Wi-Fi Security

Prepaired By:
Virendra Singh Thakur
GTU PG School, Ahmeadabad
Originally, Wi-Fi was a marketing term. The Wi-Fi
certified logo means that the product has passed
interoperability tests Currently Wi-Fi means wireless
networks in general
WHAT IS WIFI ?
Wireless networks are usually based on the IEEE 802.11
standards.
a. IEEE 802 series standards
a. 802.11 wireless LANs
b. 802.15 wireless personal area networks (e.g., Bluetooth)
c. 802.16 wireless broadband up to 155Mb, wireless ISPs
b. 802.11a 54 Mbps@5 GHz
a. Not interoperable with 802.11b
b. Limited distance
c. Dual-mode APs require 2 chipsets, look like two APs to
clients
d. Cisco products: Aironet 1200

CONTD
a. 802.11b 11 Mbps@2.4 GHz
a. Full speed up to 300 feet
b. Coverage up to 1750 feet
c. Cisco products: Aironet 340, 350, 1100, 1200
b. 802.11g 54 Mbps@2.4 GHz
a. Same range as 802.11b
b. Backward-compatible with 802.11b
c. Speeds slower in dual-mode
d. Cisco products: Aironet 1100, 1200

802.11e QoS
Dubbed Wireless MultiMedia (WMM) by Wi-Fi Alliance
802.11i Security
Adds AES encryption
Requires high cpu, new chips required
TKIP is interim solution.




IEEE 802.11 standards. (Contd..)
CONTD
a. 802.11n (2009)
a. up to 300Mbps
b. 5Ghz and/or 2.4Ghz
c. ~230ft range
b. 802.11ac (under development)
a. Will provide high through put in the 5 GHz band
b. Will use wider RF bandwidth
c. will enable multi-station WLAN throughput of at
least 1 Gbps
d. a maximum single link throughput of at least 500
Mbps

WIRELESS NETWORK MODES

The 802.11 wireless networks operate in two basic
modes:
Infrastructure mode
Ad-hoc mode
Infrastructure mode:
each wireless client connects directly to a central device
called Access Point (AP)
no direct connection between wireless clients
AP acts as a wireless hub that performs the connections and
handles them between wireless clients




CONTD..
Ad-hoc mode:
Each wireless client connects directly with each other
No central device managing the connections
Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of disaster)
Each node must maintain its proper authentication list.

Wi-Fi Security Techniques
Wired Equivalent Privacy (WEP)
Wireless Protected Access (WPA)
Wireless Protected Access2 (WPA2)

WIRED EQUIVALENT PRIVACY (WEP)

Short for Wired Equivalent Privacy, a security protocol for
wireless local area networks (WLANs) defined in the 802.11b
standard. WEP is designed to provide the same level of
security as that of a wired LAN.
WEP aims to provide security by encrypting data over radio
waves so that it is protected as it is transmitted from one end
point to another. However, it has been found that WEP is not
as secure as once believed. WEP is used at the two lowest
layers of the OSI model - the data link and physical layers; it
therefore does not offer end-to-end security.


1.Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)

2.Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit
(Enhanced) message keys + a 24-bit IV random initialization vector
(CONFIDENTIALITY).

3.The Initialization Vector (IV) and default key on the station access point are
used to create a key stream

4.The key stream is then used to convert the plain text message into the WEP
encrypted frame.
Wired Equivalent Privacy (WEP) Contd..
Wired Equivalent Privacy (WEP) Contd..
Short for Wi-Fi Protected Access, a Wi-Fi standard that was
designed to improve upon the security features of WEP. The
technology is designed to work with existing Wi-Fi products that
have been enabled with WEP (i.e., as a software upgrade to existing
hardware), but the technology includes two improvements over
WEP:
WPA - WI-FI PROTECTED ACCESS
New technique in 2002
replacement of security flaws of WEP.
Improved data encryption
Strong user authentication
Because of many attacks related to static key, WPA
minimize shared secret key in accordance with the frame
transmission.
Use the RC4 algorithm in a proper way and provide fast
transfer of the data before someone can decrypt the data.
WPA - WI-FI PROTECTED ACCESS
Data is encrypted using the RC4 stream cipher, with a 128-bit key and
a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is the Temporal Key
Integrity Protocol (TKIP), which dynamically changes keys as the
system is used.
When combined with the much larger IV, this defeats the well-known
key recovery attacks on WEP.
WPA also provides vastly improved payload integrity.
WPA - WI-FI PROTECTED ACCESS
WPA2 - WI-FI PROTECTED ACCESS 2
Based on the IEEE 802.i standard
2 versions: Personal & Enterprise
The primary enhancement over WPA is the use of the AES (Advanced
Encryption Standard) algorithm
The encryption in WPA2 is done by utilizing either AES or TKIP
The Personal mode uses a PSK (Pre-shared key) & does not require a
separate authentication of users
The enterprise mode requires the users to be separately authenticated
by using the EAP protocol
WPA2 - WI-FI PROTECTED ACCESS 2
WPA uses AES with a key length of 128 bit to encrypt the data

The AES uses the Counter-Mode/CBC-MAC Protocol (CCMP)

The CCMP uses the same key for both encryption and authentication,
but with different initialization vectors.
WPA2 has immunity against many types of hacker attacks
Man-in-the middle
Authentication forging
Replay
Key collision
Weak keys
Packet forging
Dictionary attacks
WPA2 - WI-FI PROTECTED ACCESS 2
WEP VS WPA VS WPA2
WEP WPA WPA2
ENCRYPTION
RC4 RC4 AES
KEY ROTATION
NONE Dynamic
Session Keys
Dynamic Session
Keys
KEY
DISTRIBUTION
Manually typed
into each device
Automatic
distribution
available
Automatic
distribution
available
AUTHENTICATION
Uses WEP key as
Authentication
Can use 802.1x
& EAP
Can use 802.1x &
EAP
Thank you