Wireless EncryptionWireless Encryption

By: Kara DolanskyBy: Kara Dolansky

Network ManagementNetwork Management

Spring 2009Spring 2009

Introduction

What is Wireless Encryption?What is Wireless Encryption?

Why Encrypt?Why Encrypt?

HistoryHistory

OSI ModelOSI Model

Types of EncryptionTypes of Encryption

How it worksHow it works

ProtocolsProtocols

CrackingCracking

Authorities / StandardsAuthorities / Standards

What is Wireless Encryption?What is Wireless Encryption?

General method of scrambling dataGeneral method of scrambling data

Data is transformed to be unintelligibleData is transformed to be unintelligible

Invisible to the end userInvisible to the end user

Operates independently of any other Operates independently of any other encryption processesencryption processes

Data is encrypted ONLY while in transitData is encrypted ONLY while in transit

Why Encrypt?Why Encrypt?

Unauthorized Individuals may:Unauthorized Individuals may:

Use up your bandwidthUse up your bandwidth

Access files without authorizationAccess files without authorization

Freely eavesdrop without making a connectionFreely eavesdrop without making a connection

Private correspondencePrivate correspondence

Sensitive company informationSensitive company information

Why Encrypt?Why Encrypt?

Security:Security:

Personal data & passwordsPersonal data & passwordsCredit Card informationCredit Card information

Social Security NumbersSocial Security Numbers

Bank Account informationBank Account information

Protect your PC and filesProtect your PC and files

Protect classified informationProtect classified information

Identity theft or MAC spoofingIdentity theft or MAC spoofing

HistoryHistory

Cryptography began ~2000 B.C.Cryptography began ~2000 B.C.

in early Egyptian daysin early Egyptian days

It has been used for War, It has been used for War,

Diplomacy, & PoliticsDiplomacy, & Politics

Originally used with computers for Originally used with computers for confidential government data: military useconfidential government data: military use

Currently, all sensitive data is encrypted Currently, all sensitive data is encrypted (or at least should be!)(or at least should be!)

OSI ModelOSI Model

Encryption is a network Encryption is a network security processsecurity process

Applies crypto services Applies crypto services at the network transfer at the network transfer layerlayer

Types of EncryptionTypes of Encryption

End to End:End to End:

Message is encrypted when it is transmitted & Message is encrypted when it is transmitted & decrypted when it is receiveddecrypted when it is received

Message remains encrypted from start to finishMessage remains encrypted from start to finish

It is efficient (the network does not need to have It is efficient (the network does not need to have special encryption facilities)special encryption facilities)

Disadvantage: Only secures the contents Disadvantage: Only secures the contents

Types of EncryptionTypes of Encryption

Link:Link:

Message is encrypted when transmitted but Message is encrypted when transmitted but decrypted each time it passes through nodesdecrypted each time it passes through nodes

More convenient in networks with many nodesMore convenient in networks with many nodes

Encrypts all information (headers & routing info.)Encrypts all information (headers & routing info.)

Disadvantage: more points of vulnerabilityDisadvantage: more points of vulnerability

How it WorksHow it Works

Keys are the basic concept of encryptionKeys are the basic concept of encryption

Complex mathematical formulas (algorithms)Complex mathematical formulas (algorithms)

Data passes through algorithms & is Data passes through algorithms & is converted into ciphertextconverted into ciphertext

Keys make it difficult for individuals to crack Keys make it difficult for individuals to crack the encrypted messagethe encrypted message

How it WorksHow it Works

Two Key Systems:Two Key Systems:

Secret KeySecret KeyBoth sender & receiver know secret code wordBoth sender & receiver know secret code word

This is not feasible for business transactionsThis is not feasible for business transactions

Fast but not as safe as public keyFast but not as safe as public key

Public Key (Asymmetric)Public Key (Asymmetric)Key pairs are used to encrypt & decrypt messagesKey pairs are used to encrypt & decrypt messages

Each person has public key & private keyEach person has public key & private key

Public key is useless without the private keyPublic key is useless without the private key

How it WorksHow it Works

How it WorksHow it Works

Message Authentication:Message Authentication:

Ensures sent & received message is in exact Ensures sent & received message is in exact formform

