Wireless lan security
Download
1 / 60

Wireless LAN Security - PowerPoint PPT Presentation


  • 203 Views
  • Uploaded on

Wireless LAN Security. Matthew Joyce Rutherford Appleton Laboratory, CCLRC. WLAN Security - Contents. Wireless LAN 802.11 Technology Security History Vulnerabilities Demonstration. Wireless LANs. IEEE ratified 802.11 in 1997. Also known as Wi-Fi. Wireless LAN at 1 Mbps & 2 Mbps.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Wireless LAN Security' - jeneva


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wireless lan security

Wireless LAN Security

Matthew Joyce

Rutherford Appleton Laboratory, CCLRC

WLAN Security


Wlan security contents
WLAN Security - Contents

  • Wireless LAN 802.11

  • Technology

  • Security History

  • Vulnerabilities

  • Demonstration

WLAN Security


Wireless lans
Wireless LANs

  • IEEE ratified 802.11 in 1997.

    • Also known as Wi-Fi.

  • Wireless LAN at 1 Mbps & 2 Mbps.

  • WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability.

    • Now Wi-Fi Alliance

  • 802.11 focuses on Layer 1 & Layer 2 of OSI model.

    • Physical layer

    • Data link layer

WLAN Security


802 11 components
802.11 Components

  • Two pieces of equipment defined:

    • Wireless station

      • A desktop or laptop PC or PDA with a wireless NIC.

    • Access point

      • A bridge between wireless and wired networks

      • Composed of

        • Radio

        • Wired network interface (usually 802.3)

        • Bridging software

      • Aggregates access for multiple wireless stations to wired network.

WLAN Security


802 11 modes
802.11 modes

  • Infrastructure mode

    • Basic Service Set

      • One access point

    • Extended Service Set

      • Two or more BSSs forming a single subnet.

    • Most corporate LANs in this mode.

  • Ad-hoc mode

    • Also called peer-to-peer.

    • Independent Basic Service Set

    • Set of 802.11 wireless stations that communicate directly without an access point.

      • Useful for quick & easy wireless networks.

WLAN Security


Infrastructure mode
Infrastructure mode

Access Point

Basic Service Set (BSS) –

Single cell

Station

Extended Service Set (ESS) –

Multiple cells

WLAN Security


Ad hoc mode
Ad-hoc mode

Independent Basic Service Set (IBSS)

WLAN Security


802 11 physical layer
802.11 Physical Layer

  • Originally three alternative physical layers

    • Two incompatible spread-spectrum radio in 2.4Ghz ISM band

      • Frequency Hopping Spread Spectrum (FHSS)

        • 75 channels

      • Direct Sequence Spread Spectrum (DSSS)

        • 14 channels (11 channels in US)

    • One diffuse infrared layer

  • 802.11 speed

    • 1 Mbps or 2 Mbps.

WLAN Security


802 11 data link layer
802.11 Data Link Layer

  • Layer 2 split into:

    • Logical Link Control (LLC).

    • Media Access Control (MAC).

  • LLC - same 48-bit addresses as 802.3.

  • MAC - CSMA/CD not possible.

    • Can’t listen for collision while transmitting.

  • CSMA/CA – Collision Avoidance.

    • Sender waits for clear air, waits random time, then sends data.

    • Receiver sends explicit ACK when data arrives intact.

    • Also handles interference.

    • But adds overhead.

  • 802.11 always slower than equivalent 802.3.

WLAN Security


Hidden nodes
Hidden nodes

WLAN Security


Rts cts
RTS / CTS

  • To handle hidden nodes

  • Sending station sends

    • “Request to Send”

  • Access point responds with

    • “Clear to Send”

    • All other stations hear this and delay any transmissions.

  • Only used for larger pieces of data.

    • When retransmission may waste significant time.

WLAN Security


802 11b
802.11b

  • 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps.

  • DSSS as physical layer.

    • 11 channels (3 non-overlapping)

  • Dynamic rate shifting.

    • Transparent to higher layers

    • Ideally 11 Mbps.

    • Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps.

      • Higher ranges.

      • Interference.

    • Shifts back up when possible.

