Title: Scurit de l'information
1 WIRELESS LAN SECURITY
Clément Dupuis,CDCISSP, GCFW, GCIA, CCSA (NG),
CCSE (NG),ACEGroupe CGI, Montreal, Canada /
CCCure.Org
2 Overview of Presentation
- Introduction
- The Jargon
- The 802.11 family of standards
- Security
- Defend yourself
- Deployment
- Counter Measures
- Conclusion
3 Introduction
- Roller Coaster Ride
- What or Who to believe?
- Most talk about technology
- Most hyped technology (Reminds me of bluetooth)
- Most controversial LAN technology right now
- A challenge to secure
- Different standards and access control methods
- Does not respect the typical security defences
- It is being deployed in large numbers right now
- Now, lets take a look at some number
4 Introduction - WLAN Penetration
Statistics provided by WECA
5 Introduction - WLAN Depth of Penetration
Statistics provided by WECA
6 Introduction - WLAN Top Drivers
Statistics provided by WECA
7 Introduction - WLAN Top Barriers
Authentication/Security Concerns Budget Resour
ces forDeployment and Support Speed
Statistics provided by WECA
8 Overview of Presentation
- Introduction
- The Jargon
- The 802.11 family of standards
- Security
- The Threats
- Defend yourself
- Deployment
- Counter Measures
- Conclusion
9 The Jargon - WarXing
- A new series of words have come into play as the
world Wireless LAN and methods of attacks have
evolved. - They are derived from the term WarDialing that
was used to described someone attempting all
phone number in series to find modems or other
devices. - WarDriving
- WarFlying
- WarBoating
- WarCycling
- WarWalking
- WarChalking
- WarPlugging (ie Tell Joes Pizza and get 10
Off)
Plug (noun)a piece of favorable publicity or a
favorable mention usually incorporated in general
matter -Â Merriam-Webster
10 The Jargon - WarChalking
- A marking method is only as good as the number of
people that knows it. There is a common standard
being developed amongst warchalkers to offer a
common marking scheme.
Bumper Sticker
www.warchalking.org
11 The Jargon - Acronyms
- IEEE Institute of Electrical and Electronics
Engineers - 802.11 Specifications for Wireless Standards
- Wi-Fi Wireless Fidelity, often used in lieu of
802.11b - WECA Wireless Ethernet Compatibility Alliance
- WLAN Wireless Local Area Network
- AP Access Point
- FHSS Frequency Hoping Spread Spectrum
- DSS Direct Sequence Spread Spectrum
- OFDM Orthogonal Frequency Division Multiplexing
- WEP Wired Equivalent Privacy
- EAP Extensible Authentication Protocol
- CRC Cyclic Redundancy Check
- HotSpot Area where wireless access is offered
12 The Jargon - Hotspots
- Some airport are not offering HotSpots but there
is also businesses that have taken opportunities
of this by offering Internet Access while people
grab lunch.
)))
)))
In Austin, Texax, 11 stores with HotSpots
13 Overview of Presentation
- Introduction
- The Jargon
- The 802.11 family of standards
- Security
- Defend yourself
- Deployment
- Counter Measures
- Conclusion
14 802.11 Standard and its annexes
- 802.11 represents Wireless LAN standards and
annexes - The original standard was 802.11, which was a
standard which defined wireless LAN using
Infrared - First annex was 802.11b
- Second annex was 802.11a
- Then a series of 802.11x followed
- It is a shared medium
- It makes use of CSMA-CA
- 802.11a and 802.11b are radio systems
15 802.11Whatever What does it mean
16What is a WLAN
Picture from www.smarthomeforum.com
17 Hardware WLAN Hardware
- WLAN Network Adaptor Chipsets
- Cisco Aironet Based Series (Hermes Chipset)
- Lucent Orinoco (Agere) Series
- Prism II Chipset (Linksys, Compaq, Dlink)
