wireless encryption by: kara dolansky network management spring 2009
Post on 20-Dec-2015
216 views
TRANSCRIPT
Wireless EncryptionWireless Encryption
By: Kara DolanskyBy: Kara Dolansky
Network ManagementNetwork Management
Spring 2009Spring 2009
Introduction
What is Wireless Encryption?What is Wireless Encryption?
Why Encrypt?Why Encrypt?
HistoryHistory
OSI ModelOSI Model
Types of EncryptionTypes of Encryption
How it worksHow it works
ProtocolsProtocols
CrackingCracking
Authorities / StandardsAuthorities / Standards
What is Wireless Encryption?What is Wireless Encryption?
General method of scrambling dataGeneral method of scrambling data
Data is transformed to be unintelligibleData is transformed to be unintelligible
Invisible to the end userInvisible to the end user
Operates independently of any other Operates independently of any other encryption processesencryption processes
Data is encrypted ONLY while in transitData is encrypted ONLY while in transit
Why Encrypt?Why Encrypt?
Unauthorized Individuals may:Unauthorized Individuals may:
Use up your bandwidthUse up your bandwidth
Access files without authorizationAccess files without authorization
Freely eavesdrop without making a connectionFreely eavesdrop without making a connection
Private correspondencePrivate correspondence
Sensitive company informationSensitive company information
Why Encrypt?Why Encrypt?
Security:Security:
Personal data & passwordsPersonal data & passwordsCredit Card informationCredit Card information
Social Security NumbersSocial Security Numbers
Bank Account informationBank Account information
Protect your PC and filesProtect your PC and files
Protect classified informationProtect classified information
Identity theft or MAC spoofingIdentity theft or MAC spoofing
HistoryHistory
Cryptography began ~2000 B.C.Cryptography began ~2000 B.C.
in early Egyptian daysin early Egyptian days
It has been used for War, It has been used for War,
Diplomacy, & PoliticsDiplomacy, & Politics
Originally used with computers for Originally used with computers for confidential government data: military useconfidential government data: military use
Currently, all sensitive data is encrypted Currently, all sensitive data is encrypted (or at least should be!)(or at least should be!)
OSI ModelOSI Model
Encryption is a network Encryption is a network security processsecurity process
Applies crypto services Applies crypto services at the network transfer at the network transfer layerlayer
Types of EncryptionTypes of Encryption
End to End:End to End:
Message is encrypted when it is transmitted & Message is encrypted when it is transmitted & decrypted when it is receiveddecrypted when it is received
Message remains encrypted from start to finishMessage remains encrypted from start to finish
It is efficient (the network does not need to have It is efficient (the network does not need to have special encryption facilities)special encryption facilities)
Disadvantage: Only secures the contents Disadvantage: Only secures the contents
Types of EncryptionTypes of Encryption
Link:Link:
Message is encrypted when transmitted but Message is encrypted when transmitted but decrypted each time it passes through nodesdecrypted each time it passes through nodes
More convenient in networks with many nodesMore convenient in networks with many nodes
Encrypts all information (headers & routing info.)Encrypts all information (headers & routing info.)
