1 / 85

Wireless Security New Standards for 802.11 Encryption and Authentication

Wireless Security New Standards for 802.11 Encryption and Authentication. Kazi Khaled Al-Zahid. Wired vs. Wireless. Wired networks offer more and better security options than wireless More thoroughly established standards with wired networks

hollye
Download Presentation

Wireless Security New Standards for 802.11 Encryption and Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless SecurityNew Standards for 802.11Encryption and Authentication Kazi Khaled Al-Zahid

  2. Wired vs. Wireless • Wired networks offer more and better security options than wireless • More thoroughly established standards with wired networks • Wireless networks are much more equipment dependent than wired networks • Easier to implement security policies on wired networks

  3. 802.11b Overview • Standard for wireless networks • Approved by IEEE in 1999 • Two modes: infrastructure and ad hoc BSS (infrastructure) mode IBSS (ad hoc) mode

  4. 802.11

  5. Wireless Security? • Hacking is no longer the esoteric domain of the techno-elite. Most often done by young males ages 15-25 that have extensive computer programming knowledge. • Variety of reasons from simple curiosity all the way to achieving terrorist ideals. • Most often used for identity theft and industrial espionage.

  6. Security Risks of Wireless LANs • Easier for unauthorized devices to attach to wireless network • Don’t need physical access • Many organizations don’t apply security • Presence of free wireless hacking tools • Internal systems are usually not as secure as external or DMZ systems

  7. Business Risks of Wireless LANs A wireless attacker could affect you business in the following ways: • Ability to destroy data • Ability to steal proprietary data from client workstations and servers • Disruption of network service through corruption of network devices RISK: Inability to meet core business and customer needs that could lead to loss of revenue

  8. Security Risks INTRODUCED by Wireless Technology • Rogue Access Points • Clients Communicating in Ad Hoc Mode Computerworld survey estimate at least 30 percent of businesses have rogue wireless LANs.

  9. Original 802.11 Security • Service set identifier (SSID) • A simple code that identifies the WLAN. • Clients must be configured with the correct SSID to access their WLAN. • Media access control (MAC) • MAC address filtering restricts WLAN access to computers that are on a list you create for each access point on your WLAN. • Wired equivalent privacy (WEP) • Encryption and authentication scheme that protects WLAN data streams between clients and access points (AP) This was discovered to have flaws.

  10. Access Point SSID • Service Set Identifier (SSID) differentiates one access point from another • By default, access point broadcasts its SSID in plaintext “beacon frames” every few seconds • Default SSIDs are easily guessable • Linksys defaults to “linksys”, Cisco to “tsunami”, etc. • This gives away the fact that access point is active • Access point settings can be changed to prevent it from announcing its presence in beacon frames and from using an easily guessable SSID • But then every user must know SSID in advance

  11. Wired Equivalent Protocol (WEP) • Special-purpose protocol for 802.11b • Intended to make wireless as secure as wired network • Goals: confidentiality, integrity, authentication • Assumes that a secret key is shared between access point and client • Uses RC4 stream cipher seeded with 24-bit initialization vector and 40-bit key • Terrible design choice for wireless environment • In SSL, we will see how RC4 can be used properly

  12. WEP Flaws • Two basic flaws undermined its use for protection against other than the casual browser - eavesdropper • No defined method for encryption key refresh or distribution • Pre-shared keys were set once at installation and rarely if ever changed • Use of RC4 which was designed to be a one-time cipher not intended for multiple message use • But because the pre-shared key is rarely changed, same key used over and over • Attacker monitors traffic and finds enough examples to work out the plaintext from message context • With knowledge of the cipertext and plaintext, can compute the key

  13. Encryption • WEP Flaw • Takes about 10,000 packets to discover the key • Large amounts of known data is the fastest way of determining as many keystreams as possible • The information may be as innocuous as the fields in the protocol header or the DNS name query • Monitoring is passive so undetectable • Simple tools and instructions freely available to spit out the key • Legal experts postulate this type of monitoring may not be illegal

  14. Other Problems • SSID (service set identifier) • Identifies the 802.11 devices that belong to a Basic Service Set (BSS). • A BSS is analogous to a LAN segment in wired terms • SSID is meant as a method to identify what Service Set you want to communicate with; not as a security layer authentication • Even when using WEP, the SSID remains fully visible • Some mgfr even allow the WLAN cards to poll for the SSID and self configure

  15. Other Problems • MAC (media access control) • Possible to restrict access by MAC address on many AP (access points) by means of an ACL • All standards compliant NIC cards, including WLAN cards, should have unique MAC, some software allow this address to be ‘spoofed’ • Spoofing Wireless • Is easy • Unlike internet devices which have routing issues to overcome, IP addresses of wireless devices can be manually changed at will • Some networks systems serve up the IP address dynamically

