530 likes | 645 Views
Lesson 12- Wireless and Instant Messaging. Overview. What is Wireless? The term wireless refers to telecommunication technology, in which radio waves, infrared waves and microwaves, instead of cables or wires, are used to carry a signal to connect communication devices.
E N D
Overview • What is Wireless?The term wireless refers to telecommunication technology, in which radio waves, infrared waves and microwaves, instead of cables or wires, are used to carry a signal to connect communication devices. • These devices include pagers, cell phones, portable PCs, computer networks, location devices, satellite systems and handheld digital assistants. • Wireless networking is the transmission of data using a physical topology, not direct physical links.
Wireless Data Networks 2.5 GHz Service Circuit and Packet Data Cellular, CDPD, Mobitex, DataTac Broadband PCS Narrowband PCS 50 Mbps 802.11 is WiFi WAP is small handhelds Spread Spectrum Wireless LANs 10 Mbps Infrared Wireless LANs 2 Mbps 1 Mbps Data Rates 56 Kbps 19.6 Kbps Narrow Band Wireless LANs Satellite 9.6 Kbps Local Wide Coverage Area
Wireless Technologies PAN LAN MAN WAN 802.11a, 11b, 11g HiperLAN2 802.11 MMDS, LMDS GSM, GPRS, CDMA, 2.5–3G Standards Bluetooth Speed <1 Mbps 2–54+ Mbps 22+ Mbps 10–384 Kbps Range Short Medium Medium–Long Long PDAs, Mobile Phones, Cellular Access Peer-to-Peer Device-to-Device Enterprise Networks Fixed, Last Mile Access Applications WAN (Wide Area Network) MAN (Metropolitan Area Network) LAN (Local Area Network) PAN (Personal Area Network)
Bluetooth • Bluetooth wireless technology is a short-range radio technology. • Bluetooth wireless technology makes it possible to transmit signals over short distances between telephones, computers and other devices and thereby simplify communication and synchronization between devices. • The Bluetooth wireless technology comprises hardware, software and interoperability requirements. • Transmits at up to 1 Mbps over a distance of 33 feet and is not impeded by physical barriers
Bluetooth – Blue Snarfing • Blue-snarfing, the technique leaves no trace of intrusion, steals the contents of a cellphone's address book , or even gain access to a user's laptop. • "Bluejacking" allows a user to send an anonymous and unauthorized message to another cell user. It has become primarily a means of entertainment for some individuals in crowded places - who'll send anonymous comments like "I like your tie" to people nearby. Bluetooth was named after the 10th century Danish King Harold Bluetooth, who was responsible for unifying Scandinavia
WiFi and IM Security • Wireless and instant messaging are two topics of concern to computer and network security professionals. • Wireless networks broadcast signals across public airwaves. • There is no control over the physical layer of the traffic. • Attackers can listen and capture all the packets for examination. • Attackers may modify the traffic being sent, or send their own traffic to disrupt the system. • IM is installed on any networked machine and allow: • Unencrypted traffic to and from the Internet-based messaging servers. • Uncontrolled file transfer.
Wireless • Two of the most common point-to-multipoint systems are: • Wireless Application Protocol (WAP) • a system developed to send data to small handheld devices such as cellular phones, wireless e-mail handhelds, and PDAs. • IEEE 802.11 • The 802.11 protocol has been standardized by the IEEE for wireless local area networks and has three versions currently in production, 802.11b, 802.11a, and the most recent 802.11g.
WAP and WTLS • Wireless Application Protocol • WAP was designed to support all the services of the new PDA and wireless e-mail devices including cell phone and pager capabilities • Wireless Transport Layer Security • WTLS was developed to avoid broadcasting clear data. • It is a lightweight encryption protocol derived from the current Transport Layer Security (TLS) protocol in use across the Internet. • Designed to meet fundamental requirements for security: confidentiality, integrity, and authentication.
CIA • Confidentiality - Only authorized users can read sent and received packets • Wireless affords no control over the physical medium • The best way to ensure confidentiality is to encrypt the data and send it over the airwaves as ciphertext. • Integrity • Integrity is accomplished by indicating that the information has not been modified. http://en.wikipedia.org/wiki/Ciphertext • Authentication • Authentication is two way, both sender and receiver needs assurance that the other party is who they say they are. • WTLS Authentication can be performed in several ways, including digital certificates, tokens, or simple passwords.
