300 likes | 579 Views
Lecture 4. Objectives . IEEE 802.11i IEE 802.1x WPA WPA 2. IEEE 802.11i. Provides solid wireless security model Robust security network (RSN) Addresses both encryption and authentication Encryption accomplished by replacing RC4 (stream cipher) with a block cipher
E N D
Objectives • IEEE 802.11i • IEE 802.1x • WPA • WPA 2
IEEE 802.11i • Provides solid wireless security model • Robust security network (RSN) • Addresses both encryption and authentication • Encryption accomplished by replacing RC4 (stream cipher) with a block cipher • Manipulates entire block of plaintext at one time • Block cipher used is Advanced Encryption Standard (AES)
IEEE 802.11i (continued) Table 9-1: Time needed to break AES
IEEE 802.11i (continued) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Implements port security • Blocks all traffic on port-by-port basis until client authenticated using credentials stored on authentication server • Key-caching: Stores information from a device on the network, for faster re-authentication • Pre-authentication: Allows a device to become authenticated to an AP before moving to it
IEEE 802.11i (continued) Figure 9-2: IEEE 802.1x
WEP Insecurities -- Checksum (ICV) • CRC-32 is NOT a hash function! • Still can be malicious Linear Properties: CRC-32(P C) = CRC-32(P) CRC-32(C) - Bit flipping
Wi-Fi Protected Access (continued) Figure 9-3: Message Integrity Check (MIC)
Wi-Fi Protected Access (WPA) • Subset of 802.11i that addresses encryption and authentication • Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key • Dynamically generates new key for each packet • Prevents collisions • Authentication server can use 802.1x to produce unique master key for user sessions
TKIP • Temporal Key Integrity Protocol • Cryptographic message integrity code (MIC) forgery • New IV sequencing (TSC) replay • Per-Packet mixing function weak IV • Re-keying key reuse
WPA Personal Security: TKIP Encryption (continued) Figure 9-7: TKIP/MIC process
Wi-Fi Protected Access (continued) • Message Integrity Check (MIC): Designed to prevent attackers from capturing, altering, and resending data packets • Replaces CRC from WEP • CRC does not adequately protect data integrity • Authentication accomplished via IEEE 802.1x or pre-shared key (PSK) technology • PSK passphase serves as seed for generating keys
WPA Personal Security: TKIP Encryption • TKIP is a substitute for WEP encryption • Fits into WEP procedure with minimal change • Device starts with two keys: • 128-bit temporal key • 64-bit MIC • TKIP required in WPA
Wi-Fi Protected Access 2 (WPA2) • Second generation of WPA security • Based on final IEEE 802.11i standard • Uses AES for data encryption • Supports IEEE 802.1x authentication or PSK technology • Allows both AES and TKIP clients to operate in same WLAN
WPA • 2 modes: WPA-Personal, WPA-Enterprise • PSK • pass phrase 802.1x Authentication
Summary of Wireless Security Solutions (continued) Table 9-2: Wi-Fi modes Table 9-3: Wireless security solutions
Transitional Security Model • Transitional wireless implementation • Should be temporary • Until migration to stronger wireless security possible • Should implement basic level of security for a WLAN • Including authentication and encryption
Authentication: Shared Key Authentication • First and perhaps most important step • Uses WEP keys • Networks that support multiple devices should use all four keys • Same key should not be designated as default on each device
Authentication: SSID Beaconing • Turn off SSID beaconing by configuring APs to not include it • Beaconing the SSID is default mode for all APs • Good practice to use cryptic SSID • Should not provide any information to attackers
Authentication: MAC Address Filtering Figure 9-6: MAC address filter
WEP Encryption • Although vulnerabilities exist, should be turned on if no other options for encryption are available • Use longest WEP key available • May prevent script kiddies or “casual” eavesdroppers from attacking Table 9-4: Transitional security model
Personal Security Model • Designed for single users or small office home office (SOHO) settings • Generally 10 or fewer wireless devices
WPA Personal Security: PSK Authentication • Uses passphrase (PSK) that is manually entered to generate the encryption key • PSK used a seed for creating encryption keys • Key must be created and entered in AP and also on any wireless device (“shared”) prior to (“pre”) the devices communicating with AP
WPA2 Personal Security: PSK Authentication • PSK intended for personal and Small Office and Home Office users without enterprise authentication server • Provides strong degree of authentication protection • PSK keys automatically changed (rekeyed) and authenticated between devices after specified period of time or after set number of packets transmitted (rekey interval) • Employs consistent method for creating keys • Uses shared secret entered at AP and devices
WPA2 Personal Security: AES-CCMP Encryption • WPA2 personal security model encryption accomplished via AES • AES-CCMP: Encryption protocol in 802.11i • CCMP based on Counter Mode with Cipher Block Chaining Message Authentication Code (CBC-MAC) (CCM) of AES encryption algorithm • CCM provides data privacy • CBC-MAC provides data integrity and authentication • AES processes blocks of 128 bits • Cipher key length can be 128, 192 and 256 bits • Number of rounds can be 10, 12, and 14
WPA2 Personal Security: AES-CCMP Encryption (continued) • AES encryption/decryption computationally intensive • Better to perform in hardware Table 9-5: Personal security model
802.11i Parts Robust Secure Network (RSN) 802.1x / EAPoL AESCCMP / TKIP Encryption / Integrity EAP RADIUS EAP-TLS Outside of 802.11i, but de facto standard Authentication / Key Dist.
802.11i - Auth. Goals 1. Mutual authentication 2. Identity privacy 3. Dictionary attack resistance 4. Replay attack resistance 5. Derivation of strong session keys 6. Tested implementation 7. Fast reconnect: Mobile IP, different auth. procedure, see 802.11r, modified handshaking
802.1x • - Link Security • Can only communicate with AS, e.g. RADIUS, until “EAP-Success” message received • DHCP Blocked
LAB WEP Crack II • For this lab you will require two computers and one AP (Cisco or Linksys) • Set up a linksys or CISCO wireless router with a WEP key (use the smallest key size available in the router so you can crack it fast (64 bit)). Use your phone number for a ley • Refer to LAB B, conduct a DSS attack as indicated in LAB B in one of the computers • In the second computer, Launch Commview • Set up the location of the log file as indicated by your instructor • Connect to the AP you want to attack by using Commview and collect at least 300,000 packets • Once you reach at least 300,000 packets, stop collecting data. • Launch log viewer and open the latest log file (tagged by date) • Export the log file as a tcmpdump format • Run aircrack-ng GUI and chose the file that you exported as tcmp dump • Lauch the attack by clicking in the launch tool