NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions

1
NETW 05A APPLIED WIRELESS SECURITY Data-Link
Security Solutions

• By Mohammad Shanehsaz
• Spring 2005

2
Objectives

• Static and Dynamic WEP TKIP
• Explain the functionality, strengths, and
  weaknesses of WEP and TKIP
• Explain appropriate scenarios and applications of
  static and dynamic WEP and TKIP
• Install and configure static and dynamic WEP
  TKIP
• Illustrate feasibility of WEP exploitation
• Manage scalable WEP TKIP solutions

3
Objectives

• 802.1x and EAP
• Explain the functionality of 802.1x EAP
• Explain dynamic key generation and rotation for
  solution scalability
• Explain the strengths, weaknesses, and
  appropriate applications of 802.1x EAP
• Install and configure 802.1x EAP, including
  LEAP, EAP-TLS, EAP-TTLS, EAP-MD5, PEAP,
• Manage scalable 802.1x and EAP solutions

4
802.11 MAC Basics

• Management and control frames are sent in clear
  text and unauthenticated
• This is the basis for many types of attack
  scenarios
• For some types of attacks particular vendors have
  instituted proprietary solutions
• Many of these vulnerabilities will be addressed
  by the 802.11i standards

5
Categories of Authentication Encryption

• There are three main categories
• Static WEP
• Dynamic WEP
• Proprietary protocols
• There are variations on each type

6
Static WEP

• Security solution based on unchanging shared keys
  that are preconfigured on all nodes by network
  administrator
• Protects the wireless link with simple
  authentication and data encryption
• Not a complete solution, it can be cracked using
  common tools such as WEPcrack or Airsnort

7
Cracking WEP

• Cracking WEP requires three things
• Large number of captured packets
• Long periods of time to capture those packets
• Fast machine to process the information contained
  in the packets to derive the WEP key
• It can takes days to crack it, is it worth it ?

8
TKIP

• Temporal Key Integrity Protocol is a set of
  modifications to the existing WEP algorithm
• IEEE 802.11i task group created TKIP
• TKIP is a type of dynamic WEP solution where WEP
  keys are rotated on a changeable interval, but
  static WEP key is still used as keying material

9
WEP Weaknesses Addressed

• TKIP algorithms address the following weaknesses
• Forgery
• Weak-Key attacks
• Collision attacks
• Replay attacks

10
Forgery

• TKIP supports per-packet authentication
• Forgery attacks are performed by capturing
  encrypted packets, changing some data within
  them, and then resending the packets
• TKIP uses message-integrity check (MIC) called
  Michael to thwart attempts
• MICs add significant network overhead

11
Weak Key Attacks

• WEP construct a per-packet RC4 key by
  concatenating an RC4 base key and 24 bits IV
• TKIP uses key-mixing to derive shortlived
  encryption keys
• TKIP uses 128 bit temporal key combined with the
  clients MAC address and large 48 bit IVs to
  produce the key for encryption

12
Collision and Replay attacks

• TKIP uses 48 bit IVs, which increases the
  possible number of IVs, to prevent collision
  attacks
• TKIP prevents replay attacks by using sequencing
  number for generated packets

13
Availability

• For those products that are currently Wi-Fi
  certified, most can be upgraded to support TKIP,
  assuming the vendor has made a firmware upgrade
  available-
• check the web site for upgrades

14
802.1x / EAP

• 802.1x with use of the Extensible Authentication
  Protocol implements what is generally referred to
  as dynamic WEP
• Dynamic Key Generation, Distribution, Rotation
• EAP is a layer 2 authentication protocol
  replacing PAP and CHAP
• It is appropriate for medium to large enterprise
  environment
• Basing authentication on individualized user
  credentials such as usernames and passwords,
  certificates, smartcards and other like methods

15
802.1x Standard

• IEEE standard that provides an authentication
  framework for 802-based LANs
• It was originally used in wired networks and has
  since been adapted for wireless networks
• It provides port-based access control so that
  before the switch or access point will establish
  a connection, the user credentials must be
  verified
• 802.1x standard addresses only access control and
  authentication framework and does not address
  data privacy, so that the problems with WEP still
  exist, EAP eliminates the problems through
  dynamic key generation

16
802.1x Standard

• There are three terms defined by the IEEE
  standard that describe the devices used in 802.1x
• Supplicant-a client that is being authenticated
• Authenticator-an access layer device such as AP
  or bridge that requires supplicants to be
  authenticated in order to pass traffic through it
• Authentication server-( typically a RADIUS ) the
  device that is doing the authentication of the
  supplicant

17
802.1x Standard Advantages

• Maturity Interoperability
• User-based identification
• Dynamic Key Management
• Flexible Authentication

