Wireless Networking WLAN Security Module-12

1
Wireless NetworkingWLAN Security Module-12

• Jerry Bernardini
• Community College of Rhode Island

2
Presentation Reference Material

• CWNA Certified Wireless Network Administration
  Official Study Guide
• (PWO-104), David Coleman, David Westcott,
  2009, Chapter-13
• CWNA Certified Wireless Network Administration
  Official Study Guide, Fourth Edition, Tom
  Carpenter, Joel Barrett
• Chapter-9,10
• Cisco White Paper - A Comprehensive Review of
  802.11 Wireless LAN Security and the Cisco
  Wireless Security Suite
• www.cisco.com/warp/public/cc/pd/witc/ao1200ap/pro
  dlit/wswpf_wp.htm
• Your 802.11 Wireless Network has No Clothes
• William A. Arbaugh, Narendar Shankar, Y.C. Justin
  Wan, Department of Computer Science University
  of Maryland College Park, Maryland 20742 March
  30, 2001
• http//www.cs.umd.edu/waa/wireless.pdf

3
What is Information Security?

• Information Security Task of guarding digital
  information
• Information must be protective -on the devices
  that store, manipulate, and transmit the
  information through products, people, and
  procedures.
• Information that must be protected are CIA
• Confidentiality
• Only authorized parties can view information
• Integrity
• Information is correct and unaltered
• Availability
• Authorized parties must be able to access at all
  times

4
Layers of Security
5
802.11 Security Basics

• Data Privacy
• Authentication, Authorization, Accounting (AAA)
• Segmentation
• Monitoring
• Policy
• Because data is transmitted freely and in open
  air, wireless systems need strong encryption

6
Wireless Data Privacy

• Data privacy means others can not read your
  messages unless you allow it.
• Data must be encrypted
• Most common methods
• RC4 algorithm
• Advanced Encryption algorithm (AES)
• Most encryption is Layer-2, protecting layers 3-7
• 802.11 management frames are not encrypted
• 802.11 control frames are not encrypted

7
Authentication, Authorization, Accounting (AAA)

• Authentication verification of user identity
• Authorization granting access to
• Accounting tracking the use of network by users

8
Early IEEE 802.11 Security

• Referred to as Pre-RSNA Security
• RSNARobust Security Network Association
• Pre-RSNA Security includes
• Open System Authentication
• Share Key Authentication
• Wired Equivalent Privacy
• This technology has many flaws and should not be
  considered for new systems
• But we should understand Pre-RSNA to appreciate
  WLAN vulnerabilities

9
Security Segmentation and Monitoring

• Segmentation separating users
• Firewalls
• Routers
• VPNs
• VLANs
• Monitoring and Policy
• Full-time monitoring of wireless network needed
• Protect against possible attacks
• Use a Wireless Intrusion detection System(WIDS)

10
Open Authentication

• Open authentication allows any device network
  access.
• If no encryption is enabled on the network, any
  device that knows the SSID of the access point
  can gain access to the network.
• With WEP encryption enabled on an access point,
  the WEP key itself becomes a means of access
  control.

11
802.11 client authentication process

• 1. Client broadcasts a probe request frame on
  every channel
• 2. Access points within range respond with a
  probe response frame
• 3. The client decides which access point (AP) is
  the best for access and sends an authentication
  request
• 4. The access point will send an authentication
  reply
• 5. Upon successful authentication, the client
  will send an association request frame to the
  access point
• 6. The access point will reply with an
  association response
• 7. The client is now able to pass traffic to the
  access point

12
Open Authentication Vulnerabilities

• No way for the access point to determine whether
  a client is valid.
• A major security vulnerability if WEP or better
  encryption is not implemented
• Cisco does not recommend deploying wireless LANs
  without WEP encryption.
• When WEP encryption is not needed or is not
  feasible to deploy - such as public WLAN
  deployments
• Higher-layer authentication can be provided by
  implementing a Service Selection Gateway (SSG).

