Wireless LAN Security

1
Wireless LAN Security

• Yen-Cheng Chen
• Department of Information Management
• National Chi Nan University
• ycchen_at_ncnu.edu.tw

2
Outline

1. Introduction
2. WLAN Authentication
3. WEP (Wired Equivalent Privacy)
4. IEEE 802.1x
5. Conclusion

3
1. Introduction

• Increasing popularity of IEEE 802.11 Wireless
  LANs (WLANs)
• More laptops and PDAs equipped with WLAN
  interface. (Intel Centrinotm)
• By 2005, over 80 percent of professional notebook
  PCs will have an WLAN interface.
• Public Wireless LAN Hotspots
• ISPs provide WLAN access services at airports,
  coffee shops, conference centers, shopping malls,
  

4
Comparisons among 802.11 Versions
5
Wireless LAN Hotspots
Coffee Shop
Airport
WLAN Adapter
Internet
Access Point
Conference Center
6
Typical Wireless LAN Configuration
Switch
Router
Internet/ Intranet
Router
WLAN Adapter
Switch

PDA
7
IEEE 802.11 Association Services

• Three association services defined in 802.11
• Association Service
• Before a mobile client is allowed to send a data
  message via an AP, it shall first become
  associated with the AP.
• Reassociation Service
• The reassociation service is invoked to move a
  current association from one AP to another.
• Disassociation Service
• The disassociation service is invoked whenever an
  existing association is to be terminated.

8
A Scenario
(1) Association (2) Reassociation (3)
Disassociation
Internet
AP 2
AP 1
9
802.11 Client Authentication
10
802.11 Client Authentication

• 1. Client broadcasts a probe request frame on
  every channel
• 2. Access points within range respond with a
  probe response frame
• 3. The client decides which access point (AP) is
  the best for access and sends an authentication
  request
• 4. The access point will send an authentication
  reply
• 5. Upon successful authentication, the client
  will send an association request frame to the
  access point
• 6. The access point will reply with an
  association response
• 7. The client is now able to pass traffic to the
  access point

11
Security Threats

• Data transmitted can be easily intercepted.
• Signal coverage area cannot be well limited.
• Intentional and non-intentional interference.
• ?
• User authentication to prevent unauthorized
  access to network resources
• Data privacy to protect the integrity and privacy
  of transmitted data

12
2. WLAN Authentication

• SSIDs (Service Set IDs)
• Open Authentication
• Shared Key Authentication
• MAC Address Authentication

13
SSIDs (Service Set IDs)
14
SSIDs (Service Set IDs)
15
Vulnerability of Using SSIDs

• SSID can be obtained by eavesdropping.

16
Open Authentication

• Null authentication
• Some hand-held devices do not have capabilities
  for complex authentication algorithms.
• Any device that knows the SSID can gain access to
  the WLAN.

17
Open Authentication with Differing WEP Keys
18
Shared Key Authentication

• 1. The client sends an authentication request to
  the access point requesting shared key
  authentication
• 2. The access point responds with an
  authentication response containing challenge text
• 3. The client uses its locally configured WEP key
  to encrypt the challenge text and reply with a
  subsequent authentication request
• 4. If the access point can decrypt the
  authentication request and retrieve the original
  challenge text, then it responds with an
  authentication response that grants the client
  access

19
Shared Key Authentication

• Use of WEP key
• Key distribution and management

20
Shared Key Authentication Vulnerabilities

• Stealing Key stream
• WEP uses RC4
• Man-in-the-Middle Attack

C P ? RC4(K) C ? P P ? RC4(K) ? P RC4(K)
21
Deriving Key Stream
22
MAC Address Authentication

• Not specified in 802.11
• Many AP products support MAC address
  authentication.
• MAC address authentication verifies the clients
  MAC address against a locally configured list of
  allowed addresses or against an external
  authentication server.

23
MAC Address Filtering in APs
24
MAC Authentication via RADIUS
25
MAC Address Authentication Vulnerabilities

• MAC Address Spoofing
• Valid MAC addresses can be observed by a protocol
  analyzer.
• The MACs of some WLAN NICs can be overwritten.

26
3. WEP (Wired Equivalent Privacy)

• IEEE 802.11 Std.
• Goals
• Confidentiality
• Access Control
• Data Integrity
• WEP Key 64-bit, 128-bit

27
WEP (Wired Equivalent Privacy)
-- 4 Keys -- 104-bit key 24-bit IV
104 bits
28
(104 bits)
(128 bits)
(104 bits)
(128 bits)
29
WEP Vulnerabilities

• Key attacks
• Statistical key derivation Several IVs can
  reveal key bytes after statistical analysis.
• Secret key problems
• Confidentiality attacks
• Integrity attacks
• Authentication attack

30
IV Replay Attack
31
Growing a Key Stream
32
Keystream Reuse in WEP
33
Keystream Reuse in WEP

• WEP standard recommends that IV be changed after
  every packet.
• Many WLAN cards reset the IV to 0 each time they
  were re-initialized, and then incremented the IV
  by one after each packet transmitted.
• IV is only 24 bits wide.
• 1500 byte packets, 5 Mbps bandwidth
• ?half of a day

34
4. IEEE 802.1X

• Port-Based Network Access Control
• To provide a means of authenticating and
  authorizing devices attached to a LAN port that
  has point-to-point connection characteristics
• To prevent access to that port in cases in which
  the authentication and authorization process
  fails.
• 802.1X requires three entities
• The supplicantresides on the wireless LAN client
• The authenticatorresides on the access point
• The authentication serverEAP server, mostly
  RADIUS server

35
802.1X in LANs

• EAP-MD5
• EAP-TLS

EAP Extended Authentication Protocol RADIUS Rem
ote Authentication Dial In User Service
36
Supplicant, Authenticator, and Authentication
Server
PAE port access entity
37
(No Transcript)
38
EAP-MD5
Supplicant
Authentication Server
Challenge Text
MD5 (Password Challenge Text)
Accept / Reject
39
EAP-TLS

• TLS Transport Layer Security
• Use TLS public key certification mechanism within
  EAP.
• Digital certificate signed by CA
• Mutual Authentication
• Client Certificate
• Server Certificate
• Key exchange / Dynamic session key

40
Man-In-The-Middle Attack

• Absence of Mutual Authentication

41
Session Hijacking
42
5. Conclusion

• IEEE 802.11i
• TKIP Temporal Key Integrity Protocol
• AES Advanced Encryption Standard
• Certificate based authentication
• EAP-TLS, EAP-TTLS, PEAP
• Password authentication
• LEAP, Diffie-Hellman exchange,
• SPEKE ZKPP(Zero Knowledge Password Proof)

43
Reference
A Comprehensive Review of 802.11 Wireless LAN
Security and the Cisco Wireless Security
Suite http//www.cisco.com/warp/public/cc/pd/witc
/ao1200ap/prodlit/wswpf_wp.pdf Intercepting
Mobile Communications the Insecurity of 802.11,
Borisov, N., Goldberg, I., and Wagner, D.,
Proc. Of the 7th ACM International Conference on
Mobile Computing and Networking, Rome, July
2001. An Initial Analysis of the IEEE 802.1X
Standard, Mishra, A., Arbaugh, W. A.,
University of Maryland, February 2002. IEEE
Std 802.11 Wireless LAN Medium Access Control and
Physical Layer Specifications IEEE, 1999