presentation 1 the evolution of wlan security 1 the evolution of wlan security 2 basic wireless...

PresentationPresentation

1 The evolution of WLAN Security1 The evolution of WLAN Security

2 Basic Wireless Security Features of 2 Basic Wireless Security Features of IEEE 802.11IEEE 802.11

3 Enhanced Security Features3 Enhanced Security Features

4 Comperison of the Standards4 Comperison of the Standards

5 Conclusion and Recommendations for 5 Conclusion and Recommendations for Wireless LAN SecurityWireless LAN Security

by: Jörg Grünauer at 30.06.05 by: Jörg Grünauer at 30.06.05 http://134.91.24.143/~gruenauerhttp://134.91.24.143/~gruenauer

Wireless network security standardWireless network security standard

WLAN Security StandardsWLAN Security Standards

1997 the original 802.11 standard only offers 1997 the original 802.11 standard only offers - SSID (Service Set Identifier)- SSID (Service Set Identifier) - MAC Filtering (Media Access Control)- MAC Filtering (Media Access Control) - and WEP (Wired Equivalent Privacy)- and WEP (Wired Equivalent Privacy) 1999 several industry players formes WECA (Wireless 1999 several industry players formes WECA (Wireless Ethernet Compatibility Alliance) for rapid adaption of Ethernet Compatibility Alliance) for rapid adaption of 802.11 802.11 network products.network products. 2001 Fluhrer, Mantin and Shamir had identified some 2001 Fluhrer, Mantin and Shamir had identified some weaknesses in WEP.weaknesses in WEP. IEEE started Task Group i.IEEE started Task Group i.

2002 WECA was renamed in WI-FI 2002 WECA was renamed in WI-FI

1 The evolution of Wireless network Security1 The evolution of Wireless network Security


2003 Wi-Fi introduced the Wi-Fi Protected Access (WPA).2003 Wi-Fi introduced the Wi-Fi Protected Access (WPA).

- Should be an interim solution for the weakness of WEP.- Should be an interim solution for the weakness of WEP.

- Some parts of IEEE 802.11i.- Some parts of IEEE 802.11i. 2004 The WPA2 was introduced.2004 The WPA2 was introduced.

- It based on the final IEEE 802.11i standard.- It based on the final IEEE 802.11i standard.

- Was ratified on June 25.- Was ratified on June 25.

1 The evolution of Wireless network Security1 The evolution of Wireless network Security


2.1 (Extended) Service Set Identity, (E)SSID2.1 (Extended) Service Set Identity, (E)SSID„„The name of the wireless network“The name of the wireless network“ Two variants of the SSID:Two variants of the SSID:

- ad-hoc wireless network (called IBSS Independent - ad-hoc wireless network (called IBSS Independent Basic Service Set),Basic Service Set), clients without an AP use SSID.clients without an AP use SSID.

- infrastructure network (called ESS Extended Service Set), - infrastructure network (called ESS Extended Service Set), include an AP use the ESSID.include an AP use the ESSID. each client should be configured with a correct (E)SSID.each client should be configured with a correct (E)SSID. AP`s have function „any“: Access without a SSID possibleAP`s have function „any“: Access without a SSID possible

- sends beacon-frames: SSID will be broadcasted- sends beacon-frames: SSID will be broadcasted Weakness: STA sends the SSID in the clear: So, SniffingWeakness: STA sends the SSID in the clear: So, Sniffing

possible.possible.

2 Basic Wireless Security Features of IEEE 802.112 Basic Wireless Security Features of IEEE 802.11

2.2 User authentication2.2 User authentication 802.11 defines two subtypes of authentication service: 802.11 defines two subtypes of authentication service:

-> Open System authentication, the simplest Algorithms. -> Open System authentication, the simplest Algorithms.

- authenticates anyone who request authentication.- authenticates anyone who request authentication.

- provides a NULL authentication process.- provides a NULL authentication process.

WLAN Security StandardsWLAN Security Standards2 Basic Wireless Security Features of IEEE 802.112 Basic Wireless Security Features of IEEE 802.11

InitiatorAuthentication request

Responder

Authentication response

2.2 User authentication2.2 User authentication -> Shared-Key authentication -> Shared-Key authentication

- member who know shared key and members who not.- member who know shared key and members who not.

- waekness: sniffing the shared key process.- waekness: sniffing the shared key process.