13
Shared Key Authentication

• The client sends an authentication request to the
  access point requesting shared key authentication
• The access point responds with an authentication
  response containing challenge text
• The client uses its locally configured WEP key to
  encrypt the challenge text and reply with a
  subsequent authentication request
• If the access point can decrypt the
  authentication request and retrieve the original
  challenge text, then it responds with an
  authentication response that grants the client
  access

14
Vulnerability of Shared Key Authentication
15
Wired Equivalent Privacy-WEP

• Wired Equivalent Privacy, a security protocol for
  WLANs defined in the 802.11b standard.
• A secret key is shared between STAs and an AP
• The secret key is used to encrypt packets (MSDU)
  before they are transmitted.
• LANs are inherently more secure than WLANs
• WLANs are over radio waves and can be intercepted

16
WEP uses RC4

• It is reasonably strong
• It is self-synchronizing
• WEP is self-synchronizing for each message. This
  property is critical for a
• data-link level encryption algorithm, where best
  effort delivery is assumed and packet loss rates
  may be high.
• It is efficient
• The WEP algorithm is efficient and may be
  implemented in either hardware or software.
• It may be exportable

17
What is RC4

• RC4 is a stream cipher designed by Ronald L.
  Rivest (MIT Professor) for RSA Data Security (now
  RSA Security).
• It is a variable key-size stream cipher with
  byte-oriented operations.
• The algorithm is based on the use of a random
  permutation. Analysis shows that the period of
  the cipher is overwhelmingly likely to be greater
  than 10100.
• Eight to sixteen machine operations are required
  per output byte, and the cipher can be expected
  to run very quickly in software.
• Independent analysts have scrutinized the
  algorithm and it is considered secure.

18
Correct WEP Key Required

• If a device does not have the correct WEP key,
  even though authentication is successful, the
  device will be unable to transmit data through
  the access point.
• Neither can it decrypt data sent from the access
  point

19
WEP Encryption Process
802.11 recommends IV change per-frame same packet
is transmitted twice resulting cipher-text will
be different
Ciphertext
IV
Initialization Vector (IV)
PRNG
Key Stream
Seed
C1
Secret Key
Pseudorandom Number Generator
Plain text
Exclusive-OR
C2
Integrity Algorithm
Integrity Check Value (ICV)
What is Transmitted
20
WEP Implementation

• IEEE 802.11 cryptography objectives
• Efficient
• Exportable
• Optional
• Reasonably strong
• Self-synchronizing
• WEP relies on secret key shared between a
  wireless device and the AP
• Same key installed on device and AP
• A form of Private key cryptography or symmetric
  encryption

21
WEP Characteristics

• WEP shared secret keys must be at least 40 bits
• Most vendors use 104 bits
• Options for creating WEP keys
• 40-bit WEP shared secret key (5 ASCII characters
  or 10 hexadecimal characters)
• 104-bit WEP shared secret key (13 ASCII
  characters or 16 hexadecimal characters)
• Passphrase (16 ASCII characters)
• APs and wireless devices can store up to four
  shared secret keys
• Default key one of the four stored keys
• Default key used for all encryption
• Default key can be different for AP and client

22
WEP Keys
- Key order must be the same for all devices -
Default Keys can be different for each device
23
Initialization Vector

• The IV is a 24-bits that augments a 40-bit WEP
  key to 64 bits and a 104-bit WEP key to 128 bits.
  
• The IV is sent in the clear in the frame header
  so the receiving station knows the IV value and
  is able to decrypt the frame
• Although 40-bit and 104-bit WEP keys are often
  referred to as 64-bit and 128-bit WEP keys, the
  effective key strength is only 40 bits and 104
  bits, respectively, because the IV is sent
  unencrypted.

24
WEP Encryption Process
Data
1 0 1 1 1 0 0 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 1 0 1
Key Stream
1 1 1 1 0 1 1 0 0 1 1 1 1 0 1 0 1 0 1 0 1 1 1 0 1
Cipher Stream (Transmitted and Received)
0 1 0 0 1 1 1 1 0 0 0 0 1 1 1 1 0 0 1 1 0 0 0 0 0
Key Stream
1 1 1 1 0 1 1 0 0 1 1 1 1 0 1 0 1 0 1 0 1 1 1 0 1
Data
1 0 1 1 1 0 0 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 1 0 1
25
WEP Encryption Process
The WEP Encrypted Frame Body
Encrypted
IV 4
Data PDU gt1
ICV 4
Init. Vector 3
1 Octet
Pad 6-bits
Key ID 2-bits
26
WEP Keys

• 802.11b 64-bit shared RC4 Key.
• 24-bit IV plus a 40-bit Secret Key.
• 128-bit shared RC4 Key
• 24-bit IV plus a 104-bit Secret Key.
• 152-bit shared RC4 Key
• 24-bit IV plus a 128-bit Secret Key.

