Wireless security
1 / 72

Wireless Security - PowerPoint PPT Presentation

  • Updated On :

Wireless Security. 802.11 With a focus on Security by Brian Lee Takehiro Takahashi. Survey (1). Do you have wireless networking at home? If yes, I’m assuming that it is encrypted…. What is your security? WEP WPA Mac filtering I consider my home network as local wireless hotspot

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Wireless Security' - medwin

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wireless security l.jpg

Wireless Security

802.11 With a focus on Security

by Brian Lee

Takehiro Takahashi

Survey 1 l.jpg
Survey (1)

  • Do you have wireless networking at home?

    • If yes, I’m assuming that it is encrypted….

  • What is your security?

    • WEP

    • WPA

    • Mac filtering

    • I consider my home network as local wireless hotspot

  • Do you think your wireless network is secure?

  • Brief overview l.jpg
    Brief Overview

    • Case Study

    • Current Wireless Technology Overview

      • 802.11 a/b/g

      • WEP

    • New Wireless Security Standard

      • 802.1x

      • WPA

      • WPA2 - 802.11i

    Slide4 l.jpg

    • Realize the real problem set and the solution in wireless security.

    Slide5 l.jpg

    • Realize the real problem set and the solution in wireless security.

    • Exploi… (cough)

    So is wireless network secure l.jpg
    So….. Is wireless network secure?

    • Umm… kind of?

    • Why is it not secure?

    • How insecure is it?

      • Some misunderstanding…

    • How can we make it secure?

    An exercise in wireless insecurity l.jpg
    An exercise in wireless insecurity

    • Tools used:

      • Laptop w/ 802.11a/b/g card

      • GPS

      • Netstumbler

      • Aircrack (or any WEP cracking tool)

      • Ethereal

      • the car of your choice

    Step1 find networks to attack l.jpg
    Step1: Find networks to attack

    • An attacker would first use Netstumbler to drive around and map out active wireless networks

    • Using Netstumbler, the attacker locates a strong signal on the target WLAN

    • Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map AP’s

    Step 2 choose the network to attack l.jpg
    Step 2: Choose the network to attack

    • At this point, the attacker has chosen his target; most likely a business

    • Netstumbler can tell you whether or not the network is encrypted

    • Also, start Ethereal to look for additional information.

      This time…….

      Your target is GTwireless

    Step3 analyzing the network l.jpg
    Step3: Analyzing the Network

    • WLAN has no broadcasted SSID

    • Netstubmler tells me that SSID is GTwireless

    • Multiple access points

    • Many active users

    • Open authentication method

    • WLAN is encrypted with 40bit WEP

    • WLAN is not using 802.1X (WEB-auth)

    Step4 cracking the wep key l.jpg
    Step4: Cracking the WEP key

    • Attacker sets NIC drivers to Monitor Mode

    • Begins capturing packets with Airodump

    • Airodump quickly lists the available network with SSID and starts capturing packets.

    • After a few hours of airodump session, launch aircrack to start cracking!

    • WEP key for GTwireless is revealed!

    Step5 sniffing the network l.jpg
    Step5: Sniffing the network

    • Once the WEP key is cracked and the NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN

    • However, a secure proxy with an SSL enabled web based login prevents access to the rest of network and the Internet

    • Attacker begins listening to traffic with Ethereal

    Step6 sniffing continued l.jpg
    Step6: Sniffing continued…

    • Sniffing a WLAN is very fruitful because everyone on the WLAN is a peer, therefore you can sniff every wireless client

    • Listening to connections with plain text protocols (in this case FTP and Telnet) to servers on the wired LAN yielded 2 usable logins within 1.5hrs

    What was accomplished l.jpg
    What was accomplished?

    • Complete access to the WLAN

    • Complete access to the wired LAN

    • Complete access to the internet

    • Access to servers on the wired LAN using the sniffed accounts

    • Some anonymity. Usage of Netstumbler and other network probing devices can be detected. Skip that step if possible.

