1 / 42

Wireless and its Security

Wireless and its Security. Jing Tan Department of Computer Science University of Massachusetts, Lowell jtan@cs.uml.edu. My message. It’s (Wireless Security) not too late, but it’s time to start. History of Wireless. Wireless Technologies are relatively old.

larue
Download Presentation

Wireless and its Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless and its Security Jing Tan Department of Computer Science University of Massachusetts, Lowell jtan@cs.uml.edu Jing Tan, Umass-Lowell

  2. My message It’s (Wireless Security) not too late, but it’s time to start. Jing Tan, Umass-Lowell

  3. History of Wireless Wireless Technologies are relatively old. • The development of wireless started about a century ago • The wireless played an important role from world war II to aircraft business and NASA space exploration. • But now the wireless technology has developed into one of today’s hottest topics because of its ability to bring the power of communications and the Internet into the hands of users worldwide. Jing Tan, Umass-Lowell

  4. The Growth of WLANs Demand for wireless access to LANs is fueled by the growth of mobile device. There will be over a billion mobile devices by 2003, and the wireless LAN market is projected to grow to over US$20 billion by 2003. Internet Jing Tan, Umass-Lowell

  5. The Technologies • The wireless technologies • 802.11 and 802.11b • Wired Equivalent Privacy (WEP) • Wireless Application Protocol (WAP) Jing Tan, Umass-Lowell

  6. What’s 802.11/802.11b? • 802.11 and 802.11b standard • In 1997 IEEE published the first world-recognized standard for wireless, 802.11. About two years later, the IEEE published 802.11b, also know as 802.11 High Rate, which specifies the standards for building wireless system that operate with data speeds of up to 11Mbps. Jing Tan, Umass-Lowell

  7. Detail of 802.11/802.11b • Wireless Architecture Modes • 802.11b physical layer • 801.11 Media Access Control Layer (MAC) Jing Tan, Umass-Lowell

  8. Wireless Architecture Modes • Architecture Modes • Infrastructure mode (802.11) All stations in the system connect to an access point, not directly to one another. BBS (Basic Service Set) and ESS (Extended Service Set) • Ad hoc mode (Bluetooth) The stations interconnect directly, without communicating through an access point. Jing Tan, Umass-Lowell

  9. 802.11b physical layer • 802.11b physical layer • One of the most valuable additions the 802.11b standard provides is the standardization for the physical layer support of the two new speeds, 5.5Mpbs and 11Mbps. • To increase the data rate in 802.11b, advanced coding techniques are described Jing Tan, Umass-Lowell

  10. 801.11 Media Access Control Layer (MAC) • 801.11 Media Access Control Layer (MAC) • 801.11 MAC is designed to support multiple users on a shared medium by having the sender detect and gather information about the medium before accessing it. • It is same as the 802.3 Ethernet wire connection. However the protocol employed [CSMA/CD] (carrier sense multiple access with collision detection) details collision handing and redirection. • In 801.11, collision detection is not possible because stations cannot listen and transmit at the same time; the radio transmission prevents the station from sending a collision. The protocol specified is slightly different from that in 802.3. It is termed [CSMA/CA] (carrier sense multiple access with collision avoidance) involves sending extra packets to confirm receipt to transmitted packets, called explicit packet acknowledgment (ACK). Jing Tan, Umass-Lowell

  11. Wired Equivalent Privacy • Wired Equivalent Privacy (WEP) The WEP protocol algorithm is designed on five premises: • Reasonably strong. Takes a reasonably long time to break the encryption. • Self-synchronizing. • It’s not too much based on battery power. • Exportable. Can be moved when necessary. • Optional. Can be turned on and off when a user needs. Jing Tan, Umass-Lowell

  12. Bluetooth Bluetooth • Unlink 802.11, Bluetooth is a technology that operates in ad hoc network. Jing Tan, Umass-Lowell

  13. Wireless Application Protocol • Wireless Application Protocol (WAP) • WAP is considered by some to be the standard in wireless communications. Main members are Nokia, Ericsson, and Motorola, etc. • WAP has WTLS (Wireless Transport Layer Security) equivalent to Transport Layer Security (TLS) or Secure Socket Layer (SSL) provides authentication, privacy, and secure connections between applications. The problem with WTLS is that it does not provide end-to-end security and opens its holes. Jing Tan, Umass-Lowell

  14. WTP WTLS HTTP/HTTPS SSL WAP Overview The subscriber push a key on her phone that has a URL (www.google.com)  WAP gateway (AP). receives WTP/WTLS package and translated into  HTTP/HTTPS to web server. The web server passes the requested file with HTTP/SSL the returned data to the gateway. The Gateway performs translation into WML. The problem starts at this point. It does not provide end-to-end security and opens holes. Internet WAP Gateway (AP) Web Server Jing Tan, Umass-Lowell

  15. The Languages • The wireless languages • WAP Browsers • Wireless Markup Language (WML) • WMLScript • Java 2 Micro Edition (J2ME) • C# • XHTML • Wireless Operating System Jing Tan, Umass-Lowell