2324
0
63
IV 24 - bits
Secret Key 40 - bits
PRNG Seed
27
WEP Weaknesses

• Key management and key size. 40-bit
• The IV is too small.
• 24-bit 16,777,216 different cipher
  streams.
• The ICV algorithm is not appropriate
• Uses CRC-32 when MD5 or SHA-1 would be
  better.
• Authentication messages can be easily forged.
  

28
Block Cipher Operation

• Block ciphers deal with data in defined blocks
• The block cipher fragments the frame into blocks
  of predetermined size and performs the XOR
  function on each block.
• Each block must be the predetermined size, and
  leftover frame fragments are padded to the
  appropriate block size

29
RSNA Security

• Robust Security Network Association
• IEEE 802.11. Clause 8 (previously IEEE 802.11i)
• TKIP and RC4
• CCMP and AES
• IEEE 802.1X
• Preshared Keys
• Certificates and PACs
• Four way Handshake
• Key Hierarchies
• Transition Security Network

30
IEEE 802.11, Clause 8
Discusses and defines the following issues
31
Temporal Key Integrity Protocol - TKIP

• Part of the IEEE 802.11i encryption standard for
  wireless LANs (Pronounced tee-kip )
• TKIP is the next generation of WEP (initially
  call WEP2).
• Provides per-packet key mixing, a message
  integrity check and a re-keying mechanism, thus
  fixing the flaws of WEP.
• TKIP Process
• begins with a 128-bit "temporal key" shared among
  clients and access points
• Combines the temporal key with the client's MAC
  address and then adds a relatively large 16-octet
  initialization vector to produce the key that
  will encrypt the data.
• This procedure ensures that each station uses
  different key streams to encrypt the data.
• Older WEP based devices can be upgraded to TKIP
  and not processor intensive

32
CCMP and AES

• Counter Mode with Cipher Block Chaining-Message
  Authentication Code (CCMP)
• CCMP uses Advanced Encryption Standard (AES)
  instead of RC4 algorithm
• CCMP/AES uses 128-bit encryption, encrypts
  128-bit blocks, uses 8-bytes integrity check
• AES is very processor intensive
• Not upgradable for older devices

33
Advanced Encryption Standard - AES

• Relatively new U.S. National Institute of
  Standards and technology (NIST) for single-key
  encryption approved in 2002.
• 16-byte Block Cipher based on Rijndael
• (pronounced Rain Doll)
• Key Lengths of 128, 192, and 256-bit
• Time to brute-force break an AES 256-bit key
  several years.
• AES Encryption is a four step process

34
http//en.wikipedia.org/wiki/Advanced_Encryption_S
tandard AES Four Steps
3
1
2
4
35
802.1X and EAP

• IEEEs 802.1X Port Based Network Access Control
  standard provides strong authentication and
  network access control for 802.11 networks.
• Extensible Authentication Protocol (EAP) is
  used to pass authentication information between
  the supplicant and the AS.

Supplicant
Authenticator
Authentication Server
1
36
802.1X Requires Three Entities

• The supplicant-Resides on the wireless LAN
  client
• The authenticator-Resides on the access point
• The authentication serverResides on the RADIUS
  server

37
Cisco Wireless Security Suite and 802.1X

• authentication frameworkThe IEEE 802.1X standard
  provides a framework for many authentication
  types and the link layer
• Extensible Authentication Protocol (EAP) Cisco
  authentication algorithmThe EAP Cisco Wireless
  authentication type, also called Cisco LEAP
  supports centralized, user-based authentication
  with the ability to generate dynamic WEP keys
• Temporal Key Integrity Protocol (TKIP)Cisco has
  implemented two components to augment WEP
  encryption
• Message Integrity Check (MIC)The MIC function
  provides effective frame authenticity to mitigate
  man-in-the-middle vulnerabilities
• Per-Packet KeyingPer-packet keying provides
  every frame with a new and unique WEP key that
  mitigates WEP key derivation attacks
• Broadcast Key RotationDynamic key rotation