Wireless Transport Layer Security (WTLS) Protocol SSL and TLS work great on high speed LANs, but are not efficient for devices that have less processing power and lower bandwidth • WTLS provides authentication, data encryption, and data privacy for WAP devices. • WTLS uses a modified version of the TLS protocol, formerly known as SSL. • The WTLS protocol supports several encryption algorithms, including DES, Triple DES(3DES), RC5, and IDEA. • They can support 40- and 56-bit keys in the case of DES and 3DES, and 40-, 56-, and 128-bit keys in the case of RC5 and IDEA. • WTLS must carry out a key exchange, exactly as TLS does. • WTLS supports several key exchange methods: Diffie-Hellman, Elliptic Curve Diffie-Hellman, and RSA.
WTLS Protocol Authentication • WAP device sends request for authentication • Gateway responds, then sends a copy of its certificate – which contains gateway’s public key – to the WAP device • WAP device receives the certificate and public key and generates a unique random value • WAP gateway receives encrypted value and uses its own private key to decrypt it
Integrity • This may be done by generating a checksum of the message with a one-way hash function. • When the receiver gets the data, it hashes it as well and compares the two sums. • If they match, then the data was unaltered. • WTLS implements integrity by using message authentication codes (MACs). • A MAC algorithm generates a one-way hash of the compressed WTLS data. WTLS supports the MD5 and SHA MAC algorithms.
Security Issues with WTLS • WTLS protocol is designed around more capable servers than devices, and the devices using the protocol have small amounts of memory and limited processor capacity. • Because of low memory or CPU capabilities encryption cannot be implemented, which greatly reduces confidentiality. • Authentication is an option in the protocol and is done with digital certificates. • Security threats posed by WAP gap • WTLS uses weaker keys • WLAN Service set identifiers (SSIDs - later) • There are known security vulnerabilities in the implementation of WTLS, including: • Chosen plaintext attack • PKCS #1 attack • Alert message truncation attack
WTLS Chosen Plain Text • The chosen plaintext attack works on the principle of predictable Initialization Vectors (IVs). • By the nature of the transport medium that it is using, WAP, WTLS needs to support unreliable transport. • This forces the IV to be based upon data already known to the client, and WTLS uses a linear IV computation. • The IV is based on the sequence number of the packet and several packets are sent unencrypted, severely decreasing entropy, which reduces confidentiality.
PKCS and AMT Attacks • PKCS #1 attack - PKCS used with RSA encryption gives a standard for formatting the padding used to generate a correctly formatted block size. • When the client receives the block, it will reply to the sender as to the validity of the block. • In the PKCS #1 attack, an attacker attempts to send multiple guesses at the padding to force a padding error. • Alert message truncation attack -Alert messages in WTLS are sometimes sent in plaintext and are not authenticated. • This allows an attacker to overwrite an encrypted packet from the actual sender with a plaintext alert message. • It would lead to possible disruption of the connection through a truncation attack.
WAP GAP security issue • There is concern over the so-called “WAP GAP.” • Confidentiality of information is vulnerable where two different networks meet. • WTLS acts as the security protocol for the WAP network, and TLS is the standard for the Internet, and the WAP gateway translates one encryption standard to the other in plaintext. • A WAP gateway is an especially appealing target, as plaintext messages are processed through it from all wireless devices, not just a single user.
802.11 • Introduced in 1990 • Defined cable-free local area network with either fixed or mobile locations that transmit at either 1 or 2 Mbps which was insufficient for most network applications • A new standard was developed for sending packetsized data traffic over radio waves in the unlicensed 2.4 Ghz band. • Unlicensed, means it does not have to be certified by the FCC, and devices could possible share the bandwidth with other devices such as cordless phones, baby monitors etc.