    Other possibilities l.jpg
    Other possibilities

    • Instead of sniffing a valid login, the attacker could have exploited a known vulnerability in the proxy (provided there is one)

    • Attacker could have hijacked a valid user’s session using a DOS attack against the user, and then assuming his MAC address and IP

    • Both ways present a greater risk for being noticed, something an attacker does not want

    That s it the network is compromised l.jpg
    That’s it…the network is compromised

    • Most wireless networks remain no more secure than this, many are less secure

    • Hundreds of business’s, schools, airports, and residences use wireless technology as a major point of access to their networks

    Basic 802 11b overview l.jpg
    Basic 802.11b Overview

    • 802.11b was IEEE approved in 1999

    • Infrastructure Mode or Ad Hoc

    • Utilizes 2.4GHz band on 15 different channels (only 11 in US)

    • 11Mbps shared among all users on access point

    • Cheap!!!

    Basic 802 11g overview l.jpg
    Basic 802.11g Overview

    • Faster than 802.11b (54Mbps)

    • Backward compatibility

    • Same interference problem with 802.11b

    Future work…

    • 802.11n

    • Over 100Mbps actual throughput…??

    • Backward compatibility with a/b

    • Still trying to come up with the first draft…

    802 11 built in security features l.jpg
    802.11 Built in Security Features

    • Service Set Identifier (SSID)

    • Differentiates one access point from another

    • SSID is cast in ‘beacon frames’ every few seconds.

    • Beacon frames are in plain text!

    • First layer of security

    • Stealth Mode – probe request

    Do s and don ts for ssid s l.jpg
    Do’s and Don'ts for SSID’s

    • Default SSID’s are well known (Linksys AP’s default to linksys, CISCO defaults to tsunami, etc) so change them immediately.

    • Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame.

    Hiding the ssid l.jpg
    Hiding the SSID

    • As stated earlier, the SSID is by default broadcast every few seconds.

    • Turning it off makes it harder to figure out a wireless connection is there

    • Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text

    • Increases deployment difficulty

    Mac address filtering l.jpg
    MAC address filtering

    • MAC address filtering works by only allowing specific hardware to connect to the AP

    • Management on large networks unfeasible

    • Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted

    • May be good for small networks

    • Prevents casual hacking..

    Associating with the ap l.jpg
    Associating with the AP

    • Access points have two ways of initiating communication with a client

    • Shared Key or Open Key authentication

    • Open key allows anyone to start a conversation with the AP

    • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

    How shared key auth works l.jpg
    How Shared Key Auth. works

    • Client begins by sending an association request to the AP

    • AP responds with a challenge text (unencrypted)

    • Client, using the proper WEP key, encrypts text and sends it back to the AP

    • If properly encrypted, AP allows communication with the client

    Is open or shared key more secure l.jpg
    Is Open or Shared Key more secure?

    • Ironically enough, Open key is the answer in short

    • Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text

    Wired equivalent protocol wep l.jpg
    Wired Equivalent Protocol (WEP)

    • Primary built-in security for 802.11 protocol

    • Provides “Confidentiality”, and “Integrity”.

    • “Authentication” ?

    • Uses 40/104 bits RC4 encryption + CRC

    • Unfortunately, the usage of RC4 in WEP has been proven insecure

    64 40 and 128 104 bits confusion l.jpg
    64/40 and 128/104 bits confusion

    • IV (24bits)

    • Your WEP key:

      • 5-ASCII char word = 40bits

      • 13-ASCII char word = 104bits

        Security-wise, it’s really 40bits or 104bits

    Problems with wep l.jpg
    Problems with WEP

    • 1 static key

      • No encryption is strong if one key is used forever

    • Key length is short for default settings(40bits)

      • Brute forcing is possible

    • Using CRC32 in ICV

      • Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta)

      • bits cannot be set or cleared, but could be flipped

    • No specification on key distribution

      • Lacks scalability

    • No protection against replay attack

    • Improper RC4 implementation

      • Protocol doesn’t actually specify IV’s use

      • 2 existing attacks

    Numerical limitation attack l.jpg
    Numerical Limitation Attack

    • IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s

    • A busy network will repeat IV’s often

    Fms attack weak iv attack l.jpg
    FMS Attack -- weak IV attack --

    • Some IV’s do not work well with RC4

    • Using a formula, one can take these weak IV and infer parts of the WEP key

      • 5 % chance of guessing correctly

    • Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key

    • 7M~ packets to decrypt 40bit WEP key

    • The time needed to deploy the attack is linearly proportional to the key length

      • 104bit key is just as useless as 40bits key

    Is rc4 really vulnerable l.jpg
    Is RC4 really vulnerable?

