Title: WIRELESS LAN SECURITY
1WIRELESS LAN SECURITY
- Koray INÇKI
- 21.04.2005
- CMPE 526 Operating Systems and Network Security
2Presentation Objectives
- Brief Introduction to Wireless LAN Tech
- Building Components of WLANs
- Security Concerns in WLANs
- Enabling Technologies
- Disabling Attacks
3Outline
- Alphabet Soup
- 802.11 basics (very basic!)
- Security Measures
- Security Risks
- Conclusion
4Alphabet Soup
- IEEE 802.11 in 1997
- IEEE 802.11b
- IEEE 802.11a
- IEEE 802.11g
- IEEE 802.11i
- IEEE 802.1x
- IEEE 802.11n (due for November 2006)
5Alphabet Soup IEEE 802.11
- Introduced in 1997
- Standard for Wireless LANs (WLANs)
- Specifications for noisy as well as friendly
environments - Operates on no-license-required 2.4 GHz (ISM Band)
6Alphabet Soup IEEE 802.11?
7(No Transcript)
8Components of WLANs
- Two pieces of equipment defined
- Wireless Station (a desktop or laptop or a PDA)
- Access Point
- A bridge b/w wireless and wired networks
- Composed of
- Radio
- Wired network interface
- Bridging software
- Aggregates access for multiple wireless stations
to wired network
9802.11 modes of operation
- Infrastructure Mode
- Basic Service Set (BSS)
- One Access Point
- Extended Service Set (ESS)
- 2 Access Points in a subnet
- Most Corporate LANs
- Ad-Hoc Mode
- Also called peer-to-peer
- Independent Basic Service Set
- Devices communicate w/ each other directly
- Useful for quick and easy wireless network
10Infrastructure Mode
11Ad-Hoc Mode
Independent Basic Service Set (IBSS)
12Who Uses WLANs?
- Business Industry
- Consumers (Home)
- Universities
- Military Civil Agencies
13How is Wireless Different?
- Mobility
- Trust in infrastructure (i.e. routers)
- Trust in Location (physical location)
- Location Estimation Techniques ??
- Location Privacy
- travel behavior can be used for marketing
purposes - Processing power, memory energy
- AES instead of 3-DES
14Security Measures
- Default 802.11b Authentication Schemes
- Service Set Identifier (SSID)
- Wired Equivalent Privacy (WEP)
- Open Authentication (null)
- Shared-Key Authentication
- Temporal Key Integrity Protocol TKIP
- Remote Authentication Dial-In Service (RADIUS)
- WPA (Wi-Fi Protected Access)
- 802.11i
15Wired Equivalent Privacy (WEP)
- Introduced in 1997 to provide privacy of wire
- Uses RC4 for encryption
- WEP Key initialization vector (IV) are fed into
a pseudorandom number generator - 40 bits or 128 bits (104 24 IV)
- The IV, Encrypted Message, and checksum are sent
in the 802.11 packet - IV is changed periodically
- Reuse of key streams
- No Key Management Protocol
- Uses pre-shared static keys (PSK)
- Manually distributed keys
16802.11 WEP Frame
Unencrypted
ICV is a CRC-32 checksum over the Payload (802
Header and the Data)
Encrypted
17(No Transcript)
18Security Measures Authentication
- Open System Authentication This is the default
- Any client can associate with AP
- Null authentication algorithm
- Consists of two messages
- Authentication Request
- Authentication Response
19Security Measures Authentication
- Shared-Key Authentication
- A shared secret (!) key to authenticate the
client to the AP - Uses a challenge response protocol
- A random number as a challenge
- A simple Attack
- Record one challenge/response w/ a sniffer
- Use the challenge to decrypt the response and
recover the key stream - Use the recovered key stream to encrypt any
subsequent challenge
AP
STA
20Authorization
- MAC Layer
- Can Configure AP to talk to specific MAC
addresses (ACLs) - Vulnerable to MAC Address Spoofing
21Security Measures Authentication
- Temporal Key Integrity Protocol TKIP
- Defined in IEEE 802.11i specs for WiFi networks
to replace WEP - Short-term solution to WEP
- Deployed on existing H/W
- Uses a key scheme based on RC4 like WEP, but
encrypts every data packet with its own unique
encryption key - Hashes IVs
- Encrypted IVs, not easy to sniff
- IV sent as plaintext in weak WEP
- Message Integrity Check (MIC)
- Provides per-packet key-mixing
22TKIP cont..