Disadvantage: more points of vulnerabilityDisadvantage: more points of vulnerability
How it WorksHow it Works
Keys are the basic concept of encryptionKeys are the basic concept of encryption
Complex mathematical formulas (algorithms)Complex mathematical formulas (algorithms)
Data passes through algorithms & is Data passes through algorithms & is converted into ciphertextconverted into ciphertext
Keys make it difficult for individuals to crack Keys make it difficult for individuals to crack the encrypted messagethe encrypted message
How it WorksHow it Works
Two Key Systems:Two Key Systems:
Secret KeySecret KeyBoth sender & receiver know secret code wordBoth sender & receiver know secret code word
This is not feasible for business transactionsThis is not feasible for business transactions
Fast but not as safe as public keyFast but not as safe as public key
Public Key (Asymmetric)Public Key (Asymmetric)Key pairs are used to encrypt & decrypt messagesKey pairs are used to encrypt & decrypt messages
Each person has public key & private keyEach person has public key & private key
Public key is useless without the private keyPublic key is useless without the private key
How it WorksHow it Works
Message Authentication:Message Authentication:
Ensures sent & received message is in exact Ensures sent & received message is in exact formform
Digital Signature:Digital Signature:
Tool that provides electronic evidence that Tool that provides electronic evidence that you sent a signed messageyou sent a signed message
ProtocolsProtocolsEncryption is implemented through IPsec (Internet Encryption is implemented through IPsec (Internet Protocol Security)Protocol Security)
IPsec works through the network architectureIPsec works through the network architecture
SSL (Secure Sockets Layer):SSL (Secure Sockets Layer):
Public key encryption developed by Netscape Public key encryption developed by Netscape Symmetric protocolSymmetric protocol Used by Internet browsers & web servers to transmit Used by Internet browsers & web servers to transmit
sensitive informationsensitive information By default, browsers have 40-bit encryptionBy default, browsers have 40-bit encryption SSL has become part of TLS (Transport Layer SSL has become part of TLS (Transport Layer
Security)Security)
ProtocolsProtocolsWireless Equivalent Privacy (WEP):Wireless Equivalent Privacy (WEP):
Introduced in 1997Introduced in 1997
Most common security protocol in older networksMost common security protocol in older networks
Key lengths of 128- & 256-bitKey lengths of 128- & 256-bit
Used at lowest Used at lowest
layers of OSI layers of OSI
modelmodel
Weaknesses Weaknesses
were identified inwere identified in
20012001
ProtocolsProtocolsWi-Fi Protected Access (WPAv1):Wi-Fi Protected Access (WPAv1):
Rolled out after WEP to provide much stronger data Rolled out after WEP to provide much stronger data encryptionencryption
Introduced in 2003Introduced in 2003 All of the network devices need to be configured for WPAAll of the network devices need to be configured for WPA Temporal Key Integrity Protocol (TKIP) encryption Temporal Key Integrity Protocol (TKIP) encryption
algorithm developed for WPAalgorithm developed for WPA
WPAv2:WPAv2:
Implements mandatory elements of 802.11iImplements mandatory elements of 802.11i Combines AES & TKIP algorithm, considered fully secureCombines AES & TKIP algorithm, considered fully secure
Wireless Encryption CrackingWireless Encryption Cracking
What is it?What is it?
Breaching of wireless encryptionsBreaching of wireless encryptions
Types of Attacks:Types of Attacks:
Decrypting traffic by tricking access pointsDecrypting traffic by tricking access points Gathering traffic & performing dictionary-based attacksGathering traffic & performing dictionary-based attacks Decrypting traffic by statistical analysisDecrypting traffic by statistical analysis
Examples:Examples: WEPCrack, AirCrack, AirSnortWEPCrack, AirCrack, AirSnort
Authorities / StandardsAuthorities / Standards
Data Encryption Standard (DES):Data Encryption Standard (DES):
Approved in 1976 & publicized in 1977Approved in 1976 & publicized in 1977 11stst major symmetric algorithm developed for PC’s major symmetric algorithm developed for PC’s Official method for protecting unclassified dataOfficial method for protecting unclassified data
Advanced Encryption Standard (AES):Advanced Encryption Standard (AES):
Adopted in 2001 by U.S. GovernmentAdopted in 2001 by U.S. Government Uses 128-, 192-, or 256-bit keysUses 128-, 192-, or 256-bit keys 2009, AES is the most popular algorithm used in 2009, AES is the most popular algorithm used in
symmetric key cryptographysymmetric key cryptography
Authorities / StandardsAuthorities / StandardsIEEE 802.11 series of standards (1997):IEEE 802.11 series of standards (1997):
Set of standards carrying out WLAN PC Set of standards carrying out WLAN PC communicationcommunication
802.11-1997: 802.11-1997: two net bit rates of 1 or 2 Mbit/s & forward two net bit rates of 1 or 2 Mbit/s & forward error correctionerror correction
802.11b: 802.11b: maximum raw data rate of 11 Mbit/smaximum raw data rate of 11 Mbit/s
802.11g: 802.11g: maximum physical layer bit rate of 54 Mbit/smaximum physical layer bit rate of 54 Mbit/s
802.11n: 802.11n: new multi-streaming modulation technique; still new multi-streaming modulation technique; still under draft developmentunder draft development