620 likes | 930 Views
Wireless News. 'BlueBag' PC sniffs out Bluetooth flaws In just under 23 hours of travel, BlueBag was able to spot more 1,400 devices with which it could have connected If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag.
E N D
Wireless News • 'BlueBag' PC sniffs out Bluetooth flaws • In just under 23 hours of travel, BlueBag was able to spot more 1,400 devices with which it could have connected • If you happened to fly through Milan's Malpensa Airport last March, your mobile phone may have been scanned by the BlueBag.
Wireless News • Next generation wireless is new, nifty, but not yet standard • The good news is that there's a new generation of wireless networking products on the horizon, products that feature about four times as much coverage and more than 10 times faster access than traditional WiFi networks. • The bad news is that this new-and-improved wireless standard doesn't actually exist yet, even though there's no shortage of retailers who are more than willing to sell it to you right now.
Wireless News • A team of researchers from Research Triangle Institute successfully tested a paint-on antenna for high-altitude airships on June 21, in the Nevada desert.
Misbehaving with WiFi Chapter Eight Wireless LAN Security and Vulnerabilities
Topics • Snake oil access control • MAC layers lacks per frame authentication • The spoofing problems which result • 802.1X issues related to spoofing • WEP (dead horse, I’ll discuss it briefly) • Attacks against these schemes • Recommendations • Wireless tools you can mess with • WEP Crack Demo
Terminology • SSID – Service Set ID • A text string used to identify sets of APs • Spoofing • Illegitimate generation of network traffic • Fake packets all together • Insert traffic into a stream • WEP – Wired Equivalent Privacy • Broken 802.11 encryption scheme • Should be “What on Earth does this Protect?”
Terminology (continued) • Access point • Device serving as wireless-to-wired bridge • Association request • Wireless stations ‘associate’ with an AP • Follows rudimentary authentication procedure • Per Frame Authentication • Every Frame authenticity information • Should be used with initial auth. exchange
Terminology (continued) • Snake oil is a Traditional Chinese medicine used for joint pain. However, the most common usage is as a derogatory term for medicines to imply that they are fake, fraudulent, and usually ineffective. The expression is also applied metaphorically to any product with exaggerated marketing but questionable or unverifiable quality. (borrowed from Wikipedia)
Ted’s Hacker TED’S HACKER
Auth. in the 802.11 MAC Layer • Two types • Open System • No authentication • Gratuitous access • Shared Key • Uses WEP – broken scheme • Key distribution and usage issues • No per frame auth. • frame spoofing is easy • If a authentication scheme is to be effective, it needs to be per frame • No AP auth. – allows impersonation of APs • MAC layer does leave room for other auth. schemes • None presently implemented • New schemes which conform to standard still can’t be per frame • Per frame authentication
Other Forms of Access Control • SSID hiding (complete snake oil) • SSID often beaconed by APs • APs can be configured to stop beaconing • MAC address filtering (snake oil) • DHCP servers • AP ACLs • 802.1X (spoofing issues) • Takes places following MAC layer auth. and assoc. to AP • Controls access only to world beyond AP via EAP • Does allow for more robust authentication (Kerberos, others) • Doesn’t solve per packet auth. problem • No clients for all OS’s which all use the same auth. scheme
WEP, the “Sweet & Low” of 802.11 • Passive listening • Numerous documented attacks • Attacks widely implemented • Key can be recovered at worst in a few hours of passive listening • Only encrypts data frames • Management, control frames sent in the clear • We can still spoof these frame types without a key • Key management issues • If key changes all devices must change it at the very same time, so short key periods won’t help much • Employee leaves with key in hand • Basically Broken
Sniffing the SSID - easy Sniff, sniff, sniff… Mischievous Station Running NetStumbler or similar Regular User Station being innocent AP w/ SSID ‘Paris’ Assoc. Request (…, SSID ‘Paris’, …)
Beating MAC Address Filters - easy • Sniff legitimate MAC Addresses • Wait for a station to leave • Set your MAC to a legitimate address • linux# ifconfig wlan0 hwaddr 00:00:de:ad:be:ef • openbsd# wicontrol wi0 –m b5:db:5d:b5:db:5d • You can now authenticate and associate • MAC filtered by DHCP server? • Sniff addresses and set your IP statically
Cracking WEP – easy, time consuming Sniff, sniff… CRACK! Mischievous Station Running AirSnort or similar Regular User Station being innocent WEP encrypted Data Frames (A1%h8#/?e$! ...) Access Point
Back to the Spoofing • Spoofing allows lots of naughty behavior • Station disassociation DoS • Disrupt wireless station’s access • Access point saturation DoS • MAC level limit the number of associated stations to ~2000 • Implementation limits set lower to prevent congestion • Prevent new stations from authenticating to an AP • Hijacking of legitimately authenticated sessions • Man in the middle attacks • Old ARP cache poisoning, DNS spoofing affect 802.11 too • Impersonate AP to a client, tamper with traffic, pass it along
Tools for Spoofing Frameschallenging, getting easier • Libradiate makes it easy • No longer supported • AirSnarf • mimics a legitimate access point • DoS Tools (disassoc, AP saturate, etc) • THC-RUT • combines detection, spoofing, masking, and cracking into the same tool • Hotspotter • deauthenticate frame sent to a MS Windows XP user’s computer that would cause the victim’s wireless connection to be switched to a non-preferred connection, AKA a rouge AP.