  • Maximum specified range 100 metres

  • Average throughput of 4Mbps

  • WLAN Security


    Joining a bss
    Joining a BSS

    • When 802.11 client enters range of one or more APs

      • APs send beacons.

      • AP beacon can include SSID.

      • AP chosen on signal strength and observed error rates.

      • After AP accepts client.

        • Client tunes to AP channel.

    • Periodically, all channels surveyed.

      • To check for stronger or more reliable APs.

      • If found, reassociates with new AP.

    WLAN Security


    Access point roaming
    Access Point Roaming

    Channel 1

    Channel 4

    Channel 9

    Channel 7

    WLAN Security


    Roaming and channels
    Roaming and Channels

    • Reassociation with APs

      • Moving out of range.

      • High error rates.

      • High network traffic.

        • Allows load balancing.

    • Each AP has a channel.

      • 14 partially overlapping channels.

      • Only three channels that have no overlap.

        • Best for multicell coverage.

    WLAN Security


    802 11a
    802.11a

    • 802.11a ratified in 2001

    • Supports up to 54Mbps in 5 Ghz range.

      • Higher frequency limits the range

      • Regulated frequency reduces interference from other devices

    • 12 non-overlapping channels

    • Usable range of 30 metres

    • Average throughput of 30 Mbps

    • Not backwards compatible

    WLAN Security


    802 11g
    802.11g

    • 802.11g ratified in 2002

    • Supports up to 54Mbps in 2.4Ghz range.

      • Backwards compatible with 802.11b

    • 3 non-overlapping channels

    • Range similar to 802.11b

    • Average throughput of 30 Mbps

    • 802.11n due for November 2006

      • Aiming for maximum 200Mbps with average 100Mbps

    WLAN Security


    Open system authentication
    Open System Authentication

    • Service Set Identifier (SSID)

    • Station must specify SSID to Access Point when requesting association.

    • Multiple APs with same SSID form Extended Service Set.

    • APs can broadcast their SSID.

    • Some clients allow * as SSID.

      • Associates with strongest AP regardless of SSID.

    WLAN Security


    Mac acls and ssid hiding
    MAC ACLs and SSID hiding

    • Access points have Access Control Lists (ACL).

    • ACL is list of allowed MAC addresses.

      • E.g. Allow access to:

        • 00:01:42:0E:12:1F

        • 00:01:42:F1:72:AE

        • 00:01:42:4F:E2:01

    • But MAC addresses are sniffable and spoofable.

    • AP Beacons without SSID

      • Essid_jack

        • sends deauthenticate frames to client

        • SSID then displayed when client sends reauthenticate frames

    WLAN Security


    Interception range
    Interception Range

    Station outside

    building perimeter.

    100 metres

    Basic Service Set (BSS) –

    Single cell

    WLAN Security


    Interception
    Interception

    • Wireless LAN uses radio signal.

    • Not limited to physical building.

    • Signal is weakened by:

      • Walls

      • Floors

      • Interference

    • Directional antenna allows interception over longer distances.

    WLAN Security


    Directional antenna
    Directional Antenna

    • Directional antenna provides focused reception.

    • DIY plans available.

      • Aluminium cake tin

      • Chinese cooking sieve

      • http://www.saunalahti.fi/~elepal/antennie.html

      • http://www.usbwifi.orcon.net.nz/

    WLAN Security


    Wardriving
    WarDriving

    • Software

      • Netstumbler

      • And many more

    • Laptop

    • 802.11b,g or a PC card

    • Optional:

      • Global Positioning System

      • Car, bicycle, boat…

    • Logging of MAC address, network name, SSID, manufacturer, channel, signal strength, noise (GPS - location).

    WLAN Security


    Wardriving results
    WarDriving results

    • San Francisco, 2001

      • Maximum 55 miles per hour.

      • 1500 Access Points

      • 60% in default configuration.

      • Most connected to internal backbones.

      • 85% use Open System Authentication.

    • Commercial directional antenna

      • 25 mile range from hilltops.

    • Peter Shipley - http://www.dis.org/filez/openlans.pdf

    WLAN Security


    Worldwide war drive 2004
    Worldwide War Drive 2004

    • Fourth WWWD

      • www.worldwidewaredrive.org

    • 228,537 Access points

    • 82,755 (35%) with default SSID

    • 140,890 (60%) with Open System Authentication

    • 62,859 (27%) with both, probably default configuration

    WLAN Security


    Further issues
    Further issues

    • Access Point configuration

      • Mixtures of SNMP, web, serial, telnet.

