530 likes | 700 Views
Wireless Security. MIS 4700 Dr. Garrett. Security Threats to WLANs. IEEE 802.11i. The IEEE announced the adoption of the 802.11i security standard in June 2004 to improve the overall security and privacy of a wireless LAN. WEP. Wired Equivalent Privacy (WEP)
E N D
Wireless Security MIS 4700 Dr. Garrett
IEEE 802.11i • The IEEE announced the adoption of the 802.11i security standard in June 2004 to improve the overall security and privacy of a wireless LAN
WEP • Wired Equivalent Privacy (WEP) • One of the optional protocols that will help to secure your network • Security for a wireless LAN is more difficult than for a wireline LAN • Radio waves are transmitted through the air and, unlike cables, can penetrate walls, floors, and behind locked doors • Encrypts data but programs like AirSnort and WebCrack can decipher the data
WEP Encryption • Uses RC4 (Rivest Cipher 4) which generates a pseudo-random number from arbitrary-length encryption keys • Combines with the data stream to encrypt the data • Encryption key includes a 24-bit initialization vector (IV) defined by the user and a 40 or 104 bit key provided by the wireless device • But the IV is transmitted unencrypted and may be cracked in a few minutes
WEP Security Issues • The same 24-bit IV is commonly used repeatedly regardless of the packet’s contents and may be deciphered within minutes • Static shared keys are used over and over giving a hacker plenty of time to decipher the encryption keys
MAC Address Filtering • All devices have a unique 48-bit identifier called a MAC address • An access point could be configured to only access connections from a device with a MAC address in a list • A hacker could listen for allowable MAC addresses and spoof one to gain access
Authentication • Wireless APs transmit beacon frames • Nodes listen for beacon frames to decide whether to try to association or connect to the AP • Authentication is used by the AP to decide whether to accept the connection
Open system authentication (OSA) No authentication is required Any device may associate with the AP Shared key authentication Since the authentication key is sent in open text, a hacker could gain access to the network Authentication Methods
Extensible Authentication Methods • The Extensible Authentication Protocol (EAP) allows greater security than just username/password combinations • Authentication framework: mechanism that performs the authentication process • Authentication algorithm • RC4 used in WEP and Wi-Fi Protected Access (WPA) • Advanced Encryption Standard (AES) • Data frame encryption: applies the encryption key to the data
802.1x Security • 802.1x is an authentication standard and framework used for centralized authentication and may work with multiple algorithms at one time • The 802.11i task force is working to incorporate the 802.1x authentication framework into wireless LANs
EAPoL • EAPoL is EAP (Extensible Authentication Protocol) encapsulation over LANs • An unauthenticated supplicant (meaning a wireless node) attempts to associate with an authenticator (a wireless access point) • The authenticator allows only authentication traffic until the supplicant is authenticated by an authentication server • Known as a AAA server (authentication, authorization, and accounting)
802.1x Authentication Process • An EAP-start frame is sent to request access to the network • An EAP-request identity frame is sent by the AP to ask the node to identify itself • The node responds with an EAP-response frame that contains its identity • The authentication server applies an algorithm to verify the node’s identity • The authentication server sends an accept or reject frame to the AP, which is then sent to the node
802.1x Authentication Standard • The 802.1x authentication standard relies on another protocol to perform the actual authentication • The authentication process is provided by an authentication server or service running on the network
EAP Types • Message Digest Challenge (MD-5) only provides one-way authentication • Protected EAP (PEAP) supports a variety of authentication protocols using server-side only certificates • Transport Layer Security (EAP-TLS) provides certificate-based and mutual authentication using client-side and server-side certificates • May dynamically generate WEP keys • Also called Smart Card or Certificate authentication
EAP Types • Tunneled Transport Layer Security (EAP-TTLS) provides for certificate-based, mutual authentication using an encrypted tunnel • Cisco Systems has developed its own proprietary version of the EAP standard, which it calls Lightweight Extensible Authentication Protocol (LEAP)
RADIUS • Remote Authentication Dial-In User Service (RADIUS) is used to verify a username and password against a database of authorized users • Microsoft’s implementation of RADIUS is its Internet Authentication Server (IAS) • Some access points include an embedded authentication server (EAS)
Basic Encryption Methods • Substituting one character for another in a consistent pattern transforms the original message and its meaning into a stream of what amounts to gibberish • For example, each alphabetic character may be replaced with another alphabetic character a certain number of positions later or earlier in the alphabet • Another form of transposition encryption uses a seed or key word to establish relative positions for letters in the alphabet
Historical Encryption Methods • Jefferson Cylinder in the 1700s • Wheatstone disk in the 1800s • Enigma rotor machine of World War II • Mathematics-based algorithms The rotors inside the German Enigma machine were used to encrypt text messages.
Symmetric Uses the same secret key to both encrypt and decrypt the message Called a secret key system Asymmetric Uses a public key to encrypt data Uses a private key to decrypt data Called a public key system Keys are managed by the Public Key Infrastructure (PKI) Cryptography
Symmetric Key Encryption A symmetric encryption process uses the same private key to encrypt and decrypt a message.
