430 likes | 728 Views
Wireless Networks. Security. Tahani Qaisi. Outlines. Introduction to wireless security Modes of unauthorized access. Security measures Security risks Implementing a secure network Conclusion references. Wireless Security. Security context between two (network) entities should provide
E N D
Wireless Networks Security TahaniQaisi
Outlines • Introduction to wireless security • Modes of unauthorized access. • Security measures • Security risks • Implementing a secure network • Conclusion • references
Wireless Security • Security context between two (network) entities should provide • Authentication - to prove identity • Integrity - to detect altered packets • Privacy - to prevent eavesdropping
Wireless Security • Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. • The mobility advantage: • Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired networks. • Wireless Intrusion Prevention Systems (WIPS) • Great number of security risks associated with the current wireless protocols and encryption methods, as carelessness and ignorance exists at the user and corporate IT level. • Cracking methods have become much more sophisticated and innovative with wireless.
Unauthorized Access There are four modes for unauthorized access: • Accidental Associations: When a user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network. • Non-traditional Networks: Such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk.
Unauthorized Access • Malicious Associations: • When the attackers use their wireless devices to connect to a company network through their cracking laptop instead of a company access point (AP). • These laptops are known as “soft APs” and are created when a cracker runs some software that makes his wireless network card look s like a legitimate access point.
Unauthorized Access • Ad hoc Networks: • The security hole provided by Ad hoc networking is not the Ad hoc network itself but the bridge it provides into other networks. • Bridging is in two forms: • Direct: when the user actually configure the bridge between the two connections. • Indirect: which is the shared resources on the user computer, the critical data will be exposed to discovery, and will provide a route to the secured network.
Wireless intrusion prevention system • (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention). • A wireless intrusion detection system (WIDS) monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices. • A WIPS also includes features that prevent against the threat automatically.
Security Measures • Default 802.11b Authentication Schemes • Service Set Identifier (SSID) • MAC ID filtering • Static IP addressing • Open Authentication (null) • Shared-Key Authentication • Wired Equivalent Privacy (WEP) • Temporal Key Integrity Protocol – TKIP • Remote Authentication Dial-In Service (RADIUS) • WPA (Wi-Fi Protected Access) • 802.11i security • WPAv2
Security Measures • SSID hiding: A simple but ineffective method to attempt to secure a wireless network is to hide the SSID (Service Set Identifier). • MAC ID filtering: One of the simplest techniques is to only allow access from known, pre-approved MAC addresses. Most wireless access points contain some type of MAC ID filtering. • Static IP addressing Typical wireless access points provide IP addresses to clients via DHCP. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.
Security Measures • Open System Authentication Any client can associate with AP • Null authentication algorithm • Consists of two messages • Authentication Request • Authentication Response
Security Measures • Shared-Key Authentication • A shared secret (!) key to authenticate the client to the AP • Uses a challenge response protocol • A random number as a challenge • A simple Attack • Record one challenge/response by a sniffer • Use the challenge to decrypt the response and recover the key stream • Use the recovered key stream to encrypt any subsequent challenge AP STA
Wired Equivalent Privacy (WEP) • Introduced in 1997 to provide “privacy of wire” • Uses RC4 for encryption • WEP Key + initialization vector (IV) are fed into a pseudorandom number generator • 40 bits or 128 bits (104 + 24 IV) • The IV, Encrypted Message, and checksum are sent in the 802.11 packet • IV is changed periodically • Reuse of key streams • No Key Management Protocol • Uses pre-shared static keys (PSK) • Manually distributed keys
802.11 header IV KEY ID Payload ICV (FCS) 802.11 WEP Frame Unencrypted ICV is a CRC-32 checksum over the Payload (802 Header and the Data) Encrypted
Caffe Latte attack • The Caffe Latte attack is a way to defeat WEP. It is not necessary for the attacker to be in the area of the network using this exploit, it is possible to obtain the WEP key from a remote client. • By sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP. • The attacker uses the ARP responses to obtain the WEP key in less than 6 minutes.
