Lesson 12 Wireless and Instant Messaging - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

Lesson 12 Wireless and Instant Messaging

Description:

Wireless Technology ... 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. ... Three Wireless Technologies. The ... – PowerPoint PPT presentation

Number of Views:131
Avg rating:3.0/5.0
Slides: 43
Provided by: cuya4
Category:

less

Transcript and Presenter's Notes

Title: Lesson 12 Wireless and Instant Messaging


1
Lesson 12- Wireless and Instant Messaging
2
Overview
  • What is Wireless? The term wireless refers to
    telecommunication technology, in which radio
    waves, infrared waves and microwaves, instead of
    cables or wires, are used to carry a signal to
    connect communication devices.
  • These devices include pagers, cell phones,
    portable PCs, computer networks, location
    devices, satellite systems and handheld digital
    assistants.
  • Wireless networking is the transmission of data
    using a physical topology, not direct physical
    links.

3
Wireless Data Networks
50 Mbps
802.11 is WiFi WAP is small handhelds
Spread Spectrum Wireless LANs
10 Mbps
Infrared Wireless LANs
2 Mbps
1 Mbps
Data Rates
56 Kbps
19.6 Kbps
Narrow Band Wireless LANs
Satellite
9.6 Kbps
Local
Wide
Coverage Area
4
Wireless Landscape
WiMAX as a last-mile alternative for remote areas
not currently served by DSL or cable
5
Wireless Technologies
WAN (Wide Area Network)
MAN (Metropolitan Area Network)
LAN (Local Area Network)
PAN (Personal Area Network)
6
Bluetooth
  • Uses devices with small radio transceivers,
    called radio modules, built onto microprocessor
    chips
  • Special software, called a link manager,
    identifies other Bluetooth devices, creates links
    with them, and sends and receives data
  • Transmits at up to 1 Mbps over a distance of 33
    feet and is not impeded by physical barriers
  • Bluetooth products created by over 1500 computer,
    telephone, and peripheral vendors

7
PAN
  • Two or more Bluetooth devices that send and
    receive personal area network (PAN
  • Many challenges face Bluetooth
  • Cost chip prices have increased
  • Limited support
  • Shortcomings in protocol itself no handoff
    between piconet and security not optimal
  • Positioning in marketplace
  • Conflicts with other devices in radio spectrum

Bluetooth was named after the 10th century Danish
King Harold Bluetooth, who was responsible for
unifying Scandinavia
8
Background
  • Wireless and instant messaging are two topics of
    concern to computer and network security
    professionals.
  • Wireless systems are vulnerable since data flows
    over the unsecured air waves
  • There is no control over the physical layer of
    the traffic.
  • If an attacker can get close enough to the
    signal's source, he can listen and capture all
    the packets for examination.
  • Attackers may modify the traffic being sent, or
    send their own traffic to disrupt the system.
  • Instant messaging sends unencrypted traffic to
    and from the Internet-based messaging servers.
  • IM is an uncontrolled file transfer.

9
Wireless
  • Two of the most common point-to-multipoint
    systems are
  • Wireless Application Protocol (WAP)
  • Designed to support all the services of the new
    PDA and wireless e-mail devices including cell
    phone and pager capabilities
  • IEEE 802.11
  • The 802.11 protocol has been standardized by the
    IEEE for wireless local area networks..

10
CIA and WTLS
  • Wireless Transport Layer Security (WTLS) was
    developed to avoid broadcasting clear data.
  • It is a lightweight encryption protocol derived
    from the current Transport Layer Security (TLS)
    protocol in use across the Internet.
  • WTLS Authentication can be performed in several
    ways, including digital certificates, tokens, or
    simple passwords.
  • Designed to meet fundamental requirements for
    security confidentiality, integrity, and
    authentication.
  • Confidentiality - Wireless affords no control
    over the physical medium
  • Only authorized users can read sent and received
    packets
  • Encryption is the best way to ensure
    confidentiality Integrity
  • Integrity is accomplished by indicating that the
    information has not been modified.
  • Authentication - Both sender and receiver must
    authenticate, uses WTLS.

