Wireless Network

Security
unti4
Wireless Network Security
• IEEE 802.11 Wireless LAN overview
• IEEE 802.11i Wireless LAN Security.
IEEE 802.11 wireless LAN overview
IEEE 802 is a committee which developed standards for a wide range
of local area networks (LANs).
In 1990, the IEEE 802 Committee formed a new working group, IEEE
802.11, with a charter to develop a protocol and transmission
specifications for wireless LANs (WLANs).
Keeping pace with this demand, the IEEE 802.11 working group has
issued an ever-expanding list of standards.
Table 17.1 briefly defines key terms used in the IEEE 802.11
standard
IEEE 802.11 wireless LAN overview
IEEE 802.11 wireless LAN overview: IEEE
802 Protocol Architecture
• IEEE 802.11 standards are defined within the structure of a layered set of protocols.
• This structure, used for all IEEE 802 standards, is illustrated in Figure 17.1.
1. PHYSICAL LAYER :The lowest layer of the IEEE 802 reference [Link] functions are encoding/decoding of
signals and bit transmission/reception. It includes a specification of the transmission medium. In IEEE
802.11 it defines frequency bands and antenna characteristics.
2. MEDIA ACCESS CONTROL :The MAC layer receives data from a higher-layer protocol, typically the Logical
Link Control (LLC) layer, in the form of a block of data known as the MAC service data unit (MSDU).
 MAC layer performs the following functions:
• On transmission: assemble data into a frame, known as a MAC protocol data unit
(MPDU) with address and error-detection fields.
• On reception: disassemble frame to perform address recognition and error
detection.
• Govern access to the LAN transmission medium
3. LOGICAL LINK CONTROL : The MAC layer is responsible for detecting errors and discarding any
frames that contain errors. The LLC layer optionally keeps track of which frames have been
successfully received and retransmits unsuccessful frames
IEEE 802.11 wireless LAN overview
IEEE 802.11 wireless LAN overview
• MPDUs have a format similar to that of Figure 17.2.
• The fields of this frame are
 MAC Control: has protocol control information needed for the functioning of
the MAC protocol. For example, a priority level could be indicated here.
Destination MAC Address: The destination physical address on the LAN for
this MPDU.
Source MAC Address: The source physical address on the LAN for this MPDU.
MAC Service Data Unit: The data from the next higher layer.
CRC: The cyclic redundancy check field ,Also called Frame Check Sequence
(FCS) field.
IEEE 802.11 wireless LAN overview
 IEEE 802.11 wireless LAN overview
IEEE 802.11 Network Components and Architectural Model
• The smallest building block of a wireless LAN is a basic service set (BSS), which
consists of wireless stations executing the same MAC protocol and competing for
access to the same shared wireless medium.
• A BSS may be isolated, or it may connect to a backbone distribution system (DS)
through an access point (AP).
• The AP functions as a bridge and a relay point. In a BSS, client stations do not
communicate directly with one another. Rather, if one station in the BSS wants to
communicate with another station in the same BSS, the MAC frame is first sent
from the originating station to the AP and then from the AP to the destination
station. Similarly, a MAC frame from a station in the BSS to a remote station is
sent from the local station to the AP and then relayed by the AP over the DS on
its way to the destination [Link] DS can be a switch, a wired network, or a
wireless network.
IEEE 802.11 wireless LAN overview
IEEE 802.11 wireless LAN overview
• When all the stations in the BSS are mobile stations that communicate
directly with one another (not using an AP), the BSS is called an
independent BSS (IBSS). An IBSS is typically an ad hoc network.
• A simple configuration is shown in Figure 17.3, in which each station belongs
to a single [Link] is also possible for two BSSs to overlap geographically, so
that a single station could participate in more than one BSS.
• The association between a station and a BSS is dynamic. Stations may turn
off, come within range, and go out of range.
• An extended service set (ESS) consists of two or more basic service sets
interconnected by a distribution [Link] extended service set appears
as a single logical LAN to the logical link control (LLC) level.
IEEE 802.11 wireless LAN overview
IEEE 802.11 Services
• Has nine services that need to be provided by the wireless LAN to achieve
functionality equivalent to that which is inherent to wired LANs.
Table 17.2 lists the services and indicates two ways of categorizing them.
The service provider can be either the station or the DS. Station services are
implemented in every 802.11 station, including AP stations. Distribution
services are provided between BSSs; these services may be implemented in
an AP or in another special-purpose device attached to the distribution
system.
Three of the services are used to control IEEE 802.11 LAN access and
confidentiality. Six of the services are used to support delivery of MSDUs
between stations. If the MSDU is too large to be transmitted in a single
MPDU, it may be fragmented and transmitted in a series of MPDUs.
IEEE 802.11 wireless LAN overview
IEEE 802.11i Wireless LAN
Security.
• There are two characteristics of a wired LAN that are not inherent in a
wireless LAN
1. In order to transmit over a wired LAN, a station must be physically
connected to the LAN. On the other hand, with a wireless LAN, any station
within radio range of the other devices on the LAN can transmit.
There is a form of authentication to connect a station to a wired LAN.
[Link] receive a transmission from a station that is part of a wired LAN, the
receiving station also must be attached to the wired LAN. On the other
hand, with a wireless LAN, any station within radio range can receive.
Thus, a wired LAN provides a degree of privacy, limiting reception of data
to stations connected to the LAN
IEEE 802.11i Wireless LAN Security.