Security Measures • Temporal Key Integrity Protocol – TKIP • Defined in IEEE 802.11i specs for WiFi networks to replace WEP • Short-term solution to WEP • Deployed on existing H/W • Uses a key scheme based on RC4 like WEP, but encrypts every data packet with its own unique encryption key • Hashes IVs • Encrypted IVs, not easy to sniff • IV sent as plaintext in weak WEP • Message Integrity Check (MIC) • Provides per-packet key-mixing
TKIP cont.. • MIC – Message Integrity Check • Prevent Insertion Attack • Hacker can determine the encrypted value & the plaintext • When results are XORed the PRGA streaming key is revealed • Disable extracting the streaming key from the message
Security Measures • Remote Authentication Dial-In Server (RADIUS) • Authentication, Authorization, Accounting (AAA) • Originally developed for remote modem users by Livingston Enterprises, 1997 • Responsible for authenticating remote connections • Provide authorization to network resources • Logging for accountability purposes • Controls various aspects of authorization • Time-limits • Re-keying • Many RADIUS servers use EAP
EAP • The Extensible Authentication Protocol (EAP), defined in RFC 2284. • EAP provides support of multiple authentication methods by using anything from smartcards to digital certificates to authenticate a user, instead of using a username and password. • Originally created for use with PPP • Inherent weaknesses: • Lack of protection of the user identity or EAP negotiation • No standardized mechanism for key exchange • No built-in support for fragmentation and reassembly • Lack of support for fast reconnect
Some Authentication Protocols • EAP-TLS (Transport Level Security) • a TLS handshake is used to mutually authenticate a client and server • EAP-TTLS extends this (Tunneled TLS) • Uses the secure connection established by the TLS handshake to perform additional authentication, such as another EAP or another authentication protocol such as CHAP • Establish keying material • PEAP (Protected EAP) • Similar to EAP-TTLS but only allows EAP for authentication • Also has key exchange, session resumption, fragmentation and reassembly
WTLS’s Security Problems • Security GAP • reason: WTLS session exists only between the WAP device and the Gateway. • Solutions: • Place Gateway and the back-end system within a secure environment. • Provide integrity protection on information(digital signatures).
Challenge Message • Authentication depends on a secret key known only to authenticator and client • Radius server sends challenge to client via access point • This challenge packet will vary for each authentication attempt • The challenge is pulled from information contained a table of known secrets • New challenge can be sent at intervals based on Radius server settings, or upon client roaming
Start Calculated Hash • Client responds with a calculated value using a “one way hash” function • This value is derived from a known secrets list
Authentication Granted/Denied • Radius server checks response against it own calculated hash • If it matches, then authentication is acknowledged to AP and client • If authentication is not achieved, the AP will not permit any traffic for that client to pass
Wireless Radius Server Access Point Laptop Computer Ethernet Association Access Blocked 802.11 Associate 802.11 Radius EAPOW EAPOL-Start EAP-Request/Identity Radius-Access-Request EAP-Response/Identity Radius-Access-Challenge EAP-Request Radius-Access-Request EAP-Response (Cred) Radius-Access-Accept EAP-Success EAPOW-Key (WEP) Access Allowed
Wi-Fi Protected Access (WPA) • Wi-Fi Protected Access • Works with 802.11b, a and g • “Fixes” WEP’s problems • Existing hardware can be used • 802.1x user-level authentication • TKIP • RC4 session-based dynamic encryption keys • Per-packet key derivation • Unicast and broadcast key management • New 48 bit IV with new sequencing method • Michael 8 byte message integrity code (MIC) • Optional AES support to replace RC4
WPA • Created by Wi-Fi Alliance • Used basic outline of 802.11i (partly implemented of 802.11i) • 802.11i requires more powerful H/W for AES • Instead, employ a software/firmware upgrade • Michael Algorithm