        • Default community strings, default passwords.

    • Evil Twin Access Points

      • Stronger signal, capture user authentication.

    • Renegade Access Points

      • Unauthorised wireless LANs.

    WLAN Security


    War driving prosecutions
    War Driving prosecutions

    • February 2004, Texas, Stefan Puffer acquitted of wrongful access after showing an unprotected county WLAN to officials

    • June 2004, North Carolina, Lowes DIY store

      • Botbyl convicted for stealing credit card numbers via unprotected WLAN

      • Timmins convicted for checking email & web browsing via unprotected WLAN

    • June 2004, Connecticut, Myron Tereshchuk guilty of drive-by extortion via unprotected WLANs

      • “make the check payable to M.Tereshchuk”

    • Sep 2004, Los Angeles, Nicholas Tombros guilty of drive-by spamming via unprotected WLANs

    WLAN Security


    802 11b security services
    802.11b Security Services

    • Two security services provided:

    • Authentication

      • Shared Key Authentication

    • Encryption

      • Wired Equivalence Privacy

    WLAN Security


    Wired equivalence privacy
    Wired Equivalence Privacy

    • Shared key between

      • Stations.

      • An Access Point.

    • Extended Service Set

      • All Access Points will have same shared key.

    • No key management

      • Shared key entered manually into

        • Stations

        • Access points

        • Key management nightmare in large wireless LANs

    WLAN Security


    RC4

    • Ron’s Code number 4

      • Symmetric key encryption

      • RSA Security Inc.

      • Designed in 1987.

      • Trade secret until leak in 1994.

    • RC4 can use key sizes from 1 bit to 2048 bits.

    • RC4 generates a stream of pseudo random bits

      • XORed with plaintext to create ciphertext.

    WLAN Security


    Wep sending
    WEP – Sending

    • Compute Integrity Check Vector (ICV).

      • Provides integrity

      • 32 bit Cyclic Redundancy Check.

      • Appended to message to create plaintext.

    • Plaintext encrypted via RC4

      • Provides confidentiality.

      • Plaintext XORed with long key stream of pseudo random bits.

      • Key stream is function of

        • 40-bit secret key

        • 24 bit initialisation vector

    • Ciphertext is transmitted.

    WLAN Security


    Wep encryption
    WEP Encryption

    IV

    Cipher

    text

    Initialisation

    Vector (IV)

    ||

    RC4

    PRNG

    Key stream

    Secret key

    Plaintext

    ||

    32 bit CRC

    WLAN Security


    Wep receiving
    WEP – Receiving

    • Ciphertext is received.

    • Ciphertext decrypted via RC4

      • Ciphertext XORed with long key stream of pseudo random bits.

      • Key stream is function of

        • 40-bit secret key

        • 24 bit initialisation vector (IV)

    • Check ICV

      • Separate ICV from message.

      • Compute ICV for message

      • Compare with received ICV

    WLAN Security


    Shared key authentication
    Shared Key Authentication

    • When station requests association with Access Point

      • AP sends random number to station

      • Station encrypts random number

        • Uses RC4, 40 bit shared secret key & 24 bit IV

      • Encrypted random number sent to AP

      • AP decrypts received message

        • Uses RC4, 40 bit shared secret key & 24 bit IV

      • AP compares decrypted random number to transmitted random number

    • If numbers match, station has shared secret key.

    WLAN Security


    Wep safeguards
    WEP Safeguards

    • Shared secret key required for:

      • Associating with an access point.

      • Sending data.

      • Receiving data.

    • Messages are encrypted.

      • Confidentiality.

    • Messages have checksum.

      • Integrity.

    • But management traffic still broadcast in clear containing SSID.

    WLAN Security


    Initialisation vector
    Initialisation Vector

    • IV must be different for every message transmitted.

    • 802.11 standard doesn’t specify how IV is calculated.

    • Wireless cards use several methods

      • Some use a simple ascending counter for each message.

      • Some switch between alternate ascending and descending counters.

      • Some use a pseudo random IV generator.

