wireless security
Download
Skip this Video
Download Presentation
Wireless Security

Loading in 2 Seconds...

play fullscreen
1 / 72

Wireless Security - PowerPoint PPT Presentation


  • 192 Views
  • Uploaded on

Wireless Security. 802.11 With a focus on Security by Brian Lee Takehiro Takahashi. Survey (1). Do you have wireless networking at home? If yes, I’m assuming that it is encrypted…. What is your security? WEP WPA Mac filtering I consider my home network as local wireless hotspot

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless Security' - medwin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wireless security

Wireless Security

802.11 With a focus on Security

by Brian Lee

Takehiro Takahashi

survey 1
Survey (1)
  • Do you have wireless networking at home?
      • If yes, I’m assuming that it is encrypted….
  • What is your security?
      • WEP
      • WPA
      • Mac filtering
      • I consider my home network as local wireless hotspot
  • Do you think your wireless network is secure?
brief overview
Brief Overview
  • Case Study
  • Current Wireless Technology Overview
    • 802.11 a/b/g
    • WEP
  • New Wireless Security Standard
    • 802.1x
    • WPA
    • WPA2 - 802.11i
slide4
GOAL
  • Realize the real problem set and the solution in wireless security.
slide5
GOAL
  • Realize the real problem set and the solution in wireless security.
  • Exploi… (cough)
so is wireless network secure
So….. Is wireless network secure?
  • Umm… kind of?
  • Why is it not secure?
  • How insecure is it?
    • Some misunderstanding…
  • How can we make it secure?
an exercise in wireless insecurity
An exercise in wireless insecurity
  • Tools used:
    • Laptop w/ 802.11a/b/g card
    • GPS
    • Netstumbler
    • Aircrack (or any WEP cracking tool)
    • Ethereal
    • the car of your choice
step1 find networks to attack
Step1: Find networks to attack
  • An attacker would first use Netstumbler to drive around and map out active wireless networks
  • Using Netstumbler, the attacker locates a strong signal on the target WLAN
  • Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map AP’s
step 2 choose the network to attack
Step 2: Choose the network to attack
  • At this point, the attacker has chosen his target; most likely a business
  • Netstumbler can tell you whether or not the network is encrypted
  • Also, start Ethereal to look for additional information.

This time…….

Your target is GTwireless

step3 analyzing the network
Step3: Analyzing the Network
  • WLAN has no broadcasted SSID
  • Netstubmler tells me that SSID is GTwireless
  • Multiple access points
  • Many active users
  • Open authentication method
  • WLAN is encrypted with 40bit WEP
  • WLAN is not using 802.1X (WEB-auth)
step4 cracking the wep key
Step4: Cracking the WEP key
  • Attacker sets NIC drivers to Monitor Mode
  • Begins capturing packets with Airodump
  • Airodump quickly lists the available network with SSID and starts capturing packets.
  • After a few hours of airodump session, launch aircrack to start cracking!
  • WEP key for GTwireless is revealed!
step5 sniffing the network
Step5: Sniffing the network
  • Once the WEP key is cracked and the NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN
  • However, a secure proxy with an SSL enabled web based login prevents access to the rest of network and the Internet
  • Attacker begins listening to traffic with Ethereal
step6 sniffing continued
Step6: Sniffing continued…
  • Sniffing a WLAN is very fruitful because everyone on the WLAN is a peer, therefore you can sniff every wireless client
  • Listening to connections with plain text protocols (in this case FTP and Telnet) to servers on the wired LAN yielded 2 usable logins within 1.5hrs
what was accomplished
What was accomplished?
  • Complete access to the WLAN
  • Complete access to the wired LAN
  • Complete access to the internet
  • Access to servers on the wired LAN using the sniffed accounts
  • Some anonymity. Usage of Netstumbler and other network probing devices can be detected. Skip that step if possible.
other possibilities
Other possibilities
  • Instead of sniffing a valid login, the attacker could have exploited a known vulnerability in the proxy (provided there is one)
  • Attacker could have hijacked a valid user’s session using a DOS attack against the user, and then assuming his MAC address and IP
  • Both ways present a greater risk for being noticed, something an attacker does not want
that s it the network is compromised
That’s it…the network is compromised
  • Most wireless networks remain no more secure than this, many are less secure
  • Hundreds of business’s, schools, airports, and residences use wireless technology as a major point of access to their networks
basic 802 11b overview
Basic 802.11b Overview
  • 802.11b was IEEE approved in 1999
  • Infrastructure Mode or Ad Hoc
  • Utilizes 2.4GHz band on 15 different channels (only 11 in US)
  • 11Mbps shared among all users on access point
  • Cheap!!!
basic 802 11g overview
Basic 802.11g Overview
  • Faster than 802.11b (54Mbps)
  • Backward compatibility
  • Same interference problem with 802.11b