  16. Do Not Do This [courtesy of Brian Lee] Ingredients: Laptop (with 802.11b card, GPS, Netstumbler, Airsnort, Ethereal) and the car of your choice • Drive around, use Netstumbler to map out active wireless networks and (using GPS) their access points • If network is encrypted, park the car, start Airsnort, leave it be for a few hours • Airsnort will passively listen to encrypted network traffic and, after 5-10 million packets, extract the encryption key • Once the encryption key is compromised, connect to the network as if there is no encryption at all • Alternative: use Ethereal (or packet sniffer of your choice) to listen to decrypted traffic and analyze • Many networks are even less secure

  17. Weak Countermeasures • Run VPN on top of wireless • Treat wireless as you would an insecure wired network • VPNs have their own security and performance issues • Compromise of one client may compromise entire network • Hide SSID of your access point • Still, raw packets will reveal SSID (it is not encrypted!) • Have each access point maintain a list of network cards addresses that are allowed to connect to it • Infeasible for large networks • Attacker can sniff a packet from a legitimate card, then re-code (spoof) his card to use a legitimate address

  18. Fixing the Problem • Extensible Authentication Protocol (EAP) • Developers can choose their own authentication method • Cisco EAP-LEAP (passwords), Microsoft EAP-TLS (public-key certificates), PEAP (passwords OR certificates), etc. • 802.11i standard fixes 802.11b problems • Patch: TKIP. Still RC4, but encrypts IVs and establishes new shared keys for every 10 KBytes transmitted • No keystream re-use, prevents exploitation of RC4 weaknesses • Use same network card, only upgrade firmware • Long-term: AES in CCMP mode, 128-bit keys, 48-bit IVs • Block cipher (in special mode) instead of stream cipher • Requires new network card hardware

  19. Improved Security Standards • 802.1x Authentication (2001) • WPA (Wi-Fi Protected Access) (2002) • 802.11i (2003-4)

  20. 802.1X Authentication and EAP • 802.1X • Framework to control port access between devices, AP, and servers • Uses Extensible Authentication Protocol (EAP) (RFC 2284) • Uses dynamic keys instead of the WEP authentication static key • Requires mutual authentication protocol • User’s transmission must go thru WLAN AP to reach authentication server performing the authentication • Permits number of authentication methods • RADIUS is the market de facto standard

  21. EAP Types • EAP-TLS (RFC 2716) • EAP is extension of PPP providing for additional authentication methods • TLS provides for mutual authentication and session key exchange • Negotiated mutual key becomes Master-Key for 802.11 TKIP • Requires client & server certificates (PKI based) • Deployed by Microsoft for its corporate network • Shipping in Windows 2000 and XP

  22. Other EAP Types • EAP-TTLS • “Tunneled” TLS -- -- uses two TLS sessions • Outer--TLS session with Server certificate for server authentication • Inner Inner--TLS session using certificates at both ends and password • Protects user’s identity from intermediary entities • PEAP • Similar to EAP-TTLS, but only allows EAP for authentication • Server authentication via Server certificate • User’s password delivered through SSL protected channel • Session continues when user’s password verified • Client-side certificate optional

  23. WPA Interim 802.11 Security • Wi-Fi Protected Access (WPA) • Interim Solution between WEP and 802.11i • Plugs holes in legacy 802.11 devices; typically requires firmware or driver upgrade, but not new hardware • Subset of the 802.11i and is forward compatible • Sponsored by the Wi-Fi Alliance • Will require WPA for current certifications • Support announced by Microsoft, Intel, others • Agere • Atheros • Athnel • Colubris • Funk Sftw • Intesil • Proxim • Resonext • TI

  24. WPA • Improves WEP encryption • Based on TKIP protocol and algorithm • Changes the way keys are derived • Refreshes keys more often • Adds message integrity control to prevent packet forgeries • Benefits • Encryption weakness improved but not solved • Some concern that TKIP may degrade WLAN performance without hardware accelerator • But protects current device investment • Will be available sooner than 802.11i

  25. WPA • Works similarly to 802.1X authentication • Both Clients and AP must be WPA enabled for encryption to and from 802.1X EAP server • Key in a pass phrase (master key) in both client and AP • If pass phrase matches, then AP allows entry to the network • Pass phrase remains constant, but a new encryption key is generated for each session

  26. TKIP • Temporal Key Integrity Protocol • Quick fix to overcome the the reuse of encryption key problem with WEP • Combines the pre-shared key with the client’s MAC and and larger IV to ensure each client uses different key stream • Still uses WEP RC4, but changes temporal key every 10K packets • Mandates use of MIC (Michael) to prevent packet forgery • Benefits • Uses existing device calculation capabilities to perform the encryption operations • Improves security, but is still only a short-term fix

  27. New 802.11i Security • Addresses the main problems of WEP and Shared-Key Authentication • Temporal Key Integrity Protocol (TKIP) • Message Integrity Control ~ Michael • AES Encryption replacement for RC4 • Robust Security Network (RSN) • Require new wireless hardware • Ratification ~ YE 2003

  28. Robust Security Network • RSN uses Dynamic Negotiation • For authentication and encryption algorithms between AP and client devices • Authentication is based on 802.1X and EAP • AES Encryption

  29. How RSN Works 1. Client sends request for association and security negotiation to AP, which forward to WLAN switch. 2. WLAN switch passes request to Authentication Server (RADIUS). 3. RADIUS authenticates client. 4. Switch and client initiate 4 way key negotiation to create unique session key. Switch pushes key, which is AES encrypted to AP. AES encrypts all data traffic.

