Application Cryptography Wireless LAN Security

8/19/2019 Application Cryptography Wireless LAN Security

1/50

Bachelor Degree of Telecommunication Engineering

School of Electrical Engineering

Telkom University

*

Nur Andini

Raditiana Patmasari

Cryptography and Network Security 1


2/50


*

⇰ Knowing and understanding application of

cryptography on computer network security


cryptography on WLAN security


cryptography on GSM


3/50


*

1. Introduction

2. WEP

3. WPA

4. WPA2


4/50

*



5/50

*

IEEE 802.11

WirelessLocal Area

Network(WLAN)

IEEE 802.11i

WLAN

Security



6/50

*

IBSS

IndependentBasic

Service Set

BSS

BasicService Set

ESS

ExtendedService Set



7/50

*



8/50

*



9/50

*

Cryptography and Network Security9


10/50

*

Encryption

AAASegmentation



11/50

*

• Ron’s Code or Rivest’s Cipher

• Stream cipher• Protecting internet trafficRC4• Advanced Encryption standard

• Block cipher

• Protecting WLAN dataAES



12/50

*

Authentication

AuthorizationAccounting



13/50

*

AuthenticationIt is the first stepof connecting user

to the network.It is to verify theidentity of user.



14/50

*

AuthorizationIt is the next step

afterauthentication.

It is to grant user

the access ofnetwork resources

and services.



15/50

*

AccountingIt is the next

step afterauthorization.

It is to track theuse of network

resource.



16/50

*

It is to segment users into groups.

After authorization, user is

restricted in case of resource andcoverage.



17/50

*



18/50

*

Encryption

process onLayer 2

RC4 isused

64-bitWEP



19/50

*

Confidentiality

Access

controlIntegrity



20/50

*

Confidentiality

Providing data privacy

Encrypting the data usingRC4



21/50

*

Authentication

Open System

Shared-Key

Access control

Authorization

Granting user theaccess of network

resources and services



22/50


*

Authentication

Open System

Verifiying useridentitywithout user

verification.

Pre-Shared

Verifiying user identitywithuser verification using

static key.


23/50

*

Integrity

Providing Integrity CheckValue (ICV)

Preventing the datamodification



24/50

*

Plaintext

Message

Cyclic Redundancy Check (CRC)

Integrity Check Value



25/50

*

Key

InitializationVector (IV)

Static keyKeystream

RC4

Statickey

IV



26/50

*

64-bit WEPkey

24-bitInitializationVector (IV)

40-bit statickey



27/50

*

Ciphertext

Keystream

XOR

Plaintext



28/50

*

IV Ciphertext Ciphertext



29/50

*

IV collisionattack

Weakkey

attack

Re-injectionattack

Bit-flippingattack



30/50

*

It is easy to get the secret key when IVcollision occurs

IV collision attack

224 IV combination IV is generated on everyframe



31/50


*

It is easy to get secret key byrecovering IV

Weak key attack

RC4 Weak keys aregenerated


32/50


*

Injecting many IVs toaccelerate IV flow

Re-injection attack


33/50


*

ICV is weak

Bit-flipping attack


34/50


35/50


*

Improvingencryptionmethod on

WEP

Improvingdata

protection

Improvingaccesscontrol


36/50


*

Confidentiality

Access

controlIntegrity


37/50


*

Encrypting the data usingTemporal Key Integrity

Protocol (TKIP)RC4

Confidentiality


38/50


*

TKIP128-bit static key

Providing key hierarchyand key management

• Removing predictability ofstatic key


39/50


*

Access controlGranting user the access of network resources and

services

Authentication


40/50


*

Authentication

Personal

Pre-Shared key(PSK)

Enterprise

802.1XExtensible

AuthenticationProtocol (EAP)


41/50


*

Preventing data modificationMessage Integrity Check

(MIC)Michael

Integrity


42/50

*



43/50


*

WPAAdvancedEncryption

Standard (AES)

WPA2


44/50


*

Encrypting the data usingCounter mode with Cipher BlockChaining-Message Authentication

Code (CCMP)AES

Confidentiality


45/50


*

AES128-bit key

128-bit

plaintext block


46/50


*

Access controlGranting user the access of network resources and

services

Authentication


47/50


*

Authentication

Personal

Pre-Shared key(PSK)

Enterprise

802.1XExtensible

AuthenticationProtocol (EAP)


48/50


*

Preventing data modification8-byte Message

Integrity Check (MIC)Michael

Integrity


49/50


*

*“CWNA Certified Wireless Network

Administrator” by David D. Coleman and David

A. Westcott*“Wi-Fi Protected Access” by Wi-Fi Alliance

*“Cryptography and Network Security” by

William Stallings


50/50

*


Documents

Application Cryptography Wireless LAN Security