Analýza zabezpečení a autentizace bezdrátových sítí / Analysis of security and authentication of wireless networks

Kulíř, Tomáš

January 2011

This master's thesis deals with wireless networks, mainly about the WiFi. It deals with summary of individual security mechanism both theoretically and using them in real hardware. Mainly it is interested in the security of the individual mechanisms and their weaknesses, which cause rupture of security. At each chapter the ideas and methods, that the attackers are trying for infiltration of wireless networks and decrypt encryption WEP, WPA or WPA2, are outlined. The principle of the authentication of the WiFi by the authentication server and its options, which is connected with directory service LDAP, is also explained in this thesis. The penultimate chapter deals with the summary of security mechanisms and references that should be adhered by design of the WiFi for the provision of the high security. The ending of the master's thesis is devoted to social engineering and its most famous representatives.

Untersuchung und Bewertung von Netzzugangssteuerungen auf Basis des Standards 802.1x (Port-Based Network Access Control)

Richter, Lars

02 January 2005

In der Arbeit wird der Standard 802.1x (Port-Based Network Access Control) näher betrachtet. Es werden die Funktionsweise und die Eigenschaften dieses Standards aufgezeigt. Weiterhin werden Hardware- und Softwareprodukte für die Nutzung des durch den Standard definierten Authentifizierungsverfahrens vorgestellt und analysiert. Abschließend erfolgt die Betrachtung für den Einsatz an der TU Chemnitz und der damit erfolgten Entwicklung einer Authenticator Komponenten.

info:eu-repo/classification/ddc/004

ddc:004

Zugangsverfahren

Netzwerk

802.11

802.11i

Supplicant

WPA

802.1x

Authentication-Server

Authenticator

EAP

EAPOL

Funknetzwerk

RADIUS

Wireless-LAN im Studentennetzwerk (CSN)

Glöckner, Alexander

14 December 2005

Inhalt der Diplomarbeit sind Untersuchungen zur Authentifizierung und Verschlüsselung von drahtlosen Netzwerkverbindungen.

info:eu-repo/classification/ddc/004

ddc:004

Netzwerk

RADIUS <Informatik>

Virtuelles privates Netzwerk

802.1X

AAA

AES-CCMP

DIAMETER

EAP

TKIP

VPN

WPA2

Session hijacking attacks in wireless local area networks

Onder, Hulusi

03 1900

Approved for public release, distribution is unlimited / Wireless Local Area Network (WLAN) technologies are becoming widely used since they provide more flexibility and availability. Unfortunately, it is possible for WLANs to be implemented with security flaws which are not addressed in the original 802.11 specification. IEEE formed a working group (TGi) to provide a complete solution (code named 802.11i standard) to all the security problems of the WLANs. The group proposed using 802.1X as an interim solution to the deficiencies in WLAN authentication and key management. The full 802.11i standard is expected to be finalized by the end of 2004. Although 802.1X provides a better authentication scheme than the original 802.11 security solution, it is still vulnerable to denial-of-service, session hijacking, and man-in-the- middle attacks. Using an open-source 802.1X test-bed, this thesis evaluates various session hijacking mechanisms through experimentation. The main conclusion is that the risk of session hijacking attack is significantly reduced with the new security standard (802.11i); however, the new standard will not resolve all of the problems. An attempt to launch a session hijacking attack against the new security standard will not succeed, although it will result in a denial-of-service attack against the user. / Lieutenant Junior Grade, Turkish Navy

Wireless LANs

IEEE 80211 (Standard)

Data encryption (Computer science)

Authentication

Wireless local area networks

Authentication

Security

Session hijacking

802.1X

802.11

802.11i

Encryption

Access control

Supplicant

Authenticator

Authentication server

Open-source test bed

Modul rozšiřující funkcionalitu GDPR řešení / Module Extending Functionality of GDPR Solution

Janeček, Vít

January 2018

The goal of this thesis is to introduced the principles of access control technologies, the General Data Protection Regulation and the software for data leakage protection. An essential part of the work is a draft and implementation of the expansion module for user device authentication including shared storage access authorization. Therefore, this module allows to verify whether a user can access shared corporate resources. It also allows to enable or disable access based on specified attributes, such as the type of the protected service or user permission. The basic verification of the module's functionality is realized through different sets of tests and a virtual environment that simulates the corporate environment. The result of the draft is a module that allows to verify access based on the device, and this module is moreover integrated into the Safetica security platform.

Zabezpečení bezdrátových sítí / Wireless Network Security

Sedlák, Břetislav

January 2009

Master thesis focuses on wireless network security. The thesis is divided in two parts. First part describes today’s used standards and their components, topology and security methods as stealth SSID, MAC addresses filtration, WEP, WPA and WPA2. The last three methods are described in detail. In second part there are realized attacks on above described methods of security. There are described attacks on WEP as KoreK chopchop attack, fragment attack, attack FMS, KoreK and attack PTW. Then is described the dictionary attack on passphrase by WPA/WPA2 with PreShared Key authentication obtaining, precomputed hash tables for faster passphrase finding and for using more core procesors during dictionary browsing. The last attack describes obtaining of keystream used for encrypting of frames by WPATKIP and then sending custom data to client. It is described how to carry out each attack and how to protect against them.