- MIC Message Integrity Check
- Prevent Insertion Attack
- Hacker can determine the encrypted value the
plaintext - When results are XORed the PRGA streaming key is
revealed - Disable extracting the streaming key from the
message
23Security Measures Authentication
- Remote Authentication Dial-In Server (RADIUS)
- Authentication, Authorization, Accounting (AAA)
- Originally developed for remote modem users by
Livingston Enterprises, 1997 - Responsible for authenticating remote connections
- Provide authorization to network resources
- Logging for accountability purposes
- Controls various aspects of authorization
- Time-limits
- Re-keying
- Many RADIUS servers use EAP
24A Bit On EAP
- The Extensible Authentication Protocol (EAP),
defined in RFC 2284, - provides for support of multiple authentication
methods - Originally created for use with PPP
- Inherent weaknesses
- Lack of protection of the user identity or EAP
negotiation - No standardized mechanism for key exchange
- No built-in support for fragmentation and
reassembly - Lack of support for fast reconnect
25Some Authentication Protocols
- EAP-TLS (Transport Level Security)
- a TLS handshake is used to mutually authenticate
a client and server - EAP-TTLS extends this (Tunneled TLS)
- Uses the secure connection established by the TLS
handshake to perform additional authentication,
such as another EAP or another authentication
protocol such as CHAP - Establish keying material
- PEAP (Protected EAP)
- Similar to EAP-TTLS but only allows EAP for
authentication - Also has key exchange, session resumption,
fragmentation and reassembly
26Challenge Message
- Authentication depends on a secret known only to
authenticator and client - Radius server sends challenge to client via
access point - This challenge packet will vary for each
authentication attempt - The challenge is pulled from information
contained a table of known secrets - New challenge can be sent at intervals based on
Radius server settings, or upon client roaming
27Calculated Hash
- Client responds with a calculated value using a
one way hash function - This value is derived from a known secrets list
28Authentication Granted/Denied
- Radius server checks response against it own
calculated hash - If it matches, then authentication is
acknowledged to AP and client - If authentication is not achieved, the AP will
not permit any traffic for that client to pass
29(No Transcript)
30Funk's Steel-Belted Radius
- Authentication. Validates any remote or WLAN
user's username and password against a central
security database to ensure that only individuals
with valid credentials are granted network
access. - Authorization. For each new connection, provides
information to the remote access or WLAN access
point device, such as what IP address to use,
session time-limit information, or which type of
tunnel to set up. - Accounting. Logs all remote and WLAN connections,
including usernames and connection duration, for
tracking and billing.
31Wi-Fi Protected Access (WPA)
- Created by Wi-Fi Alliance
- Used basic outline of 802.11i
- 802.11i requires more powerful H/W for AES
- Instead, employ a software/firmware upgrade
- 802.11i is standardized now.
