Wireless Security.pdf - PDF Archive

More documents

Recommendations

Info

$C:\Documents and Settings\dave\Desktop\Godel, Escher, Bach ...$

420 Chapter 18 because the flipping of a bit in the ciphertext carries through after the RC4 decryption into the plaintext because RC4(k, X Y) RC4(k, X) Y and therefore: RC4(k, CRC(X ⊕ Y)) RC4(k, CRC(X)) ⊕ CRC(Y) The problem with the message integrity mechanism specified in 802.11 is not only that it uses a linear integrity check algorithm (CRC32) but also the fact that the ICV does not protect all the information that needs to be protected from modification. Recall from Section 18.5 that the ICV is calculated over the MPDU data; in other words, the 802.11 header is not protected by the ICV. This opens the door to redirection attacks as explained below. Consider an 802.11 BSS where an 802.11 STA (Alice) is communicating with a wired station (Bob). Since the wireless link between Alice and the access point (AP) is protected by WEP and the wired link between Bob and access point is not, 14 it is the responsibility of the AP to decrypt the WEP packets and forward them to Bob. Now, Eve captures the packets being sent from Alice to Bob over the wireless link. She then modifies the destination address to another node, say C (Charlie), in the 802.11 header and retransmits them to the AP. Since the AP does not know any better, it decrypts the packet and forwards it to Charlie. Eve, therefore, has the AP decrypt the packets and forward them to a destination address of choice. The simplicity of this attack makes it extremely attractive. All Eve needs is a wired station connected to the AP and she can eavesdrop on the communication between Alice and Bob without needing to decrypt any packets herself. In effect, Eve uses the infrastructure itself to decrypt any packets sent from an 802.11 STA via an AP. Note that this attack does not necessarily require that one of the communicating stations be a wired station. Either Bob or Charlie (or both) could as easily be other 802.11 STAs which do not use WEP. The attack would still hold since the responsibility of decryption would still be with the AP. The bottom line is that the redirection attack is possible because the ICV is not calculated over the 802.11 header. There is an interesting security lesson here. A system can’t have confidentiality without integrity, since an attacker can use the redirection attack and exploit the infrastructure to decrypt the encrypted traffic. Another problem which stems from the weak integrity protection in WEP is the threat of a replay attack. A replay attack works by capturing 802.11 packets transmitted over the wireless interface and then replaying (retransmitting) the captured packet(s) later on 14 WEP is an 802.11 standard used only on the wireless link. www.newnespress.com
Wireless LAN Security 421 with (or without) modification such that the receiving station has no way to tell that the packet it is receiving is an old (replayed) packet. To see how this attack can be exploited, consider a hypothetical scenario where Alice is an account holder, Bob is a bank and Eve is another account holder in the bank. Suppose Alice and Eve do some business and Alice needs to pay Eve $500. So, Alice connects to Bob over the network and transfers $500 from her account to Eve. Eve, however, is greedy. She knows Alice is going to transfer money. So, she captures all data going from Alice to Bob. Even though Eve does not know what the messages say, she has a pretty good guess that these messages instruct Bob to transfer $500 from Alice’s account to Eve’s. So, Eve waits a couple of days and replays these captured messages to Bob. This may have the effect of transferring another $500 from Alice’s account to Eve’s account unless Bob has some mechanism for determining that he is being replayed the messages from a previous session. Replay attacks are usually prevented by linking the integrity protection mechanism to either timestamps and/or session sequence numbers. However, WEP does not provide for any such protection. 