SECURITY IN WIRELESS WAN

1
SECURITY IN WIRELESS WAN

• MADHURI RAMBHATLA

2
OBJECTIVE

• Thoroughly study the various aspects of Wireless
  Technology and analyse the vulnerabilities in
  Wireless WAN and its affects on the society.
• To delve into some of the problems currently
  faced by WAN and present a few probable solutions
  to it.
• To bring in security awareness amongst students
  and other population.

3
SECURITY IN NETWORKING

• The various types of Networking systems available
  are LAN, WAN,MAN,PAN WPAN.
• The main purpose of a WAN is to provide reliable,
  fast and safe communication between two or more
  places (nodes) with low delays and at low prices.
  WANs enable an organization to have one integral
  network between all its departments and offices,
  even if they are not all in the same building or
  city, providing communication between the
  organization and the rest of the world.

4
Hacker Tools

• LophtCrack
• NT Recover/Locksmith
• Password Hacker
• Password Cracking Archive
• Snadboys Revelation
• Legion
• The other hacker tools are available at this
  following URL
• http//netsecurity.about.com/cs/hackertools/

5
Possible Security Measures.

• Fire Walls Stops Ankle Biters
• Virtual Private Networks
• Secure Web Servers
• Keep your system patched
• Its always best to build security in from the
  beginning rather than to add it later

6
WIRELESS TECHNOLOGY

• Evolving of Wireless.
• Wireless technology has been around since the
  turn of the last century, but only as we take a
  step into the 21st century are we beginning to
  see such technology take hold in so many aspects
  of our lives. Students entering higher education
  in the next few years may take for granted the
  idea of a wireless campusa place they may never
  have to worry about finding a phone jack or a
  data line to connect to the school's network.
  They will have the ability to use their laptops
  and handheld devicesto e-mail a paper, do
  library research, participate in a class online
  discussionanywhere on campus, without having to
  worry about physically plugging in their
  hardware.

7

• Wireless is a major factor in changing the way
  that students, faculty and staff at Universities
  communicate and gather information.
• While the world of wireless is confusing, a
  defacto campus standard has emerged- 802.11b.
• This is available everywhere from coffee shops to
  airports.
• 802.11a is being developed which has a higher
  bandwidth and useful for multimedia purposes.

8
Why security in WAN is better than in LAN.

• LAN products have poor encryption options and
  their emission signals (about 100 yards in all
  directions) were too easy to intercept.
• Point to point signaling in WAN is more difficult
  to intercept. An eavesdropper would have to stand
  directly in the signal's path to collect data or
  hijack the signal.
• Tsunami, a product from Western Multiplex Inc. in
  Sunnyvale, Calif. Tsunami speeds data along at
  430M bit/sec. in each direction, encodes those
  transmissions and supports third-party encryption
  products.

9
WHY SECURITY ??

• Security is the key word for any kind of public,
  multi usage networking or interface. Security
  involves protection of data against malicious
  eyes and hands and transmitting confidential
  matters to the correct authorities.
• Wireless networking has many security breaches
  and here a few vulnerabilities
• With a wireless WAN, transmitted data is
  broadcast over the air using radio waves, so it
  can be received by any wireless WAN client in the
  area served by the data transmitter. Because
  radio waves travel through ceilings, floors, and
  walls, transmitted data may reach unintended
  recipients on different floors and even outside
  the building of the transmitter.

10

• Installing a wireless WAN may seem like putting
  Ethernet ports everywhere, including in your
  parking lot. Similarly, data privacy is a genuine
  concern with wireless WANs because there is no
  way to direct a wireless WAN transmission to only
  one recipient.

11
SECURITY IN WIRELESS WAN

• SECURITY BREACHES
• Hard Ware Threats
• (a)It is common to statically assign a WEP key
  to a client, either on the client's disk storage
  or in the memory of the client's wireless LAN
  adapter. When this is done, the possessor of a
  client has possession of the client's MAC address
  and WEP key and can use those components to gain
  access to the wireless LAN. If multiple users
  share a client, then those users effectively
  share the MAC address and WEP key.