38
Four-Way Handshake

• Used to establish temporary transient keys with
  AP
• Four-packet exchange
• Number used once (Anounce)
• Supplicant nounce (Snounce)
• Authenticator Nounce
• Message Integrity Check (MIC)

39
WPA

• There are 2 modes of WPA and WPA2
  certificationEnterprise and Personal

40
WPA WPA2, 7-steps

• The 7 steps are
• Step 1 Security Mechanism and Credentials
• Step 2 User Authentication Database
• Step 3 Client Operating Systems
• Step 4 Supplicants
• Step 5 EAP Types (EAP-TTLS)
• Step 6 Authentication Server
• Step 7 Access Points and Client NIC Cards

41
Example of a WPA2

• Windows
• 1. Security Credentials Digital Certificate
  X.509
• 2. Database Microsoft Active Directory
• 3. Client OS Windows XP
• 4. Supplicant Built into Windows XP for EAP-TLS
• 5. Authentication EAP Type EAP-TLS
• 6. Authentication Server Cisco Secure Access
  Control Server (RADIUS server)
• 7. Access Points and Client Devices
  WPA2-Enterprise Wi-Fi CERTIFIED

42
WPA Deployment
Authentication Database
Radius Server 802.1X EAP Type
Wired LAN
Support for802.1X EAP TypeTKIP
Access Points
AP-1
Wireless Clients
WiFi Cert with WPA802.1X EAP TypeSupplicant for
EAP OSTKIP Encryption
1
2
43
MAC Address Authentication

• MAC address authentication is not specified in
  the 802.11 standard
• Many vendorsincluding Ciscosupport it.
• MAC address authentication verifies the client's
  MAC address against a locally configured list of
  allowed addresses or against an external
  authentication server
• MAC authentication is used to augment the open
  and shared key authentications provided by
  802.11   

44
Remember CIA and AAA

• CIA
• Confidentiality-Keep things private
• Integrity Data must be consistant and accurate
• Availability The right data to the right users
• AAA
• Authentication Who are You?
• Authorization What do you want?
• Accounting What have you done?
• Bottom Line
• Users are responsible for protecting there
  accounts and their data

45
IPsec VPN (Secure Your Wireless with Ipsec by Dan
Langille 10/21/2004 )

• IPsec is short for IP security
• It is a set of protocols for securely exchanging
  packets at the IP layer.
• VPNs frequently use it. can use the same approach
  to secure our wireless network.
• uses shared secrets to encrypt data.
• uses security policies to decide what types of
  traffic to encrypt between which hosts.
• IPsec can create a point-to-point tunnel between
  two hosts.
• IPsec cannot exist on its own -need to have IPsec
  at both ends
• IPsec uses a database to decide how to treat
  traffic.
• The two main types of rules are policy and
  association.
• Security Policy Database (SPD) determines what
  traffic IPsec should handle.
• Security Association Database (SAD) specifies how
  to encrypt that traffic.

46
Wireless VPNs

• Virtual Private Networks, or VPNs, use publicly
  accessible or wireless network infrastructures
  combined with private connections to securely
  exchange private applications and data.
• All VPN systems use encryption and other
  security mechanisms to ensure that only
  authorized users can access the network, so that
  the data cannot be intercepted.

47
Wireless Gateways

• A network device or base station, usually
  providing shared network access, firewall
  security and encryption.
• An Access Point, LAN Switch, Firewall, and WAN
  Interface in one enclosure.

48
Security Solutions
802.1X Authentication
MIC Message Integrity Checking
TKIP Temporal Key Integrity Protocol
Cipher and Authentication Negotiation
Key Management
WPA / WPA2Wi-Fi Protected Access
AES Advanced Encryption Standard
802.11i
49
Wireless Security Summary
50
Wireless Security Terms

• SSID Service Set Identifier
• WPA Wi-Fi Protected Access
• WEP- Wired Equivalent Privacy
• PSK Pre-Shared Key
• TKIP Temporal Key Integrity Protocol
• MAC Media Access Control
• MIC Message Integrity Check
• AES Advanced Encryption Standard
• CCMP -Counter Mode CBC-MAC Protocol
• RADIUS Remote Dial-In User Service