18.7 Loopholes in 802.11 Security To summarize, here is the list of things that are wrong with 802.11 security: 1. 802.11 does not provide any mechanism for key establishment over an unsecure medium. This means key sharing among STAs in a BSS and sometimes across BSSs. 2. WEP uses a synchronous stream cipher over a medium, where it is difficult to ensure synchronization during a complete session. 3. To solve the previous problem, WEP uses a per-packet key by concatenating the IV directly to the preshared key to produce a key for RC4. This exposes the base key or master key to attacks like FMS. 4. Since the master key is usually manually configured and static and since the IV used in 802.11 is just 24 bits long, this results in a very limited key-space. 5. 802.11 specifies that changing the IV with each packet is optional, thus making key reuse highly probable. 6. The CRC-32 used for message integrity is linear. www.newnespress.com
Page 2 and 3:
Newnes is an imprint of Elsevier 30
Page 4 and 5:
vi Contents 4.8 Diversity Technique
Page 6 and 7:
viii Contents Chapter 13: Managing
Page 8 and 9:
x Contents 20.8 Summary ...........
Page 10 and 11:
About the Authors Steven Arms (Chap
Page 12 and 13:
About the Authors xv Timothy Stapko
Page 14 and 15:
Part 1 Wireless Technology
Page 16:
4 Chapter 1 Probably the most promi
Page 21:
Wireless Fundamentals 9 standards a
Page 24 and 25:
12 Chapter 1 classroom, provided th
Page 26 and 27:
14 Chapter 1 for multimedia applica
Page 28 and 29:
16 Chapter 1 is installed on their
Page 30 and 31:
18 Chapter 1 ● Switching off the
Page 32 and 33:
20 Chapter 1 Power Consumption The
Page 34:
22 Chapter 2 Table 2.1 : The seven
Page 37 and 38:
Wireless Network Logical Architectu
Page 39 and 40:
Page 41 and 42:
Page 44 and 45:
32 Chapter 2 Layer 2 Data link laye
Page 47 and 48:
Page 49:
Page 52 and 53:
40 Chapter 2 guidelines for impleme
Page 56 and 57:
44 Chapter 2 while asynchronous tra
Page 58:
46 Chapter 2 networks running other
Page 68 and 69:
56 Chapter 3 3.3.2 Access Points Th
Page 71 and 72:
Wireless Network Physical Architect
Page 75 and 76:
Page 81 and 82:
Page 83 and 84:
Page 85:
Table 3.9 : Wireless MAN devices an
Page 88 and 89:
CHAPTER 4 Radio Communication Basic
Page 90 and 91:
Radio Communication Basics 79 In th
Page 92:
Radio Communication Basics 81 Also
Page 95 and 96:
84 Chapter 4 sight, diffraction gai
Page 97 and 98:
86 Chapter 4 40 Path gain vs. Dista
Page 99 and 100:
88 Chapter 4 environment, we distin
Page 101 and 102:
90 Chapter 4 100 10 Percent error 1
Page 103 and 104:
92 Chapter 4 It isn’t necessary t
Page 105 and 106:
94 Chapter 4 Thus, a minimum of cir
Page 107 and 108:
Urban 96 Chapter 4 Noise and its so
Page 110 and 111:
Radio Communication Basics 99 1 0 1
Page 112 and 113:
Radio Communication Basics 101 Tabl
Page 114 and 115:
Radio Communication Basics 103 As l
Page 116 and 117:
Radio Communication Basics 105 ●
Page 118 and 119:
Radio Communication Basics 107 Thes
Page 120 and 121:
Radio Communication Basics 109 cons
Page 122 and 123:
Radio Communication Basics 111 Prea
Page 124 and 125:
Radio Communication Basics 113 thes
Page 126 and 127:
Radio Communication Basics 115 maxi
Page 128 and 129:
Radio Communication Basics 117 Phas
Page 130 and 131:
Radio Communication Basics 119 Sign
Page 132 and 133:
Radio Communication Basics 121 freq
Page 134 and 135:
Radio Communication Basics 123 Mixe
Page 136 and 137:
Radio Communication Basics 125 show
Page 138 and 139:
Radio Communication Basics 127 4.10
Page 140 and 141:
Radio Communication Basics 129 In c
Page 142 and 143:
Radio Communication Basics 131 Freq
Page 144 and 145:
Radio Communication Basics 133 Ther
Page 146 and 147:
Radio Communication Basics 135 4.11