802.11 • First standard finalized in 1997 defined three types of transmission at Physical layer • Diffused infrared - based on infrared transmissions • Spread spectrum uses two methods to spread the signal over a wider area • Frequency hopping spread spectrum (FHSS) – radio based • Direct sequence spread spectrum (DSSS) - radio-based • Radio signals use narrow-band transmission that are vulnerable to outside interference • Spread spectrum transmission takes a narrow signal and spreads it over a broader portion of the radio frequency band • Spread spectrum is more resistant to outside interference and produces fewer errors
Three Wireless Technologies 802.11b 802.11g 802.11a Frequency Band 2.4 GHz 5 GHz 2.4 GHz Worldwide US/AP Worldwide Availability MaximumData rate 11 Mbps 54 Mbps 54 Mbps Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices Other Services (Interference) HyperLAN Devices The Laws of Radio Dynamics: Higher Data Rates = Shorter Transmission RangeHigher Power Output = Increased Range, but Lower Battery LifeHigher Frequency Radios = Higher Data Rates Shorter Ranges
802.11 • As 802.11 matured, easy to use and affordable, security experts started to deconstruct the security built into the standard. • 802.11a • Uses an orthogonal frequency division (OFDM) multiplexing encoding scheme rather than FHSS or DSSS • The 802.11a protocol works only to improve the speed of the network and does not have security updates. • Approved in 1999 • 802.11b • Sometimes referred to as “Wi-Fi” when associated with WECA certified devices • Uses only DSSS • Approved in 1999 • 802.11g • Uses the OFDM transmission • The 802.11g standard does support a longer WEP key. • It does not solve the problems with WEP. • Draft created in January 2002; final approval expected in late 2002 or early 2003 • For security purposes, 802.11b and 802.11g are nearly identical.
Wi-Fi™ • Wi-Fi™ Alliance • Wireless Fidelity Alliance • 170+ members • Over 350 products certified • Wi-Fi’s™ Mission • Certify interoperability of WLAN products (802.11) • Wi-Fi™ is the “stamp of approval” • Promote Wi-Fi™as the global standard
802.11 Authentication and Association • The 802.11 standard includes rudimentary authentication and confidentiality controls. • Authentication is handled in its most basic form by the 802.11 access point (AP). • It forces the clients to perform a handshake when attempting to “associate” to the AP. Association is the process needed before the AP will allow the client to talk across the AP to the network. • Association occurs only if the client has all the correct parameters needed such as the service set identifier (SSID) in the handshake.
802.11 Attack Tools • Once the limited security functions of a wireless network are broken, it behaves exactly like a regular Ethernet network and is subject to the same vulnerabilities. • Windows-based tools for locating and sniffing wireless-based networks have turned anyone who can download files from the Internet and has a wireless card into a potential attacker. • The most common tools used by an attacker are reception-based programs that listen to the beacon frames put out by wireless devices and programs promiscuously capture all traffic.
802.11 Access Security • Access to actual wired ethernet segments is protected by physical security measures but wireless will broadcast beyond physical network • Attack is easy due to the low cost of the equipment needed. • A single wireless access card costing less fifty dollars can give access to any unsecured access point within 300 feet • An attacker can probe and log packets without giving any indication that an attempted intrusion is taking place. • The attempted association is recorded only by the MAC address of the wireless card associated to it. • Most APs do not alert when users associate to it.
Wireless LAN Security - War Driving “War Driving” Hacking into WEP War driving (drive-by hacking or LAN-jacking) is a play on “war dialing”. War dialing, in turn, comes from the 1983 movie War Games, now a classic in computer cracking circles. Literally, war driving is using a laptop‘s to pick up unsecured wireless networks for anonymous and free high-speed Internet access, akin to stealing long-distance phone service.
War Chalking • Welcome to Warchalking! Warchalking is the practice of marking a series of symbols on sidewalks and walls to indicate nearby wireless access. That way, other computer users can pop open their laptops and connect to the Internet wirelessly. It was inspired by the practice of hobos during the Great Depression to use chalk marks to indicate which homes were friendly.
War Flying • War flying uses airplanes to find the wireless access points. The obvious advantage is the extra height provides an unobstructed line. • Some people think war driving is illegal. Actually accessing someone's network is illegal, but detecting the network is not. You can think of war driving as walking up to a house, and checking to see if the door is unlocked. If you find an unlocked door, you write down the address and move to the next house. It becomes illegal when you open the door and walk in, which is similar to accessing the Internet through a AP without the owner's permission.