12

• (b) When a client is lost or stolen, the intended
  user or users of the client no longer have access
  to the MAC address or WEP key, and an unintended
  user does. It is next to impossible for an
  administrator to detect the security breach a
  proper owner must inform the administrator. When
  informed, an administrator must change the
  security scheme to render the MAC address and WEP
  key useless for wireless LAN access and
  decryption of transmitted data. The administrator
  must recode static encryption keys on all clients
  that use the same keys as the lost or stolen
  client. The greater the number of clients, the
  larger the task of reprogramming WEP keys.

13

• What is needed is a security scheme that
• - Base wireless WAN authentication on
  device-independent items such as usernames and
  passwords, which users possess and use regardless
  of the clients on which they operate.
• - Use WEP keys that are generated dynamically
  upon user authentication, not static keys that
  are physically associated with a client.

14

• Rogue Access Points
• - The 802.11b shared-key authentication
  scheme employs one-way, not mutual,
  authentication. An access point authenticates a
  user, but a user does not and cannot authenticate
  an access point. If a rogue access point is
  placed on a wireless WAN, it can be a launch pad
  for denial-of-service attacks through the
  "hijacking" of the clients of legitimate users.
• - What is needed is mutual authentication
  between the client and an authentication server
  whereby, both sides prove their legitimacy within
  a reasonable time. Because a client and an
  authentication server communicate through an
  access point, the access point must support the
  mutual authentication scheme. Mutual
  authentication makes it possible to detect and
  isolate rogue access points.

15

• Other Threats
• Standard WEP supports per-packet encryption
  but not per-packet authentication. A hacker can
  reconstruct a data stream from responses to a
  known data packet. The hacker then can spoof
  packets. One way to mitigate this security
  weakness is to ensure that WEP keys are changed
  frequently.
• By monitoring the 802.11 control and data
  channels, a hacker can obtain information such
  as
• -Client and access point MAC addresses
• -MAC addresses of internal hosts
• -Time of association/disassociation
• The hacker can use such information to do
  long-term traffic profiling and analysis that may
  provide user or device details. To mitigate such
  hacker activities, a site should use per-session
  WEP keys.

16
A Complete Security Solution

• What is needed is a wireless WAN security
  solution that uses a standards-based and open
  architecture to take full advantage of 802.11b
  security elements, provide the strongest level of
  security available, and ensure effective security
  management from a central point of control. A
  promising security solution implements key
  elements of a proposal jointly submitted to the
  IEEE by Cisco Systems, Microsoft and other
  organizations.
• Central to this proposal are the following
  elements
• - Extensible Authentication Protocol (EAP),
  an extension to Remote Access Dial-In User
  Service (RADIUS) that can enable wireless client
  adapters to communicate with RADIUS servers.
• - IEEE 802.1X, a proposed standard for
  controlled port access.

17
Cont.

• When the security solution is in place, a
  wireless client that associates with an access
  point cannot gain access to the network until the
  user performs a network logon.
• The following sequence of events flow..
• - A wireless client associates with an access
  point.
• - The access point blocks all attempts by the
  client
• to gain access to network resources until
  the
• client logs on to the network.
• - The user on the client supplies a username and
  
• password in a network logon dialog box or
  its
• equivalent.
• - Using 802.1X and EAP, the wireless client and
  a
• RADIUS server on the wired LAN perform a
• mutual authentication through the access
  point.

18
Cont

• - When mutual authentication is successfully
  completed, the RADIUS server and the client
  determine a WEP key that is distinct to the
  client and provides the client with the
  appropriate level of network access, thereby
  approximating the level of security inherent in a
  wired switched segment to the individual desktop.
  The client loads this key and prepares to use if
  for the logon session.
• - The RADIUS server sends the WEP key, called a
  session key, over the wired LAN to the access
  point.
• - The access point encrypts its broadcast key
  with the session key and sends the encrypted key
  to the client, which uses the session key to
  decrypt it.
• - The client and access point activate WEP and
  use the session and broadcast WEP keys for all
  communications during the remainder of the
  session.

