Download Wi Fi Technology.doc

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts

Computer security wikipedia , lookup

Authentication wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Wi-Fi Technology
Agenda
•
•
•
•
•
•
•
•
•
•
Introduction
Wi-Fi Technologies
Wi-Fi Architecture
Wi-Fi Network Elements
How a Wi-Fi Network Works
Wi-Fi Network Topologies
Wi-Fi Configurations
Applications of Wi-Fi
Wi-Fi Security
Advantages/ Disadvantages of Wi-Fi
Introduction
• Wireless Technology is an alternative to Wired
Technology, which is commonly used, for connecting
devices in wireless mode.
• Wi-Fi (Wireless Fidelity) is a generic term that refers
to the IEEE 802.11 communications standard for
Wireless Local Area Networks (WLANs).
• Wi-Fi Network connect computers to each other, to
the internet and to the wired network.
The Wi-Fi Technology
Wi-Fi Networks use Radio Technologies to transmit &
receive data at high speed:
• IEEE 802.11b
• IEEE 802.11a
• IEEE 802.11g
IEEE 802.11b
•
•
•
•
•
•
•
Appear in late 1999
Operates at 2.4GHz radio spectrum
11 Mbps (theoretical speed) - within 30 m Range
4-6 Mbps (actual speed)
100 -150 feet range
Most popular, Least Expensive
Interference from mobile phones and Bluetooth
devices which can reduce the transmission speed.
IEEE 802.11a
•
•
•
•
•
•
•
Introduced in 2001
Operates at 5 GHz (less popular)
54 Mbps (theoretical speed)
15-20 Mbps (Actual speed)
50-75 feet range
More expensive
Not compatible with 802.11b
IEEE 802.11g
•
•
•
•
•
•
Introduced in 2003
Combine the feature of both standards (a,b)
100-150 feet range
54 Mbps Speed
2.4 GHz radio frequencies
Compatible with ‘b’
802.11 Physical Layer
There are three sublayers in physical layer:
• Direct Sequence Spread Spectrum (DSSS)
• Frequency Hoping Spread Spectrum (FHSS)
• Diffused Infrared (DFIR) - Wide angle
DSSS
• Direct sequence signaling technique divides the 2.4 GHz band into 11 22MHz channels. Adjacent channels overlap one another partially, with three
of the 11 being completely non-overlapping. Data is sent across one of
these 22 MHz channels without hopping to other channels.
IEEE 802.11 Data Link Layer
The data link layer consists of two sublayers :
• Logical Link Control (LLC)
• Media Access Control (MAC).
802.11 uses the same 802.2 LLC and 48-bit addressing as other 802
LANs, allowing for very simple bridging from wireless to IEEE wired
networks, but the MAC is unique to WLANs.
802.11 Media Access Control
• Carrier Sense Medium Access
avoidance protocol (CSMA/CA)
with
collision
• Listen before talking
• Avoid collision by explicit Acknowledgement (ACK)
• Problem: additional overhead of ACK packets, so slow
performance
• Request to Send/Clear to Send (RTS/CTS)
protocol
• Solution for “hidden node” problem
• Problem: Adds additional overhead by temporarily
reserving the medium, so used for large size packets only
retransmission would be expensive
802.11 Media Access Control(cont.)
• Power Management
• MAC supports power conservation to extend the battery life of
portable devices
• Power utilization modes
• Continuous Aware Mode
• Radio is always on and drawing power
• Power Save Polling Mode
• Radio is “dozing” with access point queuing any data for it
• The client radio will wake up periodically in time to receive regular
beacon signals from the access point.
• The beacon includes information regarding which stations have
traffic waiting for them
• The client awake on beacon notification and receive its data
802.11 Media Access Control(cont.)
• Fragmentation
• CRC checksum
• Each pkt has a CRC checksum calculated and
attached to ensure that the data was not
corrupted in transit
• Association & Roaming
Elements of a WI-FI Network
• Access Point (AP) -
The AP is a wireless LAN
transceiver or “base station” that can connect one or many
wireless devices simultaneously to the Internet.
