Wireless Technology

Wireless LAN Overview

Wireless Fidelity (Wi-Fi)

Channels
Basic Security&Practices
Vulnerabilities
WEP
WPA
802.11i
Wireless LAN Overview

EAP and 802.1x

802.1x
EAP
Definition
Process Flow
EAP Types and Flow
Wi-Fi Technology

Wi-Fi (short for Wireless Fidelity") is the popular term for

a high-frequency wireless local area network (WLAN)
Promoted by the Wi-Fi Alliance (Formerly WECA - Wireless
Ethernet Carriers Association)
Used generically when referring to any type of 802.11
network, whether 802.11a, 802.11b, 802.11g, dual-band,
etc. The term is promulgated by the Wi-Fi Alliance
Wi-Fi Technology

Wi-Fi standards use the Ethernet protocol and CSMA/CA

(carrier sense multiple access with collision avoidance) for
path sharing
The 802.11b (Wi-Fi) technology operates in the 2.4 GHz
range offering data speeds up to 11 megabits per second.
The modulation used in 802.11 has historically been
phase-shift keying (PSK).
Note, unless adequately protected, a Wi-Fi wireless LAN is
easily accessible by unauthorized users
Wireless LAN Topology

Wireless LAN is typically deployed as an extension of an existing

wired network as shown below.
Wireless LAN Topology

Here is an example of small business usage of Wi-Fi Network.

DSL Router
DSL
Connection
Etc.

The DSL router and

Wi-Fi AP are often
combined into a
single unit
What is 802.11?

802.11 refers to a family of specifications developed by

the IEEE for wireless LAN technology. 802.11 specifies
an over-the-air interface between a wireless client and a
base station or between two wireless clients.
The IEEE accepted the specification in 1997.
802.11 Family Members

There are several specifications in the 802.11 family:

802.11
Applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz
band using either frequency hopping spread spectrum (FHSS) or direct
sequence spread spectrum (DSSS).
802.11a
An extension to 802.11 that applies to wireless LANs and provides up to 54
Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division
multiplexing encoding scheme rather than FHSS or DSSS.
802.11b
(also referred to as 802.11 High Rate or Wi-Fi) is an extension to 802.11 that
applies to wireless LANs and provides 11 Mbps transmission (with a fallback to
5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was
a 1999 ratification to the original 802.11 standard, allowing wireless functionality
comparable to Ethernet.
802.11g
Applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.
802.11 Standards
802.11 The original WLAN Standard. Supports 1 Mbps to 2 Mbps.
802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps.
802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps.
802.11e Address quality of service requirements for all IEEE WLAN radio
interfaces.
802.11f Defines inter-access point communications to facilitate multiple
vendor-distributed WLAN networks.
802.11g Establishes an additional modulation technique for 2.4 Ghz
band. Intended to provide speeds up to 54 Mbps. Includes
much greater security.
802.11h Defines the spectrum management of the 5 Ghz band for use in
Europe and in Asia Pacific.
802.11i Address the current security weaknesses for both authentication
and encryption protocols. The standard encompasses 802.1X,
TKIP, and AES protocols.
802.11Range Comparisons
802.11 Authentication Flow
Basic 802.11 Security

SSID (Service Set Identifier) or ESSID (Extended Service

Set Identifier)
Each AP has an SSID that it uses to identify itself. Network
configuration requires each wireless client to know the SSID of the
AP to which it wants to connect.
SSID provides a very modest amount of control. It keeps a client
from accidentally connecting to a neighboring AP only. It does not
keep an attacker out.
 SSID

SSID (Service Set Identifier) or ESSID (Extended

Service Set Identifier)
The SSID is a token that identifies an 802.11 network. The
SSID is a secret key that is set by the network administrator.
Clients must know the SSID to join an 802.11 network;
however, network sniffing can discover the SSID.
The fact that the SSID is a secret key instead of a public key
creates a management problem for the network
administrator.
Every user of the network must configure the SSID into their
system. If the network administrator seeks to lock a user out of
the network, the administrator must change the SSID of the
network, which requires reconfiguration of every network node.
Some 802.11 NICs allow you to configure several SSIDs at one
time.
Basic 802.11 Security

MAC filters
Some APs provide the capability for checking the MAC address of
the client before allowing it to connect to the network.
Using MAC filters is considered to be very weak security because
with many Wi-Fi client implementations it is possible to change the
MAC address by reconfiguring the card.
An attacker could sniff a valid MAC address from the wireless
network traffic .
Basic 802.11 Security

Static WEP keys

Wired Equivalent Privacy (WEP) is part of the 802.11 specification.
Static WEP key operation requires keys on the client and AP that
are used to encrypt data sent between them. With WEP encryption,
sniffing is eliminated and session hijacking is difficult (or
impossible).
Client and AP are configured with a set of 4 keys, and when
decrypting each are used in turn until decryption is successful. This
allows keys to be changed dynamically.
Keys are the same in all clients and AP. This means that there is a
community key shared by everyone using the same AP. The
danger is that if any one in the community is compromised, the
community key, and hence the network and everyone else using it,
is at risk.
Authentication Type