WLAN Security StandardsWLAN Security Standards2 Basic Wireless Security Features of IEEE 802.112 Basic Wireless Security Features of IEEE 802.11

InitiatorAuthentication request

Responder

“challange“ text string

„challange“ text stringEncrypted with shared key

WEP encryptionof challange text

Positive / negative responsebased on decryption result

WEP decryptionof encrypted text


2.3 MAC-Filtering2.3 MAC-Filtering Clients are identified by a worldwide unique hex. MAC- Clients are identified by a worldwide unique hex. MAC- adresse of 802.11 NIC.adresse of 802.11 NIC. Mac-Adresses are listed in AP.Mac-Adresses are listed in AP.

Weakness:Weakness: adresses are easily sniffed by an attackeradresses are easily sniffed by an attacker

- appear in the clear, if WEP is enabled.- appear in the clear, if WEP is enabled. changing of MAC-Adress with software possible.changing of MAC-Adress with software possible.



2.4 Wireless Equivalent Privacy (WEP)2.4 Wireless Equivalent Privacy (WEP)

Three Security GoalsThree Security Goals

- Access Control: Ensure that the communication partners - Access Control: Ensure that the communication partners they are, who they pretend.they are, who they pretend.

- Data integrity: Ensure that packets are not modified in the - Data integrity: Ensure that packets are not modified in the air transfer.air transfer.

- Confidentiality: Ensure that content of wireless traffic are - Confidentiality: Ensure that content of wireless traffic are prevented from a eavesdropper through encryption.prevented from a eavesdropper through encryption.



2.4.1 Structure of WEP2.4.1 Structure of WEP


Secret Key is used to encrypt Secret Key is used to encrypt packetspackets CRC Integrity Check ICV: that CRC Integrity Check ICV: that packets are not modified in transit.packets are not modified in transit.

- Compute CRC32 over data plain- Compute CRC32 over data plain

- CRC to data: (CRC+data)- CRC to data: (CRC+data)

- Pick a random IV and - Pick a random IV and concatenate with secret key: (k+IV)concatenate with secret key: (k+IV)

- Input (k+IV) into the RC4 to - Input (k+IV) into the RC4 to generate a pseudo-random keygenerate a pseudo-random key

- send IV to peer by placing it in - send IV to peer by placing it in front of the ciphertext: front of the ciphertext:

C=(data+CRC) xor RC4(k+IV))C=(data+CRC) xor RC4(k+IV))


2.4.1 RC4 in WEP2.4.1 RC4 in WEP

WEP uses RON´s Code 4 Pseudo Random Generator (PRG).WEP uses RON´s Code 4 Pseudo Random Generator (PRG). Developed in RSA laboratoriesDeveloped in RSA laboratories Secret Key K:Secret Key K: - Manually entered the shared key (not to transmit).- Manually entered the shared key (not to transmit). - 40bit (reason was the US exportabilitiy) or later 104bit- 40bit (reason was the US exportabilitiy) or later 104bit Initialisation Vector IV:Initialisation Vector IV: - Ensure different Random numbers- Ensure different Random numbers - 24bit- 24bit - transmit in clear in front of the cipher (IV+C)- transmit in clear in front of the cipher (IV+C) Symmetric: Same key is used in encryption and decryption.Symmetric: Same key is used in encryption and decryption. Key stream is independent of plaintext.Key stream is independent of plaintext. Encryption and decyption are fast (~10 times faster than DES).Encryption and decyption are fast (~10 times faster than DES). RC4 is simple (see http://www.deadhat.com/wlancrypto/ ).RC4 is simple (see http://www.deadhat.com/wlancrypto/ ).



2.4.2 Weakness of the WEP2.4.2 Weakness of the WEP


• Oct 2000: Jesse Walker of Intel published: Unsafe at any keysize; An Oct 2000: Jesse Walker of Intel published: Unsafe at any keysize; An analysis of the WEP encapsulation.analysis of the WEP encapsulation.• Mar 2001:Mar 2001: Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC4 and Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC4 and

WEP“, „Weaknesses in the Key Scheduling Algorithm of RC4“WEP“, „Weaknesses in the Key Scheduling Algorithm of RC4“


2.4.2 Weaknesses in WEP 2.4.2 Weaknesses in WEP Keys:Keys: - The key length of 40bit- The key length of 40bit

- no key-management: cons: foulty, keys rarely changed- no key-management: cons: foulty, keys rarely changed