    WLAN Security


    Passive wep attack
    Passive WEP attack

    • If 24 bit IV is an ascending counter,

    • If Access Point transmits at 11 Mbps,

    • All IVs are exhausted in roughly 5 hours.

    • Passive attack:

      • Attacker collects all traffic

      • Attacker could collect two messages:

        • Encrypted with same key and same IV

        • Statistical attacks to reveal plaintext

        • Plaintext XOR Ciphertext = Keystream

    WLAN Security


    Active wep attack
    Active WEP attack

    • If attacker knows plaintext and ciphertext pair

      • Keystream is known.

      • Attacker can create correctly encrypted messages.

      • Access Point is deceived into accepting messages.

    • Bitflipping

      • Flip a bit in ciphertext

      • Bit difference in CRC-32 can be computed

    WLAN Security


    Limited wep keys
    Limited WEP keys

    • Some vendors allow limited WEP keys

      • User types in a passphrase

      • WEP key is generated from passphrase

      • Passphrases creates only 21 bits of entropy in 40 bit key.

        • Reduces key strength to 21 bits = 2,097,152

        • Remaining 19 bits are predictable.

        • 21 bit key can be brute forced in minutes.

      • www.lava.net/~newsham/wlan/WEP_password_cracker.ppt

    WLAN Security



    Brute force key attack
    Brute force key attack

    • Capture ciphertext.

      • IV is included in message.

    • Search all 240 possible secret keys.

      • 1,099,511,627,776 keys

      • ~170 days on a modern laptop

    • Find which key decrypts ciphertext to plaintext.

    WLAN Security


    128 bit wep
    128 bit WEP

    • Vendors have extended WEP to 128 bit keys.

      • 104 bit secret key.

      • 24 bit IV.

    • Brute force takes 10^19 years for 104-bit key.

    • Effectively safeguards against brute force attacks.

    WLAN Security


    Key scheduling weakness
    Key Scheduling Weakness

    • Paper from Fluhrer, Mantin, Shamir, 2001.

    • Two weaknesses:

      • Certain keys leak into key stream.

        • Invariance weakness.

      • If portion of PRNG input is exposed,

        • Analysis of initial key stream allows key to be determined.

        • IV weakness.

    WLAN Security


    Iv weakness
    IV weakness

    • WEP exposes part of PRNG input.

      • IV is transmitted with message.

      • Every wireless frame has reliable first byte

        • Sub-network Access Protocol header (SNAP) used in logical link control layer, upper sub-layer of data link layer.

        • First byte is 0xAA

      • Attack is:

        • Capture packets with weak IV

        • First byte ciphertext XOR 0xAA = First byte key stream

        • Can determine key from initial key stream

    • Practical for 40 bit and 104 bit keys

    • Passive attack.

      • Non-intrusive.

      • No warning.

    WLAN Security


    Wepcrack
    Wepcrack

    • First tool to demonstrate attack using IV weakness.

      • Open source, Anton Rager.

    • Three components

      • Weaker IV generator.

      • Search sniffer output for weaker IVs & record 1st byte.

      • Cracker to combine weaker IVs and selected 1st bytes.

    • Cumbersome.

    WLAN Security


    Airsnort
    Airsnort

    • Automated tool

      • Cypher42, Minnesota, USA.

      • Does it all!

      • Sniffs

      • Searches for weaker IVs

      • Records encrypted data

      • Until key is derived.

    • 100 Mb to 1 Gb of transmitted data.

    • 3 to 4 hours on a very busy WLAN.

    WLAN Security


    Avoid the weak ivs
    Avoid the weak IVs

    • FMS described a simple method to find weak IVs

      • Many manufacturers avoid those IVs after 2002

      • Therefore Airsnort and others may not work on recent hardware

    • However David Hulton aka h1kari

      • Properly implemented FMS attack which shows many more weak IVs

      • Identified IVs that leak into second byte of key stream.

      • Second byte of SNAP header is also 0xAA

      • So attack still works on recent hardware

      • And is faster on older hardware

      • Dwepcrack, weplab, aircrack

    WLAN Security


    Generating wep traffic
    Generating WEP traffic

    • Not capturing enough traffic?