  16. WAP Browsers • WAP Browsers • More and more pages on the wireless web are being written in WML to avoid having to translate to or from HTML. To view a WML page, a device must have a browsers are Netscape, IE and Openwave Mobile Browser. Jing Tan, Umass-Lowell

  17. Wireless Markup Language • Wireless Markup Language (WML) • Although WML is similar to HTML and XML, programming in it requires the use of different tags and structures. • Because an entire screen size web page, it must be broken into smaller subparts. The following is an example of a simple Hello World page in WML. <?xml version=”1.0”?> <!DOCTYPE wml PUBLIC “-//WAPFORUM//DTD WML 1.1//EN” http://www.wapforum.org/DTD/wml_1.1.xml> <!-Hello World in WML --> <wml> <card id=”Card1” title=”WML example”> <p> Hello World</p> </card> </wml> Jing Tan, Umass-Lowell

  18. WMLScript • WMLScript • WMLScript is based on JavaScript. WMLScript gives WML added functionality just as JavaScript adds to Java. . Check the validity of user input . Provides access to the device’s facilities. . Generates message and dialogs locally Etc. • Current WMALScript application are predominantly benign, there are many risks. For example, the cell phone has been setup that makes a call is to display the phone number before the call is made. If the WAP browser being used does not prompt the user before placing the call, the call is automatically activated. In Japan, a prank was played on phone users who pressed a number in response to a voice mail message that automatically dialed the Japanese police emergency number without the callers’ knowledge. Japan uses imode technology, which is different from WAP, but represents an initial exploitation of a native capability. Jing Tan, Umass-Lowell

  19. Java 2 Micro Edition (J2ME) • Java 2 Micro Edition (J2ME) • Sun’s Java 2 Programming Language consists of three versions: . J2SE Java 2 Enterprise Edition . J2EE Java 2 Standard Edition . J2ME Java 2 Micro Edition • Java 2 Micro Edition selectively rewrites and removes integral components of the core runtime environment to make it easily portable to smaller devices. Jing Tan, Umass-Lowell

  20. C# • C# • C# .NET and Visual Basic .NET are two main programming languages used for developing software for .NET platform, including .NET Compact Framework for wireless devices. .NET platform is a direct competition for Java platforms like J2EE and J2ME. Jing Tan, Umass-Lowell

  21. The New Wireless Language: XHTML • XHTML • Designers often write HTML code in a sloppy fashion. Web browsers are supposed to be very forgiving when rendering a page. In other words, they still try to display the page even if some tags are nested incorrectly or missing. This has led the browser developers to add extra code to the browser engine so that the pages still come out looking as they are supposed to look. However, all this code makes the browser a pretty big application, often between 15-18+ megs. • Now this might be fine for your PC with all the hard drive space you may have. However, small devices such as PDAs, cell phones, automobiles, refrigerators, etc., cannot hold such a big browser. Therefore, in order to be able to surf the web (and see your web site) with one of these devices, we need a small browser. In order to make the browser smaller the code must be less. That's where XHTML comes in. Jing Tan, Umass-Lowell

  22. Wireless Operating System • Wireless Operating system • Nokia Symbian OS • Compaq Palm OS • Microsoft Windwos CE, Pocket PC and Smartphone OS • NTTDoCoMo I-mode OS Jing Tan, Umass-Lowell

  23. ISO and WAP network model Jing Tan, Umass-Lowell

  24. The Problem: Security! • Wireless networking is just radio communications • It transmitted data by broadcast over the air using waves, so everyone in the area served by the data transmitter. Hence anyone with a radio can eavesdrop, inject traffic Internet Jing Tan, Umass-Lowell

  25. The Setting An example of a 802.11 and 802.11b wireless network (current installed base in the millions of users) Internet Jing Tan, Umass-Lowell

  26. WEP • The industry’s solution: WEP (Wired Equivalent Privacy) • Share a single cryptographic key among all devices • Encrypt all packets sent over the air, using the shared key • Use a checksum to prevent injection of spoofed packets (encrypted traffic) Jing Tan, Umass-Lowell

  27. WEP vulnerabilities • The industry’s solution: WEP (Wired Equivalent Privacy) vulnerabilities have been identified. • (2000/10) Jesse R. Walker, Intel Corporation was one of the first people to identify several of the problems in WEP. • (2001/01) University of California at Berkely independently released a paper describing the problems with WEP • ( 2001/03) University of Maryland found several problem with the access control and authentication mechanisms used in the 802.11 standard. Jing Tan, Umass-Lowell

  28. checksum RC4 key IV encrypted packet How WEP Works IV original unencrypted packet Jing Tan, Umass-Lowell

  29. 802.11 Hdr ICV Data Encapsulate Decapsulate 802.11 Hdr IV Data WEP Encapsulation • WEP Encapsulation Summary: • Encryption Algorithm = RC4 • Per-packet encryption key = 24-bit IV concatenated to a pre-shared key • WEP allows IV to be reused with any frame • Data integrity provided by CRC-32 of the plaintext data (the “ICV”) • Data and ICV are encrypted under the per-packet encryption key Jing Tan, Umass-Lowell