WEP Confidential insecure (IV reuse)WEP Confidential insecure (IV reuse) - 24bit IV, AP with 1500Byte/packet and 11Mbit/s:- 24bit IV, AP with 1500Byte/packet and 11Mbit/s:

1500*8/(11*10^6)*2^24=18300sec ~ 5hrs 1500*8/(11*10^6)*2^24=18300sec ~ 5hrs

C1 xor C2 = P1 xor RC4(k,IV) xor P2 xor RC4(k,IV) = P1 xor P2 C1 xor C2 = P1 xor RC4(k,IV) xor P2 xor RC4(k,IV) = P1 xor P2

Knowing of C1 and C2, possible to get two Plains „xored“Knowing of C1 and C2, possible to get two Plains „xored“



2.4.2 Weaknesses in WEP 2.4.2 Weaknesses in WEP WEP Data insecure (CRC-Checksum)WEP Data insecure (CRC-Checksum) - Attacker construct C_new= RC4(k,IV) xor (M+CRC(M) xor (D,CRC(D)) - Attacker construct C_new= RC4(k,IV) xor (M+CRC(M) xor (D,CRC(D))

that will decrypt to M_new with a valid CRC(M_new) : that will decrypt to M_new with a valid CRC(M_new) :

C_new = (M_new+CRC(M_new)) xor RC4(k,IV)C_new = (M_new+CRC(M_new)) xor RC4(k,IV)

Weak IV´s Weak IV´s - Have the form (A+3,N-1,X), where A index of k, N mostly 256 and X - Have the form (A+3,N-1,X), where A index of k, N mostly 256 and X

can be nearly 60 different valuescan be nearly 60 different values

- Iterate over possible WeakIV´s over sequence of datapckets until the- Iterate over possible WeakIV´s over sequence of datapckets until the

RC4 key is foundRC4 key is found

- More details in „Weaknesses in the Key Scheduling Allgorithm of RC4“- More details in „Weaknesses in the Key Scheduling Allgorithm of RC4“



3.1 WEPplus3.1 WEPplus first interim solution cames from Lucent Tech.first interim solution cames from Lucent Tech. Based on the observation, that tools the found data Based on the observation, that tools the found data

analysed in order to calculate shared WEP-keyanalysed in order to calculate shared WEP-key backward compatible with a software-Update.backward compatible with a software-Update. generates IV`s for RC4, without appearing weak IV`s.generates IV`s for RC4, without appearing weak IV`s. Idea: Weak IV`s are widely known, simply be skippedIdea: Weak IV`s are widely known, simply be skipped

during the encryption.during the encryption. a collision of identical IV`s can at least be delayed ->a collision of identical IV`s can at least be delayed ->

only a slight improvement.only a slight improvement. acceptable at least for home users.acceptable at least for home users.



3.2 Wi-Fi Protected Access (WPA)3.2 Wi-Fi Protected Access (WPA) adresses most of WEP`s weaknesses adresses most of WEP`s weaknesses needed as soon as possible! needed as soon as possible! interim solution for replacement of WEP.interim solution for replacement of WEP. works with existing 802.11 hardware (firmware works with existing 802.11 hardware (firmware update will be required) update will be required) is a subset of 802.11i; so forward compatible.is a subset of 802.11i; so forward compatible. Cross-Vendor compatibleCross-Vendor compatible Goals:Goals: - improved encryption - improved encryption - user authentication: - user authentication: 2 modes: 2 modes: - WPA Enterprise : TKIP/MIC ; 802.1X/EAP- WPA Enterprise : TKIP/MIC ; 802.1X/EAP - WPA Personal : TKIP/MIC ; PSK- WPA Personal : TKIP/MIC ; PSK



3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Authentication : IEEE 802.1X/EAPAuthentication : IEEE 802.1X/EAP

- Central management of user credentials- Central management of user credentials

- An AAA server is required.- An AAA server is required.

- Uses RADIUS protocols for AAA and key distribution.- Uses RADIUS protocols for AAA and key distribution.

- carry the authentication conversation between STA and - carry the authentication conversation between STA and

RADIUS server.RADIUS server.

- supports multiple Authentication methods, based - supports multiple Authentication methods, based

on passwords, digital Certificates.on passwords, digital Certificates.- - Example: TLS, TTLS: Certificates based methods.Example: TLS, TTLS: Certificates based methods.

PEAP, LEAP: Password based methods. PEAP, LEAP: Password based methods.