802.11i • WPA2 Robust Security Network extends WPA • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) • Based on a mode of AES, with 128 bits keys and 48 bit IV. • Also adds dynamic negotiation of authentication and encryption algorithms • Allows for future change • Does require new hardware • Not backward compatible with WEP
Poor encryption 40 bit keys Keys are static and shared Manual key distribution WEP key is used for authentication and encryption No known flaws in encryption 128-bit keys Session keys are dynamic Automatic key distribution 802.1x/EAP user authentication WEP vs. WPA
WPA and 802.1x • 802.1x is a general purpose network access control mechanism • Port based network access • Provides Authentication to devices attached to a LAN port • Establishes point-to-point connection • Based on EAP • WPA has two modes • Pre-shared mode, uses pre-shared keys • Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision • EAP is a transport for authentication, not authentication itself • EAP allows arbitrary authentication methods
Practical WAP Attacks • Dictionary attack on pre-shared key mode • Denial of service attack • If WPA equipment sees two packets with invalid MICs in 1 second • All clients are disassociated • All activity stopped for one minute • Two malicious packets a minute enough to stop a wireless network
Typical WLAN Attacks • WEP Cracking • MAC Attack • Man-in-the-Middle Attack (Rogue AP) • Dictionary Attack • Session Hijacking • Denial-of-Service (DoS)
WEP Cracking • Static Encryption Keys • Periodical & manual change on all devices • Manually Distributed Keys • Key stream Reuse • RC4 Key Scheduling Algorithm • Message Authentication • Solutions: • Authentication mechanisms using VPN • AES like advanced encryption methods
MAC Attack • Same as WEP cracking • Address spoofing • MAC Filtering won’t work • Solution: authentication mechanisms such as 802.1x orVPN
Man-in-the-Middle Attack • Rogue AP • Capture Necessary Info • Network’s SSID • IP addresses • Wireless NIC’s association ID • Re-associate user’s NIC with bogus AP • Access to all data b/w them, including login info • Solution: VPN and authentication mechanisms
Dictionary Attack • Relies on conventional names & words being used as login name & password • Gathers a challenge & response exchange from a password-based protocol. • Use of open source tools to decrypt login information • Solutions: • Use a combination of letters and numbers • Use authentication mechanisms as 802.1x or VPN
Session Hijacking • Insertion attacks • Redirect the session from a legitimate end point • Set up an access point • WLAN clients try to connect by sending their authentication information • Solution: Authentication mechanisms 802.1X and VPN
Denial-of-Service (DoS) Attack • Flooding APs with illegitimate traffic • Overwhelm available bandwidth • Slow or Stop legitimate users from accessing the network • Solution: MAC filtering
Secure Implementation • Implement Strong Physical Security Controls • Avoid Excessive Coverage of Wireless Networks • Secure Access Points • Use Non-suggestive Service Set Identifier (SSID) Naming Conventions • Disable Direct Client-to-Client “Ad-Hoc Mode” Transmissions • Keep Security Patches Up-to-date • Employ MAC Address Filtering on Access Points • Deploy Wireless Intrusion Detection Systems
Conclusion • 802.11 is insecure: • 802.11 encryption is readily breakable, and 50-70% of networks never even turn on encryption. • Hackers are exploiting these weaknesses in the field. • Today wireless networks are helping and definitely providing the opportunity to cut costs, to increase the productivity and mobility. • The key to keep up and creating a security wireless network is take in consideration the security measures.
References • www.en.wikipedia.org/wiki/Wireless_security • Frankel, Sheila, et al. "Establishing wireless robust security networks: a guide to IEEE 802.11 i." National Institute of Standards and Technology (2007). • http://www.metageek.net/blog/2012/12/wireless-security-basics/ • Karygiannis, Tom, and Les Owens. "Wireless network security." NIST special publication 800 (2002): 48. • http://en.wikipedia.org/wiki/IEEE_802.1X • http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy