Shortcomings of plain WEP security | Siemens IEEE802.11 manual

Shortcomings of plain WEP security

νWEP unsecure at any key length

–IV space too small, lack of IV replay protection

–known plaintext attacks

νNo user authentication

–Only NICs are authenticated

νNo mutual authentication

–Only station is authenticated against access point

νMissing key management protocol

–No standardized way to change keys on the fly

–Difficult to manage per-user keys for larger groups

νWEP is no mean to provide security for WLAN access,

–… but might be sufficient for casual uses.

WLAN-IEEE802.11 Tutorial (Maximilian Riegel), 021018-wlan-tutorial.ppt	Page 60	© Siemens, 2002

Image 60

Siemens IEEE802.11 manual Shortcomings of plain WEP security

Contents

Maximilian Riegel Prolog Ubiquitous Wlan Prolog Wlan has taken off Outline Part Wireless Internet system architecture Generic Internet network architecture Peer Layering means encapsulation Html IEEE802.11 seamless integration into the Internet IP based network architecture $*6 Wireless LAN IEEE802.11 basic architecture What is unique about wireless? Part 2 IEEE802.11 Overview Wireless IEEE802.11 Standard With 11 Mbps using existing MAC layer IEEE802.11 Configurations IndependentInfrastructure Isochronous Service IEEE802.11 Architecture Overview IEEE802.11 Protocol Architecture MAC MIB Wireless LAN Standardization WIG Part 3 Physical layer IEEE802.11 GHz & 5 GHz Physical Layers GHz Direct Sequence Spread Spectrum Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum RF Energy is Spread by XOR of Data with PRN Sequence Dsss Transmit Spectrum and Channels Specifications IEEE802.11a 5GHz PHY LayerKey milestones IEEE802.11g Further Speed Extension for the 2.4GHz Band CCK-OFDM proposal for up to 54 Mbit/s from Intersil Spectrum Designation in the 5 GHz range IEEE802.11h Spectrum Transmit Power Management TPC Transmission Power ControlDFS Dynamic Frequency Selection … when will 5 GHz WLANs come? Issues of 5 GHz systems PHY Terminology Physical Layer Convergence Protocol Plcp Part 4 Medium Access Control Basic Access Protocol Features Robust for interference CSMA/CA Explained Backoff-Window Defer access based on Carrier Sense CSMA/CA + ACK protocol Distributed Coordination Function DCF Station Hidden Node Provisions STA a STA B IEEE802.11e MAC Enhancements for Quality of Service Edcf Edcf Enhanced Distributed Coordination Function Point Coordination Function PCF IEEE802.11e MAC Enhancements for Quality of Service HCF HCF Hybrid coordination function Frame Formats MAC Header format differs per Type Address Field Description Summary MAC Protocol Features Part 5 MAC layer management Timestamp contains timer value at transmit time Infrastructure Beacon Generation All stations maintain a local timer Timing Synchronization Function TSFTiming Synchronization Function TSF Timing conveyed by periodic Beacon transmissions Scanning Scanning required for many functionsMAC uses a common mechanism for all PHY Passive Scanning Initial connection to an Access Point Active Scanning Example Power Management Considerations Mobile devices are battery powered Power Management Approach Power Management Procedure If TIM indicates frame bufferedBroadcast frames are also buffered in AP MAC Management Frames Beacon Part 6 Wlan Mobility IEEE802.11 Ad Hoc Mode Independent networking IEEE802.11 Infrastructure Mode Mobility inside a Wlan ‘hotspot’ By link layer functions If AP accepts Reassociation Request IEEE802.11f Inter-Access Point Protocol Iapp Iapp defines procedures for Part 7 Wlan security IEEE802.11 Privacy and Access Control Provides for an authentication mechanismShared key authentication is based on WEP privacy mechanism WEP privacy mechanism WEP bit in Frame Control Field indicates WEP used Shared key authentication Station Shortcomings of plain WEP security IEEE802.11i Robust Security Network RSN Security association management Last word about Wlan security Even IEEE802.11i may not be sufficient for public hot-spots Summary MAC Functionality Part 8 Public hotspot operation Serving customers in public hot spots 〈 Rqrwwrxfk Fxvwrphuhtxlsphqw One solution for every place hotspot Cost issues Becoming a Wlan operator is easyLegal aspects in Germany How does your favorite storefront look like? Using a web page for initial user interaction How does it work Web based access control AuthPage Functions of an integrated access gateway User management Real-time accounting based on service, duration and volume Functions of an integrated access gateway Network services Dhcp server for assigning IP addresses to Wlan clientsPolicy engine IP router with NAT engine Part 9 Wlan Umts Interworking Umts and Wireless LAN are different GSM/GPRS/UMTS Wlan IEEE802.11 Wlan as just another radio access technology of Umts Wlan Umts Interworking Ancient approach ‘tight coupling’ Wlan as an extension of a mobile network Tight coupling Wlan is much cheaper than 2G/3G Orjdulwkplfvfdoh Conclusions for Mobile Network Operators Wlan Umts Interworking Now widely accepted ‘loose coupling’ Revenues without competing against aggressive Wlan operators Wlan loosely coupled to a Mobile Network Each hotspot is SS7 endpoint Web based authentication and mobile network security Standards for WLAN/UMTS interworking End Thank you for your attention Questions and comments?Literature