- Designed as a wrapper - Designed as a wrapper around WEP around WEP - uses the same RC4-Engine - uses the same RC4-Engine used by WEPused by WEP- includes a MIC (called - includes a MIC (called Michael) at the end of each Michael) at the end of each plaintext messageplaintext message- ensure that message are ensure that message are not be spoofed.not be spoofed.


3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Encryption: TKIPEncryption: TKIP

Components:Components: - MIC- MIC - TSC (sequence counter)- TSC (sequence counter) - Per-Packet Key Mixing- Per-Packet Key Mixing

WLAN Security StandardsWLAN Security Standards3 Enhanced Security Features3 Enhanced Security Features

3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Encryption: TKIP / MICEncryption: TKIP / MIC

- Uses a 64bit key- Uses a 64bit key

- Partitions packets into 32 blocks - Partitions packets into 32 blocks

- Uses shifts, XORs, additions to - Uses shifts, XORs, additions to each 32 block to get a 64bit each 32 block to get a 64bit authentication tagauthentication tag..

- Michael is calculated on data - Michael is calculated on data source and dest. Adresse (SA / DA)source and dest. Adresse (SA / DA)

- MIC = Michael_key(SA,DA,PlainMSDU)MIC = Michael_key(SA,DA,PlainMSDU)- prevents capturing, altering, resending data packetsprevents capturing, altering, resending data packets


- IV is extended to 48 bits.- IV is extended to 48 bits.- In realty 32bits are added to 24bit of WEP but 8bits are not used.- In realty 32bits are added to 24bit of WEP but 8bits are not used.- uses as a sequence counter (TSC) ,starts from 0 and incremented by 1- uses as a sequence counter (TSC) ,starts from 0 and incremented by 1 for each MPDU.for each MPDU.- TSC1 and TSC0 or lower 16bitIV are the seq# in Phase2.- TSC1 and TSC0 or lower 16bitIV are the seq# in Phase2.- TSC-TSC5 or upper 32bitIV increment by one, after lower IV rotate and- TSC-TSC5 or upper 32bitIV increment by one, after lower IV rotate and is used in Phase 1.is used in Phase 1.


3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Encryption: TKIP / TSCEncryption: TKIP / TSC


3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Encryption: TKIP / Key-MixEncryption: TKIP / Key-Mix

- Phase1:128b_res=Mix1(128bTK,48bitMAC,UpperIV32b)

- Phase2:128b_perpacketkey=Mix1(res1,LowerIV16b)

- Ensure unique key, if clients share the same key

- not simple concatenation- not simple concatenation

IV to keyIV to key


3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode3.2.1 Wi-Fi Protected Access (WPA) Enterprise Mode Encryption: Benefits by TKIP Encryption: Benefits by TKIP

- unique Key to encrypt every packet: keys are stronger- unique Key to encrypt every packet: keys are stronger

- 280 trillion possible keys - 280 trillion possible keys

- IV: 48bit length, reduce IV reuses- IV: 48bit length, reduce IV reuses

- IV sents encrypted- IV sents encrypted

- MIC replace CRC-Check- MIC replace CRC-Check

- upgrade with firmware for WEP hardware possible- upgrade with firmware for WEP hardware possible


3.2.2 Wi-Fi Protected Access (WPA) Personal Mode3.2.2 Wi-Fi Protected Access (WPA) Personal Mode Encryption: TKIPEncryption: TKIP Authentication: Pre-shared key PSK Authentication: Pre-shared key PSK

- special mode (with no 802.1X infrastructure)- special mode (with no 802.1X infrastructure)

- enter a passphrase on all STAs and AP (Masterkey is- enter a passphrase on all STAs and AP (Masterkey is

calculated)calculated)

- based on four-way-key handshake- based on four-way-key handshake - first pair: STA and AP exchange random values (nonces)- first pair: STA and AP exchange random values (nonces)

- second pair: AP instructs STA to install calculated Key, - second pair: AP instructs STA to install calculated Key,

STA confirmed -> AP does the same.STA confirmed -> AP does the same.

- configuration of Passphrase similar to WEP.- configuration of Passphrase similar to WEP.


