880 likes | 1.13k Views
Security of WLAN. 無線網路架構. WLANs - 802.11. WPANs - 802.15 ( 藍芽 , 紅外線 ) Wireless Personal Area Networks WLANs - 802.11 ( a/b/g ) Wireless Local Area Networks WMANs – 802.16 Wireless Metropolitan Area Networks WWANs Wireless Wide Area Networks. IEEE 無線標準 —802.11 家族 定義了無線網路實體層的標準.
E N D
無線網路架構 • WLANs - 802.11 • WPANs - 802.15 (藍芽, 紅外線) • Wireless Personal Area Networks • WLANs - 802.11 ( a/b/g ) • Wireless Local Area Networks • WMANs – 802.16 • Wireless Metropolitan Area Networks • WWANs • Wireless Wide Area Networks
IEEE 無線標準—802.11家族定義了無線網路實體層的標準 • 802.11b (Wi-Fi) • 2.4G • 11Mbps • 802.11g (提供與 802.11b相容模式) • 2.4GHz • 54 Mbps • 802.11a • 5 GHz • 54Mbps的頻寬 • 802.11e • 提供具備服務品質保證(QoS , Quality of Service)的無線網路環境
Wireless Personal Connectivity Bluetooth Local Area Network 802.11b/802.11g/802.11a Wide Area Network 3G/GPRS Range 0 - 10m 0 - 100m 0 - 10 km Wireless Concept
WLAN 的運作方式 • IEEE802.11b 標準協定,無線網路共定義為下列二種模式 : • Ad-hoc Mode: • 即是一群使用無線網路卡的電腦,可以直接相互連接,資源共享,無需透過基地台(Access Point),此一模式則無法連接Internet。 • Infrastructure Mode • 此種架構模式讓無線網路卡的電腦透過基地台 (Access Point)來達成網路資源的共享。
802.11 Wireless Local Area Network • Infrastructure network • Ad Hoc network
WLAN無線區域網路 • Independent Basic Service Set (IBSS) Ad-hoc • Basic Service Set (BSS) • Distribution System (DS) • Extended Service Set (ESS) • Station (STA) • 無線用戶端 • Access Point (AP) • 無線存取點
802.11涵蓋的範圍 Wireless LAN (WLAN) 是延伸有線網路 區域的安全性 802.11 有線網路 Access Point 無線網路 用戶端
Seamless Roaming • Infrastructure Network v.s. Ad Hoc Network • Arranged in a cell structure, similar to cell phone network • Cells need to overlap to enable seamless roaming SSID=AAA SSID=AAA SSID=AAA SSID=AAA SSID=AAA
Account Roaming across different WISPs Trust & Policy (Radius/POP3/LDAP) (Radius/POP3/LDAP) Cipherium NCS EZon NCS Roaming account authentication request NAM NAM username :albert@EZon.com Travel to Visiting site Home register
General WLAN Security Mechanism • User Authentication • ESSID • MAC address filter • RADIUS external interface • User Authorization • Full access or none • Data Security • Static key based • WEP • Dynamic key based • LEAP • 802.1X
802.11b 的安全機制 • 身分驗證 Authentication • 開放式系統 Open System • 封閉式系統 Closed System • 分享密鑰認證 Shared-Key ( Challenge-Response ) • 資料保密 Confidentiality • WEP (Wired Equivalent Privacy) • 資料的完整性 Integrity • CRC • CRC + WEP
認證請求 挑戰字串 回應 確認身分成功 分享密鑰認證 Shared-Key ( Challenge-Response ) 無線網路使用者 Access Point 隨機產生128bit 挑戰字串 使用WEP進行RC4加密運算 利用WEP及RC4進行解密後進行比對 開始進行連線
WEP ChallengesWeak Security WLAN 使用者 Dept. Servers X7!g%k0j37**54bf(jv&8gB)£F.. mailto:theboss@myco.com.. WLAN Access Point X7!g%k0j37** X7!g%k0j37** X7!g%k0j37 mailto:theb N 不安全的網路 X7!g%k0j 37**54bf(jv &8gB)£F.. • 大多數 WLAN AP’s 未做安全性設定 • 靜態 WEP 易被解 • WLAN AP 很難去防止攻擊
