1 / 20

WLAN Security

WLAN Security. Antti Miettinen. What is WLAN?. A wireless data communication system implemented as an extension to, or alternative for, a wired local area network . Operates at uncontrolled ISM (Industrial, Scientific and Medical) band. What is WLAN? (cont.). Standards by IEEE for 802.11

florencepeterson
Download Presentation

WLAN Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WLAN Security Antti Miettinen

  2. What is WLAN? • A wireless data communication system implemented as an extension to, or alternative for, a wired local area network. • Operates at uncontrolled ISM (Industrial, Scientific and Medical) band

  3. What is WLAN? (cont.) • Standards by IEEE for 802.11 • 802.11 First standard, up to 2Mbps@2.4Ghz • 802.11a Accepted standard, up to 54Mbps@5GHz • 802.11b Accepted standard, up to 11Mbps@2.4GHz • 802.11d MAC Enhancements for wider use of 802.11

  4. What is WLAN? (cont.) • Standards by IEEE for 802.11 (cont.) • 802.11e MAC Enhancements for Quality of Service • 802.11f Recommended Practice for Inter Access Point Protocol = Roaming & hand over • 802.11g Accepted standard, up to 54Mbps@2.4Ghz • 802.11i Improved WEP

  5. What is WLAN? (cont.) • Standards by ETSI • HiperLAN/1 23,5Mbps@5GHz • published 1999 • HiperLAN/2 54Mbps@5Ghz (http://www.hiperlan2.com/) • Asynchronous data communication • Support for QoS (real-time voice & video) • support Transmit Power Control and Dynamic Frequency Selection (required in Europe at 5GHz) • Uses 56 bit to 168 bit key encryption (DES)

  6. WLAN structure • Two possibility, either ad-hoc or Access Point ESS ad-hoc network BSS: Basic Service Set ESS: Extended Service Set AP: Access Point Access Point network Source: http://www.comlab.hut.fi/opetus/423/2002/9

  7. 802.11 WLAN security features • DSSS (Direct sequence Spread Spectrum) • Isn’t very secure, although theoretically it could be a good security feature • ESSID (Extended Service Set Identifier) • By default all stations are broadcasting ESSID • Can be passively received, when legitimate user associates with Access Point • WEP (Wired Equivalent privacy) • By default is turned off • Includes flaws • MAC-address controlled authorization to Access Point • MAC-address is easy to spoof (command line)

  8. WEP • Goals • Access control: To prevent unauthorized users who lack a correct WEP key from gaining access to the network. • Privacy: To protect wireless LAN data streams by encrypting them and allowing decryption only by users with the correct WEP keys. • Includes security flaws!

  9. WEP Authentication • Access request by client • Challenge text sent to client by AP • Challenge text encoded by client using shared secret then sent to AP • If challenge text encoded properly AP allows access else denied

  10. WEP (cont.) • Based on symmetric RC4-encryption algorithm • Support 40bit and 104bit encryption • All clients and AP’s in wireless network share the same encryption key (weakness) • No protocol for encryption key distribution (weakness) • Initialization Vector (IV) transmitted in the clear (weakness)

  11. WEP overview • A master key k0 (either 40 or 104 bits) is shared between two parties wishing to communicate a priori. • Each 802.11 packet (header|data) is then protected by: • An integrity check field IC = h(header|data) • A random initialization vector (IV) • The master key and IV are used to generate a keystream using RC4 in stream cypher mode k = RC4(k0, IV) • The data and IC are then encrypted by this keystream Ek(m) = m  k

  12. header WEP packet data IC RC4 generated keystream header IV encrypted 802.11 packet random packet = header | IV | Ek(data | IC)

  13. Possible Attacks • War-driving, war-walking etc. • Moving around the city and scanning the WLANs • Many of the WLANs are without protection! • (about in 50% of present WLANs WEP isn’t enabled) • Usually used to find networks, not to penetrate them • Monitoring • Just listening the traffic

  14. Possible Attacks (cont.) • DOS-attack • Use high power 2,45Ghz (or 5GHz) signal generator • for instance, microwave oven • Send continuous streams of CLS (clear-to-send) frames to a fictitious user • Legitimate users won’t be able to access the medium • Send deassociate frame in name of others (MAC-address can be faked) • It is possible! • Take the Access Point down!

  15. Possible Attacks (cont.) • Man-in-the-middle attack • If WEP is used, the secret key must first be solved • Set up fake Access Point • No authentication required (from Access Points) • Legitimate users change their Access Point to yours, if it has better SNR. You can e.g. deassociate them from the real Access Point.

  16. Why is WLAN still used? • It is fast and easy to set up • It supports mobility • Reduced installation time and costs compared with cable • Broadband connection, up to 54Mbps

  17. Driving Walking speed speed WLAN is fast 100 000 Fixed LAN 50 000 802.11a, 802.11g and HiperLAN2 10 000 802.11b/WiFi Transmission rate (kbit/s) 1000 500 Bluetooth Bluetooth UMTS GPRS 50 GSM Stationary Source: Public Wireless LAN Access: A Threat toMobile Operators, Analysys Research, 2001

  18. How to check security of your WLAN-network? • AirSnort (http://airsnort.shmoo.com/) • For Linux and Windows • Recovers encryption keys • Operates by passively • WEPCrack (http://wepcrack.sourceforge.net/) • Open source tool for breaking 802.11 WEP secret keys • For Linux only

  19. How to check security of your WLAN-network? • Other software: • Netstumbler (http://www.netstumbler.com/) • Only for Windows • Dstumbler (http://www.dachb0den.com/projects/dstumbler.html) • Only for Linux • Kismet (http://www.kismetwireless.net/) • Only for Linux

  20. WLAN security • To Be Continued…

More Related