3.3 WPA2 / 802.11 Task Group i 3.3 WPA2 / 802.11 Task Group i WPA is/was a compromise solution, WPA2 is 802.11iWPA is/was a compromise solution, WPA2 is 802.11i 802.11i uses concept of a Robust Security Network (RSN)802.11i uses concept of a Robust Security Network (RSN) biggest difference: AES is used for encryptionbiggest difference: AES is used for encryption usually AES-Encryption is performed in hardware, usually AES-Encryption is performed in hardware, is enabled in two mode like WPA:is enabled in two mode like WPA:

- Enterprise Mode:- Enterprise Mode: - authentication: 802.1X/EAP- authentication: 802.1X/EAP

- encryption: AES-CCMP- encryption: AES-CCMP

- Personal Mode:- Personal Mode: - authentication: PSK- authentication: PSK

- encryption: AES-CCMP - encryption: AES-CCMP



3.3.1 WPA2 / 802.11i AES-CCMP3.3.1 WPA2 / 802.11i AES-CCMP AES is a symmetric key-cipherAES is a symmetric key-cipher has a block-Size of 128bits, a key-length of 128bits. has a block-Size of 128bits, a key-length of 128bits. encryption includes 4 stages to make up 1 round.encryption includes 4 stages to make up 1 round.

- Each round is iterated 10,12 or 14 times depending of - Each round is iterated 10,12 or 14 times depending of

the bit-size, for WPA2 10.the bit-size, for WPA2 10. AES uses Counter-Mode/CBC-Mac Protocol (CCMP)AES uses Counter-Mode/CBC-Mac Protocol (CCMP) CCMP is an special dot11i Encryption algorithmCCMP is an special dot11i Encryption algorithm CCM combination of Cipher Block Chaining CounterCCM combination of Cipher Block Chaining Counter

(CBC-CTR) and Message Authenticity Check (CBC-MAC)(CBC-CTR) and Message Authenticity Check (CBC-MAC)



3.3.2 WPA2 / 802.11i CCMP CBC-CTR3.3.2 WPA2 / 802.11i CCMP CBC-CTR


CBC-CTR encryption increments counter to the AES-TKCBC-CTR encryption increments counter to the AES-TK XORs the Plaintext to create dataXORs the Plaintext to create data Random nonce is the IV, calls the PN ValueRandom nonce is the IV, calls the PN Value PacketNumber increase by 1 after encryptionPacketNumber increase by 1 after encryption PN length< 2^48, is contained in the CCMP MPDUPN length< 2^48, is contained in the CCMP MPDU


3.3.3 WPA2 / 802.11i CCMP MPDU3.3.3 WPA2 / 802.11i CCMP MPDU


encipher process expanded MPDU-Size by 16bytesencipher process expanded MPDU-Size by 16bytes 4 for PN0-1/Key-ID field, 4 for PN2-5 and 8 for MIC4 for PN0-1/Key-ID field, 4 for PN2-5 and 8 for MIC KeyID bit signals an extended PN of 6bytes.KeyID bit signals an extended PN of 6bytes.


3.3.4 WPA2 / 802.11i CCMP CBC-MAC (1)3.3.4 WPA2 / 802.11i CCMP CBC-MAC (1)


works by taken 128bit block of data and encrypts with CTRworks by taken 128bit block of data and encrypts with CTR

mechanismmechanism zero padding, if plaintext not a multiple of AES-Blocksizezero padding, if plaintext not a multiple of AES-Blocksize

16 – (100 mod 16) = n zero pads16 – (100 mod 16) = n zero pads computation produced in a 128-bit tag valuecomputation produced in a 128-bit tag value CCMP truncates the tag to most significant 64bits to formCCMP truncates the tag to most significant 64bits to form

the MIC, the other simply are discardedthe MIC, the other simply are discarded forging this MIC: 1 in 10^19 chancesforging this MIC: 1 in 10^19 chances


3.3.4 WPA2 / 802.11i CCMP CBC-MAC (2)3.3.4 WPA2 / 802.11i CCMP CBC-MAC (2)



Benefits:Benefits:

- strong encryption- strong encryption

- provides data and header integrity- provides data and header integrity

- provides confidentiality- provides confidentiality

3.3.5 CCMP Putting the Pieces together 3.3.5 CCMP Putting the Pieces together


WEPWEP WPAWPA WPA2WPA2 CipherCipher RC4RC4 RC4RC4 AESAES Key SizeKey Size 40 or 104bits40 or 104bits 104bits perPack104bits perPack 128bits encry.128bits encry. Key LifeKey Life 24bit IV24bit IV 48bit IV48bit IV 48bit IV48bit IV Packet KeyPacket Key ConcatenationConcatenation TwoPhaseMixTwoPhaseMix Not NeededNot Needed Data IntegrityData Integrity CRC32CRC32 Michael MICMichael MIC CCMCCM Key ManagementKey Management NoneNone 802.1X/EAP/PSK802.1X/EAP/PSK 802.1X/EAP/PSK802.1X/EAP/PSK