Disassociating a Wireless Station – easy after implementation! Sniff, sniff… DISASSOC! Mischievous Station running dis2 Disassociate Frame(SANTA’S MAC, AP BSSID, DISASSOC, …) Regular User Station being innocent Access Point General Wireless Traffic (MGMT, CRTL, DATA)
Session HijackingMITM (Man-In –The-Middle) • The wireless advantage: easy access to medium! • Hijacking a wireless session • Known network/transport layer attacks – easy w/ implementations • MAC level hijacking • Simple combination of disassociation and MAC spoofing • Can beat 802.1X, if hijacking after EAP Success received by station • MITM • SSH, SSL – easy w/ sshmitm, webmitm (dsniff package) • ARP Poisoning, DNS redirect still work (may need retooling for 802.11 MAC) • Same issues that go along with these attacks on wired medium exist here • AP impersonate MITM – doable, challenging • Could be detectable
Main Points • Wireless medium is an inherently insecure • The 802.11 MAC poorly compensates • MAC layer needs stronger authentication • Per packet auth. could solve many issues • 802.1X exchange comes too late • Spoofing attacks will become public
Recommendations • The first rule is… • Secure your network protocols • SECURE NETWORK PROTOCOLS • SECURE NETWORK PROTOCOLS • wireless only makes attacks easier • Snake oil can provide hurdles for the casual • Treat wireless the way you treat remote traffic • High security environments: no wireless allowed
Wireless Tools for your Tinkering • Windows • Netstumbler – find APs and their SSIDs • Airopeek – wireless frame sniffer • Linux • Airsnort (and other WEP tools) • Airtraf (Netstumbler-like) • Kismet (Netstumbler-like, WEP capture, other stuff)
WEP Cracking Demo • Cracking WEP in 10 Minutes • http://www.hackingdefined.com/movies/see-sec-wepcrack.zip • This is a demo from a distro called Woppix which later became BackTrack
Wireless Security • “The nice thing about standards is that there are so many to choose from.” - Andrew S. Tannenbaum
Wireless Security Problems • Common Techniques to Compromise Wireless Data Networks: • Rogue Access Point Insertion • Traffic Sniffing • Traffic Data Insertion • ARP-Snooping (via “Dsniff”) – trick wired network to pass data over wireless
802.11b/g Wireless Radio Channels (USA) Note: Only using channels 1, 6, and 11 incur the least amount of adjacent radio channel interference.
Security OverviewAuthentication • Determines: • If you are who you say you are • If (and What) access rights are granted • Examples are: • “Smart Card” - SecureId® Server/Cards • S/Key – One time password • Digital Certificates
Examples of “Smart Cards” http://www.rsasecurity.com
Wireless Security Overview • Data Encryption • WEP – Wired Equivalent Privacy (No Authentication) • WPA – WiFi Protected Access Note: Due to computational overhead, almost all data encryption techniques impose an Access Point performance / throughput penalty. Average Throughput Reduction Example – (Relative to No Encryption@34.028Mbps w/Linksys WRT54gs): WPA-PSK w/AES (29.005Mbps) = ~14.8% slower WPA-PSK w/TKIP (28.464Mbps) = ~16.4% slower WEP-128 (22.265Mbps) = ~34.6% slower http://www.tomsnetworking.com/Reviews/images/scrnshots/linksys_wrt54gs_security.png
WEP(Wired Equivalent Privacy) • RC4 (Rivest Cipher 4 / Ron’s Code 4) Encryption Algorithm <http://www.cebrasoft.co.uk/encryption/rc4.htm> • Shared (but static) secret 64 or 128-bit key to encrypt and decrypt the data • 24-bit ‘initialization vector’ (semi-random) leaving only 40 or 104 bits as the ‘real key’ • WEP Key Cracking Software • WEPCrack / AirSnort / Aircrack (as well as others) • Cracking Time: 64-bit key = 2 seconds 128-bit key = ~ 3-10 minutes www.netcraftsmen.net/welcher/papers/wlansec01.htmland www.tomsnetworking.com/Sections-article111-page4.php
WEP Attack Approaches • Traffic (Packet) Collection Techniques • High Traffic Access Points (APs) • Simple/passive traffic sniffing / capture • Low Traffic Access Points • Have client ‘deauth’ to disassociate from the AP • (Forces traffic when AP re-associates to the AP) • Replay captured ‘arp’ requests to the AP • Sniff / capture resulting packets for analysis
WPA and WPA2(WiFi Protected Access) • Created by the Wi-Fi Alliance industry group due to excessive delays in 802.11i approval • WPA and WPA2 designed to be backward compatible with WEP • Closely mirrors the official IEEE 802.11i standards but with EAP (Extensible Authentication Protocol) • Contains both authentication and encryption components