Digital Signature:Digital Signature:

Tool that provides electronic evidence that Tool that provides electronic evidence that you sent a signed messageyou sent a signed message

ProtocolsProtocolsEncryption is implemented through IPsec (Internet Encryption is implemented through IPsec (Internet Protocol Security)Protocol Security)

IPsec works through the network architectureIPsec works through the network architecture

SSL (Secure Sockets Layer):SSL (Secure Sockets Layer):

Public key encryption developed by Netscape Public key encryption developed by Netscape Symmetric protocolSymmetric protocol Used by Internet browsers & web servers to transmit Used by Internet browsers & web servers to transmit

sensitive informationsensitive information By default, browsers have 40-bit encryptionBy default, browsers have 40-bit encryption SSL has become part of TLS (Transport Layer SSL has become part of TLS (Transport Layer

Security)Security)

ProtocolsProtocolsWireless Equivalent Privacy (WEP):Wireless Equivalent Privacy (WEP):

Introduced in 1997Introduced in 1997

Most common security protocol in older networksMost common security protocol in older networks

Key lengths of 128- & 256-bitKey lengths of 128- & 256-bit

Used at lowest Used at lowest

layers of OSI layers of OSI

modelmodel

Weaknesses Weaknesses

were identified inwere identified in

20012001

ProtocolsProtocolsWi-Fi Protected Access (WPAv1):Wi-Fi Protected Access (WPAv1):

Rolled out after WEP to provide much stronger data Rolled out after WEP to provide much stronger data encryptionencryption

Introduced in 2003Introduced in 2003 All of the network devices need to be configured for WPAAll of the network devices need to be configured for WPA Temporal Key Integrity Protocol (TKIP) encryption Temporal Key Integrity Protocol (TKIP) encryption

algorithm developed for WPAalgorithm developed for WPA

WPAv2:WPAv2:

Implements mandatory elements of 802.11iImplements mandatory elements of 802.11i Combines AES & TKIP algorithm, considered fully secureCombines AES & TKIP algorithm, considered fully secure

Wireless Encryption CrackingWireless Encryption Cracking

What is it?What is it?

Breaching of wireless encryptionsBreaching of wireless encryptions

Types of Attacks:Types of Attacks:

Decrypting traffic by tricking access pointsDecrypting traffic by tricking access points Gathering traffic & performing dictionary-based attacksGathering traffic & performing dictionary-based attacks Decrypting traffic by statistical analysisDecrypting traffic by statistical analysis

Examples:Examples: WEPCrack, AirCrack, AirSnortWEPCrack, AirCrack, AirSnort

Encryption HumorEncryption Humor

Authorities / StandardsAuthorities / Standards

Data Encryption Standard (DES):Data Encryption Standard (DES):

Approved in 1976 & publicized in 1977Approved in 1976 & publicized in 1977 11stst major symmetric algorithm developed for PC’s major symmetric algorithm developed for PC’s Official method for protecting unclassified dataOfficial method for protecting unclassified data

Advanced Encryption Standard (AES):Advanced Encryption Standard (AES):

Adopted in 2001 by U.S. GovernmentAdopted in 2001 by U.S. Government Uses 128-, 192-, or 256-bit keysUses 128-, 192-, or 256-bit keys 2009, AES is the most popular algorithm used in 2009, AES is the most popular algorithm used in

symmetric key cryptographysymmetric key cryptography

Authorities / StandardsAuthorities / StandardsIEEE 802.11 series of standards (1997):IEEE 802.11 series of standards (1997):

Set of standards carrying out WLAN PC Set of standards carrying out WLAN PC communicationcommunication

802.11-1997: 802.11-1997: two net bit rates of 1 or 2 Mbit/s & forward two net bit rates of 1 or 2 Mbit/s & forward error correctionerror correction

802.11b: 802.11b: maximum raw data rate of 11 Mbit/smaximum raw data rate of 11 Mbit/s

802.11g: 802.11g: maximum physical layer bit rate of 54 Mbit/smaximum physical layer bit rate of 54 Mbit/s

802.11n: 802.11n: new multi-streaming modulation technique; still new multi-streaming modulation technique; still under draft developmentunder draft development

The End