Wireless Encryption Methods • WEP uses a symmetric key encryption method • The same key is used for both encryption and decryption • An issue arises in how to securely exchange the secret key initially • Most commonly used symmetric key encryption algorithm is DES
Data Encryption Standard • Data Encryption Standard (DES) uses a 56-bit encryption key and a block cipher encryption method • Breaks the data into 64-bit blocks • Applies encryption key to each block 16 times • Triple DES (3DES) is a more advanced form of DES
DES Encryption Modes • Electronic Code Book (ECB) encrypts each 64-bit data block individually • Cipher Block Chaining (CBC) makes each data block dependent on the preceding block by XOR’ing each block with the next • Cipher Feedback (CFB) adds dummy bytes to data less than 64 bits in length • Output Feedback (OFB) passes the output of the DES process back through encryption
Asymmetric Key Encryption • Uses a public key known to everyone and a private (or secret) key known only by the recipient • The private key is used to decrypt information encrypted by the public key • The two keys are related but cannot be deduced from the other • Public Key Infrastructure (PKI) is used to manage the keys
Asymmetric Key Encryption An asymmetrical encryption system uses a public key to encrypt data at the sending end and a private key to decrypt the data at the receiving end.
Wireless Networks • WLANs often use asymmetric encryption methods • WEP keys are distributed periodically by encrypting the key with the public key of the receiving station and decrypted by the station using its private key
Windows XP WLAN Properties The Windows XP Wireless Network Properties dialog box’s Association tab is used to configure a NIC for a public key.
Certificate Authority • Certificate Authorities (CA) protect the security and trustfulness of the PKI system • A certificate authority issues public keys after having verified the identity of the private key owner
Digital Signatures • Digital signatures verify a sender’s identity • When you wish to transmit a digitally signed document, a hash total is made of the document and signed with your private key. • At the receiving end, the validity of the document and its source are verified by decrypting the hash total of the document using your public key and comparing it to a hash total computed by the receiving end. • If the two hash totals match, the receiving station has the assurance that the document is secure.
802.11i • The IEEE approved the 802.11i standard in June 2004 to provide enhanced security • Includes the Advanced Encryption Standard (AES) cryptographic algorithm • Includes 802.1x security standards • Defines use of the Temporal Key Integrity Protocol (PKIP), Wireless Robust Authenticated Protocol (WRAP), and Counter Mode with Cipher Block Chaining (CBC) Message Authentication Code (MAC) [CBC-MAC] Protocol (CCMP)
Advanced Encryption Standard • Advanced Encryption Standard (AES) is an advanced standard that requires a dedicated circuit • Satisfies the Federal Information Processing Standard (FIPS)
Temporal Key Integrity Protocol • Temporal Key Integrity Protocol (PKIP) provides dynamic per-packet encryption keys, a message integrity check, and a way to assign new keys to network nodes • An interim solution to WEP’s flaws • Wi-Fi Protected Access (WPA) was an early version of TKIP
CCMP • CCMP is a block cipher mode protocol that performs both encryption and authentication
Security Threats This common network implementation is vulnerable to a variety of security threats.
Client-to-Client Attacks • Wireless nodes have the capability to communicate directly with one another
Denial of Service Attacks • Denial of Service (DoS) attacks prevent any access to a network’s resources by internal or external nodes • The most common type of attack overloads a system’s resources so that it cannot perform its normal tasks
Types of DoS Attacks • Application layer • For example, flooding a Web server with requests to prevent legitimate requests • Transport layer • A disruption of TCP by flooding synchronization (SYN) packets that are a part of the 3-way TCP handshake produces a SYN flood • Network layer • Most common is a ping flood causing ICMP echo requests to overload the network bandwidth
Types of DoS Attacks • Data link layer • Floods only a given segment with invalid frames • Physical layer • Blocking, jamming, or removing the media sometimes caused by lightning or backhoe fade (when a carrier line is accidentally cut) • WLANs are most vulnerable at the physical layer because the RF waves penetrate walls and may even be picked up in the parking lot or street
Insertion Attacks • Adding an unauthorized device to a wireless network • Must bypass the security settings • May allow access to the wired LAN or Internet gateway
Interception Attacks • ARP spoofing • The Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses • A node may broadcast a frame over the network to resolve a known IP address to an unknown MAC address • An attacker may supply its own MAC address to cause packets to be sent to the attacker rather than a legitimate receiver
Interception Attacks • Monitoring is when an attacker is able to monitor traffic on the WLAN which may also includes wired LAN traffic+ • Sniffers capture transmitted RF traffic • CommView, Kismet, Sniffer Pro • Session hijacking is when an attacker is able to insert packets into a network
Protecting a WLAN • Develop a company, corporate, or personal WLAN security policy • Implement the 802.11 standard that provides only the range needed to support the network • If the WLAN is small enough that network sniffer won’t be used for analysis and monitoring purposes, disable broadcast pings on the access point • Configure the network with dynamic privacy keys and 802.1x