440 likes | 810 Views
Wireless LAN Security. CS391. Overview. Wireless LAN Topology 802.11 Standards Simple Security WEP 802.1x WPA 802.11i. Wi-Fi. Wi-Fi (short for “Wireless Fidelity") is the popular term for a high-frequency wireless local area network (WLAN)
E N D
Wireless LAN Security CS391
Overview • Wireless LAN Topology • 802.11 Standards • Simple Security • WEP • 802.1x • WPA • 802.11i
Wi-Fi • Wi-Fi (short for “Wireless Fidelity") is the popular term for a high-frequency wireless local area network (WLAN) • Promoted by the Wi-Fi Alliance (Formerly WECA - Wireless Ethernet Carriers Association) • Used generically when referring to any type of 802.11 wireless networks, whether 802.11a, 802.11b, 802.11g, dual-band, etc. The term is promulgated by the Wi-Fi Alliance
Wi-Fi • Wi-Fi standards use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing • The 802.11b (Wi-Fi) technology operates in the 2.4 GHz range offering data speeds up to 11 megabits per second. The modulation used in 802.11 has historically been phase-shift keying (PSK). • Note, unless adequately protected, a Wi-Fi wireless LAN is easily accessible by unauthorized users
Wireless LAN Topology • Wireless LAN is typically deployed as an extension of an existing wired network as shown below.
Wireless LAN Topology • Here is an example of small business usage of Wi-Fi Network. DSLConnectionEtc. DSL Router The DSL router and Wi-Fi AP are often combined into a single unit
What is 802.11? • 802.11 refers to a family of specifications developed by the IEEE for wireless LAN technology. 802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. • The IEEE accepted the specification in 1997.
802.11 Family Members • There are several specifications in the 802.11 family: • 802.11 • Applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS). • 802.11a • An extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS.
802.11 Family Members • 802.11b • (also referred to as 802.11 High Rate or Wi-Fi) is an extension to 802.11 that applies to wireless LANs and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. • 802.11g • Applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.
802.11 • The newest IEEE standard in the Wi-Fi category is 802.11n. • Designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas instead of one. 802.11n connections should support data rates of over 100 Mbps (up to 600Mbps). 802.11n also
802.11n • offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear.
802.11 Authentication • The 802.11 standard defines several services that govern how two 802.11 devices communicate. The following events must occur before an 802.11 station can communicate with an Ethernet network through a wireless access point provides: • Turn on the wireless Client • Client listens for messages from any access points (AP) that are in range • Client finds a message from an AP that has a matching SSID • Client sends an authentication request to the AP • AP authenticates the station • Client sends an association request to the AP • AP associates with the station • Client can now communicate with the Ethernet network thru the AP
What Exactly Is 802.1x? • Standard set by the IEEE 802.1 working group. • Describes a standard link layer protocol used for transporting higher-level authentication protocols. • Works between the Supplicant (Client Software) and the Authenticator (Network Device). • Maintains backend communication to an Authentication (Typically RADIUS) Server.
What Does it Do? • Transport authentication information in the form of Extensible Authentication Protocol (EAP) payloads. • The authenticator (switch) becomes the middleman for relaying EAP received in 802.1x packets to an authentication server by using RADIUS to carry the EAP information. • Several EAP types are specified in the standard. • Three common forms of EAP are • EAP-MD5 – MD5 Hashed Username/Password • EAP-OTP – One-Time Passwords • EAP-TLS – Strong PKI Authenticated Transport Layer Security (SSL) 802.1x Header EAP Payload
What is RADIUS? • RADIUS – The Remote Authentication Dial In User Service • A protocol used to communicate between a network device and an authentication server or database. • Allows the communication of login and authentication information. i.e. Username/Password, OTP, etc. using Attribute/Value pairs (Attribute = Value) • Allows the communication of extended attribute value pairs using “Vendor Specific Attributes” (VSAs). • Can also act as a transport for EAP messages. • RFC2865, RFC2866 and others UDP Header RADIUS Header EAP Payload
Basic 802.11 Security: SSID (the bottom line) • SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier) • Each AP has an SSID that it uses to identify itself. Network configuration requires each wireless client to know the SSID of the AP to which it wants to connect. • SSID provides a very modest amount of control. It keeps a client from accidentally connecting to a neighboring AP only. It does not keep an attacker out.