11
Wireless Transport Layer Security (WTLS) Protocol
  • WTLS uses a modified version of the TLS protocol,
    formerly known as SSL.
  • WTLS uses modern cryptographic algorithms and in
    common with TLS allows negotiation of
    cryptographic suites between client and server.
  • Algorithms - An incomplete list
  • Key Exchange and Signature
  • RSA
  • Elliptic Curve Cryptography (ECC)
  • Diffie Hellman
  • Symmetric Encryption
  • DES
  • Triple DES
  • RC5
  • IDEA
  • Message Digest
  • MD5
  • SHA1

12
WTLS Protocol Authentication
  • WAP device sends request for authentication
  • Gateway responds, then sends a copy of its
    certificate which contains gateways public key
    to the WAP device
  • WAP device receives the certificate and public
    key and generates a unique random value
  • WAP gateway receives encrypted value and uses its
    own private key to decrypt it

13
Security Issues with WTLS
  • WTLS protocol is designed around more capable
    servers than devices, which have small amounts of
    memory and limited processor capacity.
  • Encryption is prohibited because of low memory or
    CPU capabilities
  • Authentication is optional and is done with
    digital certificates.
  • WAP GAP - If an attacker were to compromise the
    gateway, they would be able to access all of the
    secure communications traversing the network
    juncture
  • WTLS uses weaker keys
  • WLAN Service set identifiers (SSIDs - later)
  • There are known security vulnerabilities in the
    implementation of WTLS, including
  • Chosen plaintext attack
  • PKCS 1 attack
  • Alert message truncation attack

14
WTLS Chosen Plain Text
  • The chosen plaintext attack works on the
    principle of predictable Initialization Vectors
    (IVs).
  • By the nature of the transport medium that it is
    using, WAP, WTLS needs to support unreliable
    transport.
  • This forces the IV to be based upon data already
    known to the client, and WTLS uses a linear IV
    computation.
  • The IV is based on the sequence number of the
    packet and several packets are sent unencrypted,
    severely decreasing entropy, which reduces
    confidentiality.

15
WTLS, PKCS and AMT
  • PKCS used with RSA encryption gives a standard
    for formatting the padding used to generate a
    correctly formatted block size.
  • When the client receives the block, it will reply
    to the sender as to the validity of the block.
  • In the PKCS 1 attack, an attacker attempts to
    send multiple guesses at the padding to force a
    padding error.
  • Alert messages in WTLS are sometimes sent in
    plaintext and are not authenticated.
  • This allows an attacker to overwrite an encrypted
    packet from the actual sender with a plaintext
    alert message.
  • It would lead to possible disruption of the
    connection through a truncation attack.

16
WAP GAP security issue
  • There is concern over the so-called WAP GAP.
  • Confidentiality of information is vulnerable
    where two different networks meet.
  • WTLS acts as the security protocol for the WAP
    network, and TLS is the standard for the
    Internet, and the WAP gateway translates one
    encryption standard to the other in plaintext.
  • A WAP gateway is an especially appealing target,
    as plaintext messages are processed through it
    from all wireless devices, not just a single
    user.

17
IEEE 802.11 Standards Activities
  • 802.11 refers to a family of specifications
    developed by the IEEE for wireless LAN
    technology.
  • 802.11a 5GHz, 54Mbps
  • 802.11b 2.4GHz, 11Mbps
  • 802.11d Multiple regulatory domains
  • 802.11e Quality of Service (QoS)
  • 802.11f Inter-Access Point Protocol (IAPP)
  • 802.11g 2.4GHz, 54Mbps
  • 802.11h Dynamic Frequency Selection (DFS) and
    Transmit Power Control (TPC)
  • 802.11i Security
  • 802.11j Japan 5GHz Channels (4.9-5.1 GHz)
  • 802.11k Measurement

18
802.11
Electromagnetic Spectrum any particular spot on
the spectrum is defined by its wave length and
frequency.
  • IEEE standard - introduced in 1990
  • Defined cable-free local area network with either
    fixed or mobile locations that transmit at either
    1 or 2 Mbps which was insufficient for most
    network applications
  • A new standard was developed for sending
    packetsized data traffic over radio waves in the
    unlicensed 2.4 Ghz band.
  • Unlicensed, means it does not have to be
    certified by the FCC, and devices could possible
    share the bandwidth with other devices such as
    cordless phones, baby monitors etc.

19
Physical Layer OSI Model
  • Defines how bits and bytes are transferred to and
    from the physical medium, in the case, radio
    waves of the electromagnetic spectrum.
  • If the device shares same physical layer (radio
    frequency) implementations, they can communicate.