Future work…

  • 802.11n
  • Over 100Mbps actual throughput…??
  • Backward compatibility with a/b
  • Still trying to come up with the first draft…
802 11 built in security features
802.11 Built in Security Features
  • Service Set Identifier (SSID)
  • Differentiates one access point from another
  • SSID is cast in ‘beacon frames’ every few seconds.
  • Beacon frames are in plain text!
  • First layer of security
  • Stealth Mode – probe request
do s and don ts for ssid s
Do’s and Don\'ts for SSID’s
  • Default SSID’s are well known (Linksys AP’s default to linksys, CISCO defaults to tsunami, etc) so change them immediately.
  • Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame.
hiding the ssid
Hiding the SSID
  • As stated earlier, the SSID is by default broadcast every few seconds.
  • Turning it off makes it harder to figure out a wireless connection is there
  • Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text
  • Increases deployment difficulty
mac address filtering
MAC address filtering
  • MAC address filtering works by only allowing specific hardware to connect to the AP
  • Management on large networks unfeasible
  • Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted
  • May be good for small networks
  • Prevents casual hacking..
associating with the ap
Associating with the AP
  • Access points have two ways of initiating communication with a client
  • Shared Key or Open Key authentication
  • Open key allows anyone to start a conversation with the AP
  • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates
how shared key auth works
How Shared Key Auth. works
  • Client begins by sending an association request to the AP
  • AP responds with a challenge text (unencrypted)
  • Client, using the proper WEP key, encrypts text and sends it back to the AP
  • If properly encrypted, AP allows communication with the client
is open or shared key more secure
Is Open or Shared Key more secure?
  • Ironically enough, Open key is the answer in short
  • Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text
wired equivalent protocol wep
Wired Equivalent Protocol (WEP)
  • Primary built-in security for 802.11 protocol
  • Provides “Confidentiality”, and “Integrity”.
  • “Authentication” ?
  • Uses 40/104 bits RC4 encryption + CRC
  • Unfortunately, the usage of RC4 in WEP has been proven insecure
64 40 and 128 104 bits confusion
64/40 and 128/104 bits confusion
  • IV (24bits)
  • Your WEP key:
    • 5-ASCII char word = 40bits
    • 13-ASCII char word = 104bits

Security-wise, it’s really 40bits or 104bits

problems with wep
Problems with WEP
  • 1 static key
    • No encryption is strong if one key is used forever
  • Key length is short for default settings(40bits)
    • Brute forcing is possible
  • Using CRC32 in ICV
    • Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta)
    • bits cannot be set or cleared, but could be flipped
  • No specification on key distribution
    • Lacks scalability
  • No protection against replay attack
  • Improper RC4 implementation
    • Protocol doesn’t actually specify IV’s use
    • 2 existing attacks
numerical limitation attack
Numerical Limitation Attack
  • IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s
  • A busy network will repeat IV’s often
fms attack weak iv attack
FMS Attack -- weak IV attack --
  • Some IV’s do not work well with RC4
  • Using a formula, one can take these weak IV and infer parts of the WEP key
    • 5 % chance of guessing correctly
  • Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key
  • 7M~ packets to decrypt 40bit WEP key
  • The time needed to deploy the attack is linearly proportional to the key length
    • 104bit key is just as useless as 40bits key
is rc4 really vulnerable
Is RC4 really vulnerable?
  • There are a few flaws but it is still considered safe.
  • WEP did not use RC4 properly.
    • IPSEC
    • SSL
another attack korek
Another Attack - KoreK
  • Vendors have implemented a ‘hack’
  • Another statistical analysis based attack on WEP key
  • Extremely fast
  • Possible with as little as 0.1M IVs…
    • Traditional method requires more than 4M packets
  • Accelerate it with packet injection - ARP