  30. Final Words • 802.11 is truly useful technology • Wireless networking will continue to expand • As the networking standards change so will the security issues • Network security specialists need to understand wireless networking; and vice versa • Start evaluating and deploying new security standards • SANS Institute Information Security Reading Room • http://www.sans.org/rr/wireless/ • NIST Wireless Network Security • http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdf

  31. 802.11a • Works at 40mhz, in the 5ghz range • THEORETICAL transfer rates of up to 54mpbs • ACTUAL transfer rates of about 26.4mbps • Limited in use because it is almost a line of sight transmittal which necessitates multiple WAP’s (wireless access points) • Cannot operate in same range as 802.11b/g • Absorbed more easily than other wireless implementations

  32. 802.11b – “WiFi” • Operates at 20mhz, in the 2.4ghz range • Most widely used and accepted form of wireless networking • THEORETICAL speeds of up to 11mbps • ACTUAL speeds depend on implementation • 5.9mbps when TCP (Transmission Control Protocol) is used (error checking) • 7.1mbps when UDP (User Datagram Protocol) is used (no error checking) • Can transmit up to 8km in the city; rural environments may be longer if a line of sight can be established

  33. 802.11b - “WiFi” (cont.) • Not as easily absorbed as 802.11a signal • Can cause or receive interference from: • Microwave ovens (microwaves in general) • Wireless telephones • Other wireless appliances operating in the same frequency

  34. 802.11g - “Super G” • Operates at the same frequency range as 802.11b • THEORETICAL throughput of 54mpbs • ACTUAL transmission rate is dependent on several factors, but averages 24.7mbps • Logical upgrade from 802.11b wireless networks – backwards compatibility • Suffers from same limitations as 802.11b network • System may suffer significant decrease in network speeds if network is not completely upgraded from 802.11b

  35. 802.11n (Ultranet) • Standards in discussion now; should be completed by the end of 2006 • REAL throughput of at least 100mbps • 4 – 5 times faster than 802.11g/a • 20 times faster than 802.11b! • Better distance than 802.11a/b/g • Being designed with speed and security in mind • Perfect compliment for WWW2

  36. Wireless Networking Categories • Personal Area Networking • Bluetooth, UWB • Local Area Networking • IEEE 802.11 (a, b, g) • HomeRF • Packet Radio 900mhz ISM • Wide Area Networking • 2.5-3G cellular • Blackberry

  37. Rogue Device Threat Can make your network vulnerable… • Even with a secure wireless network • Even if you have no wireless network • Both Access Points and Clients are dangerous Goal Protect network jacks Identify unauthorized wireless devices

  38. WarChalking

  39. Wireless Tools • Types of Monitoring tools • Stumbling • Sniffing • Handheld • Hacking tools • WEP Cracking • ARP Spoofing

  40. Stumbling Tools Stumbling tools identify the presence of wireless networks. They look for beacons from access points, and also broadcast client probes and wait for access points to respond.

  41. Netstumbler http://www.netstumbler.com • Free • Window based • Very simple GUI • GPS capable

  42. Wellenreiter http://www.remote-exploit.org • Free • Linux based • Supports many wireless cards • GPS capable

  43. Other Stumbling Tools • MacStumbler (MAC) http://homepage.mac.com/macstumbler/ • MiniStumbler (PocketPC) http://www.netstumbler.com/download.php?op=getit&lid=21 • Mognet (JAVA) http://chocobospore.org/mognet/ • BSD-AirTools – dstumbler (BSD) http://www.dachb0den.com/projects/bsd-airtools.html

  44. Sniffing Tools Sniffing tools capture the traffic from a wireless network and can view the data passed across the air.

  45. Kismit http://www.kismetwireless.net • Free • Linux based • GPS capable

  46. AiroPeek http://www.wildpackets.com/products/airopeek • Must pay for it • Windows based • Real time packet decoding

  47. Other Sniffing Tools • AirTraf (Linux) http://airtraf.sourceforge.net/index.php • Ethereal (All OS’s) http://www.ethereal.com/ • Sniffer Wireless (Windows, PocketPC) http://www.sniffer.com/products/sniffer-wireless/default.asp?A=3 • BSD-AirTools - Prism2dump (BSD) http://www.dachb0den.com/projects/bsd-airtools.html

  48. Handheld Tools Handheld tools are more portable and provide wireless network identification and network status monitoring.

  49. AirMagnet http://www.airmagnet.com/ • Pocket PC based

More Related