- Format
- USB External Card
- PCI Card
- PCI Adaptor with PCMCIA Card
- PCMCIA Card
- Antennas
- After all we are talking Radio Frequency and
Signal here - Some have connector for external antenna and some
dont
18 What does it looks like in real life!
19 What does it looks like in real life!
Pictures from www.hdcom.com
20 Overview of Presentation
- Introduction
- The Jargon
- The 802.11 family of standards
- Security
- Defend yourself
- Deployment
- Counter Measures
- Conclusion
21 Security A few more terms
- A few more terms
- Station Describe any device on a wireless
network, either a client or an access point - Ad Hoc Refers to a network between two clients
- Access Used by client to communicate with other
Point clients, either wireless or wired
clients. This is also referred to as
Infrastructure Networks - BSS Basic Service Set An access point with
all its clients that form a network - SSID Service Set Identifier The name given to
a BSS network, also called Network Name
22 Security - WEP
- From ANSI/IEEE Std. 802.11
- 3.49 wired equivalent privacy (WEP)
- The optional cryptographic confidentiality
algorithm specified by IEEE 802.11 used to
provide data confidentiality that is subjectively
equivalent to the confidentiality of a wired
local area network (LAN) medium that does not
employ cryptographic techniques to enhance
privacy.
23 Security WEP Basic Security functions
- Network name (SSID), used as a network password,
or key, or in some cases keys are derived from
the SSID on AP (Authentication) - Must have same SSID to communicate
- Use the same SSID on all devices
- Protect from devices without the SSID
- Authentication (Access Control)
- Based on MAC Filtering
- Encryption (Confidentiality)
- Through the use of WEP
- 40 Bits
- 128 bits
- CRC checksum (Integrity)
24 Security WEP Weaknesses
- Key Management
- Not define or included
- Tend to provide long term or poor quality keys
- Keys are manually keyed
- Due to the manual labour involved, keys do not
change often - Key Size
- 40 bits defined in standard
- Most have deployed 128 bits, which in fact is 104
bits 24 Bits IV - WEP IV Size is too small
- Provides for 16,777,216 different cipher stream
- IV are being reused
- WEP does not specify how IV are chosen or how
often they rotate
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
25 Security WEP ICV Weaknesses
- The Integrity Check Value (ICV) Algorithm
- Based on CRC-32
- Good for detecting errors in data transmission
but not for hashes - MD5 or SHA1 would be a better choice
- Message can be tampered and still produce same
ICV - Allow M-I-M type of attacks, Simply capture an
encrypted packet stream, modify the destination
address of each packet to be the attacker's wired
IP address, fix up the CRC-32, and retransmit the
packets over the air to the access point - Key size does not matter with ICV and IV based
attack, the attacks all take the same amount of
effort regardless if it is 40 bits or 128 bits
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
26 Security WEP usage of RC4
- RC4 in its implementation in WEP has weak keys
- Too much correlation between the key and the
output - First three bytes of the key are taken from the
IV - They are sent unencrypted in each packet
- It is easy to exploit as it is a passive attack
- All that is needed is to collect enough data to
derive the key - About 100 megs of data is necessary
- Once 100 megs is collected, encryption can be
broken in seconds
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
27 Security WEP Authentication
- Two forms of authentication
- Open System No authentication
- Shared Key Authentication
- Shared key is in fact weaker
- Knowledge of a shared key is demonstrated by
encrypting a challenge - Challenge and Response can be monitored by
attacker - From this, the attacker can derive the RC4 steam
that was used - The attacker can then use this RC4 stream to
reply to any challenge that he receives in the
future - Advantage of Shared Key
- Reduce the ability of an attacker to launch a Dos
Attack by sending bogus packet encrypted with the
wrong key on the network - Shared key should be turned off and 802.1x used
instead
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
28 Security 802.1x
- Based on EAP As per RFC 2284
- Allow the use of Radius, Active Directory,
SecurID, Certificates
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
29 Security WEP XOR Operations
- XOR (?) operation
- Given two bits, if exactly one of them is a one,
the result is one. - Otherwise, it is zero.
- Sample XOR (?) Operation
- Value A 1 1 0 0Value B 0 1 1 0A ? B 1 0 1
0 - XOR (?) has the properties such that
- If A ? B C,
- then C ? B A,
- and C ? A B
A special mention to Ted Ipsen for sharing with
the community his WEP research on which the info
on XOR operations is based
30 Security WEP XOR Operation
- XOR as a symmetric cipherMessage
10011011101 - Key ? 01101010110
- Ciphertext 11110001011
- Key ? 01101010110
- Message 10011011101
31 Security WEP Operation
- The CRC-32 ICVA 4 byte CRC-32 Integrity Check
Value (ICV) is computed for the data payload of
the packet and appended to it.The UNIQUE
seed - The shared secret key (k) is static, a 24-bit
Initialization Vector (IV) is concatenated with
the key (k), to form a unique seed.