      • Capture encrypted ARP request packets

      • Anecdotally lengths of 68, 118 and 368 bytes appear appropriate

      • Replay encrypted ARP packets to generate encrypted ARP replies

      • Aireplay implements this.

    WLAN Security


    802 11 safeguards
    802.11 safeguards

    • Security Policy & Architecture Design

    • Treat as untrusted LAN

    • Discover unauthorised use

    • Access point audits

    • Station protection

    • Access point location

    • Antenna design

    WLAN Security


    Security policy architecture
    Security Policy & Architecture

    • Define use of wireless network

      • What is allowed

      • What is not allowed

    • Holistic architecture and implementation

      • Consider all threats.

      • Design entire architecture

        • To minimise risk.

    WLAN Security


    Wireless as untrusted lan
    Wireless as untrusted LAN

    • Treat wireless as untrusted.

      • Similar to Internet.

    • Firewall between WLAN and Backbone.

    • Extra authentication required.

    • Intrusion Detection

      • at WLAN / Backbone junction.

    • Vulnerability assessments

    WLAN Security


    Discover unauthorised use
    Discover unauthorised use

    • Search for unauthorised access points, ad-hoc networks or clients.

    • Port scanning

      • For unknown SNMP agents.

      • For unknown web or telnet interfaces.

    • Warwalking!

      • Sniff 802.11 packets

      • Identify IP addresses

      • Detect signal strength

      • But may sniff your neighbours…

    • Wireless Intrusion Detection

      • AirMagnet, AirDefense, Trapeze, Aruba,…

    WLAN Security


    Access point audits
    Access point audits

    • Review security of access points.

    • Are passwords and community strings secure?

    • Use Firewalls & router ACLs

      • Limit use of access point administration interfaces.

    • Standard access point config:

      • SSID

      • WEP keys

      • Community string & password policy

    WLAN Security


    Station protection
    Station protection

    • Personal firewalls

      • Protect the station from attackers.

    • VPN from station into Intranet

      • End-to-end encryption into the trusted network.

      • But consider roaming issues.

    • Host intrusion detection

      • Provide early warning of intrusions onto a station.

    • Configuration scanning

      • Check that stations are securely configured.

    WLAN Security


    Location of access points
    Location of Access Points

    • Ideally locate access points

      • In centre of buildings.

    • Try to avoid access points

      • By windows

      • On external walls

      • Line of sight to outside

    • Use directional antenna to “point” radio signal.

    WLAN Security


    WPA

    • Wi-Fi Protected Access

      • Works with 802.11b, a and g

    • “Fixes” WEP’s problems

    • Existing hardware can be used

    • 802.1x user-level authentication

    • TKIP

      • RC4 session-based dynamic encryption keys

      • Per-packet key derivation

      • Unicast and broadcast key management

      • New 48 bit IV with new sequencing method

      • Michael 8 byte message integrity code (MIC)

    • Optional AES support to replace RC4

    WLAN Security


    Wpa and 802 1x
    WPA and 802.1x

    • 802.1x is a general purpose network access control mechanism

    • WPA has two modes

      • Pre-shared mode, uses pre-shared keys

      • Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision

      • EAP is a transport for authentication, not authentication itself

      • EAP allows arbitrary authentication methods

      • For example, Windows supports

        • EAP-TLS requiring client and server certificates

        • PEAP-MS-CHAPv2

    WLAN Security


    Practical wpa attacks
    Practical WPA attacks

    • Dictionary attack on pre-shared key mode

      • CoWPAtty, Joshua Wright

    • Denial of service attack

      • If WPA equipment sees two packets with invalid MICs in 1 second

        • All clients are disassociated

        • All activity stopped for one minute

        • Two malicious packets a minute enough to stop a wireless network

    WLAN Security


    802 11i
    802.11i

    • Robust Security Network extends WPA

      • Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

      • Based on a mode of AES, with 128 bits keys and 48 bit IV.

      • Also adds dynamic negotiation of authentication and encryption algorithms

      • Allows for future change

    • Does require new hardware

    • www.drizzle.com/~aboba/IEEE/

    WLAN Security


    Relevant rfcs
    Relevant RFCs

    • Radius Extensions: RFC 2869

    • EAP: RFC 2284

    • EAP-TLS: RFC 2716

    WLAN Security


    ad