• Wi-Fi cards -
They accept the wireless signal and relay
information.They can be internal and external.(e.g PCMCIA
Card for Laptop and PCI Card for Desktop PC)
• Safeguards -
Firewalls and anti-virus software protect
networks from uninvited users and keep information secure.
How a Wi-Fi Network Works
• Basic concept is same as Walkie talkies.
• A Wi-Fi hotspot is created by installing an access point to an
internet connection.
• An access point acts as a base station.
• When Wi-Fi enabled device encounters a hotspot the device
can then connect to that network wirelessly.
• A single access point can support up to 30 users and can
function within a range of 100 – 150 feet indoors and up to
300 feet outdoors.
• Many access points can be connected to each other via
Ethernet cables to create a single large network.
Wi-Fi Network Topologies
• AP-based topology (Infrastructure Mode)
• Peer-to-peer topology (Ad-hoc Mode)
• Point-to-multipoint bridge topology
AP-based topology
•
•
•
•
The client communicate through Access Point.
BSA-RF coverage provided by an AP.
ESA-It consists of 2 or more BSA.
ESA cell includes 10-15% overlap to allow roaming.
Peer-to-peer topology
• AP is not required.
• Client devices within a
cell can communicate
directly with each
other.
• It is useful for setting
up of a wireless
network quickly and
easily.
Point-to-multipoint bridge topology
This is used to connect a LAN in one building to a LANs in
other buildings even if the buildings are miles apart.These
conditions receive a clear line of sight between buildings. The
line-of-sight range varies based on the type of wireless bridge
and antenna used as well as the environmental conditions.
Wi-Fi Configurations
Wi-Fi Configurations
Wi-Fi Configurations
Wi-Fi Applications
•
•
•
•
•
•
Home
Small Businesses or SOHO
Large Corporations & Campuses
Health Care
Wireless ISP (WISP)
Travellers
Wi-Fi Security Threats
• Wireless technology doesn’t remove any old
security issues, but introduces new ones
• Eavesdropping
• Man-in-the-middle attacks
• Denial of Service
Eavesdropping
• Easy to perform, almost impossible to detect
• By default, everything is transmitted in clear text
• Usernames, passwords, content ...
• No security offered by the transmission medium
• Different tools available on the internet
• Network sniffers, protocol analysers . . .
• Password collectors
• With the right equipment, it’s possible to eavesdrop
traffic from few kilometers away
MITM Attack
1. Attacker spoofes a
disassociate message
from the victim
2. The victim starts to look
for a new access point,
and the attacker
advertises his own AP on
a different channel,
using the real AP’s MAC
address
3. The attacker connects to
the real AP using victim’s
MAC address
Denial of Service
• Attack on transmission frequecy used
• Frequency jamming
• Not very technical, but works
• Attack on MAC layer
• Spoofed deauthentication / disassociation messages
• can target one specific user
• Attacks on higher layer protocol (TCP/IP protocol)
• SYN Flooding
Wi-Fi Security
The requirements for Wi-Fi network security
can be broken down into two primary
components:
• Authentication
 User Authentication
 Server Authentication
• Privacy
Authentication
• Keeping unauthorized users off the network
• User Authentication
• Authentication Server is used
• Username and password
• Risk:
• Data (username & password) send before secure channel
established
• Prone to passive eavesdropping by attacker
• Solution
• Establishing a encrypted channel before sending username and
password
Authentication (cont..)