Plaintext Message (M)
ICV s(M)
Shared Key (k)
IV
32 Security WEP Operation
- THE KEYSTREAM
- This seed is input into the stream cipher RC4,
which outputs a keystream of arbitrary length.
33 Security WEP Operation
- The plaintext data, and the appended CRC-32 value
are XORed against an equal number of bits from
the keystream to create ciphertext.
Plaintext Message (M)
ICV s(M)
34 Security WEP Operation
- The IV is put into the WEP Header in PLAINTEXT,
and the encrypted packet sent to the receiver. - The receiver uses the IV in the Header along
with the shared key, k to reproduce the RC4
keystream.
Ciphertext (C)
Shared Key (k)
35 Security WEP Operation
- The ciphertext is XORed against the RC4
keystream, and the plaintext recovered.
Ciphertext (C)
36 Security WEP Operation
- The CRC-32 Integrity Check Value (ICV) is
computed to verify the integrity of the data.
Plaintext Message (M)
ICV s(M)
37 Security WEP CONFIDENTIALITY
- Confidentiality is provided by the XOR operation
- To be secure, the keystream must NEVER be
reused. - In WEP you are guaranteed to reuse these inputs,
and thus, the keystream! - The shared secret key k, whether 40 or 104 bits
long, is essentially fixed. - Therefore, the only input into the RC4 stream
that changes is the 24 bit IV (224
16,777,216) - So, about every 16 million packets, you get an
IV collision. - This doesnt take very long on a moderately busy
network.
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
38 Security WEP CONFIDENTIALITY
- SCENARIO 1
- Send some known plaintext (like spam e-mail), and
capture the encrypted packet with the cleartext
IV. - XOR the plaintext against the ciphertext and
recover the keystream. - SCENARIO 2
- Consider the authentication scheme from the
standpoint of an attacker. - You sniff the WLAN and capture the Challenge
Message from the Access Point as it is sent in
cleartext to the requesting station. - You then capture the encrypted reply that is
sent back to the AP
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
39 Security WEP CONFIDENTIALITY
- SCENARIO 2 (Continued)
- Compute the CRC-32 ICV for the Challenge, and
append it. - XOR the Challenge and ICV against the
Ciphertext C ? M K - And get the keystream back !!!
Challenge (M)
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
40 Overview of Presentation
- Introduction
- The Jargon
- The 802.11 family of standards
- Security
- Defend yourself
- Deployment
- Counter Measures
- Conclusion
41 Defend Yourself WLAN Assessment
- Hacking yourself before someone else does
- How to assess your WLAN
- Home brew
- Commercial products
- How to hide amongst others in the crowd
- If everyone is screaming loudly then who is
screaming what you wish to hear. - How to fool the bad guys
- More ways to fool the bad guys
42 Defend Yourself Home Brew
- What is required
- A card with a connector for an external antenna
- Cisco Aironet 352, Agere Orinoco Gold, and the
Compaq WL100 - Software
- Lots of software available for assessment
- No software does all of the functions
- Not all software works with all cards
- Not all cards works with all OS
- Will need more than one piece of software, card,
and OS - Laptops
- With proper OS and Card drivers
- External Antenna for better gain
43 Defend Yourself Home Brew toolkit
- As easy as 1-2-3
- Free User Friendly sniffing and cracking
software - Detect rogue networks that you may not know about
NetStumblerKismetAPSniffSniffer Pro
WirelessAiroPeekWepCrackAirSnort
165 US
44 Defend Yourself WLAN Assessment
- Some of the functionality found in WLAN sniffer,
cracker, protocol analyzer, and assessment
software
45 Defend Yourself WLAN assessment
46 Defend Yourself Commercial ToolKit
47 Defend Yourself Commercial ToolKit
- Verify Signal Strength and clients on AP
48 Defend Yourself - Warfare
- In 1978 while deploying HF, VHF, and UHF radio
stations for DOD, I would have never guessed that
my antenna theory would come to use for WLAN one
day. - Position of the AP
- As far away as possible from the unfriendly zone
- Move it toward the centre of coverage zone if
possible - Diffusion, Diffraction, Reflexion
- Shield between you and remote
- Type of antenna
- Use a shield if necessary to direct waves
- Use a cone shape to direct waves upward
49 Defend Yourself Fake AP Tool
