Global ETD Search

1	Υλοποίηση κρυπτογραφικού συστήματος σε υλικό για ασύρματες επικοινωνίες Πρασσά, Διονυσία 31 October 2008 (has links) Η αυξανόμενη χρήση ασύρματων συσκευών προωθεί την υλοποίηση WLANs, διευκολύνοντας τον χρήστη να έχει πρόσβαση στις πηγές του δικτύου οποιαδήποτε στιγμή και από οποιοδήποτε σημείο. Όμως, ένα από τα προβλήματα που εισάγει η ασύρματη επικοινωνία είναι η ασφάλεια των μεταδιδόμενων δεδομένων όσον αφορά το ασύρματο κομμάτι της σύνδεσης, δηλαδή μεταξύ χρήστη και σημείου πρόσβασης ή μεταξύ δύο χρηστών. Το νεότερο πρωτόκολλο προστασίας που διευθετεί το θέμα της ασφάλειας είναι το IEEE 802.11i. Σκοπός αυτής της διπλωματικής εργασίας είναι η μελέτη και η υλοποίηση του μηχανισμού κρυπτογράφησης του πρωτοκόλλου CCMP σε γλώσσα περιγραφής υλικού VHDL, που αποτελεί το κύριο πρωτόκολλο προστασίας δεδομένων που ορίζει το πρωτόκολλο IEEE 802.11i. / The growing use of wireless applications boosts the evolution of WLANs, so that the user can have full access to the net sources regardless time and place. However, one of the biggest issues of wireless communications is the safety of the transported data between the station and the Access Point or between the two stations. IEEE 802.11i is the recent protocol for protection in WLANs. The goals of this thesis are the study and the development of the cryptographic protocol CCMP in VHDL. CCMP is the mandatory cryptographic protocol defined in IEEE 802.11i. 005.82 Wireless communications CCMP AES IEEE 802.11i
2	Snabb och säker roaming i WLAN / Fast and Secure Roaming in WLAN Falk, Magnus January 2004 (has links) <p>This thesis investigates how Ericsson AB should do to achieve fast and secure handover when roaming in a WLAN. It also provides a security analysis of the system that the wireless access point is part of. The reason for this is that Ericsson is selling an access point called the ABS 2200 aimed at the public hotspot market. </p><p>The premise was that they wanted a standardized way of handling the roaming issue. At the outset the 802.11F standard looked like a good alternative (in fact the only standardized alternative). Towards last stages of the work though, it was discovered that the 802.11F standard is no longer supported by IEEE. </p><p>Despite this fact, the conclusion is that secure and fast roaming can be attained if 802.11F is combined with the security standard 802.11i. </p><p>The security analysis concludes that Denial Of Service is a major threat to WLAN hotspots. It also points out the link between the access point and authentication server is the weakest link in the system. The recommendation is that this link receives an additional layer of protection through IPsec withESP. The algorithm recommendations for ESP are AES for confidentiality and SHA-1 for integrity. </p><p>This thesis can also be used as a primer on security in WLAN and contains an extensive glossary making it useful as a reference when reading 802.11 standards.</p> Datalogi 802.11 802.11i 802.11F IAPP WPA WPA2 RADIUS EAP-SIM WLAN 802.1X Datalogi Computer science Datalogi
3	Robustness in Wireless Network Access Protocols Eian, Martin January 2012 (has links) Wireless network access protocols are used in numerous safety critical applications. Network availability is essential for safety critical applications,since loss of availability can cause personal or material damage. An adversary can disrupt the availability of a wireless network using denial of service (DoS) attacks. The most widely used wireless protocols are vulnerable to DoS attacks. Researchers have published DoS attacks against IEEE 802.11 local area networks (LANs), IEEE 802.16 wide area networks (WANs) and GSM andUMTS mobile networks. In this work, we analyze DoS vulnerabilities in wireless network protocols and define four categories of attacks: jamming attacks, flooding attacks, semantic attacks and implementation specific attacks. We identify semantic attacks as the most severe threat to current andfuture wireless protocols, and as the category that has received the least attention by researchers. During the first phase of the research project we discover semantic DoS vulnerabilities in the IEEE 802.11 communication protocols through manual analysis. The 802.11 standard has been subject to manual analysis of DoS vulnerabilities for more than a decade, thus our results indicate that protocol vulnerabilities can elude manual analysis. We conclude that formal methods are required in order to improve protocol robustness against semantic DoS attacks.We propose a formal method that can be used to automatically discover protocol vulnerabilities. The formal method defines a protocol model, adversary model and cost model. The protocol participants and adversary are modeled as finite state transducers, while the cost is modeled