Page 148 and 149:
CHAPTER 5 Infrared Communication Ba
Page 150:
Infrared Communication Basics 139 R
Page 154 and 155:
CHAPTER 6 Wireless LAN Standards St
Page 156:
Wireless LAN Standards 145 Standard
Page 162 and 163:
Wireless LAN Standards 151 In passi
Page 164 and 165:
Wireless LAN Standards 153 6.3 802.
Page 166 and 167:
Wireless LAN Standards 155 Modulati
Page 168 and 169:
Wireless LAN Standards 157 Table 6.
Page 170:
Wireless LAN Standards 159 short da
Page 174 and 175:
Wireless LAN Standards 163 6.4.2 Sp
Page 176 and 177:
Wireless LAN Standards 165 Table 6.
Page 178 and 179:
Wireless LAN Standards 167 6.4.3.2
Page 180:
Wireless LAN Standards 169 Modulati
Page 184 and 185:
Wireless LAN Standards 173 formed i
Page 186 and 187:
CHAPTER 7 Wireless Sensor Networks
Page 188 and 189:
Wireless Sensor Networks 177 wirele
Page 190:
Wireless Sensor Networks 179 Figure
Page 193:
182 Chapter 7 It is expected that o
Page 196 and 197:
Wireless Sensor Networks 185 Additi
Page 198 and 199:
Wireless Sensor Networks 187 a trai
Page 200 and 201:
Wireless Sensor Networks 189 7. Mor
Page 202 and 203:
CHAPTER 8 Attacks and Risks John Ri
Page 204 and 205:
Attacks and Risks 195 In addition t
Page 206 and 207:
Attacks and Risks 197 total complai
Page 208 and 209:
Attacks and Risks 199 attributed to
Page 210 and 211:
Attacks and Risks 201 3. receives,
Page 212 and 213:
Attacks and Risks 203 undetected an
Page 214 and 215:
Attacks and Risks 205 Step 3 : Iden
Page 216 and 217:
Attacks and Risks 207 14. U.S. Depa
Page 218 and 219:
210 Chapter 9 9.1 What Is Security?
Page 220 and 221:
212 Chapter 9 Alice (manager) Bob (
Page 222:
214 Chapter 9 the security policy s
Page 226 and 227:
218 Chapter 9 Figure 9.4 : Enigma M
Page 231 and 232:
Security Defined 223 form of authen
Page 235 and 236:
Security Defined 227 to provide sec
Page 238:
230 Chapter 9 key hidden from the p
Page 241 and 242:
234 Chapter 10 Before we get starte
Page 243 and 244:
236 Chapter 10 cryptography, using
Page 245 and 246:
238 Chapter 10 A lot of cryptograph
Page 247 and 248:
240 Chapter 10 suspicious involveme
Page 249 and 250:
242 Chapter 10 to ensure that the p
Page 251 and 252:
244 Chapter 10 that we may discover
Page 253 and 254:
246 Chapter 10 10.5.1 SSH Sharing m
Page 256 and 257:
Standardizing Security 249 is estab
Page 258 and 259:
252 Chapter 11 was an internal proj
Page 260:
254 Chapter 11 authentication, so j
Page 264:
258 Chapter 11 SSL Session record H
Page 268:
262 Chapter 11 The client uses the
Page 274 and 275:
268 Chapter 11 11.6 SSL in Practice
Page 276 and 277:
270 Chapter 12 at some specific alg
Page 278 and 279:
272 Chapter 12 ● ● ● ● ●
Page 280 and 281:
274 Chapter 12 The reason the mecha
Page 282 and 283:
276 Chapter 12 // Finally, finalize
Page 284 and 285:
278 Chapter 12 technology for at le
Page 286 and 287:
280 Chapter 12 asymmetric) are much
Page 288 and 289:
282 Chapter 12 and time. Once they
Page 290 and 291:
284 Chapter 12 optimizations we wil
Page 292 and 293:
286 Chapter 12 The trick works beca
Page 294:
288 Chapter 12 The other common sym
Page 297 and 298:
Cryptography 291 in RSA is less sim
Page 299 and 300:
CHAPTER 13 Managing Access John Rit
Page 301 and 302:
Managing Access 295 13.1.3.2 Accoun
Page 303 and 304:
Managing Access 297 of the session
Page 305 and 306:
Managing Access 299 process of look
Page 307 and 308:
Managing Access 301 3. Deterrent, t
Page 309 and 310:
Managing Access 303 administration
Page 311 and 312:
Managing Access 305 Example of Elem
Page 313 and 314:
Managing Access 307 the system bein
Page 315 and 316:
Managing Access 309 13.2 Password M
Page 317 and 318:
Managing Access 311 13.2.4 Password
Page 319 and 320:
Managing Access 313 password is “
Page 321 and 322:
Managing Access 315 2. U.S. Departm
Page 323 and 324:
318 Chapter 14 The new legislation
Page 325 and 326:
320 Chapter 14 of law enforcement a
Page 327 and 328:
322 Chapter 14 Title IX, “ Improv
