Authentication 802.11 has three means of authentication Verifies user has permission to access network 1. Open authentication: Each WLAN client can be given Service Set Identifier (SSID) of network – Only clients that know SSID may connect – SSID may be entered manually into wireless device, but anyone with device has access to network – Access points (APs) may freely advertise SSID to any mobile device within range 2. Shared key authentication • AP sends the client a challenge text package that the client must encrypt with correct WEP key and return to AP. • If the key is wrong or no key, authentication fails and the client will not be allowed to associate with AP • Shared key is not secure because a hacker can copy the clear text challenge and the encrypted challenge and figure out the key 3. The MAC address (48 bit) can be entered into the AP which will allow clients with valid MAC address to associate. • • Have to enter manually Tedious to update the MAC list in the AP Privacy • 802.11 uses static WEP key to encrypt and decrypt messages. Client and AP use the same key. – Longer the key more secure it is – Have to manually enter the key in the client and the AP – Its not very secure. Can do exhaustive search and break the code in 5 hours. • WLAN security should be handled in layers – It provides stronger overall security – Ability to block access at multiple layers of the network – Flexibility in selecting cost/benefit ratio of desired solution • Layer 1-physical layer security is built into the devices and is free except have to enter/maintain keys – It may be adequate for home user who wants to keep out casual intruder • 802.1x dramatically increases security protection level. • Physical layer encryption – Lowest level of security is WEP (wired equivalent privacy) which allows for 40-bit or 128-bit keys to be entered both in AP and mobile device. – Its not secure cuz can find s/w on internet to crack the encryption. – Also have to manually enter the keys so changing keys is time consuming – If a user is to be removed then have to manually delete the key from AP • Wi-Fi protected access (WPA) combines two components to provide strong security. – 1st component called temporal key integrity protocol (TKIP). It provides data encryption enhancements including key mixing function, message integrity check (MIC), and a re-keying mechanism that rotates through keys faster than any sniffer s/w can decode the keys. • With key mixing, the MS uses the temporal key sent by the AP, its unique MAC address, and an initialization vector, to generate per packet key. • When MIC support is implemented on both the AP and clients, the transmitter of a packet adds a few bytes (the MIC) to the packet before encrypting and transmitting it. Upon receiving the packet, the recipient decrypts it and checks the MIC. If the MIC in the frame matches the calculated value, accept the packet else reject it. MIC is derived using MIC function. • Per packet key: the transmitter uses the base key and the IV vector which changes with every packet to create a new key. • The AP could use even value of IV and client could use odd values of IV. At the end of the IV value, a new WEP key could be used. – 2nd component is 802.1x security. It is 2nd layer of security. It provides a security mechanism thru which a user must be authenticated before getting access to the network. • WEP and TKIP have no user authentication mechanism. Any user that has encryption key (legitimately or illegally obtained) can get free access to the network and traffic data. To overcome this weakness, 802.1x security is layered on top of physical security. – 802.1x user authentication requires a user to provide credentials to the security server before getting access to the network. The credentials could be in form of user id and password, certificate, token, or biometric. – The security server also verifies the access point. The security server also creates a unique pair of encryption keys for this user session, which are sent to both AP and client.