19
Real Life Examples

• A 15-year-old Connecticut youth faces charges of
  hacking into a government computer system that
  tracks the positions of U.S. Air Force planes
  worldwide, according to government officials.
  03/31/01
• Hacker accesses ATT computers, stealing 1
  million worth of software. 09/18/87
• Hackers break into Stanford Unix computers.
  09/16/86
• Hacker cracks USAF satellite-positioning
  satellite. 06/21/89
• Citibank hacked by Vladimir Levin 10 million in
  illegal transfers. 06/13/94

20
BLUETOOTH TECHNOLOGY

• WIRED vs WIRELESS
• Is wired network obsolete?? Of course Not!!
• The whole network infrastructure contains a
  place for wired and wireless connections. Every
  wireless access point using the 802.11 standards
  needs a wired connection. Wiring for wireless
  access points requires a different topology than
  for traditional wired jacks, so a network mixing
  both wireless and wired connections may need as
  much or more wire than beforeeven with fewer
  jacks. If the 3G or 4G digital standards (see
  below for the explanations of standards and
  terminology) come into place, which at the moment
  looks less than certain, and no wired access
  points are needed on campus.
• Bluetooth Technology is aiming at exactly that
  a complete wireless, technology.

21
What is bluetooth?

• Bluetooth is a global de facto standard for
  wireless connectivity. Based on a low-cost,
  short-range radio link, bluetooth cuts the cords
  that used to tie up digital devices.

22
Bluetooth in Action

• Bluetooth can give you a new kind of freedom. You
  might share information, synchronize data, access
  the Internet, integrate with LANs or even unlock
  your car - all by simply using your Bluetooth
  equipped mobile phone absolutely wireless!!!!

23
Security in Bluetooth

• In the encryption scheme of Bluetooth there seems
  to be some weaknesses. The E0 stream cipher with
  128-bit key length can be broken in O(264) in
  some circumstances. The proof is rather
  mathematical in nature and therefore out of the
  scope of this paper, so it will be omitted.
  However, the detailed version can be read in 6.
  In a nutshell, there is a divide-and-conquer type
  of attack that is possible to perform, if the
  length of the given keystream is longer than the
  period of the shortest LFSR user in the key
  stream generation in E0.
• There is a problem in the usability of the
  Bluetooth devices, too. The use of the PIN code
  in the initialization process of two Bluetooth
  devices is tacky.

24
RESOURCES

• http//netsecurity.about.com/cs/hackertools/
• http//www.dpo.uab.edu/sura/Security/sld008.htm
• http//www.computerworld.com/itresources/rcstory/0
  ,,KEY73_STO63837,00.html
• http//www.cisco.com/warp/public/cc/pd/witc/ao350a
  p/prodlit/a350w_ov.htm
• http//www.almaden.ibm.com/cs/user/pan/pan.html
• http//techupdate.zdnet.com/techupdate/filters/mrc
  /0,14175,6020424,00.html
• http//www.nwfusion.com/news/2001/0424hack.html
• http//www.networkcomputing.com/1202/1202f1d1.html
  
• http//www.nokia.com/bluetooth/whatis.html
• http//www.nokia.com/bluetooth/inaction.html
• http//www.niksula.cs.hut.fi/jiitv/bluesec.html

25
CONCLUSION

• In the light of this study, it is quite apparent
  that the security measures for wireless
  networking are inadequate. As the basic problems
  have been corrected, more sophistication in the
  use of mobile devices would lead to more security
  breaches and hence more protection towards it. As
  we have seen, the WSAs and other hacking
  protection tools do provide sufficient help, but
  this should not put us at ease and we should be
  on the look out for more vulnerabilities and ways
  to seal them. I hope this presentation has
  brought awareness among us students and my
  objective has been achieved.