Page 329 and 330:
324 Chapter 14 14.5.2 Obtaining Voi
Page 331 and 332:
326 Chapter 14 [6] one applying to
Page 333 and 334:
328 Chapter 14 computer networks; (
Page 335 and 336:
330 Chapter 14 14.5.10 Deterrence a
Page 337 and 338:
332 Chapter 14 now aggregate “ lo
Page 339 and 340:
334 Chapter 14 computer forensic la
Page 341 and 342:
336 Chapter 14 7. Known as the wire
Page 343 and 344:
338 Chapter 15 and share enumerator
Page 345 and 346:
340 Chapter 15 Because this individ
Page 347 and 348:
342 Chapter 15 so on. Most of the s
Page 349 and 350:
344 Chapter 15 15.4.1.4 AiroPeek NX
Page 351 and 352:
346 Chapter 15 modify its content (
Page 353 and 354:
348 Chapter 15 this data, the hacke
Page 355 and 356:
350 Chapter 15 requesting access wi
Page 357 and 358:
352 Chapter 15 corporate network fr
Page 359 and 360:
354 Chapter 15 computer, especially
Page 361 and 362:
356 Chapter 15 pigtail cables and v
Page 363 and 364:
358 Chapter 15 One might think it w
Page 365 and 366:
360 Chapter 15 Few WLAN discovery t
Page 367 and 368:
CHAPTER 16 Security Policy George L
Page 369 and 370:
Security Policy 365 Define a policy
Page 371 and 372: Part 3 Wireless Network Security
Page 374 and 375: Security in Traditional Wireless Ne
Page 377 and 378: 374 Chapter 17 network. On the othe
Page 379 and 380: 376 Chapter 17 Ki (128 bit), RAND (
Page 381 and 382: 378 Chapter 17 protection. The abse
Page 383 and 384: 380 Chapter 17 SRES to these challe
Page 386: Security in Traditional Wireless Ne
Page 389 and 390: 386 Chapter 17 From a client’s (M
Page 391 and 392: 388 Chapter 17 17.4.3 Authenticatio
Page 393 and 394: 390 Chapter 17 Generate SQN Generat
Page 395 and 396: 392 Chapter 17 Count-c Direction Co
Page 397 and 398: 394 Chapter 17 Count-i Direction Co
Page 399 and 400: 396 Chapter 17 MS SRNC VLR/SGSN 1.
Page 401: 398 Chapter 17 provide confidential
Page 405 and 406: CHAPTER 18 Wireless LAN Security Pr
Page 407 and 408: Wireless LAN Security 405 retrospec
Page 410 and 411: 408 Chapter 18 the former case, it
Page 412: 410 Chapter 18 1 2 3 4 Station Acce
Page 415 and 416: Wireless LAN Security 413 18.4.5 Ps
Page 417 and 418: Wireless LAN Security 415 RC4 encry
Page 419 and 420: Wireless LAN Security 417 key-strea
Page 421: Wireless LAN Security 419 Frame hea
Page 425 and 426: Wireless LAN Security 423 The Wi-Fi
Page 427 and 428: Wireless LAN Security 425 WEP WPA (
Page 429 and 430: Wireless LAN Security 427 TSC/IV hi
Page 434 and 435: 432 Chapter 18 a common theme in mo
Page 436: 434 Chapter 18 Therefore, TKIP uses
Page 439 and 440: Wireless LAN Security 437 designing
Page 441: Wireless LAN Security 439 To summar
Page 445 and 446: Wireless LAN Security 443 more than
Page 447: CHAPTER 19 Security in Wireless Ad
Page 450 and 451: 448 Chapter 19 ● ● ● ● Conc
Page 454 and 455: 452 Chapter 19 is optional. However
Page 456 and 457: 454 Chapter 19 HigherLayer_KeyEst.
Page 458 and 459: 456 Chapter 19 Device A: Verifier D
Page 460 and 461: 458 Chapter 19 The process of gener
Page 462 and 463: 460 Chapter 19 less than 128 bits.
Page 464 and 465: 462 Chapter 19 identity it is clami
Page 466 and 467: 464 Chapter 19 Device A: Master Dev
Page 468 and 469: 466 Chapter 19 Initialize key strea
Page 470 and 471: 468 Chapter 20 Figure 20.1 : The Li
Page 472 and 473:
470 Chapter 20 Figure 20.3 : The ad
Page 474 and 475:
472 Chapter 20 Figure 20.6 : The WE
Page 479 and 480:
Implementing Basic Wireless Securit
Page 481 and 482:
Page 483 and 484:
Page 485 and 486:
Page 487 and 488:
Page 489 and 490:
Page 491 and 492:
Page 493 and 494:
Page 495 and 496:
Page 497 and 498:
Page 499 and 500:
Page 501 and 502:
Page 503 and 504:
Page 505 and 506:
CHAPTER 21 Implementing Advanced Wi
Page 507 and 508:
Implementing Advanced Wireless Secu
Page 509 and 510:
Page 511 and 512:
Page 513 and 514:
Page 515 and 516:
Page 517 and 518:
Page 519 and 520:
Page 521 and 522:
Page 523 and 524:
