WIRELESS LAN SECURITY

1
WIRELESS LAN SECURITY

• Koray INÇKI
• 21.04.2005
• CMPE 526 Operating Systems and Network Security

2
Presentation Objectives

• Brief Introduction to Wireless LAN Tech
• Building Components of WLANs
• Security Concerns in WLANs
• Enabling Technologies
• Disabling Attacks

3
Outline

• Alphabet Soup
• 802.11 basics (very basic!)
• Security Measures
• Security Risks
• Conclusion

4
Alphabet Soup

• IEEE 802.11 in 1997
• IEEE 802.11b
• IEEE 802.11a
• IEEE 802.11g
• IEEE 802.11i
• IEEE 802.1x
• IEEE 802.11n (due for November 2006)

5
Alphabet Soup IEEE 802.11

• Introduced in 1997
• Standard for Wireless LANs (WLANs)
• Specifications for noisy as well as friendly
  environments
• Operates on no-license-required 2.4 GHz (ISM Band)

6
Alphabet Soup IEEE 802.11?
7
(No Transcript)
8
Components of WLANs

• Two pieces of equipment defined
• Wireless Station (a desktop or laptop or a PDA)
• Access Point
• A bridge b/w wireless and wired networks
• Composed of
• Radio
• Wired network interface
• Bridging software
• Aggregates access for multiple wireless stations
  to wired network

9
802.11 modes of operation

• Infrastructure Mode
• Basic Service Set (BSS)
• One Access Point
• Extended Service Set (ESS)
• 2 Access Points in a subnet
• Most Corporate LANs
• Ad-Hoc Mode
• Also called peer-to-peer
• Independent Basic Service Set
• Devices communicate w/ each other directly
• Useful for quick and easy wireless network

10
Infrastructure Mode
11
Ad-Hoc Mode
Independent Basic Service Set (IBSS)
12
Who Uses WLANs?

• Business Industry
• Consumers (Home)
• Universities
• Military Civil Agencies

13
How is Wireless Different?

• Mobility
• Trust in infrastructure (i.e. routers)
• Trust in Location (physical location)
• Location Estimation Techniques ??
• Location Privacy
• travel behavior can be used for marketing
  purposes
• Processing power, memory energy
• AES instead of 3-DES

14
Security Measures

• Default 802.11b Authentication Schemes
• Service Set Identifier (SSID)
• Wired Equivalent Privacy (WEP)
• Open Authentication (null)
• Shared-Key Authentication
• Temporal Key Integrity Protocol TKIP
• Remote Authentication Dial-In Service (RADIUS)
• WPA (Wi-Fi Protected Access)
• 802.11i

15
Wired Equivalent Privacy (WEP)

• Introduced in 1997 to provide privacy of wire
• Uses RC4 for encryption
• WEP Key initialization vector (IV) are fed into
  a pseudorandom number generator
• 40 bits or 128 bits (104 24 IV)
• The IV, Encrypted Message, and checksum are sent
  in the 802.11 packet
• IV is changed periodically
• Reuse of key streams
• No Key Management Protocol
• Uses pre-shared static keys (PSK)
• Manually distributed keys

16
802.11 WEP Frame
Unencrypted
ICV is a CRC-32 checksum over the Payload (802
Header and the Data)
Encrypted
17
(No Transcript)
18
Security Measures Authentication

• Open System Authentication This is the default
• Any client can associate with AP
• Null authentication algorithm
• Consists of two messages
• Authentication Request
• Authentication Response

19
Security Measures Authentication

• Shared-Key Authentication
• A shared secret (!) key to authenticate the
  client to the AP
• Uses a challenge response protocol
• A random number as a challenge
• A simple Attack
• Record one challenge/response w/ a sniffer
• Use the challenge to decrypt the response and
  recover the key stream
• Use the recovered key stream to encrypt any
  subsequent challenge

AP
STA
20
Authorization

• MAC Layer
• Can Configure AP to talk to specific MAC
  addresses (ACLs)
• Vulnerable to MAC Address Spoofing

21
Security Measures Authentication

• Temporal Key Integrity Protocol TKIP
• Defined in IEEE 802.11i specs for WiFi networks
  to replace WEP
• Short-term solution to WEP
• Deployed on existing H/W
• Uses a key scheme based on RC4 like WEP, but
  encrypts every data packet with its own unique
  encryption key
• Hashes IVs
• Encrypted IVs, not easy to sniff
• IV sent as plaintext in weak WEP
• Message Integrity Check (MIC)
• Provides per-packet key-mixing

