1 / 35

Wireless Security

Wireless Security. 802.11, RFID, WTLS. 802.11. 802.11 a, b, … Components Wireless station A desktop or laptop PC or PDA with a wireless NIC. Access point A bridge between wireless and wired networks Radio Wired network interface (usually 802.3) Bridging software

cece
Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security 802.11, RFID, WTLS CSE 5349/7349

  2. 802.11 • 802.11 a, b, … • Components • Wireless station • A desktop or laptop PC or PDA with a wireless NIC. • Access point • A bridge between wireless and wired networks • Radio • Wired network interface (usually 802.3) • Bridging software • Aggregates access for multiple wireless stations to wired network. CSE 5349/7349

  3. 802.11 modes • Infrastructure mode • Basic Service Set • One access point • Extended Service Set • Two or more BSSs forming a single subnet. • Most corporate LANs in this mode. • Ad-hoc mode (peer-to-peer) • Independent Basic Service Set • Set of 802.11 wireless stations that communicate directly without an access point. • Useful for quick & easy wireless networks. CSE 5349/7349

  4. Infrastructure mode Access Point Basic Service Set (BSS) – Single cell Station Extended Service Set (ESS) – Multiple cells CSE 5349/7349

  5. Ad-hoc mode Independent Basic Service Set (IBSS) CSE 5349/7349

  6. Open System Authentication • Service Set Identifier (SSID) • Station must specify SSID to Access Point when requesting association. • Multiple APs with same SSID form Extended Service Set. • APs broadcast their SSID. CSE 5349/7349

  7. MAC Address Locking • Access points have Access Control Lists (ACL). • ACL is list of allowed MAC addresses. • E.g. Allow access to: • 00:01:42:0E:12:1F • 00:01:42:F1:72:AE • 00:01:42:4F:E2:01 • But MAC addresses are sniffable and spoofable. • Access Point ACLs are ineffective control. CSE 5349/7349

  8. Interception Range Station outside building perimeter. 100 metres Basic Service Set (BSS) – Single cell CSE 5349/7349

  9. Interception • Wireless LAN uses radio signal. • Not limited to physical building. • Signal is weakened by: • Walls • Floors • Interference • Directional antenna allows interception over longer distances. CSE 5349/7349

  10. Directional Antenna • Directional antenna provides focused reception. • D-I-Y plans available. • Aluminium cake tin. • 11 Mbps at 750 meters. • http://www.saunalahti.fi/~elepal/antennie.html CSE 5349/7349

  11. 802.11b Security Services • Two security services provided: • Authentication • Shared Key Authentication • Encryption • Wired Equivalence Privacy CSE 5349/7349

  12. Wired Equivalence Privacy • Shared key between • Stations. • An Access Point. • Extended Service Set • All Access Points will have same shared key. • No key management • Shared key entered manually into • Stations • Access points • Key management a problem in large wireless LANs CSE 5349/7349

  13. RC4 Refresher: • RC4 uses key sizes from 1 bit to 2048 bits. • RC4 generates a stream of pseudo random bits • XORed with plaintext to create ciphertext. CSE 5349/7349

  14. WEP – Sending • Compute Integrity Check Vector (ICV). • Provides integrity • 32 bit Cyclic Redundancy Check. • Appended to message to create plaintext. • Plaintext encrypted via RC4 • Provides confidentiality. • Plaintext XORed with long key stream of pseudo random bits. • Key stream is function of • 40-bit secret key • 24 bit initialisation vector (more later) • Ciphertext is transmitted. CSE 5349/7349

  15. Initialization Vector • IV must be different for every message transmitted. • 802.11 standard doesn’t specify how IV is calculated. • Wireless cards use several methods • Some use a simple ascending counter for each message. • Some switch between alternate ascending and descending counters. • Some use a pseudo random IV generator. CSE 5349/7349

  16. WEP Encryption IV Cipher text Initialisation Vector (IV) || PRNG Key Stream  Seed Secret key Plaintext || 32 bit CRC ICV Message CSE 5349/7349

  17. WEP – Receiving • Ciphertext is received. • Ciphertext decrypted via RC4 • Ciphertext XORed with long key stream of pseudo random bits. • Check ICV • Separate ICV from message. • Compute ICV for message • Compare with received ICV CSE 5349/7349

  18. Shared Key Authentication • When station requests association with Access Point • AP sends random number to station • Station encrypts random number • Uses RC4, 40 bit shared secret key & 24 bit IV • Encrypted random number sent to AP • AP decrypts received message • Uses RC4, 40 bit shared secret key & 24 bit IV • AP compares decrypted random number to transmitted random number CSE 5349/7349

  19. Security - Summary • Shared secret key required for: • Associating with an access point. • Sending data. • Receiving data. • Messages are encrypted. • Confidentiality. • Messages have checksum. • Integrity. • But SSID still broadcast in clear. CSE 5349/7349