802.11b and 802.11g share the same frequency
20
Three Wireless Technologies
802.11b
802.11g
802.11a
Frequency Band
2.4 GHz
5 GHz
2.4 GHz
Worldwide
US/AP
Worldwide
Availability
MaximumData rate
11 Mbps
54 Mbps
54 Mbps
Cordless Phones Microwave Ovens Wireless Video
Bluetooth Devices
Cordless Phones Microwave Ovens Wireless Video
Bluetooth Devices
Other Services (Interference)
HyperLAN Devices
The Laws of Radio Dynamics Higher Data Rates
Shorter Transmission RangeHigher Power
Output Increased Range, but Lower Battery
LifeHigher Frequency Radios Higher Data
Rates Shorter Ranges
21
Wi-Fi
  • Wi-Fi Alliance
  • Wireless Fidelity Alliance
  • 170 members
  • Over 350 products certified
  • Wi-Fis Mission
  • Certify interoperability of WLAN products
    (802.11)
  • Wi-Fi is the stamp of approval on all tested
    products
  • Promote Wi-Fi as the global standard

22
802.11 Authentication and Association
  • The 802.11 standard includes rudimentary
    authentication and confidentiality controls.
  • Authentication is handled in its most basic form
    by the 802.11 access point (AP).
  • It forces the clients to perform a handshake when
    attempting to associate to the AP. Association
    is the process needed before the AP will allow
    the client to talk across the AP to the network.
  • Association occurs only if the client has all the
    correct parameters needed such as the service set
    identifier (SSID) in the handshake.

23
802.11 Access Security
  • Access to wired ethernet segments is protected by
    physical security measures but wireless will
    broadcast beyond physical network
  • Attack is easy with a single wireless access card
    costing less than 50 which can give access to
    any unsecured AP within 300 feet
  • An attacker can probe and log packets without
    giving any indication that an attempted intrusion
    is taking place.
  • The attempted association is recorded only by the
    MAC address of the wireless NIC associated to it.
  • Most APs do not alert when users associate to it.

24
Wireless LAN Security - War Driving
War Driving
Hacking into WEP
War driving (drive-by hacking or LAN-jacking) is
a play on war dialing. War dialing, in turn,
comes from the 1983 movie War Games, now a
classic in computer cracking circles.
Literally, war driving is using a laptops to
pick up unsecured wireless networks for anonymous
and free high-speed Internet access, akin to
stealing long-distance phone service.
25
War Chalking
  • Welcome to Warchalking! Warchalking is the
    practice of marking a series of symbols on
    sidewalks and walls to indicate nearby wireless
    access. That way, other computer users can pop
    open their laptops and connect to the Internet
    wirelessly. It was inspired by the practice of
    hobos during the Great Depression to use chalk
    marks to indicate which homes were friendly.

26
War Flying
  • War flying uses airplanes to find the wireless
    access points. The obvious advantage is the extra
    height provides an unobstructed line.
  • Some people think war driving is illegal.
    Actually accessing someone's network is illegal,
    but detecting the network is not. You can think
    of war driving as walking up to a house, and
    checking to see if the door is unlocked. If you
    find an unlocked door, you write down the address
    and move to the next house. It becomes illegal
    when you open the door and walk in, which is
    similar to accessing the Internet through a AP
    without the owner's permission.

27
Using a Sniffer
  • Specialized sniffer tools have emerged recently,
    with a single objective, to crack WEP keys.
  • A sniffer and a wireless network card are a
    powerful attack tool.
  • A shared media wireless network exposes all
    packets to interception and logging.
  • They work by exploiting weak IV in the encryption
    algorithm.
  • To exploit this weakness, you need a certain
    number of ciphertext packets. Once you have
    captured enough packets, the program can decipher
    the encryption key being used very quickly.
  • Popular wireless sniffers are Ethereal,
    WildPackets, AiroPeek and Sniffer Pro 4.0.

28
NetStumbler
  • The most widely used of these programs is called
    Netstumbler by Marius Milner.
  • It listens for access point beacon frames in a
    range and logs all available information about
    the access point for later analysis.
  • If the computer has a GPS unit attached to it,
    the program also logs the coordinates of the
    access point.
  • This information can be used to return to the
    access point, or to plot maps of access points in
    a city.
  • This is a Windows-based application, but there
    are programs that work on the same principle for
    Mac, BSD, Linux, and other operating systems.