SSID • SSID (Service Set Identifier) or ESSID (Extended Service Set Identifier) • The SSID is a token that identifies an 802.11 network. The SSID is a secret key that is set by the network administrator. Clients must know the SSID to join an 802.11 network; however, network sniffing can discover the SSID. • The fact that the SSID is a secret key instead of a public key creates a management problem for the network administrator. • Every user of the network must configure the SSID into their system. If the network administrator seeks to lock a user out of the network, the administrator must change the SSID of the network, which requires reconfiguration of every network node. Some 802.11 NICs allow you to configure several SSIDs at one time.
Basic 802.11 Security: MAC Filters • MAC filters • Some APs provide the capability for checking the MAC address of the client before allowing it to connect to the network. • Using MAC filters is considered to be very weak security because with many Wi-Fi client implementations it is possible to change the MAC address by reconfiguring the card. • An attacker could sniff a valid MAC address from the wireless network traffic .
Basic 802.11 Security: WEP • Static WEP keys • Wired Equivalent Privacy (WEP) is part of the 802.11 specification. • Static WEP key operation requires keys on the client and AP that are used to encrypt data sent between them. With WEP encryption, sniffing is eliminated and session hijacking is difficult (or impossible). • Client and AP are configured with a set of 4 keys, and when decrypting each are used in turn until decryption is successful. This allows keys to be changed dynamically. • Keys are the same in all clients and AP. This means that there is a “community” key shared by everyone using the same AP. The danger is that if any one in the community is compromised, the community key, and hence the network and everyone else using it, is at risk.
WEP – How? • When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with a RC4 cipher stream generated by a 64 bit RC4 key. This key is composed of a 24 bit initialization vector (IV) and a 40 bit WEP key. • The encrypted packet is generated with a bit-wise exclusive OR (XOR) of the original packet and the RC4 stream. • The IV is chosen by the sender and should be changed so that every packet won't be encrypted with the same cipher stream. • The IV is sent in the clear with each packet. • An additional 4 byte Integrity Check Value (ICV) is computed on the original packet using the CRC-32 checksum algorithm and appended to the end. • The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.
WEP – Sending • Compute Integrity Check Vector (ICV). • Provides integrity • 32 bit Cyclic Redundancy Check. • Appended to message to create plaintext. • Plaintext encrypted via RC4 • Provides confidentiality. • Plaintext XORed with long key stream of pseudorandom bits. • Key stream is function of • 40-bit secret key • 24 bit initialization vector (IV). • Ciphertext is transmitted.
WEP – Receiving • Ciphertext is received. • Ciphertext decrypted via RC4 • Ciphertext XORed with long key stream of pseudo random bits. • Key stream is function of • 40-bit secret key • 24 bit initialization vector (IV) • Check ICV • Separate ICV from message. • Compute ICV for message • Compare with received ICV
WEP - Weaknesses • Key Management and Key Size • Key management is not specified in the WEP standard, and therefore is one of its weaknesses, because without interoperable key management, keys will tend to be long-lived and of poor quality. • The Initialization Vector (IV) is Too Small • WEP’s IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet which is transmitted, and the IV is sent in the clear with each packet. • The Integrity Check Value (ICV) algorithm is not appropriate • The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful choice for a cryptographic hash.
WEP - Weaknesses • WEP’s use of RC4 is weak • RC4 in its implementation in WEP has been found to have weak keys. Having a weak key means that there is more correlation between the key and the output than there should be for good security. Determining which packets were encrypted with weak keys is easy because the first three bytes of the key are taken from the IV that is sent unencrypted in each packet. • This weakness can be exploited by a passive attack. All the attacker needs to do is be within a hundred feet or so of the AP. • Authentication Messages can be easily forged • 802.11 defines two forms of authentication: • Open System (no authentication) and • Shared Key authentication. • These are used to authenticate the client to the access point. • The idea was that authentication would be better than no authentication because the user has to prove knowledge of the shared WEP key, in effect, authenticating himself.
Authentication Type • An access point must authenticate a station before the station can associate with the access point or communicate with the network. The IEEE 802.11 standard defines two types of authentication: • Open System Authentication • Shared Key Authentication
Authentication Type: Open System Authentication • The following steps occur when two devices use Open System Authentication: • The station sends an authentication request to the access point. • The access point authenticates the station. • The station associates with the access point and joins the network. • The process is illustrated below.