鄰近建築物 B 建築物 A 探測 ACCESS POINT 探測 探測 ATTACKER (Soft AP) 停車場 ACCESS POINT 意外連接到非法駭客 Ad Hoc Network 1. User Station首先探測是否有AP 2. AP 送回指示訊號 3. User Station根據訊號, 干擾…等等各式各樣因素, 連接到最適當的 AP 無法控制所要連接的點.. 4. User Station的Ad Hoc 網路連接到 Hacker
WEP • WEP (Wired Equivalent Privacy) protocol • A key shared between all the members of the BSS • Using RC4 stream cipher encryption algorithm • 24-bit initialization vector • Append a CRC-32 checksum of the frame payload plaintext in • its encapsulation
WEP 802.11 Header Host (layer 3) data CRC-32 Host (layer 3) data Integrity check value RC4 stream cipher key IV Secret 802.11 Header IV Cipher-text
WEP 加密流程 無線網路用戶端 Access Point 密文 明文 明文 IV WEP ( 40 or 128 bit) WEP ( 40 or 128 bit) IV (Initial Vector) IV + WEP IV + WEP Payload RC4 RC4 CRC XOR XOR CRC + Payload CRC + Payload
輸入 64/128 bit 加密金鑰 輸出 CRC 資料 加密資料 實際所傳送的資料 WEP的資料格式 40/104 bit 金鑰 24 bit IV RC4 XOR 24 bit IV
WEP的弱點 • Initialization vector (IV) • 24-bit 欄位 , 利用明碼進行傳送 • 廠商設計不良 • 每次重新建立連線就將 IV 歸 0 • 傳送資料時將每個封包的 IV 值加 1 • IV 長度不足及重複使用機率過大 • AP 以 每封包1500-byte 在11mbps進行傳送 , 金鑰約 5 小時即有可能重複 , 如果封包更小時間更短 • Integrity check (IC) 欄位 • 用 CRC-32 進行錯誤判斷,且被放入封包中進行加密 • 無法做資料完整性確認依據 • Integrity protection for source and destination addresses is not provided
常見的威脅 • 網路掃瞄工具 • SSID • Channel • 窮舉攻擊法 • 字典攻擊法 • 緩衝區溢位攻擊 • MITM (Man-In-The-Middle) 攻擊
如何強化 WLAN 的安全性 • 目前的 認證解決方案 • 802.1x 身份認證機制 • EAP 金鑰交換 • PEAP (使用者密碼) • TLS (數位憑證驗證) • AP 需支援 • RADIUS 提供身份驗證服務 • CA 進行憑證發放 • Active Directory 進行身份驗證
目前的解決方案: 802.1x • Port-based 存取控制方式 • 可以用在無線或有線網路環境 • Access point 必須支援 802.1x • 不需要大幅改變現有硬體架構 • 可以使用 EAP 使用更高安全性的驗證方式 • 讓用戶端選擇使用的驗證方式 • Access point 不需要提供 EAP 的驗證方式 • 金鑰自動管理 • 不須重新改寫無線網卡的晶片設計
加密用金鑰 • 用戶端及 RADIUS 伺服器對每位使用者重新產生 連線用 WEP 金鑰 • 未在無線網路中傳送 • RADIUS 伺服器 將金鑰送到 AP ( 利用共享金鑰加密 ) • Access point 使用通用 WEP 金鑰 • 用來作為 AP 與用戶端初始連線驗證 • 透過 EAPOW-key 訊息進行傳遞 • 使用連線加密金鑰加密資料 • 連線用加密金鑰將重新產生… • 金鑰到期 ( 預設 60 分鐘 ) • 用戶端移到新的 AP
目前的 加密解決方案 • TKIP:IEEE 802.11i short-term solution • A message integrity code (MIC), called Michael,to defeat forgeries; • A packet sequencing discipline, to defeat replay attacks • A per-packet key mixing function, to prevent attack • 並對source and destination address做保護 • 引進IEEE 802.1X的key management • Long-term solution • CCMP(Counter-Mode-CBC-MAC Protocol) • 選用 AES • 並採取新的模式運作protocol,稱為CCMP, • 利用計數模式 (packet sequence)加密, • 並利用 CBC-MAC 對資料完整性做保證
Authentication server 802.1x vs TKIP 加解密實作標準 TKIP 認證實作標準 IEEE802.1X Upper layer frame Data link layer frame
What’s 802.1X • Standard for Port-based network access control. • A basic authentication mechanism is Extensible Authentication Protocol (EAP).