- Hide in the crowd
- Generates thousand of fake AP
- RedHat only
- Prism2/2.5/3 based 802.11b cards
- Currently in development
- Very promising
- Available athttp//www.blackalchemy.to/Projects
/fakeap/fake-ap.html
50 Defend Yourself Locate the enemy
- Electronic Warfare Techniques
- Ekahau Positioning Engine (www.ekahau.com)
- Find a device within 1 meter
- Need three points at least for accuracy
- Marketing potential as well
- Show ads to people close to a store for example
- Disallow access to people outside your area
- Available now
51 Defend Yourself HOWTO
- Control who gains access to your network
- Use defence in depth
- Implement strong user based authentication vs
device based - Implement data encryption and do not rely on WEP
- Attempt to create a centralize management point
- it is very costly to maintain manually separate
user database or to distribute keys to each
devices. - Dynamic session-based encryption keys
- Keys should be changed automatically at fixed
intervals and on reauthentications, making them
more difficult for intruders to crack than static
WEP keys - Mutual authentication
- So that a client isn't deceived by a "rogue"
(unauthorized) access point
52 Defend Yourself HOWTO
- A. Wireless LAN behind a firewall (treat as
untrusted) - B. Do not use the default SSID
- Change it regularly
- Disable SSID broadcast if your device supports it
- C. Make use of WEP, it is better than nothing
- Change the WEP key from the default
- Attempt to use product that dynamically generates
key - D. Ban rogue networks
- E. Ensure a policy exists that restricts WLANs
from being established without formal approval.
53 Defend Yourself HOWTO
- F. Add personalized authentication
- Using MAC address
- (802.1x)-based control lists
- G. Leverage existing RADIUS servers
- Integrate wireless LANs into the existing RADIUS
infrastructure to more simply manage users. It
not only enables wireless authentication, but
also ensures wireless users go through the same
authorization and accounting approvals as remote
users. - H. Not all WLANs are created equal, many
manufacturer equipment does not include enhanced
security features. - I. Consider using a VPN
- Virtual Private Networks have been deployed over
the Internet to allow secure communications for
years. The same can be deployed in a wireless
environment to add Layer 3 encryption to the
wireless (Layer 2) communication.
54FUN STUFF Expedient Antennas
- WLAN Can also be fun to experiment with
- Keep you Pringles cans for your expedient antennas
55FUN STUFF WarPumpkin
- WLAN Hackers Can Adapt to seasonal changes
- Open WLAN, SSIDGoAway, Speed1.5Mbps
56WAR DRIVING
- Are network really as badly protected as it is
claimed
57Questions ?
For further infoClément Dupuiscdupuis_at_cccure.org
Downloadable version available
athttp//www.cccure.org/Documents/Wireless/OTS20
02.zip
58 WLAN Online References
- The ultimate guide to WarXing
http//www.kraix.com/downloads/TDGTW-WarXing.txt - Great article on Security News Portal on how to
defend yourselfhttp//www.securitynewsportal.com
/cgi-bin/cgi-script/csNews/csNews.cgi?databaseJan
R2edbcommandviewoneid34opt - The Ethernet Wireless Compatibility alliance
http//www.wi-fi.org -
59 WLAN Assessment Software
- Netstumbler http//www.netstumbler.com
- WEPcrack http//wepcrack.sourceforge.net
- AirSnort http//airsnort.shmoo.com/
- Kismet http//www.kismetwireless.net/index.shtml
- Aerosol http//www.sec33.com/sniph/aerosol.php
- APSniff http//www.zdnet.com.au/downloads/pc/swi
nfo/0,2000036746,7997854,00.htm - Wellenreiter http//www.remote-exploit.org
- Triangulation http//www.ekahau.com/
60 Commercial WLAN Assessment Software
- Distributed Wireless Security Auditor,
IBMhttp//www.research.ibm.com/resources/news/200
20617_dwsa.shtml - AirDefense Security Appliance
http//www.airdefense.net/ - AirMagnet PDA http//www.airmagnet.com/
- Airopeek NX http//www.wildpackets.com/product
s/airopeek_nx - NAI Sniffer Pro Wireless http//www.nai.com/
61 Other Fun tools and Projects
- Fake APhttp//www.blackalchemy.to/Projects/fakea
p/fake-ap.html - Pringle Can Antenna Recipehttp//verma.sfsu.edu/
users/wireless/pringles.php - Milk Can Antenna Recipehttp//reseaucitoyen.be/?
BoiteDeConserve1 - Map and Statistics of Toronto War
Drivinghttp//www.nakedwireless.ca/winudcol.htm -