National Institute of Science & Technology

WIRELESS LAN SECURITY

Wireless LAN Security

Presented By
SWAGAT SOURAV Roll # EE 200118189

Under the guidance of

Mr. Siddhartha Bhusan Neelamani

Swagat Sourav

[1]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Introduction
It is also easy to interfere with wireless communications. A
simple jamming transmitter can make communications
impossible. For example, consistently hammering an
access point with access requests, whether successful or
not, will eventually exhaust its available radio frequency
spectrum and knock it off the network.

Advantages of WLAN

Disadvantages WLAN

Swagat Sourav

[2]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WLAN Authentication
Wireless LANs, because of their broadcast nature, require the
addition of:
User authentication
Data privacy
Authenticating wireless LAN clients.

Client Authentication Process

Swagat Sourav

[3]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WLAN Authentication
Types Of Authentication
Open Authentication
The authentication request
The authentication response

Shared Key Authentication

requires that the client configure a static WEP key

Service Set Identifier (SSID)

MAC Address Authentication
MAC address authentication verifies the clients MAC
address against a locally configured list of allowed
addresses or against an external authentication server

Swagat Sourav

[4]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WLAN Authentication Vulnerabilities

SSID

An eavesdropper can easily determine the SSID with the use of an

802.11 wireless LAN packet analyzer, like Sniffer Pro.

Open Authentication
Open authentication provides no way for the access point to
determine whether a client is valid.

Shared Key Authentication Vulnerabilities

The process of exchanging the challenge text occurs over the
wireless link and is vulnerable to a man-in-the-middle attack

MAC Address Authentication Vulnerabilities

A protocol analyzer can be used to determine a valid MAC address
Swagat Sourav

[5]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WEP Encryption
WEP is based on the RC4 algorithm, which is a symmetric
key stream cipher. The encryption keys must match on both
the client and the access point for frame exchanges to succeed
Stream Ciphers

Encrypts data by generating a key stream from the key and

performing the XOR function on the key stream with the plain-text
data
Swagat Sourav

[6]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WEP Encryption
Block Ciphers

Fragments the frame into blocks of predetermined size and performs

the XOR function on each block.
Swagat Sourav

[7]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WEP Encryption Weaknesses

There are two encryption techniques to overcome WEP
encryption weakness
Initialization vectors
Feedback modes
Initialization vectors

Swagat Sourav

[8]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WEP Encryption Weaknesses

Feedback Modes

Swagat Sourav

[9]

National Institute of Science & Technology

WIRELESS LAN SECURITY

WEP Encryption Weaknesses

Statistical Key DerivationPassive Network Attacks
A WEP key could be derived by passively collecting particular frames
from a wireless LAN

Inductive Key DerivationActive Network Attacks

Inductive key derivation is the process of deriving a key by coercing
information from the wireless LAN

Initialization Vector Replay Attacks

Bit-Flipping Attacks
Static WEP Key Management Issues
Swagat Sourav

[10]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Component of WLAN Security

The Authentication Framework (802.1X)
The EAP Authentication Algorithm
Mutual Authentication
User-Based Authentication
Dynamic WEP Keys

Data Privacy with TKIP (Temporal Key Integrity Protocol )

A message integrity check (MIC
Per-packet keying
Broadcast Key Rotation

Swagat Sourav

[11]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Future of WLAN Security

AES (Advanced Encryption Standard )
AES-OCB Mode

Swagat Sourav

[12]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Future of WLAN Security

AES-CCM Mode

Swagat Sourav

[13]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Conclusion
Wireless LAN deployments should be made as secure
as possible. Standard 802.11 security is weak and
vulnerable to numerous network attacks. This paper has
highlighted these vulnerabilities and described how it
can be solved to create secure wireless LANs.
Some security enhancement features might not be
deployable in some situations because of device
limitations such as application specific devices (ASDs
such as 802.11 phones capable of static WEP only) or
mixed vendor environments. In such cases, it is
important that the network administrator understand the
potential WLAN security vulnerabilities.
Swagat Sourav

[14]

National Institute of Science & Technology

WIRELESS LAN SECURITY

Thank You!!!
Swagat Sourav

[15]