Information Security Notes 7 Wireless LAN Security

Wireless LAN configuration

• User Mudule (UM)
• Control Module (CM)
• Ad Hoc WLAN(without control Mudule)
  • Without communicate with their neighbors directly

IEEE 802 Architecture

• Physical Layer (PHY)
  • encoding/decoding of signals
• Media Access Control (MAC)
  • Controlling access to the transmission medium is needed to provide an orderly and efficient use of the network transmission capacity
• Logical Link Control (LLC)
  • Keep track of which frames

IEEE 802.11 Architecture

802.11 is the Wi-Fi(Wireless Fidelity) Alliance

• Basic Service Set (BSS)
• Extended Service Set (ESS)
  • SSID: Service Set Identifier, name of the wifi
• Independent BSS

802.11 Access Control

• Reliable Data Delivery
  • Wireless channels are useally unreliable
  • Mechanism is developed for error detection and contention
• Access Control
  • For deciding which station can send
• Security
  • Make sure the configentiality and data integrity
  • Disallowing unauthorized station to connect to the network

Threads in Wireless LANs

• Eavesdropping
  • Due to the broadcast nature of radio communications
  • Signals can be received by any receiver within some transmission range
• No Physical Protection
  • No physical cables

Protocol of Wireless Security

WEP Wired Equivalent Privacy

The purpose of WEP:

• Authentication
• Data confidentiality

Problem of WEP:
WEP is publiced at 1997 and design flawed at 2000
Authentication flaws:

• auth in WEP is not mutual. AP does not auth itself to clients
• Auth and encryption use the same secret key
• Auth only at the time tries to connect to the network. After Auth, everyone can spoofing its MAC address

WPA, WPA2, WPA3 - Wifi Protected Access

New security architecture 802.11i designed to replace WEP during 2003-2004
WPA2/3 should be used

• WPA
  • intermediate solution which can be implemented by updating the firmware of existing APs
• WPA2
  • Long term solution
• WPA3
  • Next generation, all WIFI6 certified routers are required to implement

1. Phase 1: Discovery
   Discovery phase allows an STA and AP recognize each other
2. Phase 2: Authentication

• Only authorized STAs can use the network
• STA is assured that the network is legitimate
  Extensible Authentication Protocol(EAP) is used

3. Phase 3: Key Management Phase

• Pairwise keys used for communication between an STA and an AP
• Group keys used for multicast communication

4. Phase 4: Protected Data Transfer Phase

• TKIP

  • for WPA: Temporal Key Integrity Protocol
  • allows old device update firmware
  • 64-bit message to replace the CRC code
  • Still use RC4 encryption algorithm

• AES-CCMP

  • for WPA2: Counter mode-CBC MAC protocol
  • Design for new hardware
  • Cipher-block-chaining message Authentication code to provide data integrity
  • AES algorithm for encryption

EAP

Three roles of EAP

1. Supplicant: STA
2. Authenticator: AP
3. Authentication server(AS): a separate device or the AP

Sub-phases:
Connect to AS -> EAP exchange -> Secure key delivery(AS generates a master session key and sends it to STA)