An access point must authenticate a station before the station can

associate with the access point or communicate with the network.
The IEEE 802.11 standard defines two types of authentication:
Open System Authentication
Shared Key Authentication

The following steps occur when two devices use Open System
Authentication:
The station sends an authentication request to the access point.
The access point authenticates the station.
The station associates with the access point and joins the network.
The process is illustrated below.
Authentication Type: Open System
Authentication
 Authentication Type: Shared Key
Authentication

The following steps occur when two devices use

Shared Key Authentication:
1. The station sends an authentication request to the access point.
2. The access point sends challenge text to the station.
3. The station uses its configured 64-bit or 128-bit default key to encrypt
the challenge text, and sends the encrypted text to the access point.
4. The access point decrypts the encrypted text using its configured
WEP Key that corresponds to the stations default key.
5. The access point compares the decrypted text with the original
challenge text. If the decrypted text matches the original challenge
text, then the access point and the station share the same WEP Key
and the access point authenticates the station.
6. The station connects to the network.
Authentication Type: Shared Key
Authentication

If the decrypted text does not match the original

challenge text (i.e., the access point and station do not
share the same WEP Key), then the access point will
refuse to authenticate the station and the station will be
unable to communicate with either the 802.11 network
or Ethernet network.
The process is illustrated in below.
Authentication Type: Shared Key
Authentication
Overview of WEP Parameters

Before enabling WEP on an 802.11 network, you must first consider

what type of encryption you require and the key size you want to use.
Typically, there are three WEP Encryption options available for 802.11
products:
Do Not Use WEP: The 802.11 network does not encrypt data. For
authentication purposes, the network uses Open System Authentication.
Use WEP for Encryption: A transmitting 802.11 device encrypts the data
portion of every packet it sends using a configured WEP Key. The receiving
device decrypts the data using the same WEP Key. For authentication
purposes, the wireless network uses Open System Authentication.
Use WEP for Authentication and Encryption: A transmitting 802.11
device encrypts the data portion of every packet it sends using a configured
WEP Key. The receiving 802.11 device decrypts the data using the same
WEP Key. For authentication purposes, the 802.11 network uses Shared
Key Authentication.
Note: Some 802.11 access points also support Use WEP for
Authentication Only (Shared Key Authentication without data
encryption).
Recommended 802.11 Security
Practices

Change the default password for the Admin account

SSID
Change the default
Disable Broadcast
Make it unique
If possible, Change it often
Enable MAC Address Filtering
Enable WEP 128-bit Data Encryption. Please note that this will reduce
your network performance
Use the highest level of encryption possible
Use a Shared Key
Use multiple WEP keys
Change it regularly
Turn off DHCP
Refrain from using the default IP subnet
Vulnerabilities
Vulnerabilities

There are several known types of wireless attacks

that must be protected against:
SSID (network name) sniffing
WEP encryption key recovery attacks
ARP poisoning (man in the middle attacks)
MAC address spoofing
Access Point management password and SNMP attacks
Wireless end user (station) attacks
Rogue AP attacks (AP impersonation)
DOS (denial of service) wireless attacks
802.11i Future Wireless Security
Standard

Task group "i" within the IEEE 802.11 is responsible for developing
a new standard for WLAN security to replace the weak WEP (Wired
Equivalent Privacy).
The IEEE 802.11i standard utilizes the authentication schemes of
802.1x and EAP(Extensible Authentication Protocol) in addition to a
new encryption scheme AES (Advanced Encryption Standard)
and dynamic key distribution scheme - TKIP(Temporal Key Integrity
Protocol).
802.11i = TKIP + IEEE 802.1x + AES
 802.11i Future Wireless Security
Standard

Temporal Key Integrity Protocol (TKIP)

The Temporal Key Integrity Protocol is part of the IEEE 802.11i encryption
standard for wireless LANs. TKIP is the next generation of WEP, the Wired
Equivalency Protocol, which is used to secure 802.11 wireless LANs. TKIP
provides per-packet key mixing, a message integrity check and a re-keying
mechanism, thus fixing the flaws of WEP.
 802.11i Future Wireless Security Standard
Advanced Encryption Standard (AES)
AES is the U.S. government's next-generation cryptography algorithm, which will
replace DES and 3DES.

AES vs. Triple-DES

AES Triple-DES
Type of algorithm Symmetric, block cipher Symmetric, feistel cipher
Key size (in bits) 128, 192, 256 112 or 168
Speed High Low
Time to crack (assume a 149 trillion years 4.6 billion years
machine could try 255 keys
per second - NIST)

Resource consumption Low Medium