  20. Security Attacks • Targeted network segment • Free Internet • Malicious use of identity • Access to other network resources • Malicious association • Host AP • Interference Jamming • Easy to jam the signals • DOS through repeated, albeit unsuccessful access requests (management messages are not authenticated. Egs. Wlan-jack) • DoS through disassociation commands • Interference with other appliances (2.4 G spectrum) • Attack against MAC authentication • Can spoof MAC with loadable firmware • Defense? • Vulnerability through ad hoc mode CSE 5349/7349

  21. 802.11 Insecurities • Authentication – two options • Open • Shared-key • Shared-key more insecure? • Static key management • If one device is compromised/stolen, everyone should change the key • Hard to detect • WEP keys • 40 or 128 can be cracked in less than 15 minutes CSE 5349/7349

  22. IV Collision attack • If 24 bit IV is an ascending counter, • If Access Point transmits at 11 Mbps, IVs exhausted in roughly 5 hours. • Passive attack: • Attacker collects all traffic • Attacker could collect two encrypted messages: • If two messages EM1, EM2, both encrypted with same key stream ( same key and same IV) • EM1  EM2 = M1  M2 • Effectively removes the key stream • Can now try to derive plaintext messages CSE 5349/7349

  23. Limited WEP keys • Some vendors allow limited WEP keys • User types in a password • WEP key is generated from passphrase • Passphrases creates only 21 bits of 40 bit key. • Reduces key strength to 21 bits = 2,097,152 • Remaining 19 bits are predictable. • 21 bit key can be brute forced in minutes. CSE 5349/7349

  24. Brute Force Key Attack • Capture ciphertext. • IV is included in message. • Search all 240 possible secret keys. • 1,099,511,627,776 keys • ~200 days on a modern laptop • Find which key decrypts ciphertext to plaintext. CSE 5349/7349

  25. 128 bit WEP • Vendors have extended WEP to 128 bit keys. • 104 bit secret key. • 24 bit IV. • Brute force takes 10^19 years for 104-bit key. • Effectively safeguards against brute force attacks. CSE 5349/7349

  26. IV weakness • WEP exposes part of PRNG input. • IV is transmitted with message. • Initial keystream can be derived • TCP/IP has fixed structure at start of packets • Attack is practical. • Passive attack. • Non-intrusive. • No warning. CSE 5349/7349

  27. Wepcrack • First tool to demonstrate attack using IV weakness. • Open source • Three components • Weaker IV generator. • Search sniffer output for weaker IVs & record 1st byte. • Cracker to combine weaker IVs and selected 1st bytes. CSE 5349/7349

  28. Airsnort • Automated tool • Does it all! • Sniffs • Searches for weaker IVs • Records encrypted data • Until key is derived. CSE 5349/7349

  29. Safeguards • Security Policy & Architecture Design • Treat as untrusted LAN • Discover unauthorised use • Access point audits • Station protection • Access point location • Antenna design CSE 5349/7349

  30. Wireless as Untrusted LAN • Treat wireless as untrusted. • Similar to Internet. • Firewall between WLAN and Backbone. • Extra authentication required. • Intrusion Detection • WLAN / Backbone junction. • Vulnerability assessments CSE 5349/7349

  31. Discover Unauthorised Use • Search for unauthorised access points or ad-hoc networks • Port scanning • For unknown SNMP agents. • For unknown web or telnet interfaces. • Warwalking! • Sniff 802.11 packets • Identify IP addresses • Detect signal strength • May sniff your neighbours… CSE 5349/7349

  32. Location of AP • Ideally locate access points • In centre of buildings. • Try to avoid access points • By windows • On external walls • Line of sight to outside • Use directional antenna to “point” radio signal. CSE 5349/7349

  33. IPSec VPN • IPSec client placed on every PC connected to the WLAN • Filters to prevent traffic from reaching anywhere other than VPN gateway and DHCP/DNS server • Can combine user authentication also CSE 5349/7349

  34. IEEE 802.11i • A new framework for wireless security • Centralized authentication • Dynamic key distribution • Will apply to 802.11 a,b & g • Uses 802.1X as authentication framework • Extensible Authentication Protocol (EAP), RFC 2284 (EAP-TLS & LEAP) • Mutual authentication between client and authentication server (RADIUS) • Encryption keys dynamically derived after authentication • Session timeout triggers reauthentication CSE 5349/7349

  35. 802.11i – Encryption Enhancements • Temporal Key Integrity Protocol (TKIP) • RC4 still used • Per-packet keys • Hash functions for MIC instead of CRC 32 • Only firmware upgrade required • AES • AES cipher replaces RC4 • Will require new hardware CSE 5349/7349

More Related