802.11 Wireless, WEP, WPA lecture
•Descargar como PPTX, PDF•
0 recomendaciones•2,012 vistas
Wi-Fi presentation for 2014-03-31
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Similar a 802.11 Wireless, WEP, WPA lecture
Similar a 802.11 Wireless, WEP, WPA lecture (20)
Último
Último (20)
802.11 Wireless, WEP, WPA lecture
- 1. 802.11 Wireless, WEP and WPA
- 3. ALOHAnet June 1971 Version 1 Pure ALOHA data.send if network.collision { do wait(time=random) data.send }
- 5. Slotted ALOHA Only 18.4% of transmission time used for successful frame transmissions Version 2 Slotted ALOHA Used discreet time slots Station can only send at the beginning of a time slot All collisions at the beginning of a frame
- 7. Slotted ALOHA Low-data-rate tactical satellite comms by military Subscriber based satellite comms networks Mobile telephony call setup Set top box comms RFID 36.8% of transmission time used for successful frame transmissions
- 8. Wireless Range Max. Speed Frequency Year of release Legacy 100m 2MB/s 2.4GHz 1997 802.11a 120m 54MB/s 5GHz 1999 802.11b 140m 11MB/s 2.4GHz 1999 802.11g 140m 54MB/s 2.4GHz 2003 802.11n 250m 150MB/s(per stream) 2.4GHz+5GHz 2009 802.11ac 866.7MB/s 5GHz 2014
- 9. Channels http://en.wikipedia.org/wiki/File:2.4_GHz_Wi-Fi_channels_(802.11b,g_WLAN).svg 1-11 – Anywhere 12&13 – Anywhere except USA 14 – Japan only
- 10. WEP Only used for legacy anymore Neil still uses this at his home but shhhhh. Very broken
- 11. WEP How is a WEP connection made? Probe request Client >>> AP Probe response AP >>> Client Authentication request Client >>> AP Challenge AP >>> Client Challenge Response Client >>> AP Association request AP >>> Client Association reponse Client >>> AP
- 12. How it works 24-bit IV (initialisation Vector) Secret key (40Bit or 104Bit) Result 64-Bit or 128-Bit RC4 PRNG Key Stream Plaintext Message XOR’ed CiphertextIV
- 13. Whys that broken? • Only 16million possible IV’s • On a 11MB/s link, with packets of 1500 bytes, can exhaust all possible IV’s in 5~ hours • More collisions, easier for statistical attacks to calculate the original keystream • Once you have keystream, you already have the IV, not hard to work out the secret key
- 14. WPA • Replaced WEP • Comes in 2 types, WPA and WPA2 • Each type has 2 flavours – PSK (personal) – Enterprise (802.1x + radius) • WPA Had to use the same hardware as WEP, only firmware updates allowed • Used TKIP
- 15. WEP Vs. WPA WEP WPA Static session keys (always same key used for session start) Dynamic session keys (different keys used for every session start)
- 16. WPA - PSK Probe Request Probe Response Authentication Request ANounce Snounce + MIC
- 18. The bigger picture Pass phrase(8-63 chars) Password Based Key Derivation Function (SSID) Pre-shared Key (256-bit) 4-Way handshake Snounce Anounce AP MAC Client MAC PTK (Pairwise transient key, unique to session) Pass phrase(8-63 chars) Verify using MIC
- 19. Crackable? Yes BUT Takes forever Really need to be desperate But there is one major flaw
- 20. WiFi Protected Setup Security Ease of UseFunctionality
- 21. WPS • Simplifies WPA security for users • Gives us a better in ;) • Router breaks the key down into 2 sets of 4 numbers • Tells client if a set it correct, even if the other is wrong • So, we have a lot fewer possibilities