authentication
Server Authentication
• Privacy
Authentication
• Keeping unauthorized users off the network
• User Authentication
• Authentication Server is used
• Username and password
• Risk:
• Data (username & password) send before secure channel established
• Prone to passive eavesdropping by attacker
• Solution
• Establishing a encrypted channel before sending username and password
• Server Authentication
• Digital Certificate is used
• Validation of digital certificate occurs automatically within client software
Wi-Fi Security Techniques
• Service Set Identifier (SSID)
• Wired Equivalent Privacy (WEP)
• 802.1X Access Control
• Wireless Protected Access (WPA)
• IEEE 802.11i
Service Set Identifier (SSID)
• SSID is used to identify an 802.11 network
• It can be pre-configured or advertised in beacon broadcast
• It is transmitted in clear text
• Provide very little security
Wired Equivalent Privacy (WEP)
• Provide same level of security as by wired network
• Original security solution offered by the IEEE 802.11 standard
• Uses RC4 encryption with pre-shared keys and 24 bit initialization vectors (IV)
• key schedule is generated by concatenating the shared secret key with a random generated 24-bit IV
• 32 bit ICV (Integrity check value)
• No. of bits in keyschedule is equal to sum of length of the plaintext and ICV
• 64 bit preshared key-WEP
• 128 bit preshared key-WEP2
• Encrypt data only between 802.11 stations.once it enters the wired side of the network (between access point) WEP is no longer valid
• Security Issue with WEP
• Short IV
• Static key
• Offers very little security at all
802.1x Access Control
• Designed as a general purpose network access control mechanism
• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch port (for Ethernet)
• Authentication is done with the RADIUS server, which ”tells” the access point whether access to controlled ports should be allowed or not
• AP forces the user into an unauthorized state
• user send an EAP start message
• AP return an EAP message requesting the user’s identity
• Identity send by user is then forwared to the authentication server by AP
• Authentication server authenticate user and return an accept or reject message back to the AP
• If accept message is return, the AP changes the client’s state to authorized and normal traffic flows
• 802.1x Access Control
Wireless Protected Access (WPA)
• WPA is a specification of standard based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN system.
• User Authentication
• 802.1x
• EAP
• TKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)
• 48 bit IV
• per packet key mixing function
• Fixes all issues found from WEP
• Uses Message Integrity Code (MIC) Michael
• Ensures data integrity
• Old hardware should be upgradeable to WPA
• WPA comes in two flavors
• WPA-PSK
• use pre-shared key
• For SOHO environments
• Single master key used for all users
• WPA Enterprise
• For large organisation
• Most secure method
• Unique keys for each user
• Separate username & password for each user
WPA and Security Threats
• Data is encrypted
• Protection against eavesdropping and man-in-the-middle attacks
• Denial of Service
• Attack based on fake massages can not be used.
• As a security precaution, if WPA equipment sees two packets with invalid MICs within a second, it disassociates all its clients, and stops all activity for a minute
• Only two packets a minute enough to completely stop a wireless network
802.11i
• Provides standard for WLAN security
• Authentication
• 802.1x
• Data encryption
• AES protocol is used
• Secure fast handoff-This allow roaming between APs without requiring client to fully reauthenticate to every AP.
• Will require new hardware
Advantages
• Mobility
• Ease of Installation
• Flexibility
• Cost
• Reliability
• Security
• Use unlicensed part of the radio spectrum
• Roaming
• Speed
Limitations
• Interference
• Degradation in performance
• High power consumption
• Limited range