Fast swapping of WEP key is no longer safe

conclusion wep
Conclusion: WEP
  • Confidentiality
    • FMS attack
    • KoreK attack
  • Integrity
    • Bit-flipping attack
  • Authentication
  • Attacks are passive and difficult to detect

NO MORE WEP

slide36
WEP….

Wired Equivalent Privacy

Well.. More like

What on the Earth does it Protect?

virtual private networking vpn
Virtual Private Networking (VPN)
  • Deploying a secure VPN over a wireless network can greatly increase the security of your data
  • Idea behind this is to treat the wireless network the same as an insecure wired network (the internet).
vpn is really not the greatest option
VPN is really not the greatest option….
  • Overhead
    • Deployment
    • Performance
  • susceptible to any attack against the specific VPN

Bottom Line: Not practical

finally some solutions
Finally…. Some Solutions!

802.1x (Authentication)

per-user authentication

Key distribution mechanism

WPA (Confidentiality, Integrity)

Subset of 802.11i

2 forms

802.1x + EAP + TKIP + MIC

Pre-shared Key + TKIP + MIC

WPA2 – 802.11i

WPA2 is the implementation of 802.11i

Usage of AES + CCMP

802 1x
802.1X
  • 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks.
  • Not limited or specific to 802.11 networks
  • Uses EAP for implementation
  • 802.1X is not an alternative to WEP, it works along with the 802.11 protocol to manage authentication for WLAN clients
how authentication takes place
How authentication takes place
  • A client requests access to the AP
  • The AP asks for a set of credentials
  • The client sends the credentials to the AP which forwards them to authenticating server
  • The exact method for supplying credentials is not defined in 802.1X itself
extensible authentication protocol eap
Extensible Authentication Protocol (EAP)
  • 802.1X utilizes EAP for it’s authentication framework
  • flexible: one time passwords, certificates, smartcards, own EAP protocol, etc
  • zero per packet overhead
  • cost efficient
    • 802.1X integrates well with other open standards such as RADIUS
    • RADIUS is de-facto
more benefits of choosing 802 1x
more benefits of choosing 802.1X…
  • Software upgrade
    • Access points only need a firmware upgrade to enable 802.1X
    • On the client side, 802.1X can be enabled with an updated driver for the NIC
  • Depending on the EAP you choose, you can have a very secure authentication scheme!
  • Proprietary versions of dynamic key management available
implementations
Implementations
  • EAP-MD5
  • EAP-LEAP
  • EAP-TLS
  • EAP-TTLS
  • PEAP
eap md5
EAP-MD5
  • EAP-MD5 is a simple EAP implementation
  • Uses and MD5 hash of a username and password that is sent to the RADIUS server
  • Authenticates only one way
  • Man in the middle attack
  • Bottom line: Not recommended
eap leap cisco wireless
EAP-LEAP (Cisco Wireless)
  • Like MD5-LEAP, it uses a Login/Password scheme that it sends to the RADIUS server
  • Each user gets a dynamically generated one time key upon login
  • Authenticates client to AP and vice versa
  • Can be used along with RADIUS session time out feature, to dynamically generate keys at set intervals
  • Only guaranteed to work with Cisco wireless clients
  • Broken – ASLEAP by Joshua Wright
eap tls by microsoft
EAP-TLS by Microsoft
  • Instead of a username/password scheme, EAP-TLS uses certificate based authentication
  • Has dynamic one time key generation
  • Two way authentication
  • Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server
  • Compatible with many OS’s
  • Harder to implement and deploy because PKI for clients are also required
peap by microsoft and cisco
PEAP by Microsoft and Cisco
  • A more elegant solution!
  • Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate, instead it can use a login/password based scheme
  • Much easier to setup, does not necessarily require a PKI
  • Currently works natively with Windows XP SP1, but other platforms should support it soon
802 1x is not perfect
802.1x is not perfect…
  • 802.1X is vulnerable to many kinds of DOS attacks
    • Spoofed packets
    • Disassociation attack
    • Flooding
  • Some EAPs are subject to man in the middle attacks.
wpa wi fi protected access
WPA (Wi-Fi Protected Access)
  • Subset of 802.11i
  • Confidentiality
    • Fix flawed encryption mechanism
    • TKIP: Per-packet dynamic key mechanism
  • Integrity
  • Upgradeability
    • Software / Firmware Upgrade
wpa steps
WPA Steps
  • Confirmation of association capability
  • PMK creation (through 802.1x)
  • 4way handshake and PTK installation
  • GK installation
  • Encryption using TKIP
802 1x authentication pmk
Security level can be selected

