1 / 30

Wireless Personal Communications Systems – CSE5807

Wireless Personal Communications Systems – CSE5807. Lecture: 10 Stephen Giles and Satha K. Sathananthan School of Computer Science and Software Engineering Monash University Australia. These slides contain figures from Stallings, and are based on a set developed by Tom Fronckowiak.

kaya
Download Presentation

Wireless Personal Communications Systems – CSE5807

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Personal Communications Systems – CSE5807 Lecture: 10 Stephen Giles and Satha K. Sathananthan School of Computer Science and Software Engineering Monash University Australia These slides contain figures from Stallings, and are based on a set developed by Tom Fronckowiak .

  2. Wireless Security • Inherently insecure compared to wired networks. • Broadcast nature of the channel. • Increased security requirements. • Wireless networks for internet access, e-commerce, credit-card transactions, etc. • Privacy requirements: • Control information. • Call setup information, user location, user ID, credit-card information, etc. • Voice or data. • Security measures and limitations: • Must consume as little power as possible. • Preserve spectrum efficiency. • Errors in transmission.

  3. Wireless Security Services • Confidentiality/Privacy: • Prevention of unauthorized disclosure of information. • Security attack: Interception. • Authentication and encryption. • Integrity: • Prevention of unauthorized modification of information. • Security attack: Modification and Impersonation. • Availability: • Property of being accessible and useable upon demand by an authorized user. • Security attack: Denial of service.

  4. Wireless Security Services • Nonrepudiation: • Service against the denial by either party of creating or acknowledging a message. • Security attack: Fabrication • Security measure: Digital signatures based on public key encryption. • Access Control: • Enables only authorized entities to access resources. • Security attack: Masquerading

  5. x Encrypted Message (Cipher-text) Message (Plaintext/Clear-text) Y=Ek(X) Encryption Encrypted Message Message M=Dk(Y)=X Decryption Y Encryption • Used in wired and wireless networks for providing several security services: • Confidentiality, message authentication, nonrepudiation, access control and identification. • Availability can not be guaranteed. • Scrambling the message using a key.

  6. Y Insecure Channel X X Decryption Encryption k k Secure Channel Y=Ek(X) : Ciphertext X=Dk(Y) : Plaintext Secret-Key/Symmetric Key Encryption • Sharing a secret key for encryption and decryption. • Advantage: Fast and suitable for high data rates. • Disadvantage: Secret key distribution. • Examples: • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) • RC-4

  7. Y Insecure Channel X X Decryption Encryption Kpub, A Kpri, A Y=Ekpub(X) : Ciphertext X=Dkpri(Y) : Plaintext Public Key Encryption • Using the public key and the private key for encryption and decryption respectively. • Public key is known to everyone. • Only owner can decrypt the message. • Large key sizes. • Mathematical operations are quite computationally intensive. • Rarely used in bulk data transfer. • Used to exchange a session key between a pair of communicating entities. • Use the session key with secret-key algorithim.

  8. Attacks on Wireless LANs • Passive attacks (Eavesdropping) • Not connected to the network. • Listen to packets traversing the wireless segment and gather valuable information. • Leave no trace of presence. • Active attacks • Connecting to a wireless network through an access point. • Gathering information and changing the configurations. • Jamming • Shut down the wireless network by an overwhelming RF signal. • RF signal • Intentional or unintentional • Removable or non-removable • RF spectrum analyzer can be used to locate the RF signal.

  9. Attacks on Wireless LANs • Man-in-the-middle attacks • Uses an access point to effectively hijack mobile nodes by sending stronger signal than the legitimate access point is sending. • Mobile nodes then associate to this rogue access point. • Gathering sensitive data. • Undetectable by users. • Physical security can prevent this attack.

  10. Authentication Request Frame LAN AP Authentication Response Frame Wireless LAN Authentication • IEEE802.11 specifies two methods of authentication: • Open System Authentication • Shared Key Authentication • Open System Authentication • Based on SSID only. • Option of using WEP for only encrypting data.

  11. Request to Authenticate AP LAN Sends a challenge phrase Encrypts the phrase and sends it back Verifies the phrase and if they match authenticates Clients connects to the network Wireless LAN Authentication • Shared Key Authentication • WEP key can be used to verify a client's identity and for encryption of data.

  12. Wired Equivalent Privacy (WEP) • Authenticating users and encrypting data payloads. • Use pseudo-random number generator (PRNG) and RC4 stream cipher. • RC4 is fast and simple to encrypt and decrypt. • Both the sender and receiver use the stream cipher to create identical pseudorandom strings from the known shared key. • The sender XORS the plaintext with the stream cipher producing cipher text. • The ciphertext is then pretended with the plaintext initialization vector (IV).

  13. Wired Equivalent Privacy (WEP)

  14. Wired Equivalent Privacy (WEP) • WEP is simple  Weak • RC4 algorithm was inappropriately implemented yielding a less than adequate security solution. • Most implementation of WEP initialize hardware using an IV of 0 , thereafter incrementing the IV by 1 for each packet sent. • Length of plaintext IV is 24-bits. • All possible IVs (224) would be exhausted in 5 hours for a busy networks. • Reinitialized starting at zero at least once every 5 hours. • Open door for hackers. • Flawed process in WEP causes: • Active and passive attacks to decrypt traffic. • Active attacks to inject new traffic.

  15. Wired Equivalent Privacy (WEP) • Why WEP was chosen? • The IEEE802.11 standard specifies the following security criteria: • Exportable • Reasonably strong • Self-synchronizing • Computationally efficient • Optional • WEP met all these requirements when it was introduced. • Pushed by WLAN market. • The IEEE802.11 standard leaves WEP implementation up to WLAN manufacturers. • Various implementation.