22
TKIP cont..

• MIC Message Integrity Check
• Prevent Insertion Attack
• Hacker can determine the encrypted value the
  plaintext
• When results are XORed the PRGA streaming key is
  revealed
• Disable extracting the streaming key from the
  message

23
Security Measures Authentication

• Remote Authentication Dial-In Server (RADIUS)
• Authentication, Authorization, Accounting (AAA)
• Originally developed for remote modem users by
  Livingston Enterprises, 1997
• Responsible for authenticating remote connections
  
• Provide authorization to network resources
• Logging for accountability purposes
• Controls various aspects of authorization
• Time-limits
• Re-keying
• Many RADIUS servers use EAP

24
A Bit On EAP

• The Extensible Authentication Protocol (EAP),
  defined in RFC 2284,
• provides for support of multiple authentication
  methods
• Originally created for use with PPP
• Inherent weaknesses
• Lack of protection of the user identity or EAP
  negotiation
• No standardized mechanism for key exchange
• No built-in support for fragmentation and
  reassembly
• Lack of support for fast reconnect

25
Some Authentication Protocols

• EAP-TLS (Transport Level Security)
• a TLS handshake is used to mutually authenticate
  a client and server
• EAP-TTLS extends this (Tunneled TLS)
• Uses the secure connection established by the TLS
  handshake to perform additional authentication,
  such as another EAP or another authentication
  protocol such as CHAP
• Establish keying material
• PEAP (Protected EAP)
• Similar to EAP-TTLS but only allows EAP for
  authentication
• Also has key exchange, session resumption,
  fragmentation and reassembly

26
Challenge Message

• Authentication depends on a secret known only to
  authenticator and client
• Radius server sends challenge to client via
  access point
• This challenge packet will vary for each
  authentication attempt
• The challenge is pulled from information
  contained a table of known secrets
• New challenge can be sent at intervals based on
  Radius server settings, or upon client roaming

27
Calculated Hash

• Client responds with a calculated value using a
  one way hash function
• This value is derived from a known secrets list

28
Authentication Granted/Denied

• Radius server checks response against it own
  calculated hash
• If it matches, then authentication is
  acknowledged to AP and client
• If authentication is not achieved, the AP will
  not permit any traffic for that client to pass

29
(No Transcript)
30
Funk's Steel-Belted Radius

• Authentication. Validates any remote or WLAN
  user's username and password against a central
  security database to ensure that only individuals
  with valid credentials are granted network
  access.
• Authorization. For each new connection, provides
  information to the remote access or WLAN access
  point device, such as what IP address to use,
  session time-limit information, or which type of
  tunnel to set up.
• Accounting. Logs all remote and WLAN connections,
  including usernames and connection duration, for
  tracking and billing.

31
Wi-Fi Protected Access (WPA)

• Created by Wi-Fi Alliance
• Used basic outline of 802.11i
• 802.11i requires more powerful H/W for AES
• Instead, employ a software/firmware upgrade
• 802.11i is standardized now.
• Not all equipment on the market is compatible
  though

32
WPA

• Wi-Fi Protected Access
• Works with 802.11b, a and g
• Fixes WEPs problems
• Existing hardware can be used
• 802.1x user-level authentication
• TKIP
• RC4 session-based dynamic encryption keys
• Per-packet key derivation
• Unicast and broadcast key management
• New 48 bit IV with new sequencing method
• Michael 8 byte message integrity code (MIC)
• Optional AES support to replace RC4

33
WAP and 802.1x

• 802.1x is a general purpose network access
  control mechanism
• Port based network access
• Provides Authentication to devices attached to a
  LAN port
• Establishes point-to-point connection
• Based on EAP
• WPA has two modes
• Pre-shared mode, uses pre-shared keys
• Enterprise mode, uses Extensible Authentication
  Protocol (EAP) with a RADIUS server making the
  authentication decision
• EAP is a transport for authentication, not
  authentication itself
• EAP allows arbitrary authentication methods
• For example, Windows supports
• EAP-TLS requiring client and server certificates
• PEAP-MS-CHAPv2

34
WEP vs. WPA

• Poor encryption
• 40 bit keys
• Keys are static and shared
• Manual key distribution
• WEP key is used for authentication and encryption

