Upload
tushar-anand
View
500
Download
1
Embed Size (px)
DESCRIPTION
wireless security protocol using WPA 2
Citation preview
WIRELESS SECURITY USING WPA2
BY :
TUSHAR ANAND KUMAR
ECE-”D”, REGD. NO.: 1151016015
CONTENTS
• Types of security in WLAN
• Comparison of WEP,WPA,WPA2
• Evolution of wireless security standards
• WPA 2 authentication ,encryption & decryption
• Benefits & vulnerabilities
• Solutions & conclusion
TYPES OF SECURITY IN WLAN
• OPEN : No security configured X
• WEP : Wired Equivalent privacy X
• WPA: Wi-Fi Protected Access
• WPA2: Advance Wi-Fi Protected Access
WIRELESS SECURITY STANDARDS
WPA2 OVERVIEW
• Wi-Fi Protected Access 2
• Security standard developed by the Wi-Fi Alliance and is an implementation of IEEE’s 802.11i
• Uses Advance Encryption Standard (AES) protocol
• AES in Counter-Mode for encryption
• AES in Cipher Block Chaining-Message Authentication Code (CBC-MAC) for integrity checking
WI-FI PROTECTED ACCESS 2
Table: two types of WPA2
COMPARING WEP, WPA ,and WPA 2
AUTHENTICATION
Two types of authentication
• Personal mode
• Enterprise mode
PERSONAL MODE AUTHENTICATION
• Authentication performed between client and access point
• PSK(Pre Shared Key) & SSID(Service Set Identification) is used
• AP generates 256 bit from plain text pass phrase
• PMK(Pairwise Master Key) is generated after authentication
ENTERPRISE MODE AUTHENTICATION
• Based on IEEE 802.1x standard
• Authentication performed between :-
1. Client
2. Access Point
3. Authentication Server
• After authentication MK(Master Key)
Is generated
WPA 2 KEY GENERATION
• 4 way handshake initiated by AP
• Confirms client’s knowledge of PMK in personal mode & MK in enterprise mode
• Pairwise Transient Key created at client’s
• Fresh PTK is derived at AP 1. Key confirmation key
2. Key encryption key
3. Temporal key
WPA 2 KEY GENERATION
• Install encryption and integrity key
• Control port are unblocked
WPA2 ENCRYPTION
• Two Process happens 1. Data encryption
2. Data integrity
• AES is used in encryption & authentication is a block symmetric cipher
• CCM is new mode of operation for block cipher
• Two underlying modes of CCM Counter mode(CTR) achieves data encryption
Cipher block chaining message authentication code(CBCMAC) to provide data integrity
MESSAGE INTEGRITY CODE(MIC)• IV(Initialization Vector)
encrypted with AES & TK to produce 128 bit result
• 128 bit result is XOR with next 128 bits of data
• Result of XOR is continued until all IV are exhausted
• At end,first 64 bits are used to produce MIC
Figure :AES CBC-MAC
WPA2 ENCRYPTION• Counter mode algorithm encrypts
the data with MIC
• Initialize counter for first time or increment counter.
• First 128 bits are encrypted using AES & TK to produce 128 bits.
• XOR is performed on result and first message block to give an first encrypted block.
• Repeat until all 128 bit of blocks has been encrypted.
Figure: AES counter mode
WPA2 DECRYPTION
• It works in reverse using same algorithm for encryption the counter value is derived.
• By using the counter mode algorithm and TK , the MIC and decrypted data are found out.
• The data is processed by CBC-MAC to recalculate MIC
• If MIC does not match then packet is dropped otherwise data is sent to network stack and to client
BENEFITS OF WPA2
• Provides solid wireless security model(RSN)
• Encryption accomplished by a block cipher
• Block cipher used is Advanced Encryption Standard (AES)
• IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard
• Key-caching
• Pre-authentication
WPA2 VULNERABILITIES
Can’t stand in front of the physical layer attacks:RF jamming
Data flooding
Access points failure
Vulnerable to the Mac addresses spoofing
PROCEDURES TO IMPROVE WIRELESS SECURITY
Use wireless intrusion prevention system (WIPS)
Enable WPA-PSK
Use a good passphrase
Use WPA2 where possible
Change your SSID every so often
Wireless network users should use or upgrade their network to the latest security standard released
FUTURE SCOPE
• A new standard IEEE 802.1W task group(TG) approved in March,2005 Main Goals
Improve security by protecting the management frames and also being able to identify
Spoofed management frames normally used to launch DoS attack
THANK YOU!
REFRENCES
• “Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2)” By Paul Arana
• “The Evolution of 802.11 Wireless Security” INF 795 - Kevin Benton
• “Wireless LAN Security Issues and Solutions” by Pan Feng at 2012 IEEE Symposium on Robotics and Applications(ISRA)
• Security Improvements of IEEE 802.11i 4-way Handshake Scheme by Xiaodong Zha and Maode Ma ©2010 IEEE