Authentication Type: Shared Key Authentication • The following steps occur when two devices use Shared Key Authentication: • The station sends an authentication request to the access point. • The access point sends challenge text to the station. • The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and sends the encrypted text to the access point. • The access point decrypts the encrypted text using its configured WEP Key that corresponds to the station’s default key. • The access point compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP Key and the access point authenticates the station. • The station connects to the network.
Authentication Type: Shared Key Authentication • If the decrypted text does not match the original challenge text (i.e., the access point and station do not share the same WEP Key), then the access point will refuse to authenticate the station and the station will be unable to communicate with either the 802.11 network or Ethernet network. • The process is illustrated in below.
Configuring WEP Parameters • Before enabling WEP on an 802.11 network, you must first consider what type of encryption you require and the key size you want to use. Typically, there are three WEP Encryption options available for 802.11 products: • Do Not Use WEP: The 802.11 network does not encrypt data. For authentication purposes, the network uses Open System Authentication. • Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving device decrypts the data using the same WEP Key. For authentication purposes, the wireless network uses Open System Authentication. • Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP Key. The receiving 802.11 device decrypts the data using the same WEP Key. For authentication purposes, the 802.11 network uses Shared Key Authentication. • Note: Some 802.11 access points also support Use WEP for Authentication Only (Shared Key Authentication without data encryption).
Recommended 802.11 Security Practices • Change the default password for the Admin account • SSID • Change the default • Disable Broadcast • Make it unique • If possible, Change it often • Enable MAC Address Filtering • Enable WEP 128-bit Data Encryption. Please note that this will reduce your network performance • Use the highest level of encryption possible • Use a “Shared” Key • Use multiple WEP keys • Change it regularly • Turn off DHCP • Refrain from using the default IP subnet
Vulnerabilities • There are several known types of wireless attacks that must be protected against: • SSID (network name) sniffing • WEP encryption key recovery attacks • ARP poisoning (“man in the middle attacks”) • MAC address spoofing • Access Point management password and SNMP attacks • Wireless end user (station) attacks • Rogue AP attacks (AP impersonation) • DOS (denial of service) wireless attacks
802.1x • IEEE802.1x is the denotation of a standard that is titled “Port Based Network Access Control”, which indicates that the emphasis of the standard is to provide a control mechanism to connect physically to a LAN. • The standard does not define the authentication methods, but it does provide a framework that allows the application of this standard in combination with any chosen authentication method. • It adds to the flexibility as current and future authentication methods can be used without having to adapt the standard.
802.1x Components • The 802.1x standard recognizes the following concepts: • Port Access Entity (PAE) • which refers to the mechanism (algorithms and protocols) associated with a LAN port (residing in either a Bridge or a Station) • Supplicant PAE • which refers to the entity that requires authentication before getting access to the LAN (typically in the client station) • Authenticator PAE • which refers to the entity facilitating authentication of a supplicant (typically in bridge or AP) • Authentication server • which refers to the entity that provides authentication service to the Authenticators in the LAN (could be a RADIUS server)
General Description ofIEEE 802.1x Terminology wireless network enterprise edge enterprise network EAP over wireless EAP over RADIUS RADIUS server Supplicant Authenticator Authentication Server Operates on client Operates on devices at network edge, like APs and switches Processes EAP requests
WPA • Wi-Fi Protected Access (WPA)is a new security guideline issued by the Wi-Fi Alliance. • The goal is to strengthen security over the current WEP standards by including mechanisms from the emerging 802.11i standard for both data encryption and network access control. • Path: WEP -> WPA -> 802.11i • WPA = TKIP(Temporal Key Integrity Protocol) + IEEE 802.1x • For encryption, WPA has TKIP, which uses the same encryption algorithm as WEP, but constructs keys in a different way. • For access control, WPA will use the IEEE 802.1x protocol.
802.11i – Future Wireless Security Standard • Task group "i" within the IEEE 802.11 is responsible for developing a new standard for WLAN security to replace the weak WEP (Wired Equivalent Privacy). • The IEEE 802.11i standard utilizes the authentication schemes of 802.1x and EAP(Extensible Authentication Protocol) in addition to a new encryption scheme – AES (Advanced Encryption Standard) and dynamic key distribution scheme - TKIP(Temporal Key Integrity Protocol). • 802.11i = TKIP + IEEE 802.1x + AES