as a function of time. Our primary goal is to construct a formal method that is practical, i.e. does not require a vast amount of resources to implement, and useful, i.e. able to discover protocol vulnerabilities. We verify and validate our proposed method by modeling the 802.11w amendment to the 802.11 standard using Promela as the modeling language. We then use the SPIN model checker to verify the model properties and experiments to validate the results. The modeling and experiments result in the discovery and experimental validation of four new deadlock vulnerabilities that had eluded manual analysis. We find one deadlock vulnerability in 802.11i and three deadlock vulnerabilitiesin 802.11w. A deadlock vulnerability is the most severe form of communication protocol DoS vulnerabilities, and their discovery and removal are an essential part of robust protocol design. Thus, we conclude that our proposed formal method is both practical and useful. Wireless Network Security Availability Denial of Service Formal Methods 802.11 802.11i 802.11w
4	Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control) Richter, Lars 11 March 2005 (has links) (PDF) In der Arbeit wird der Standard 802.1x (Port-Based Network Access Control) näher betrachtet. Es werden die Funktionsweise und die Eigenschaften dieses Standards aufgezeigt. Weiterhin werden Hardware- und Softwareprodukte für die Nutzung des durch den Standard definierten Authentifizierungsverfahrens vorgestellt und analysiert. Abschließend erfolgt die Betrachtung für den Einsatz an der TU Chemnitz und der damit erfolgten Entwicklung einer Authenticator Komponenten. 802.11 802.11i Supplicant WPA 802.1x Authentication-Server Authenticator EAP EAPOL Funknetzwerk RADIUS ddc:004 Zugangsverfahren Netzwerk
5	A Novel Design and Implementation of DoS-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs Lee, Isaac Chien-Wei January 2010 (has links) With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Therefore, it has been suggested that 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This research first investigates common DoS vulnerabilities in a Robust Security Network (RSN), which is defined in the 802.11i standard, and presents an empirical analysis of such attacks – in particular, flooding-based DoS attacks. To address those DoS issues, this thesis proposes a novel design and implementation of a lightweight stateless authentication scheme that enables wireless access points (APs) to establish a trust relationship with an associating client and derive validating keys that can be used to mutually authenticate subsequent layer-2 (link layer) management frames. The quality of service provisioning for real-time services over a WLAN requires the total latency of handoff between APs to be small in order to achieve seamless roaming. Thus, this thesis further extends the proposed link-layer authentication into a secure fast handoff solution that addresses DoS vulnerabilities as well as improving the existing 802.11i handoff performance. A location management scheme is also proposed to minimise the number of channels required to scan by the roaming client in order to reduce the scanning delay, which could normally take up 90% of the total handoff latency. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result successfully demonstrated that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services. 802.11i 802.11r WLAN handoff roaming Denial of service attacks scanning RSNA client puzzle authentication
6	Zabezpečení bezdrátových sítí IEEE 802.11 / Security of wireless computer networks IEEE 802.11 Škodák, Jaroslav January 2008 (has links) This work describes available and used standards, protocols and mechanisms used to secure IEEE 802.11 wireless networks. In the next section are listed vulnerabilities and possible attacks against different types of security. The principles of individual attacks on authentication, WEP security and WPA/WPA2 personal mode are described and realized using various software especially linux program aircrack-ng. Password for WEP security is obtained by passive eavesdropping data, using ARP replay injection and by creating own frames. The last two methods are used to generate traffic on the network, which is captured and then used to derive the WEP password. By injecting ARP frames, password was found in the number 60 000 captured frames and about 180 000 frames of data was needed for passive method. Decryption of WEP frame was done by fragment and KoreK chopchop attacks. This decrypted frame could be used to create fake frames and obtain WEP password. Brute force attack is realized for security WPA (WPA2) personal mode (often due to lack of strong password) by comparing password (passphrase) from password list. Speed of comparing is about 200 passwords/s.