• In order to accelerate the introduction of strong security into WLANs,

the Wi-Fi Alliance promulgated Wi-Fi Protected Access (WPA) as a
Wi-Fi standard.
• WPA is a set of security mechanisms that eliminates most 802.11
security issues and was based on the current state of the 802.11i
standard.
• The final form of the 802.11i standard is referred to as Robust
Security Network (RSN).
 IEEE 802.11i Wireless LAN Security.
IEEE 802.11i Services defined by Robust Security Network (RSN):
Authentication: A protocol is used to define an exchange between a user
and an AS that provides mutual authentication and generates temporary
keys to be used between the client and the AP over the wireless link.
Access control: enforces the use of the authentication function, routes
the messages properly, and facilitates key [Link] various
authentication protocols.
Privacy with message integrity: MAC-level data encrypted along with a
message integrity code that ensures that the data is not altered.
Figure 17.4a indicates the security protocols used to support these
services, while Figure 17.4b lists the cryptographic algorithms used for
these services.
IEEE 802.11i
Wireless LAN Security.
 IEEE 802.11i Wireless LAN Security.
IEEE 802.11i Phases of Operation
• The operation of an IEEE 802.11i RSN can be broken down into five distinct phases
of operation. The exact nature of the phases will depend on the configuration and
the end points of the communication. Possibilities include (see Figure 17.3):
1. Two wireless stations in the same BSS communicating via the access point (AP)
for that BSS.
2. Two wireless stations (STAs) in the same ad hoc IBSS communicating directly
with each other.
3. Two wireless stations in different BSSs communicating via their respective APs
across a distribution system.
4. A wireless station communicating with an end station on a wired network via its
AP and the distribution system
IEEE 802.11i
Wireless LAN
Security.
 IEEE 802.11i Wireless LAN Security.
IEEE 802.11i security is concerned only with secure communication between the STA
and its AP.
 In case 1 in the preceding list, secure communication is assured if each STA
establishes secure communications with the AP.
 In case 2 its similar, with the AP functionality residing in the STA.
 Case 3, security is provided only within each BSS. Endto-end security (if required)
must be provided at a higher layer.
Case 4, security is only provided between the STA and its AP.
 Figure 17.5 depicts the five phases of operation for an RSN and maps them to the
network components involved.
 One new component is the authentication server (AS). The rectangles indicate the
exchange of sequences of MPDUs.
 The five phases are defined as follows:
IEEE 802.11i Wireless LAN Security.

1. Discovery: An AP uses messages called Beacons and Probe

Responses to advertise its IEEE 802.11i security policy. The STA
uses these to identify an AP for a WLAN with which it wishes to
communicate. The STA associates with the AP, which it uses to
select the cipher suite and authentication mechanism when the
Beacons and Probe Responses present a choice.
2. Authentication: The STA and AS prove their identities to each
other. The AP does not participate in the authentication transaction
other than forwarding traffic between the STA and AS
IEEE 802.11i Wireless LAN Security.
3. Key generation and distribution: The AP and the STA perform
several operations that cause cryptographic keys to be generated
and placed on the AP and the STA. Frames are exchanged between
the AP and STA only.
4. Protected data transfer: Frames are exchanged between the STA
and the end station through the AP.
5. Connection termination: The AP and STA exchange frames. During
this phase, the secure connection is torn down and the connection
is restored to the original state.
IEEE 802.11i
Wireless
LAN
Security.
IEEE 802.11i Wireless LAN Security.
IEEE 802.11i
Wireless LAN
Security.