180 likes | 256 Views
Security in Wireless LAN 802.11. Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp. 5 basic threats to WLAN. Sniffing - eavesdropping Invasion – steal valid STA’s access to gain access to network Traffic redirection – change in ARP table Denial of service (DOS) Flood the network
E N D
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp
5 basic threats to WLAN • Sniffing - eavesdropping • Invasion – steal valid STA’s access to gain access to network • Traffic redirection – change in ARP table • Denial of service (DOS) • Flood the network • Disrupt connection between machines • Prevent a STA from connecting to WLAN • Rogue networks and station redirection – Man- in- the- middle attacks.
IEEE 802.11 Authentication – Open Key • Uses null authentication, Simple • Is the default authentication 2 steps: • A sends a request authentication to B • B sends the result back to A If dot11 Authentication Type at B is set to "Open System" Returns "success" A is mutually authenticated; Otherwise A is not authenticated
Shared key Authentication • Provides a better degree of authentication. • Station must implements WEP (Wired Equivalent Privacy) 4 steps: • Request sends an Authentication frame to AP. • AP replies with a random challenge text generated by the WEP engine( 128 bit). • STA copy the challenge text, encrypt it with a shared key then send the frame to the AP. • AP decrypt the received frame, then verifies the 32- bits CRC “ICV”, and that the challenge text matches the one it sends earlier to the station. • Successful/negative authentication if match/mismatch
Identity Problems Open System authentication • Null authentication. • Messages sent in clear. • Any one can impersonate either the station or the access point. Shared key authentication • Only station authenticates itself. • No mechanism for AP to prove its identity to the station therefore malicious AP. • Only the station is authenticated not the user of the station.
Shared key vulnerabilities (cont…) • Exchanging both challenge and response occurs over the wireless link and is vulnerable to a man-in-the-middle attack.
IEEE 802.11 Wired Equivalent Privacy (WEP) Protocol • The goal is to provide data privacy to the level of a wired network. • (WEP) algorithm is used to prevent eavesdropping. • An encapsulation of 802.11 data frame. • 64- bits key (40-bit secret key,24-bit "init" vector). • Symmetric algorithm because the same key is used for cipher and decipher. • Data integrity checked with CRC-32.
WEP Encryption • A key shared among members of the BSS. • Sender calculates CRC of the frame's data. • WEP appends a new generated 24-bit initialization vector (IV) to the shared key. • WEP PRNG (RC4) is used to generate a key stream. • XORs key stream against (payload + CRC) to produce ciphertext. • The sender also inserts the IV into frame header, and sets the WEP encrypted packet bit indicator.
WEP Decryption • Receiver extracts IV from the frame • appends IV to the BSS shared key, and generates the "per- packet" RC4 key sequence • ciphertext is XORed against the key steam to extract plaintext. • Verification: performs integrity check on plaintext • Compares ICV1 result with the ICV transmitted.
ICV Weakness • How is the attacker able to modify ICV to match the bit-flipped changes to the frame?
WEP Problems-with RC4 • flip a bit in the ciphertext (C) the corresponding bit in the plaintext will be flipped. • Eavesdropper intercepts 2 ciphertext encrypted with the same key stream possible to obtain the XOR of the 2 plaintexts. c1 = p1bc2 = p2b c1c2 = (p1b) (p2b) = p1p2
WEP Problems-with IV • IV is 24 bits cleartext, part of a message. • A small space of initialization vectors guarantees the reuse of the same key stream. • AP constantly send 1500 byte pkt at 11 Mbps will exhaust the space of IV after 1500 * 8/(11 * 10 ^ 6 ) * 2 ^ 24 = 18000s = 5h • When the same key is used by all mobile stations more chances of IV collision.
Cisco enhancements to 802.11 WEP to increase security • Mutual authentication instead of one-way authentication • Secure key derivation using one way hash function • Dynamic WEP keys instead of static WEP keys • Initialization Vector changes
Today & future control Service Set Identifier (SSID) • Each AP has an SSID of the AP to identify itself. STA have to know the SSID of the AP to which it wants to connect. SSID keeps a STA from accidentally connecting to neighboring AP. • This does not solve other security issues and does not keep an attacker from setting up a "rogue" AP that uses the same SSID as the valid AP
Today & future control (cont.) MAC filters • AP check MAC addresses of STAs before being connected to the network • AP keep a list of MAC addresses in long- term memory. • AP may send a RADIUS request with the MAC address as the userID (and a null password ) to a central RADIUS server to check the list for an address.