29
Netstumbler Screen
30
Sniffer Pro 4.0 Screen
31
802.11 Authentication Tools
  • SSID - service set identifier
  • The SSID is a unique 32-character identifier
    attached to the header of the packet.
  • It functions as a group identifier.
  • The SSID is sent in plaintext.
  • Some operating systems display a list of SSIDs
    active in the area.
  • This weakness is magnified by the default setting
    of most access points (linksys APs use linksys),
    to transmit beacon frames.
  • The purpose of beacon frame is to announce the
    presence and capabilities of wireless network so
    that WLAN cards can associate.

32
WEP
  • 802.11 protects confidentiality with Wired
    Equivalent Privacy (WEP), a key.
  • It is based upon a key shared by the AP and all
    the clients using the AP.
  • WEP uses the RC4 stream cipher to encrypt data to
    authenticate wireless devices (not wireless
    device users)
  • The plaintext IV (initialization vector) is the
    weaknesses in WEP
  • The total keyspace is approximately 16 million
    keys.
  • Once the key is repeated, the attacker has two
    ciphertexts encrypted with the same key stream.
  • The attacker may examine the ciphertext and
    retrieve the key.
  • The weakness of the WEP protocol is that the IV
    problem exists regardless of key length (24
    bits).
  • WEP is easily attacked
  • How to crack WEP

33
WPA
  • Wi-Fi Protected Access (WPA) were created in
    response to several serious weaknesses in Wired
    Equivalent Privacy (WEP).
  • WPA implements the majority of the IEEE 802.11i
    standard, and was intended as an intermediate
    measure to take the place of WEP while 802.11i
    was prepared.
  • WPA is designed to work with all wireless network
    interface cards, but not necessarily with first
    generation wireless access points.
  • WPA2 implements the full standard, but will not
    work with some older network cards.
  • WPA is designed for use with an 802.1X
    authentication server
  • WPA uses Temporal Key Integrity Protocol (TKIP)
    and was meant to fix WEP problems.
  • TKIP uses a shared secret combined with the
    card's MAC address to generate a new key. This is
    then mixed with the initialization vector to make
    per-packet keys that encrypt a single packet
    using the same RC4 cipher that traditional WEP
    uses.
  • The other advantage of WPA is that it can be
    retrofitted to the current hardware with only a
    software change, unlike AES and 802.1X.

34
802.11i Standard
  • Or, how do we get from here to there 802.11i? The
    final IEEE security standard thats expected next
    year with a robust set of security improvements.
    .
  • Currently, all 802.11a, b, and g devices support
    WEP (Wired Equivalent Privacy) encryption which
    has had flaws and exploits well documented.
  • On the road to 802.11i, the Wi-Fi Alliance has
    required WPA (Wi-Fi Protected Access), which
    fixes all of WEPs problems, is a subset of
    802.11i, and which allows full backwards
    compatibility for most 802.11a and b devices made
    before 2003.
  • 802.11i manages the encryption part but needs
    802.1x to provide authentication, and the use of
    AES as the encryption protocol.

35
802.1x Standard
  • The use of IEEE 802.1X authenticates and
    dynamically varies encryption keys.
  • 802.1X ties a protocol called EAP (Extensible
    Authentication Protocol) to both the wired and
    wireless LAN media and supports multiple
    authentication methods, such as token cards,
    Kerberos, one-time passwords, certificates, and
    public key authentication. IETF's RFC 2284.
  • It fits into existing authentication systems such
    as RADIUS and LDAP.
  • It allows 802.1X to interoperate well with other
    systems such as VPNs and dial-up RAS.
  • There are four common ways of implementing
    802.1X
  • EAP-TLS support PKI in x.509 and active
    directory
  • EAP-TTLS - EAPTunneled TLS Protocol
  • EAP-MD5 - uses the MD5 encryption protocol to
    hash a user's username and password
  • EAPCisco Wireless or LEAP - requiring two-way
    authentication, AP authenticates to the client
    and vice versa.