4 Comparison of the standards4 Comparison of the standards

Security Level


Some hints to protect a WLAN from attack:Some hints to protect a WLAN from attack: ensure compatibilty to use hardware from one vendor, ensure compatibilty to use hardware from one vendor, use Wi-Fi Certified devices.use Wi-Fi Certified devices. change default SSID and disable SSID broadcasting.change default SSID and disable SSID broadcasting. Use MAC-adress authentication if you have Use MAC-adress authentication if you have manageable number of Clients and only some AP´s.manageable number of Clients and only some AP´s. not only for enterprises: implement user authen. not only for enterprises: implement user authen. Upgrade AP to use WPA or WPA2/802.11i.Upgrade AP to use WPA or WPA2/802.11i. enable and use WPA2, WPA or for older hardware that enable and use WPA2, WPA or for older hardware that supports WEP, enable this. Uses it at least with 128bit-supports WEP, enable this. Uses it at least with 128bit-WEP.WEP. change WEP-KEY frequentlychange WEP-KEY frequently

5 Conclusion and Recommendations for Security5 Conclusion and Recommendations for Security

Security is not a state, it is a process in continue!Security is not a state, it is a process in continue!


http://www.wifi.orghttp://www.wifi.org http://standards.ieee.org/wirelesshttp://standards.ieee.org/wireless http://www.lancom.de (Techpaper)http://www.lancom.de (Techpaper) http://www.cisco.comhttp://www.cisco.com http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy (etc.)http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy (etc.) http://en.wikipedia.org/wiki/Wireles_LAN (etc.)http://en.wikipedia.org/wiki/Wireles_LAN (etc.) http://http://www.bsi.bund.dewww.bsi.bund.de//literatliterat/doc//doc/wlanwlan//wlan.pdfwlan.pdf http://www.isaac.cs.berkeley.edu/isaac/wep-faq.htmlhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.html http://www.drizzle.com/~aboba/IEEE (etc.)http://www.drizzle.com/~aboba/IEEE (etc.) http://www.wardrive.net/security/links (etc.)http://www.wardrive.net/security/links (etc.) http://www.cs.umd.edu/~waa/wireless.htmlhttp://www.cs.umd.edu/~waa/wireless.html

William A. Arbaugh, Narendar Shankar, Justin Wan: Your 802.11 Wireless Network has William A. Arbaugh, Narendar Shankar, Justin Wan: Your 802.11 Wireless Network has no Clothes: March 30, 2001 no Clothes: March 30, 2001 Mike Radmacher, Sicherheits- und Schwachstellenanalyse entlang des Wireless-LAN-Mike Radmacher, Sicherheits- und Schwachstellenanalyse entlang des Wireless-LAN-Protokollstacks, Diplomarbeit DII at the Uni-Duisburg-Essen in WS03/04Protokollstacks, Diplomarbeit DII at the Uni-Duisburg-Essen in WS03/04 Sebastian Papierok, Sicherheit in drahtlosen Netzwerken, Seminar at the Uni-Duisburg-Sebastian Papierok, Sicherheit in drahtlosen Netzwerken, Seminar at the Uni-Duisburg-

Essen in WS04/05Essen in WS04/05 Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC4 and WEP“, „Weaknesses in the Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC4 and WEP“, „Weaknesses in the

Key Scheduling Algorithm of RC4“ Key Scheduling Algorithm of RC4“ Prasad, Anand: 802.11 WLANs and IP networking: security, Qos, and mobility; Boston, Prasad, Anand: 802.11 WLANs and IP networking: security, Qos, and mobility; Boston, Mass.; London Artech House 2005; ISBN 1-580-53789-8Mass.; London Artech House 2005; ISBN 1-580-53789-8

References and LiteratureReferences and Literature

presentation 1 the evolution of wlan security 1 the evolution of wlan security 2 basic wireless...

Documents

wireless lan security

wlan security standards

evolution of wlan security

enhanced security features

ssid possible ap

ap use ssid

infrastructure network

network products