- Not all equipment on the market is compatible
though
32WPA
- Wi-Fi Protected Access
- Works with 802.11b, a and g
- Fixes WEPs problems
- Existing hardware can be used
- 802.1x user-level authentication
- TKIP
- RC4 session-based dynamic encryption keys
- Per-packet key derivation
- Unicast and broadcast key management
- New 48 bit IV with new sequencing method
- Michael 8 byte message integrity code (MIC)
- Optional AES support to replace RC4
33WAP and 802.1x
- 802.1x is a general purpose network access
control mechanism - Port based network access
- Provides Authentication to devices attached to a
LAN port - Establishes point-to-point connection
- Based on EAP
- WPA has two modes
- Pre-shared mode, uses pre-shared keys
- Enterprise mode, uses Extensible Authentication
Protocol (EAP) with a RADIUS server making the
authentication decision - EAP is a transport for authentication, not
authentication itself - EAP allows arbitrary authentication methods
- For example, Windows supports
- EAP-TLS requiring client and server certificates
- PEAP-MS-CHAPv2
34WEP vs. WPA
- Poor encryption
- 40 bit keys
- Keys are static and shared
- Manual key distribution
- WEP key is used for authentication and encryption
- No known flaws in encryption
- 128-bit keys
- Session keys are dynamic
- Automatic key distribution
- 802.1x/EAP user authentication
35Practical WAP Attacks
- Dictionary attack on pre-shared key mode
- CoWPAtty, Joshua Wright
- Denial of service attack
- If WPA equipment sees two packets with invalid
MICs in 1 second - All clients are disassociated
- All activity stopped for one minute
- Two malicious packets a minute enough to stop a
wireless network
36802.11i
- Robust Security Network extends WPA
- Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) - Based on a mode of AES, with 128 bits keys and 48
bit IV. - Also adds dynamic negotiation of authentication
and encryption algorithms - Allows for future change
- Does require new hardware
- Not backward compatible with WEP
- www.drizzle.com/aboba/IEEE/
37Typical WLAN Attacks
- WEP Cracking
- MAC Attack
- Man-in-the-Middle Attack (Rogue AP)
- Dictionary Attack
- Session Hijacking
- Denial-of-Service (DoS)
38WEP Cracking
- Static Encryption Keys
- Periodical manual change on all devices
- Manually Distributed Keys
- Key stream Reuse
- RC4 Key Scheduling Algorithm
- Message Authentication
- Soln
- Authentication mechanisms i.e., VPN
- AES like advanced encryption methods
39MAC Attack
- Same as WEP cracking
- Address spoofing
- MAC Filtering wont work
- Soln authentication mechanisms such as 802.1x
or VPN
40Man-in-the-Middle Attack
- Rogue AP
- Capture Necessary Info
- Networks SSID
- IP addresses
- Wireless NICs association ID
- Re-associate users NIC with bogus AP
- Access to all data b/w them, including login info
- Soln VPN and authentication mechanisms
41Dictionary Attack
- Relies on conventional names words being used
as login name password - Gathers a challenge response exchange from a
password-based protocol. - Use of open source tools to decrypt login
information - Soln
- Use a combination of letters and numbers
- Use authentication mechanisms as 802.1x or VPN
42Session Hijacking
- Insertion attacks
- Redirect the session from a legitimate end point
- Set up an access point
- WLAN clients try to connect by sending their
authentication info - Soln Authentication mechanisms 802.1X and VPN
43Denial-of-Service (DoS) Attack
- Flooding APs w/ illegitimate traffic
- Overwhelm available bandwidth
- Slow or Stop legitimate users from accessing the
network - Soln MAC filtering
44War Games
45War Driving
- www.wardriving.com
- Laptop Computer - At least a Pentium 100 with a
free PCMCIA slot and serial port for GPS. - 802.11b-compliant wireless Ethernet card
- The Software, Linux, BSD, Windows, Mac, everyone
is supported. - Optional GPS receiver for location tracking.
- A way to get around, a car, bus, subway, walking,
bike.!
46Is it really possible?
47Conclusion
- Wireless networking is difficult to make both
usable and secure for all but small populations - Intrusion Detection Systems
- VPNs
- EAP variants
- Authorization is a necessary first step
- Encryption is needed to keep data private
- An end-to-end problem everyone has to cooperate
48Links
- http//www.informit.com/guides/content.asp?gsecur
ityseqNum62 - Security of the WEP Algorithm
- http//www.isaac.cs.berkeley.edu/isaac/wep-faq.htm
l - An Inductive Chosen Plaintext Attack against
WEP/WEP2 (William A. Arbaugh) - http//www.cs.umd.edu/waa/attack/frame.htm
- The Unofficial 802.11 Security Web Page
- http//www.drizzle.com/aboba/IEEE/
- Default SSID document
- http//www.wi2600.org/mediawhore/nf0/wireless/ssid
_defaults/ssid_defaults-1.0.5.txt - Wireless underground links
- http//www.novawireless.org/
- http//www.netstumbler.com/
- http//wirelessanarchy.com
49Questions?
50WIRELESS LAN SECURITY
- Koray INÇKI
- 21.04.2005
- CMPE 526 Operating Systems and Network Security