    • There are a few flaws but it is still considered safe.

    • WEP did not use RC4 properly.

      • IPSEC

      • SSL

    Another attack korek l.jpg
    Another Attack - KoreK

    • Vendors have implemented a ‘hack’

    • Another statistical analysis based attack on WEP key

    • Extremely fast

    • Possible with as little as 0.1M IVs…

      • Traditional method requires more than 4M packets

    • Accelerate it with packet injection - ARP

      Fast swapping of WEP key is no longer safe

    Conclusion wep l.jpg
    Conclusion: WEP

    • Confidentiality

      • FMS attack

      • KoreK attack

    • Integrity

      • Bit-flipping attack

    • Authentication

    • Attacks are passive and difficult to detect


    Slide36 l.jpg

    Wired Equivalent Privacy

    Well.. More like

    What on the Earth does it Protect?

    Virtual private networking vpn l.jpg
    Virtual Private Networking (VPN)

    • Deploying a secure VPN over a wireless network can greatly increase the security of your data

    • Idea behind this is to treat the wireless network the same as an insecure wired network (the internet).

    Vpn is really not the greatest option l.jpg
    VPN is really not the greatest option….

    • Overhead

      • Deployment

      • Performance

    • susceptible to any attack against the specific VPN

    Bottom Line: Not practical

    Finally some solutions l.jpg
    Finally…. Some Solutions!

    802.1x (Authentication)

    per-user authentication

    Key distribution mechanism

    WPA (Confidentiality, Integrity)

    Subset of 802.11i

    2 forms

    802.1x + EAP + TKIP + MIC

    Pre-shared Key + TKIP + MIC

    WPA2 – 802.11i

    WPA2 is the implementation of 802.11i

    Usage of AES + CCMP

    802 1x l.jpg

    • 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks.

    • Not limited or specific to 802.11 networks

    • Uses EAP for implementation

    • 802.1X is not an alternative to WEP, it works along with the 802.11 protocol to manage authentication for WLAN clients

    How authentication takes place l.jpg
    How authentication takes place

    • A client requests access to the AP

    • The AP asks for a set of credentials

    • The client sends the credentials to the AP which forwards them to authenticating server

    • The exact method for supplying credentials is not defined in 802.1X itself

    Extensible authentication protocol eap l.jpg
    Extensible Authentication Protocol (EAP)

    • 802.1X utilizes EAP for it’s authentication framework

    • flexible: one time passwords, certificates, smartcards, own EAP protocol, etc

    • zero per packet overhead

    • cost efficient

      • 802.1X integrates well with other open standards such as RADIUS

      • RADIUS is de-facto

    More benefits of choosing 802 1x l.jpg
    more benefits of choosing 802.1X…

    • Software upgrade

      • Access points only need a firmware upgrade to enable 802.1X

      • On the client side, 802.1X can be enabled with an updated driver for the NIC

    • Depending on the EAP you choose, you can have a very secure authentication scheme!

    • Proprietary versions of dynamic key management available

    Implementations l.jpg

    • EAP-MD5

    • EAP-LEAP

    • EAP-TLS

    • EAP-TTLS

    • PEAP

    Eap md5 l.jpg

    • EAP-MD5 is a simple EAP implementation

    • Uses and MD5 hash of a username and password that is sent to the RADIUS server

    • Authenticates only one way

    • Man in the middle attack

    • Bottom line: Not recommended

    Eap leap cisco wireless l.jpg
    EAP-LEAP (Cisco Wireless)

    • Like MD5-LEAP, it uses a Login/Password scheme that it sends to the RADIUS server

    • Each user gets a dynamically generated one time key upon login

    • Authenticates client to AP and vice versa

    • Can be used along with RADIUS session time out feature, to dynamically generate keys at set intervals

    • Only guaranteed to work with Cisco wireless clients

    • Broken – ASLEAP by Joshua Wright

    Eap tls by microsoft l.jpg
    EAP-TLS by Microsoft

    • Instead of a username/password scheme, EAP-TLS uses certificate based authentication

    • Has dynamic one time key generation

    • Two way authentication

    • Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server

    • Compatible with many OS’s

    • Harder to implement and deploy because PKI for clients are also required

    Peap by microsoft and cisco l.jpg
    PEAP by Microsoft and Cisco

    • A more elegant solution!

    • Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate, instead it can use a login/password based scheme

    • Much easier to setup, does not necessarily require a PKI

    • Currently works natively with Windows XP SP1, but other platforms should support it soon

    802 1x is not perfect l.jpg
    802.1x is not perfect…

    • 802.1X is vulnerable to many kinds of DOS attacks

      • Spoofed packets

      • Disassociation attack

      • Flooding

    • Some EAPs are subject to man in the middle attacks.

    Wpa wi fi protected access l.jpg
    WPA (Wi-Fi Protected Access)

    • Subset of 802.11i

    • Confidentiality

      • Fix flawed encryption mechanism

      • TKIP: Per-packet dynamic key mechanism

    • Integrity

    • Upgradeability

      • Software / Firmware Upgrade

    Wpa steps l.jpg
    WPA Steps

    • Confirmation of association capability

    • PMK creation (through 802.1x)

    • 4way handshake and PTK installation

    • GK installation

    • Encryption using TKIP

    802 1x authentication pmk l.jpg

    Security level can be selected

    PMK is a seed for temporal key generation in the next phase

    PMK is generated based on the user authentication result

    802.1x Authentication + PMK

    4 way handshake and ptk l.jpg
    4 Way Handshake and PTK

    • PTK (512bits) splits in 4 ways

    • Part of PTK is used to generate the encryption key (WEP equivalent) in the next phase

    Tkip temporal key integrity protocol l.jpg
    TKIP (Temporal Key Integrity Protocol)

    • Expands IV space (24  48bits)

    • IV sequence is specified

    • Per-packet Mixing Function

    • Michael

      • Very cheap integrity checker for MAC addresses and DATA

    Wpa psk l.jpg

    • For home / SOHO use

    • Removes 802.1x authentication

    • Pre-shared Key + TKIP

    • Weak against passive dictionary attack

    • Attacks exist - brute force

    • Still much better than WEP

    Wpa2 802 11i l.jpg
    WPA2 - 802.11i

    • The long-awaited security standard for wireless, ratified in June 2004

    • Better encryption: AES

    • CCMP

    • Key-caching (optional)

    • Pre-authentication (optional)

    • Hardware manufactured before 2002 is likely to be unsupported: too weak

    Key caching l.jpg

    • Skips re-entering of the user credential by storing the host information on the network

    Pre-authentication (802.11i Specific)

    • Allows client to become authenticated with an AP before moving to it

    • Useful in encrypted VoIP over Wi-Fi

       Fast Roaming

    Wpa wpa2 l.jpg
    WPA – WPA2

    • For the time being, WPA will be good enough.

    • Completely backward compatible

      • Get WPA2 certified product for your next purchase

    Things to keep in mind while deploying wlan l.jpg
    Things to keep in mind while deploying WLAN

    • Hide SSID

    • Do NOT use WEP

    • Use WPA-PSK with a good pass-phrase

    • or Use WPA with 802.1x if possible

    • So………….

    Tinypeap 1 l.jpg
    tinyPEAP (1)

    • A self contained PEAP enabled RADIUS server

    • Currently available in Linksys WRT54G/GS router and Win32 binary

    • Native Windows XP SP1 support

    • Web-based user management

    • The easiest and the most secure solution available in consumer level

    Survey 2 l.jpg
    Survey (2)

    • Ready to reconfigure your wireless network?

    Links to the tools used l.jpg
    Links to the tools used:

    • Airsnorthttp://airsnort.shmoo.com

    • Netstumblerhttp://www.netstumbler.com

    • Etherealhttp://www.ethereal.com

    • tinyPEAP


    Papers and wireless security web pages l.jpg
    Papers and Wireless Security Web Pages

    • Weaknesses in the Key Scheduling Algorithm of RC4

    • The Unofficial 802.11 Security Web Page

    • Wireless Security Blackpaper

    • The IEEE 802.11 specifications (includes WEP spec)

    • Paper on detecting Netstumbler and similar programs

    • Further reading on upcoming 802.11 variations

    • Assorted 802.11 related crypto algorithms written in ANSI C