CSE 5/7349 – April 5th 2006

Wireless Networking

Compression

FEC

CRC

Modulation

Bits / Symbols / Baud

DSSS / FHSS

Wireless Security History

• Cordless Phones• Baby Monitors• Networking

802.11 Components

802.11 modes

• Infrastructure mode• Ad-hoc mode (peer-to-peer)

Infrastructure mode

Basic Service Set (BSS) – Single cell

Extended Service Set (ESS) – Multiple cells

Access Point

Station

Ad-hoc mode

Independent Basic Service Set (IBSS)

Open System Authentication

MAC Address Locking

Interception Range

Basic Service Set (BSS) – Single cell

Station outsidebuilding perimeter.

100 metres

Interception

Directional Antenna

• Directional antenna provides focused reception.

• D-I-Y plans available.– Aluminium cake tin.– 11 Mbps at 750 meters.

– http://www.saunalahti.fi/~elepal/antennie.html

802.11b Security Services

Wired Equivalence Privacy

WEP – Sending

Initialization Vector

WEP – Receiving

Shared Key Authentication

• When station requests association with Access Point– AP sends random number to station– Station encrypts random number

• Uses RC4, 40 bit shared secret key & 24 bit IV– Encrypted random number sent to AP– AP decrypts received message

• Uses RC4, 40 bit shared secret key & 24 bit IV– AP compares decrypted random number to

transmitted random number

Security - Summary

• Shared secret key required for:• Messages are encrypted.• Messages have checksum.• But SSID still broadcast in clear.

Security Attacks

802.11 Insecurities

IV Collision attack

Limited WEP keys

Brute Force Key Attack

128 bit WEP

IV weakness

Wepcrack

Airsnort

Safeguards

Wireless as Untrusted LAN

• Treat wireless as untrusted.– Similar to Internet.

• Firewall between WLAN and Backbone.• Extra authentication required.• Intrusion Detection

– WLAN / Backbone junction.• Vulnerability assessments

Discover Unauthorised Use

• Search for unauthorised access points or ad-hoc networks

Location of AP

IPSec VPN

IEEE 802.11i

802.11i – Encryption Enhancements