• Server Authentication
• Digital Certificate is used
• Validation of digital certificate occurs
automatically within client software
Wi-Fi Security Techniques
• Service Set Identifier (SSID)
• Wired Equivalent Privacy (WEP)
• 802.1X Access Control
• Wireless Protected Access (WPA)
• IEEE 802.11i
Service Set Identifier (SSID)
• SSID is used to identify an 802.11 network
• It can be pre-configured or advertised in
beacon broadcast
• It is transmitted in clear text
• Provide very little security
Wired Equivalent Privacy (WEP)
• Provide same level of security as by wired network
• Original security solution offered by the IEEE 802.11 standard
• Uses RC4 encryption with pre-shared keys and 24 bit
initialization vectors (IV)
• key schedule is generated by concatenating the shared secret
key with a random generated 24-bit IV
• 32 bit ICV (Integrity check value)
• No. of bits in keyschedule is equal to sum of length of the
plaintext and ICV
Wired Equivalent Privacy (WEP) (cont.)
• 64 bit preshared key-WEP
• 128 bit preshared key-WEP2
• Encrypt data only between 802.11 stations.once it enters the
wired side of the network (between access point) WEP is no
longer valid
• Security Issue with WEP
• Short IV
• Static key
• Offers very little security at all
802.1x Access Control
• Designed as a general purpose network access control mechanism
• Not Wi-Fi specific
• Authenticate each client connected to AP (for WLAN) or switch port (for
Ethernet)
• Authentication is done with the RADIUS server, which ”tells” the access
point whether access to controlled ports should be allowed or not
•
•
•
•
•
AP forces the user into an unauthorized state
user send an EAP start message
AP return an EAP message requesting the user’s identity
Identity send by user is then forwared to the authentication server by AP
Authentication server authenticate user and return an accept or reject
message back to the AP
• If accept message is return, the AP changes the client’s state to authorized and
normal traffic flows
802.1x Access Control
Wireless Protected Access (WPA)
• WPA is a specification of standard based, interoperable security
enhancements that strongly increase the level of data protection and
access control for existing and future wireless LAN system.
• User Authentication
• 802.1x
• EAP
• TKIP (Temporal Key Integrity Protocol) encryption
• RC4, dynamic encryption keys (session based)
• 48 bit IV
• per packet key mixing function
• Fixes all issues found from WEP
• Uses Message Integrity Code (MIC) Michael
• Ensures data integrity
• Old hardware should be upgradeable to WPA
Wireless Protected Access
(WPA)(cont.)
• WPA comes in two flavors
• WPA-PSK
• use pre-shared key
• For SOHO environments
• Single master key used for all users
• WPA Enterprise
• For large organisation
• Most secure method
• Unique keys for each user
• Separate username & password for each user
WPA and Security Threats
• Data is encrypted
• Protection against eavesdropping and man-in-themiddle attacks
• Denial of Service
• Attack based on fake massages can not be used.
• As a security precaution, if WPA equipment sees two
packets with invalid MICs within a second, it
disassociates all its clients, and stops all activity for a
minute
• Only two packets a minute enough to completely stop a
wireless network
802.11i
• Provides standard for WLAN security
• Authentication
• 802.1x
• Data encryption
• AES protocol is used
• Secure fast handoff-This allow roaming
between APs without requiring client to fully
reauthenticate to every AP.
• Will require new hardware
Advantages
•
•
•
•
•
•
•
•
•
Mobility
Ease of Installation
Flexibility
Cost
Reliability
Security
Use unlicensed part of the radio spectrum
Roaming
Speed
Limitations
•
•
•
•
Interference
Degradation in performance
High power consumption
Limited range
Related documents
What is a network?
What is a network?
IntelliSensor™ Product Description - E
IntelliSensor™ Product Description - E
WT8266-S1 FAQ Forum: bbs.wireless-tag.com
WT8266-S1 FAQ Forum: bbs.wireless-tag.com
Network Connection Guide
Network Connection Guide
HOW TO CREATE YOUR KORCETT ACCOUNT HELP!
HOW TO CREATE YOUR KORCETT ACCOUNT HELP!
Internet - Laredo Community College
Internet - Laredo Community College
bhoot pres1
bhoot pres1
A new MAC for Wi-Fi based Underground Networks
A new MAC for Wi-Fi based Underground Networks
Vi-Card
Vi-Card
Market trends for convergence: Cellular/Wi
Market trends for convergence: Cellular/Wi