Page 525 and 526:
Page 527 and 528:
Page 529 and 530:
Page 531 and 532:
Page 533 and 534:
Page 535 and 536:
Page 537 and 538:
Page 539 and 540:
Page 541 and 542:
Page 543 and 544:
Page 545 and 546:
Page 547 and 548:
Page 549 and 550:
Page 551 and 552:
Page 553 and 554:
Page 555 and 556:
Page 557 and 558:
Page 559 and 560:
Page 561 and 562:
Page 563 and 564:
Page 565 and 566:
Page 567 and 568:
Page 569 and 570:
Page 571 and 572:
Page 573 and 574:
Page 575 and 576:
Page 577 and 578:
Page 579 and 580:
Page 581 and 582:
Page 583 and 584:
Page 585 and 586:
Part 4 Other Wireless Technology
Page 587 and 588:
586 Chapter 22 22.2 The Basics of W
Page 589 and 590:
588 Chapter 22 coming in a distant
Page 591 and 592:
590 Chapter 22 Figure 22.1 : The Ad
Page 593 and 594:
592 Chapter 22 Figure 22.2 : Config
Page 595 and 596:
594 Chapter 22 security as long as
Page 597 and 598:
596 Chapter 22 you protect these fi
Page 599 and 600:
598 Chapter 22 22.4.3 Use Encryptio
Page 601 and 602:
600 Chapter 22 22.6 Additional Reso
Page 603:
602 Chapter 23 by modern networked
Page 606 and 607:
Wireless Embedded System Security 6
Page 608 and 609:
Page 610 and 611:
Page 614 and 615:
Page 616 and 617:
CHAPTER 24 RFID Security Frank Thor
Page 618 and 619:
RFID Security 617 encryption in 197
Page 620 and 621:
RFID Security 619 Figure 24.2 : RFI
Page 622 and 623:
RFID Security 621 Figure 24.3 : Two
Page 624:
RFID Security 623 24.5.1 Tag/Label
Page 627 and 628:
626 Chapter 24 The reader retrieves
Page 630 and 631:
RFID Security 629 Table 24.2 : RFID
Page 632 and 633:
RFID Security 631 Figure 24.7 : Fak
Page 634 and 635:
RFID Security 633 ExxonMobil has ex
Page 636 and 637:
RFID Security 635 database was not
Page 638 and 639:
RFID Security 637 can obtain a dram
Page 640 and 641:
RFID Security 639 At any point in t
Page 642 and 643:
RFID Security 641 lost? Will it be
Page 644 and 645:
RFID Security 643 possibility of St
Page 646 and 647:
RFID Security 645 building and to e
Page 648 and 649:
RFID Security 647 If we make three
Page 650 and 651:
APPENDIX A Wireless Policy Essentia
Page 652 and 653:
Wireless Policy Essentials 651 netw
Page 654 and 655:
Wireless Policy Essentials 653 Ins
Page 656 and 657:
Wireless Policy Essentials 655 ●
Page 658 and 659:
Wireless Policy Essentials 657 prop
Page 660 and 661:
Page 662 and 663:
Wireless Policy Essentials 661 wher
Page 664 and 665:
Wireless Policy Essentials 663 appr
Page 666 and 667:
Wireless Policy Essentials 665 Netw
Page 668 and 669:
Wireless Policy Essentials 667 3. C
Page 670 and 671:
Wireless Policy Essentials 669 14.
Page 672 and 673:
Wireless Policy Essentials 671 3. D
Page 674 and 675:
Wireless Policy Essentials 673 3.0
Page 676 and 677:
Wireless Policy Essentials 675 been
Page 678 and 679:
Wireless Policy Essentials 677 and
Page 680 and 681:
Wireless Policy Essentials 679 comp
Page 682 and 683:
Wireless Policy Essentials 681 appr
Page 684 and 685:
Page 686 and 687:
Page 688 and 689:
Page 690 and 691:
Page 692 and 693:
Page 694 and 695:
Page 696 and 697:
Page 698 and 699:
Wireless Policy Essentials 697 The
Page 700 and 701:
Page 702 and 703:
APPENDIX B Glossary Tony Bradley Ac
Page 704 and 705:
Glossary 703 Broadband: Technically
Page 706 and 707:
Glossary 705 Encryption: Encryption
Page 708 and 709:
Glossary 707 to “ chat ” in rea
Page 710 and 711:
Glossary 709 NAT: Network Address T
Page 712 and 713:
Glossary 711 French and one German,
Page 714 and 715:
Glossary 713 Trojan: A Trojan horse
Page 716 and 717:
716 Index Access control (continued
Page 718 and 719:
718 Index Cyberterrorism, deterrenc
Page 720 and 721:
720 Index Linksys WRV54G VPN broadb
Page 722 and 723:
722 Index Secure Sockets Layer (SSS
Page 724 and 725:
724 Index Wireless embedded system
Page 726:
726 Index Wireless security impleme
show all

Wireless Security.pdf - PDF Archive

Create successful ePaper yourself

Delete template?

Save as template?