  30. ICV 24 luxurious bits Encrypted under Key +IV using a Vernam Cipher 802.11 Hdr IV Data How to Read WEP Encrypted Traffic (1) • By the Birthday Paradox, probability Pn two packets will share same IV after n packets is P2 = 1/224 after two frames and Pn = Pn–1 + (n–1)(1–Pn–1)/ 224 for n > 2. • 50% chance of a collision exists already after only 4823 packets!!! • Pattern recognition can disentangle the XOR’d recovered plaintext. • Recovered ICV can tell you when you’ve disentangled plaintext correctly. • After only a few hours of observation, you can recover all 224 key streams. Jing Tan, Umass-Lowell

  31. How to Read WEP Encrypted Traffic (2) • Ways to accelerate the process: • Send spam into the network: no pattern recognition required! • Get the victim to send e-mail to you • The AP creates the plaintext for you! • Decrypt packets from one Station to another via an Access Point • If you know the plaintext on one leg of the journey, you can recover the key stream immediately on the other • Etc., etc., etc. Jing Tan, Umass-Lowell

  32. A Property of RC4 • Keystream leaks, under known-plaintext attack • Suppose we intercept a ciphertext C, and suppose we can guess the corresponding plaintext P • Let Z = RC4(key, IV) be the RC4 keystream • Since C = P Z, we can derive the RC4 keystream Z byP C = P (P Z) = (P P)  Z = 0 Z = Z • This is not a problem ... unless keystream is reused! Jing Tan, Umass-Lowell

  33. A Risk With RC4 • If any IV ever repeats, confidentiality is at risk • Suppose P, P’ are two plaintexts encrypted with same IV • Let Z = RC4(key, IV); then the two ciphertexts areC = P Z and C’ = P’  Z • Note that C C’ = P P’,hence the xor of both plaintexts is revealed • If there is redundancy, this may reveal both plaintexts • Or, if we can guess one plaintext, the other is leaked • So: If RC4 isn’t used carefully, it becomes insecure Jing Tan, Umass-Lowell

  34. Attack #1: Keystream Reuse • WEP didn’t use RC4 carefully • The problem: IV’s frequently repeat • The IV is often a counter that starts at zero • Hence, rebooting causes IV reuse • Also, there are only 16 million possible IV’s, so after intercepting enough packets, there are sure to be repeats • Implications: can eavesdrop on 802.11 traffic • An eavesdropper can decrypt intercepted ciphertexts even without knowing the key Jing Tan, Umass-Lowell

  35. Attack #2: Spoofed Packets • Attackers can inject forged traffic onto 802.11 nets • Suppose attackers know the value Z = RC4(key, IV) for some IV • e.g., by using the previous attack • This is all attackers need to know to encrypt using this IV • Since the checksum is unkeyed, attackers can create valid ciphertexts that will be accepted by the receiver • Implication: can bypass access control • Can attack any computer attached to the wireless net Jing Tan, Umass-Lowell

  36. Summary So Far • None of WEP’s goals are achieved • Confidentiality, integrity, access control all broken Jing Tan, Umass-Lowell

  37. Evaluation of WEP • WEP cannot be trusted for security • Attackers can eavesdrop, spoof wireless traffic • Can often break the key with a few minutes of traffic • Attacks are very serious in practice • Attack tools are available for download on the Net • Hackers sitting in a van in your parking lot may be able to watch all your wireless data, despite the encryption Jing Tan, Umass-Lowell

  38. To find wireless nets: Load laptop, 802.11 card, and GPS in car Drive While you drive: Attack software listens and builds map of all 802.11 networks found War Driving Jing Tan, Umass-Lowell

  39. Driving from LA to San Diego Jing Tan, Umass-Lowell

  40. Conclusions • Wireless networks: insecure in theory & in practice • 50-70% of networks never even turn on encryption, and the remaining are vulnerable to attacks shown here • Hackers are exploiting these weaknesses in the field, from distances of a mile or more • Lesson: Open design is important • These problems were all avoidable • In security-critical contexts, be wary of wireless! Jing Tan, Umass-Lowell

  41. An example of solutions • In late 2001, RSA release a solution to the weakness present in WEP, the Fast Packet Keying solution, which uses a technique that rapidly generates a unique key for each wireless data packet. The IEEE committee approved this fix in early 2002. Although it quells the war-driving experiments of many, it does not solve the wireless LAN security problems indefinitely. Jing Tan, Umass-Lowell

  42. References [1] “Wireless Security” by David Wagner, University of California, Berkeley. http://www.cuss.berkeley.edu/~daw [2] Wireless Security and Privacy by Tara M. Swaminatha and Charles R. Elden ISBN 0-201-76034-7 Publisher Addison-Wesley. [3] “Overview of 802,11 Security” Jesse Walker, Intel Corp. [4] “An Inductive Chosen Plaintext Attack Against WEP/WEP2” by Bill A. Arbaugh. http://www.cs.umd.edu/~waa [5] “Wireless LAN Security” by Cisco Systems. Jing Tan, Umass-Lowell

More Related