Using a Sniffer • Specialized sniffer tools have emerged recently, with a single objective, to crack WEP keys. • A sniffer and a wireless network card are a powerful attack tool. • A shared media wireless network exposes all packets to interception and logging. • They work by exploiting weak initialization vectors in the encryption algorithm. • To exploit this weakness, you need a certain number of ciphertext packets. However, once you have captured enough packets, the program can decipher the encryption key being used very quickly. • Popular wireless sniffers are Ethereal, WildPackets AiroPeek and Sniffer Pro 4.0.
NetStumbler • The most widely used of these programs is called Netstumbler by Marius Milner. • It listens for access point beacon frames in a range and logs all available information about the access point for later analysis. • If the computer has a GPS unit attached to it, the program also logs the coordinates of the access point. • This information can be used to return to the access point, or to plot maps of access points in a city. • This is a Windows-based application, but there are programs that work on the same principle for Mac, BSD, Linux, and other operating systems.
802.11 Security Tools • There are two basic tools for security: • Authentication, provided by SSID. • Authentication and confidentiality, provided by WEP.
802.11 Authentication Tools • The authentication function (service set identifier (SSID)). • The SSID is a unique 32-character identifier attached to the header of the packet. • Only individuals who know the identifier will be able to complete association to the access point. • The SSID is sent in plaintext in the packets, so in practice SSID has little security significance. • A sniffer can determine the SSID.Some operating systems display a list of SSIDs active in the area. • This weakness is magnified by the default setting of most access points, to transmit beacon frames. • The purpose of beacon frame is to announce the presence and capabilities of wireless network so that WLAN cards can associate.
802.11 confidentiality and authentication • The standard protects confidentiality with Wired Equivalent Privacy (WEP), a key. • WEP uses the RC4 stream cipher to encrypt data as it is transmitted through the air • Is synchronous and based upon a key shared by the AP and all the clients using the AP. • Uses a symmetric key to authenticate wireless devices (not wireless device users) and to guarantee integrity of data by encrypting transmissions • Client sends a request to the AP asking for permission to access the wired network • If WEP has not been enabled (default), the AP allows the request to pass • If WEP has been enabled, client begins a challenge-and-response authentication process WEP is easily attacked WEPcrack
WEP Vulnerability • The initialization vector is the weaknesses in WEP since it is sent in the plaintext part of the message. • The total keyspace is approximately 16 million keys. • Once the key is repeated, the attacker has two ciphertexts encrypted with the same key stream. • The attacker may examine the ciphertext and retrieve the key. • The weakness of the WEP protocol is that the IV problem exists regardless of key length. • The IV always remains at 24 bits.
802.11i Standard • The 802.11i standard is to be the new IEEE standard for security in wireless networks. • It will specify the use of 802.1x to provide authentication, and the use of AES as the encryption protocol. • The 802.11i standard specifies a Temporal Key Integrity Protocol (TKIP). • TKIP uses a shared secret combined with the card's MAC address to generate a new key. This is then mixed with the initialization vector to make per-packet keys that then encrypt a single packet using the same RC4 cipher that traditional WEP uses. • This overcomes the WEP key weakness, as a key is used on only one packet. • The other advantage of this method is that it can be retrofitted to the current hardware with only a software change, unlike AES and 802.1X. • A second specification is the Counter Mode with CBC-MAC Protocol (in full, the Counter Mode with Cipher Block Chaining–Message Authentication Codes Protocol, or simply CCMP).
802.1x Standard • The 802.1X protocol supports a variety of authentication methods. • It fits into existing authentication systems such as RADIUS and LDAP. • It allows 802.1X to interoperate well with other systems such as VPNs and dial-up RAS. • There are four common ways of implementing 802.1X: • EAP-TLS • EAP-TTLS • EAP-MD5 • EAP–Cisco Wireless or LEAP
802.11x EAP-TLS • EAP-TLS uses X.509 certificates and offers dynamic WEP key generation thus requiring the organization to have the ability to support PKI in the form of X.509 digital certificates. • Each user individually has a WEP key. • EAP-TLS protocol is designed to work with only Microsoft's Active Directory and Certificate Services. • It will not take certificates from other certificate issuers. • EAP-TTLS (EAP–Tunneled TLS Protocol) works much the same way as EAP-TLS, with the server authenticating to the client with a certificate. • It allows the use of legacy authentication protocols such as PAP, CHAP, MS-CHAP, or MS-CHAP-V2.