• No known flaws in encryption
• 128-bit keys
• Session keys are dynamic
• Automatic key distribution
• 802.1x/EAP user authentication

35
Practical WAP Attacks

• Dictionary attack on pre-shared key mode
• CoWPAtty, Joshua Wright
• Denial of service attack
• If WPA equipment sees two packets with invalid
  MICs in 1 second
• All clients are disassociated
• All activity stopped for one minute
• Two malicious packets a minute enough to stop a
  wireless network

36
802.11i

• Robust Security Network extends WPA
• Counter Mode with Cipher Block Chaining Message
  Authentication Code Protocol (CCMP)
• Based on a mode of AES, with 128 bits keys and 48
  bit IV.
• Also adds dynamic negotiation of authentication
  and encryption algorithms
• Allows for future change
• Does require new hardware
• Not backward compatible with WEP
• www.drizzle.com/aboba/IEEE/

37
Typical WLAN Attacks

• WEP Cracking
• MAC Attack
• Man-in-the-Middle Attack (Rogue AP)
• Dictionary Attack
• Session Hijacking
• Denial-of-Service (DoS)

38
WEP Cracking

• Static Encryption Keys
• Periodical manual change on all devices
• Manually Distributed Keys
• Key stream Reuse
• RC4 Key Scheduling Algorithm
• Message Authentication
• Soln
• Authentication mechanisms i.e., VPN
• AES like advanced encryption methods

39
MAC Attack

• Same as WEP cracking
• Address spoofing
• MAC Filtering wont work
• Soln authentication mechanisms such as 802.1x
  or VPN

40
Man-in-the-Middle Attack

• Rogue AP
• Capture Necessary Info
• Networks SSID
• IP addresses
• Wireless NICs association ID
• Re-associate users NIC with bogus AP
• Access to all data b/w them, including login info
• Soln VPN and authentication mechanisms

41
Dictionary Attack

• Relies on conventional names words being used
  as login name password
• Gathers a challenge response exchange from a
  password-based protocol.
• Use of open source tools to decrypt login
  information
• Soln
• Use a combination of letters and numbers
• Use authentication mechanisms as 802.1x or VPN

42
Session Hijacking

• Insertion attacks
• Redirect the session from a legitimate end point
• Set up an access point
• WLAN clients try to connect by sending their
  authentication info
• Soln Authentication mechanisms 802.1X and VPN

43
Denial-of-Service (DoS) Attack

• Flooding APs w/ illegitimate traffic
• Overwhelm available bandwidth
• Slow or Stop legitimate users from accessing the
  network
• Soln MAC filtering

44
War Games
45
War Driving

• www.wardriving.com
• Laptop Computer - At least a Pentium 100 with a
  free PCMCIA slot and serial port for GPS.
• 802.11b-compliant wireless Ethernet card
• The Software, Linux, BSD, Windows, Mac, everyone
  is supported.
• Optional GPS receiver for location tracking.
• A way to get around, a car, bus, subway, walking,
  bike.!

46
Is it really possible?

• The Pringles Can Antenna

47
Conclusion

• Wireless networking is difficult to make both
  usable and secure for all but small populations
• Intrusion Detection Systems
• VPNs
• EAP variants
• Authorization is a necessary first step
• Encryption is needed to keep data private
• An end-to-end problem everyone has to cooperate

48
Links

• http//www.informit.com/guides/content.asp?gsecur
  ityseqNum62
• Security of the WEP Algorithm
• http//www.isaac.cs.berkeley.edu/isaac/wep-faq.htm
  l
• An Inductive Chosen Plaintext Attack against
  WEP/WEP2 (William A. Arbaugh)
• http//www.cs.umd.edu/waa/attack/frame.htm
• The Unofficial 802.11 Security Web Page
• http//www.drizzle.com/aboba/IEEE/
• Default SSID document
• http//www.wi2600.org/mediawhore/nf0/wireless/ssid
  _defaults/ssid_defaults-1.0.5.txt
• Wireless underground links
• http//www.novawireless.org/
• http//www.netstumbler.com/
• http//wirelessanarchy.com

49
Questions?

• Thank You!

50
WIRELESS LAN SECURITY

• Koray INÇKI
• 21.04.2005
• CMPE 526 Operating Systems and Network Security