36
WLAN Security Hierarchy
Enhanced Security
802.1x, TKIP/WPA Encryption, Mutual
Authentication, Scalable Key Mgmt., etc.
Basic Security
Open Access
40-bit or 128-bitStatic WEP Encryption
No Encryption, Basic Authentication
Home Use
Public Hotspots
Business
VirtualPrivateNetwork (VPN)
Business Traveler, Telecommuter
Remote Access
37
Authentication Types Summary
  • Open Authentication to the Access Point with WEP,
    doesnt rely on RADIUS/TACACS server
  • Shared Key Authentication to the Access Point
    WEP
  • EAP Authentication to the Network Combo EAP and
    RADIUS/TACACS
  • MAC Address Authentication to the Network MACs
    can be spoofed, but better than nothing
  • Combining MAC-Based, EAP, and Open Authentication
  • Using CCKM for Authenticated Clients allows
    Roaming
  • Using WPA Key Management

38
Instant Messaging (IM)
  • IM - Uses a real-time communication model
  • The programs had to appeal to a wide variety of
    users, so ease of use was paramount, and security
    was not a priority.
  • Can be used on both wired and wireless devices
  • The program is now being used not only for
    personal chatting on the Internet, but also for
    legitimate business use.
  • Easy and fast
  • Instant messages - Send notes back and forth with
    a friend who is online
  • Chat - Create your own custom chat room with
    friends or co-workers
  • Web links - Share links to your favorite Web
    sites
  • Images - Look at an image stored on your friend's
    computer
  • Sounds - Play sounds for your friends
  • Files - Share files by sending them directly to
    your friends
  • Talk - Use the Internet instead of a phone to
    actually talk with friends
  • Streaming content - Real-time or near-real-time
    stock quotes and news

39
IM
  • User Base
  • AIM 53 million active users (Nielsen//NetRatings,
    August 2005), 195 million total (January 2003).
  • Skype 45 million total (September 2005).
  • MSN Messenger 29 million active
    (Nielsen//NetRatings, August 2005), 155 million
    total (April 2005).
  • Yahoo Messenger 21 million active (September
    2005).
  • Jabber 13.5 million total (Osterman Research
    August 2005).
  • QQ 10 million active, 400 million total users
    (Tencent Q1 results 2005).
  • Gadu-Gadu 3.6 million total (January 2005).
  • ICQ 1.8 million active (September 2005), 140
    million total (June 2003).

40
Issues
  • The nature of this type of communication opens
    several holes in a system's security.
  • When attached to a server, it broadcasts the IP
    address of the originating client.
  • Sends File Attachments
  • Without an IM server, plain text messages go
    directly to the internet (no encryption).
  • Rogue Applications - typically installed by the
    end user
  • If server is not available on the default ports,
    some IM applications begin to scan all ports
    looking for one that is allowed out of the
    firewall.
  • IM applications work only in a networked
    environment and, therefore, are forced to accept
    traffic as well as send it.
  • Social Engineering Overcomes Even Encryption. An
    IM message can be sent to anyone.
  • While application sharing is great especially
    for conferencing and remote control for helpdesk
    purposes, if security is breached, your machine
    may be controlled by an unknown party

41
Issues
  • Legal Issues Surrounding IM
  • Basically, students should realize that if a
    corporation allows IM, all bets are off regarding
    the legal implications.
  • E-mail is much easier to control and has had
    years of management review to make policies
  • E-mail provides a built-in logging capability
    whereas IM messages are gone once they scroll off
    the screen (if logging is not enabled).
  • Therefore, you could communicate with someone
    with your logging turned off and they could be
    logging the transaction. This puts you in a
    legal disadvantage were your conversation to be
    used in a legal proceeding.

42
What to do?
  • Use a local server.
  • Keeping messages within the perimeter of the
    organization goes a long way to ensuring that
    confidential information does not get out.
  • Blocking IM
  • block all IM and then monitor the network to see
    if anyone has found a way around it or a new IM
    is in use.
  • Policies
  • Unfortunately, employees may make a convincing
    case that IM is useful then the best that can
    be done is make strong policies and limit IM
    clients to one or two vendors so you can maximize
    control.
  • Newer client programs, such as Trillian, can
    encrypt the chat messages
  • While this does not help with file sharing
    problems, it provides confidentiality if both
    clients are using the program
  • Virus Scanner - to protect the method of file
    exchange
Write a Comment
User Comments (0)
About PowerShow.com