Wireless Authentication • 802.11i • EAP – Extensible Authentication Protocol • Currently ~40 different EAP authentication methods • PEAP (Protected EAP) = EAP + RADIUS Server • RADIUS = Remote Authentication Dial-In User Service • Kerberos • Provided as Part of Win2K+ UNIX Server Platforms • IPSec (IP Security) / VPN’s • End-to-End Encryption
Remote User Desktop / Client NAS Client (Network Access Server) Access desired to this Client/Server AAA (RADIUS) Server Authentication, Authorization, and Accounting RADIUS Authentication http://www.wi-fiplanet.com/img/tutorial-radius-fig1.gif
Kerberos (a.k.a. “Fluffy”)End-to-End Authentication • Kerberos is a widely used authentication server in an open environment. • Kerberos tickets have a limited life – generally configured to be 8 hours. Kerberos Request a ticket for TGS Authentication Server (AS) Ticket for TGS Client User secret keys Request a ticket for Service Ticket-granting Server (TGS) Ticket for Service Request Service Service http://www.cs.dartmouth.edu/~minami/Presentations/security.ppt The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades. http://www.faqs.org/faqs/kerberos-faq/general/section-4.html
WPA / WPA2 Encryption • WPA • Mandates TKIP (Temporal Key Integrity Protocol) • Scheduled Shared Key Change (i.e.; every 10,000 data packets) • Optionally specifies AES (Advanced Encryption Standard) capability • WPA will essentially fall back to WEP-level security if even a single device on a network cannot use WPA • WPA2 • Mandates both TKIP and AES capability • WPA / WPA2 networks will drop any altered packet or shut down for 30 seconds whenever a message alteration attack is detected.
WPA / WPA2 (Cont’d) • Personal Pre-shared Key • User–entered 8 – 63 ASCII Character Passphrass Produces a 256-bit Pre-Shared Key • To minimize/prevent key cracking, use a minimum of 21 characters for the passphase • Key Generation • passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits • WPA Key Cracking Software • coWPAtty / WPA Cracker (as well as others)
WPA Authentication(Before Extended EAP-May 2005) • Personal Mode = Pre-Shared Key • Enterprise Mode = EAP-TLS • (Transport Layer Security)
WPA / WPA2 Authentication (Since Extended EAP-May 2005) • Now Five WPA / WPA2 Enterprise Standards • EAP-TLS • Original EAP Protocol • Among most secure but seldom implemented as it needs a Client-side certificate ie; smartcard (SecurId Key Fob http://www.securid.com/)
WPA / WPA2 Authentication (Since Extended EAP-May 2005) • EAP-TTLS/MSCHAPv2 • Better than #1, as username and password not in clear text (Tunneled Transport Layer Security) • PEAPv0/EAP-MSCHAPv2 • Commonly referred to as “PEAP” • Most Widely Supported EAP Standard
WPA / WPA2 Authentication (Since Extended EAP-May 2005) • PEAPv1/EAP-GTC • Created by Cisco as alternative to #3. Cisco’s LEAP or EAP-FAST standard not frequently used as it can be cracked. • This standard is rarely used • EAP-SIM • Used by GSM mobile telecom industry with SIM card authentication
Other Security Techniques The following techniques may provide marginal additional security, but may also make network administration tasks more difficult: The six dumbest ways to secure a wireless LAN • MAC Address Filtering • Disabling SSID Broadcasts • Disabling Access Point’s DHCP server (so new client addresses are not automatically issued) • Cisco LEAP / EAP-FAST • Use 802.11a / Bluetooth • Antenna type, placement, direction, and transmitted power levels - Effective Isotropic Radiated Power (EIRP) http://www.netstumbler.com/2002/11/13/antenna_to_boost_wireless_security/
Security ConfigurationRecommendations • Enterprise • WPA2 – RADIUS / Kerberos • WPA2 – Pre-shared Key • (Continue With SOHO / Personal Options) • SOHO / Personal • WPA with AES • WPA with TKIP • WEP with 128-bit key • WEP with 64-bit key • No Encryption
Security Configuration • When configuring a wireless router / access point, always use a ‘wired’ connection! • (Don’t cut ‘the branch you’re standing on’!) • When changing a configuration option, always make the change on the router / access point first, then make the compatible change on your local wireless network card / configuration!