802.11x EAP-MD5 • EAP-MD5 protocol uses the MD5 encryption protocol to hash a user's username and password. • The problem with this protocol is that it provides no way for the access point to authenticate with the client, and that it does not provide for dynamic WEP key assignment. • In the wireless environment, without strong two-way authentication, it is very easy for an attacker to perform a man-in-the-middle-type attack.
802.11x LEAP • The LEAP protocol developed by Cisco works much like EAP-MD5. • LEAP differs from EAP-MD5 by requiring two-way authentication, causing the access point to authenticate to the client as well as the client to the access point. • It also generates per-user per-session WEP keys, helping to defeat attackers sniffing the network.
WLAN Security:802.1X Authentication • Mutual Authentication • EAP-TLS • EAP-Transport Layer Security • Mutual Authentication implementation • Used in WPA interoperability testing • LEAP • “Lightweight” EAP • Nearly all major OS’s supported: • WinXP/2K/NT/ME/98/95/CE, Linux, Mac, DOS • PEAP • “Protected” EAP • Uses certificates or One Time Passwords (OTP) • Supported by Cisco, Microsoft, & RSA • GTC (Cisco) & MSCHAPv2 (Microsoft) versions Radius Server AP Client
WLAN Security Hierarchy Enhanced Security 802.1x, TKIP/WPA Encryption, Mutual Authentication, Scalable Key Mgmt., etc. Basic Security Open Access 40-bit or 128-bitStatic WEP Encryption No Encryption, Basic Authentication Home Use Business Public “Hotspots” VirtualPrivateNetwork (VPN) Business Traveler, Telecommuter Remote Access
Authentication Types Summary • Open Authentication to the Access Point with WEP, doesn’t rely on RADIUS/TACACS+ server • Shared Key Authentication to the Access Point – not recommended • EAP Authentication to the Network – Combo EAP and RADIUS/TACACS+ • MAC Address Authentication to the Network – MACs can be spoofed, but better than nothing • Combining MAC-Based, EAP, and Open Authentication • Using CCKM for Authenticated Clients – allows Roaming • Using WPA Key Management
Instant Messaging (IM) • IM - Uses a real-time communication model • The programs had to appeal to a wide variety of users, so ease of use was paramount, and security was not a priority. • Can be used on both wired and wireless devices • The program is now being used not only for personal chatting on the Internet, but also for legitimate business use. • Easy and fast • Internet Relay Chat (IRC) – earliest server to server chat • ICQ – Precursor to AOL chat and AOL purchased • AOL Instant Messenger (AIM) • MSN Messenger • Yahoo! Messenger
IM architecture • Instant messaging programs are designed to attach to a server, or network of servers . • Operates in two models: • Peer-to-peer model • May cause client to expose sensitive information • Peer-to-network model • Risk of network outage and DoS attacks making IM communication unavailable • with the server acting as an intermediary, client IP addresses are usually protected unlike in the peer-to-peer model where direct communication exists.
IM Architecture • The nature of this type of communication opens several holes in a system's security. • When attached to a server, it announces the IP address of the originating client. • If other users are to be able to send you messages, the program must announce your presence on the server. • This displays that the computer is on, and possibly broadcasting the source IP address to anyone who is looking. • This is not a problem in most applications, but IM identifies a specific user associated with the IP address
Issues • File Attachments • All IM clients support sending files as attachments. • No Encryption. • Without an IM server, plain text messages go directly to the internet. • Rogue Applications - typically installed by the end user • can be controlled by eliminating the applications' ports through the firewall. • If server is not available on the default ports, some IM applications begin to scan all ports looking for one that is allowed out of the firewall. • IM applications work only in a networked environment and, therefore, are forced to accept traffic as well as send it.