18
Maturity Interoperability

• The industrys choice to use in WLAN because of
  time-proven use in wired network
• Supports of mature protocols such as EAP and
  RADIUS which are open standards providing max
  interoperability in centralized identification
  and key management

19
User-based Identification

• Basing authentication on actual user not a
  particular wireless device, on a scalable
  database such as RADIUS or other databases that
  RADIUS directly supports (Active Directory, NDS,
  LDAP, SQL)
• Centralized authentication and management save
  time and money

20
Dynamic Key Management

• Per-user per-session keys eliminates attacks
  based on obtaining the WEP key
• Automated key management systems allow keys to be
  reissued without an administrators intervention

21
Flexible Authentication

• There are several supported authentication
  solutions to choose from
• Changing the authentication mechanism does not
  require any hardware replacement

22
EAP Protocol

• Provides an extensible method for PPP server to
  authenticate its clients
• EAP supports two-and three-factor authentication
  (passwords, certificates, biometrics, etc)
• EAP was designed to prevent proprietary
  authentication solutions from being implemented
  which would have had a negative effect on the
  interoperability and compatibility between
  systems
• EAP is within OS of the server or application
  software on the client
• Windows XP natively supports EAP

23
EAP Authentication Types

• There are many EAP types
• EAP-MD5
• EAP-TLS
• LEAP
• EAP-TTLS
• PEAP

24
EAP-MD5

• First Authentication type created by RFC2284 for
  802.1x
• Uses the same challenges handshake protocol as
  PPP-based CHAP, except challenges and responses
  are sent as EAP messages
• It has three weaknesses
• One-way authentication
• Challenge passwords
• No per-session WEP keys
• Rarely used because of its weaknesses

25
EAP-MD5 Weaknessesone-way Authentication

• Because only the supplicant gets authenticated,
  an impersonator could be added as rogue RADIUS
  server to obtain the login credentials of a
  legitimate user

26
EAP-MD5 WeaknessesChallenge Passwords

• Authentication server challenge the supplicant
  with a random string of text
• The supplicant hashes the challenge with its
  password and send it back
• The server validates the response based on its
  knowledge of the password
• Eavesdropper can obtain both the challenge and
  the hash, which he/she can break it with
  dictionary attack to obtain users password

27
EAP-MD5 Weaknessesno per-session WEP keys

• After authentication, communication is either not
  encrypted, or encrypted with a static WEP key
• Because of static WEP vulnerability , it allows
  eavesdropping on the data

28
EAP-TLS (EAP-Transport Level Security )

• Developed by Microsoft and standardized by
  Internet Engineering Task Force
• It is based on the secure socket layer protocol
  used for secure web traffic
• It uses both server-side and client-side
  certificates for user identification (mutual
  authentication)
• More appropriate for organizations that have
  already deployed a PKI (public key
  infrastructure)
• Per-session WEP key is set up, and client can be
  re-authenticated and re-keyed as often as needed
  without inconveniencing the end user

29
TLS Authentication

• The TLS process begins with the handshake
  process
• 1. The SSL client connects to a server and makes
  an authentication request
• 2. The server sends its digital certificates to
  the client
• 3. The client verifies the certificates validity
  and digital signature
• 4. The server requests client-side authentication
• 5. The client sends its digital certificate to
  the server
• 6. The server verifies the certificates validity
  and digital signature
• 7. The encryption and message integrity schemes
  are negotiated
• 8. Application data is sent over encrypted tunnel
  via the record protocol

30
EAP-TLS Authentication

• The EAP-TLS authentication process is as follows
• 1. The client sends an EAP start message to the
  access point
• 2. The access point replies with an EAP Request
  Identity message
• 3. The client sends its network access identifier
  (NAI), which is username, to the access point in
  an EAP Response message
• 4. The access point forwards the NAI,
  encapsulated in a RADIUS Access Request message
  to the RADIUS server
• 5. The RADIUS server responds to the client with
  its digital certificate

31
EAP-TLS Authentication

• 6. The client validates the RADIUS servers
  digital certificate
• 7. The client replies to the RADIUS server with
  its digital certificate
• 8. The RADIUS server validates the clients
  credentials against the client digital
  certificate
• 9. The client and RADIUS server derive encryption
  keys
• 10. The RADIUS server sends the access point a
  RADIUS ACCEPT message, including the clients WEP
  key, indicating successful authentication
• 11. The access point sends the client an EAP
  Success message
• 12. The access point sends the broadcast key and
  key length to the client, encrypted with the
  clients WEP key