7	Zefektivnění zabezpečení bezdrátových sítí / Security Protection efficiency improvement for Wireless Networks Marušek, Michal January 2009 (has links) Nowadays every wireless radio-communication services encompass huge type of technology used for transfer video, voice or data. Wireless communication is the most expanded branch and many companies are using this technology because of low cost and simply management. The biggest advantage is easy connection to shared wireless medium and allows users of network to move around whole covered area. The most expanded types of wireless networks are called Wireless LAN (WLAN). With rising number of WLANs is rising chance to attack shared wireless medium by hacker and many sensitive information can be stolen or modified. To avoid this chance was created the first security protocol used in WLAN called WEP. Its goal was protect data transmitted trough WLAN as strong as were protected in wired networks. Unfortunately WEP was hiding a big weakness which can be used in a crack of WLAN in a minute with the aid of special software. Example of this kid of software can be Airsnort constructed to monitor shared medium and captured every packet transferred trough this medium. Based on statistical method Airsnort can obtain hidden password in a few minutes. The second type of this software can be Aircrack-ng, which can crack hidden password without any user connected to WLAN. Aircrack-ng uses active techniques to generate network load and can obtain password more effectively and faster. The result of both cases was successful and protection of WLAN was completely cracked. Later was created new security protocol called WPA, which had to fix the cryptography weakness of previous WEP. WPA was only temporary security protocol, during standard 802.11 was developing which had to offer highest security and integrity protection of transferred data trough WLAN. For this reasons was created new version of WPA called WPA2 which satisfy requirements of standard 802.11i. Both protocols WPA/WPA2 contain weakness, which can crash security of WLAN. This crack is based on authentication PSK. Attacker during authentication is using information from four-way handshake between user of WLAN and access point. Based on this information attacker can crack password with the aid of password list attack which took approximately 30 minutes. Based on previous result is important to chose strong password contains alphanumeric string or special strings with satisfy length.
8	Horizontal Handoffs within WLANs : A detailed analysis and measurement concerning voice like traffic Nankani, Ajeet January 2005 (has links) IEEE 802.11 based Wireless Local Area Networks (WLANs) in addition to being used as access networks for providing traditional data services, are now also being used as access networks for providing realtime services such as VoIP and multimedia streaming. These realtime services are sensitive to latency, hence requiring seamless or low delay service from the lower layers throughout an ongoing session. The IEEE 802.11 standard does not define any technique or algorithm to provide seamless connectivity during the process of handoff, hence it does not require 802.11 based WLANs to provide the same. Thus, it is typical that there is a latency of 500 milliseconds to 1000 milliseconds during the handoff, before the mobile station can connect and receive data from the new access point (AP). However, many realtime services can not tolerate this much latency. The problem of handoff latency is further aggravated when WLANs are secured using IEEE 802.11i standard and when Authentication, Authorization & Accounting (AAA) services are involved in controlling network access to 802.11 based WLANs. This thesis will address the entire handoff process and examine the latency -- especially regarding AAA services. Different techniques and suggestions will be presented and analyzed closely at different layers and based on the results, an appropriate/efficient algorithm is suggested which will reduce this handoff latency, such that that seamless handoff can be achieved and realtime services can be provided over 802.11i enabled IEEE 802.11 WLANs. / Wireless Local Area Network (WLAN), baserat på IEEE 802.11 har traditionellt nyttjats som som accessnät för vanliga datatjänster. Ett allt vanligare användningsområde har blivit att nyttja samma nät för realtidstjänster som Voice over IP (VoIP) och mutimedia. Realtidstjänster är känsliga för fördröjningar. Fördröjningar som bland annat kan erhållas från de lägre nivåerna i OSI-stacken. IEEE 802.11-standarden definierar ingen teknik eller algoritm för att säkerställa avbrottsfri/fördröjningsfri transmission av data vid handoff och följdaktligen så kan man idag inte luta sig mot denna standard för att erhålla denna funktionalitet. Med nyttjande av befintlig IEEE 802.11 standarder erhålls fördröjningar på mellan 0,5 till 1 sekunder. Detta är naturligtvis inte acceptablet för många realtid och realtidsliknande tjänster. Problemet vid handoff accentueras ytterliggare om kravs ställs på AAA-tjänster för att säkerställa säkerheten i ett IEEE 802.11-baserat WLAN. Denna uppsats adresserar hela handoffprocessen med tillhörande fördröjningar – speciellt med hänsyn till AAA-tjänsterna. Olika tekninker och förslag presenteras och analyseras på olika nivåer. Baserat på erhållna resultat föreslås en algoritm för att reducera tidsåtgång vid handoff, så att realtidsliknande tjänster erhålls, utan störande fördröjningar, vid nyttjande av 802.11i. WLAN 802.11 handover handoff 802.11i VoIP over WLAN horizontal handoff horizontal handover VoWLAN Communication Systems Kommunikationssystem