802.1X Port-based Authentication • Defines a client-server-based access control and • authentication protocol • Restricts unauthorized clients from connecting to a LAN • (or a WLAN) • Based on EAP (Extensible Authentication Protocol) • Setup a RADIUS (Remote Authentication Dial-In User • Service) security system
802.1X Ports Port Unauthorized Port Authorized Controlled Port Uncontrolled Port Controlled Port Uncontrolled Port LAN
Security Claims of 802.1x • Mutual Authentication • Integrity Protection • Replay Protection • Confidentiality • Key Derivation • Dictionary Attack Resistance • Fast Reconnect • Man-in-the-middle Resistance
What’s EAP • Offers a basic framework for authentication. • Many different authentication protocols can be used over it. • New authentication protocols can be easily added.
Background for EAP • EAP is originally a Point-to-Point Protocol (PPP) authentication scheme • EAP supports multiple authentication schemes such as smart cards, Kerberos, Public Key, TLS, One Time Passwords, etc. • EAP hides the details of the authentication scheme from those network elements that need not know • For example in PPP, the client and the AAA (authentication, authorization, and accounting) server only need to know the EAP type, and the Network Access Server does not • EAP is currently being used for PPP, wireless LAN and Virtual Private Network (VPN) authentication
The EAP Protocol • A request-response protocol • Four kinds of messages • 1.EAP request • 2.EAP response • 3.EAP success • 4.EAP failure
RADIUS • Authentication server-Performs the actual authentication of the client LAN architecture WLAN architecture
IEEE 802.1x provide both authentication and key management EAP RADIUS
802.1X Over 802.11 802.11 association EAPOL-start EAP-request/identity RADIUS-access-request EAP-response/identity RADIUS-access-challenge EAP-request RADIUS-access-request EAP-response (credentials) RADIUS-access-accept EAP-success EAPOW-key (WEP) Access allowed AuthenticationServer Supplicant Authenticator Access blocked
802.11 association EAPOL-Start EAP-request/identity RADIUS-access-request EAP-response/identity EAP-request RADIUS-access-challenge EAP-response RADIUS-access-response EAP-success RADIUS-access-accept EAPOW-key(WEP) Access allowed Access allowed EAP Message Flow Supplicant Authenticator Authentication Server Access Blocked
TLS,SPEKE, SRP MD5, TTLS, PEAP… EAP 802.1X 802.11 ◎EAP Architecture
EAP-request/identity RADIUS-access-request EAP-challenge-request RADIUS-access-challenge EAP-challenge-response RADIUS-access-response EAP-success RADIUS-access-accept EAP-MD5 Message Flow Client Access Point RADIUS Server EAP-response/Username MD5 of EAP-Message ID+ Challenge + Password
Drawbacks of EAP-MD5 • No mutual Authentication. • No Protection against offline brute-force/Dictionary based attacks on user passwords.
LEAP (EAP-Cisco Wireless) • Username and Password based • Support for Windows platforms, Macintosh and Linux • Cisco PROPRIETARY (based on 802.1X) • Username 以明碼傳送 • Password challenge and response以明碼傳送 :會被字典攻擊法入侵 (MSCHAP v1 hash - * ftp://ftp.isi.edu/in-notes/rfc2433.txt) • No support for One Time Password (OTP) • 只支援 Cisco 之 Access Point,且不Support Token Card
EAP-TLS • Developed by Microsoft. • Provides mutual authentication, credential security and dynamic keys. • Requires distribution of digital certificates to all users and RADIUS servers. • A certificate management infrastructure is required (PKI).
STA AP EAPoW start EAP request, Identity Generally is an X.509v3 certificate Certificate key type:encryption、signing、encryption+signing Key exchange algorithm:RSA (encryption / signing)、Diffie-Hellman (encryption / signing) 、DSS (signing) [Sever Key Exchange]:extension of TLS certificate p,g,A = gx mod p,H(ra, rb, p, g, A, S) Random Session ID(明文,且沒有MAC) CipherSuite list:To define a key exchange algorithm, a bulk encryption algorithm, MAC algorithm Random number EAP response, Identity (username) RADIUS Access Request (username) RADIUS Access Challenge EAP request, EAP-Type(EAP/TLS) EAP response, EAP-Type(EAP/TLS) (TLS:client Hello) RADIUS Access request (TLS:client Hello) RADIUS Access Challenge TLS:server Hello, (TLS certificate [TLS server_key_exchange, TLS certificate_request]) EAP TLS(RFC 2716)