32
EAP-Cisco Wireless (LEAP)

• Ciscos proprietary Lightweight Extensible
  Authentication Protocol was designed to support
  802.1x/EAP based authentication
• It was developed to support networks with a
  variety of OS that may not natively support EAP
• LEAP supports mutual authentication between a
  client and a RADIUS server
• LEAP provides user-based, centralized
  authentication as well as per-session WEP keys
• Used in Ciscos Aironet products
• Its security level is considered moderate or
  strong based on the strength of the passwords
  used
• See figure 11.12 on page 256 for LEAP Process

33
EAP-TTLS (Tunneled Transport Layer Security )

• Was co-developed by Funk Software and Certicom,
  supported in Funks Odyssey software
• EAP-TTLS requires only an authentication server
  certificate
• TTLS uses TLS channel to exchange
  attribute-value pairs (AVPs)
• After authentication server is authenticated
  using its digital certificate, an encrypted
  tunnel is established between the supplicant and
  authentication server to pass the supplicants
  authentication credentials
• See figure 11.13 for EAP-TTLS Process

34
Key security Features of EAP-TTLS

• Almost any kind of supplicant authentication
  credentials (passwords, tokens, etc ) can be used
  inside the encrypted tunnel
• Low overhead since requirement of only
  server-side certificate
• Many types of authentication algorithms may be
  used inside the encrypted tunnel-MS-CHAPv2,
  MS-CHAP, CHAP, PAP,EAP-MD5
• Strong protection against eavesdroppers seeking
  to perform dictionary attack
• Mutual authentication, fast connections while
  roaming, and automatic re-keying of encryption
  keys

35
Protected EAP ( PEAP )

• PEAP was developed by Microsoft, Cisco and RSA
  Security to address deficiencies of EAP
  (Unprotected user information during the EAP
  negotiation, No support for fast reconnections
  when roaming, No support for fragmentation and
  reassembly)
• PEAP was designed to protect EAP communication
  between clients and authenticators
• It provides support for identity protection by
  using TLS to create an encrypted tunnel after
  verifying the identity of authentication server

36
Protected EAP (PEAP) continue

• After encrypted tunnel is established a second
  EAP authorization process occurs inside the
  tunnel
• The client is authenticated inside the tunnel
  using any implemented EAP authorization type
  (tokens, passwords,etc)
• It has built-in support for packet fragmentation
  and reassembly, as well as fast reconnects
• See figure 11.15 on page 263 for PEAP process

37
PEAP Authentication

• 1. The client sends an EAP start message to the
  access point
• 2. The access point replies with an EAP Request
  Identity message
• 3. The client sends its network access identifier
  (NAI), which is its username, to the access point
  in an EAP Response message
• 4. The access point forwards the NAI to the
  RADIUS server encapsulated in a RADIUS Access
  Request message
• 5. The RADIUS server responds to the client with
  its digital certificate
• 6. The client validates the RADIUS servers
  digital certificate

38
PEAP Authentication

• 7. The client and server negotiate and create an
  encrypted tunnel
• 8. This tunnel provides a secure data path for
  client authentication
• 9. Using the TLS Record protocol, a new EAP
  authentication is initiated by the RADIUS server
• 10. The exchange includes the transactions
  specific to the EAP type used for client
  authentication
• 11. The RADIUS server sends the access point a
  RADIUS ACCEPT message, including the clients WEP
  key, indicating successful authentication

39
EAP-TTLS vs PEAP

• Both were designed to use older authentication
  methods while maintaining the strong
  cryptographic foundation of TLS
• Both have similar structure
• Both are two-stage protocols that establish
  security in stage one and then exchange
  authentication in stage two
• Stage one establish a TLS tunnel and
  authenticates the authentication server to the
  client with a certificate

40
EAP-TTLS vs PEAP

• Microsoft and Cisco both support PEAP Ciscos
  Aironet Client Utility (ACU) and Windows XP with
  service pack1
• There are two types of PEAP supported by
  Microsoft PEAP-EAP-MS-CHAPv2 and PEAP-EAP-TLS
• PEAP-EAP-TLS, server and client side certificates
  are required
• PEAP-EAP-MS-CHAPv2, server certificates and
  client passwords are required

41
EAP Considerations

• The factors to include when deciding
• Mutual Authentication
• Dynamic Key Generation, Rotation, and
  Distribution
• Cost and Management Overhead
• Acceptance, Standardization, and Support
• Availability and Implementation

42
Proprietary Protocols

• These protocols are used because
• Added security through per packet authentication
• Added security through use of leading-edge
  encryption algorithms not yet supported by
  standards
• Added security due to the entire communications
  process between client and server being strongly
  encrypted
• Compression to increase throughput over the
  half-duplex medium

43
Proprietary Protocols

• Enterprise Encryption Gateways use proprietary
  protocols in order to achieve stronger security
  and increased throughput, but the main
  disadvantage here is vendor interoperability