  16. Wired Equivalent Privacy (WEP) • WEP Keys: • Core functionality of WEP. • Alphanumeric character string. • Implemented on client and infrastructure devices on a WLAN. • Available in two types, 64-bit and 128-bit. • Sometimes referenced as 40-bit and 104-bit since 24-bit IV is concatenated with a secret key. • WEP key can be used: • To verify the identity of an authenticating station. • For data encryption. • WEP Key distribution: • Static Keys • Centralized encryption key server.

  17. Wired Equivalent Privacy (WEP) • Static WEP Key: • Manually assign a WEP key to an access point and its clients. • Susceptible to security failure. • Suitable for small and simple WLANs. • Multiple WEP keys simultaneously. • Centralized Encryption key Server: • Automated process between stations, access points and the key server. • Centralized key generation and distribution. • Ongoing key rotation. • Reduced key management overhead. • Key generation based on a per-packet or per-session or other method.

  18. Wired Equivalent Privacy (WEP) • WEP Usage: • Beacons are not encrypted. • WEP encryption/decryption process consumes CPU cycles and reduces the effective throughput. • Additional CPU in access points. • Implementation in software => More effects • Implementation in hardware => Added cost

  19. Advanced Encryption Standard (AES) • Replacement for the RC4 algorithm used in WEP. • Is being considered in IEEE802.11i standard => WEPv2 • AES uses the Rijndael algorithm using 128-bit or 192-bit or 256-bit key. • Considered to be an un-crackable.

  20. Filtering • Basic security mechanism in addition to the WEP. • Keep out that which is not wanted, and to allow that which is wanted. • Three types of filtering: • SSID Filtering • MAC Address Filtering • Protocol Filtering

  21. Filtering • SSID Filtering: • SSID of WLAN station must match the SSID on the access point. • SSID is broadcast in every beacon. • If SSID is removed from beacon, the client must have matching SSID => “Closed system”. • Not considered as a reliable method of keeping unauthorized users out of a WLAN. • Should be used as a means of segmenting the network. • Common issues: • Using the default SSID. • Unnecessary broadcasting of SSIDSs.

  22. Filtering • MAC Address Filtering: • Network administrator can compile and, distribute and maintain a list of allowable MAC address and program them into each access points. • Can be implemented in RADIUS servers instead of each access points. • MAC address of WLAN clients are broadcasted in clear text even when WEP is implemented. • Hacker can find the MAC addresses used in the WLAN. • Should be used as a feasible, but not as the sole security mechanism.

  23. Filtering • Protocol Filtering: • WLAN can filter packets traversing the network based on layer 2-7 protocols. • Useful in controlling utilization of the shared medium.

  24. Emerging Wireless Security Solutions • VPN • 802.1x using Extensible Authentication Protocol (EAP). • Temporal Key Integrity Protocol (TKIP) • 802.11i • Based on passing authentication through to authentication servers upstream from the access points. • Wireless client waiting during the authentication process.

  25. Associate EAP Identity Response EAP Auth Response AP EAP Identity Request EAP Auth Request EAP-Success EAP Identity Response EAP Auth Response EAP Auth Request EAP-Success IEEE802.1x and EAP • EAP is a layer 2 protocol. • Ability to allow a connection into the network at layer 2 only if user authentication is successful. • User authentication is accomplished using a Remote Authentication Dial-In User Service (RADIUS) server and some type of user database. Authentication Server

  26. IEEE802.1x and EAP • LEAP (Lightweight EAP) • Primarily used in Cisco wireless LAN access points. • Encryption using dynamically generated WEP keys and supports mutual authentication. • EAP-TLS (EAP-Transport Layer Security) • Certificate based, mutual authentication of the client and the network. • Relies on client-side and server-side certificates to perform authentication. • EAP-TTLS (EAP-Tunneled Transport Layer Security) • Extension of EAP-TLS. • Requires only server side certificates. • PEAP (Protected EAP) • Developed by Cisco and Microsoft, as an alternative to EAP-TTLS. • Uses tunneled server-side certificates and username/password credentials for client to authenticate. • Supports mutual authentication.

  27. Temporal Key Integrity Protocol (TKIP) • An upgrade to WEP that fixes known security problems in WEP’s implementation of the RC4 stream cipher. • IV hashing to help defeat packet snooping. • Message Integrity Check to determine unauthorized packet modification by injecting traffic. • Dynamic keys to defeat capture of passive keys. • Firmware upgrades to access points and client devices.

  28. Temporal Key Integrity Protocol (TKIP) • 128-bit temporal key shared amongst all clients and access points. • Temporal key is combined with a client’s MAC address and then added to a very large 16-octet IV to produce the actual encryption key. • RC4 is used for encryption. • Temporal key is changed over 10,000 packets (in every hour in many cases). • Performance loss when using TKIP. • Trade-off with network security gain.

  29. IEEE802.11i • Defines a new type of wireless network called a “Robust Security Network” (RSN). • IEEE802.1x and EAP • Advanced Encryption Standard (AES). • TKIP is allowed as an optional mode in RSN. • Wi-Fi Protected Access (WPA): • Wi-Fi Alliance adopted TKIP as a new security approach. • WPA is subset of RSN.

  30. References • K. Pahlavan and K. Krishnamurthy “Principles of Wireless Networks”, Prentice-Hall, 2002. • Hon Edney and William A. Arbaugh, “Real 802.11 Security: Wi-Fi Protected Access and 802.11i”, Pearson Education, 2004

More Related