9	Developing Strand Space Based Models And Proving The Correctness Of The Ieee 802.11i Authentication Protocol With Restricted Sec Furqan, Zeeshan 01 January 2007 (has links) The security objectives enforce the security policy, which defines what is to be protected in a network environment. The violation of these security objectives induces security threats. We introduce an explicit notion of security objectives for a security protocol. This notion should precede the formal verification process. In the absence of such a notion, the security protocol may be proven correct despite the fact that it is not equipped to defend against all potential threats. In order to establish the correctness of security objectives, we present a formal model that provides basis for the formal verification of security protocols. We also develop the modal logic, proof based, and multi-agent approaches using the Strand Space framework. In our modal logic approach, we present the logical constructs to model a protocol's behavior in such a way that the participants can verify different security parameters by looking at their own run of the protocol. In our proof based model, we present a generic set of proofs to establish the correctness of a security protocol. We model the 802.11i protocol into our proof based system and then perform the formal verification of the authentication property. The intruder in our model is imbued with powerful capabilities and repercussions to possible attacks are evaluated. Our analysis proves that the authentication of 802.11i is not compromised in the presented model. We further demonstrate how changes in our model will yield a successful man-in-the-middle attack. Our multi-agent approach includes an explicit notion of multi-agent, which was missing in the Strand Space framework. The limitation of Strand Space framework is the assumption that all the information available to a principal is either supplied initially or is contained in messages received by that principal. However, other important information may also be available to a principal in a security setting, such as a principal may combine information from different roles played by him in a protocol to launch a powerful attack. Our presented approach models the behavior of a distributed system as a multi-agent system. The presented model captures the combined information, the formal model of knowledge, and the belief of agents over time. After building this formal model, we present a formal proof of authentication of the 4-way handshake of the 802.11i protocol. Security protocols authentication 802.11i strand space system multi-agent model Computer Sciences Engineering
10	Wireless network security: design considerations for an enterprise network Oh, Khoon Wee 12 1900 (has links) Approved for public release, distribution is unlimited / Since its introduction in 1999, the Institute of Electrical and Electronics Engineers (IEEE) 802.11 Wireless Local Area Network (WLAN) has become the de-facto standard for wireless networking, providing convenient and low cost connectivity. Increasingly, enterprises are extending their networks with 802.11-based WLANs to provide mobility and information-on-the-move for its employees. However, the introduction of WLANs into enterprise networks has raised major concerns about security. A poorly implemented WLAN introduces weaknesses in the enterprise network which can be exploited by attackers, resulting in severe consequences for the enterprise. This thesis was sponsored by the DoD to study the problem of designing a secure wireless architecture for an enterprise network. The specific requirements for the enterprise network were based extensively on DoD and the intelligence community's security guidelines and policies. This thesis provides an indepth analysis into the 802.11 standard and measures how far the standard goes in meeting the specific requirements of the enterprise network. This thesis presents a layered-defense architecture to provide a scalable design for secure wireless networks. A prototype system utilizing XML to control the flow of classified information in wireless networks is also presented. . / Civilian, Defense Science and Technology Agency, Singapore IEEE 80211 (Standard) Wireless LANs Standards Wireless communication systems Computer networks Security measures 802.11 WLAN 802.11i WEP WPA Wireless

Search results