PMK is a seed for temporal key generation in the next phase

PMK is generated based on the user authentication result

802.1x Authentication + PMK
4 way handshake and ptk
4 Way Handshake and PTK
  • PTK (512bits) splits in 4 ways
  • Part of PTK is used to generate the encryption key (WEP equivalent) in the next phase
tkip temporal key integrity protocol
TKIP (Temporal Key Integrity Protocol)
  • Expands IV space (24  48bits)
  • IV sequence is specified
  • Per-packet Mixing Function
  • Michael
    • Very cheap integrity checker for MAC addresses and DATA
wpa psk
WPA-PSK
  • For home / SOHO use
  • Removes 802.1x authentication
  • Pre-shared Key + TKIP
  • Weak against passive dictionary attack
  • Attacks exist - brute force
  • Still much better than WEP
wpa2 802 11i
WPA2 - 802.11i
  • The long-awaited security standard for wireless, ratified in June 2004
  • Better encryption: AES
  • CCMP
  • Key-caching (optional)
  • Pre-authentication (optional)
  • Hardware manufactured before 2002 is likely to be unsupported: too weak
key caching
Key-Caching
  • Skips re-entering of the user credential by storing the host information on the network

Pre-authentication (802.11i Specific)

  • Allows client to become authenticated with an AP before moving to it
  • Useful in encrypted VoIP over Wi-Fi

 Fast Roaming

wpa wpa2
WPA – WPA2
  • For the time being, WPA will be good enough.
  • Completely backward compatible
    • Get WPA2 certified product for your next purchase
things to keep in mind while deploying wlan
Things to keep in mind while deploying WLAN
  • Hide SSID
  • Do NOT use WEP
  • Use WPA-PSK with a good pass-phrase
  • or Use WPA with 802.1x if possible
  • So………….
tinypeap 1
tinyPEAP (1)
  • A self contained PEAP enabled RADIUS server
  • Currently available in Linksys WRT54G/GS router and Win32 binary
  • Native Windows XP SP1 support
  • Web-based user management
  • The easiest and the most secure solution available in consumer level
survey 2
Survey (2)
  • Ready to reconfigure your wireless network?
links to the tools used
Links to the tools used:
  • Airsnorthttp://airsnort.shmoo.com
  • Netstumblerhttp://www.netstumbler.com
  • Etherealhttp://www.ethereal.com
  • tinyPEAP

http://www.tinypeap.com

papers and wireless security web pages
Papers and Wireless Security Web Pages
  • Weaknesses in the Key Scheduling Algorithm of RC4
  • The Unofficial 802.11 Security Web Page
  • Wireless Security Blackpaper
  • The IEEE 802.11 specifications (includes WEP spec)
  • Paper on detecting Netstumbler and similar programs
  • Further reading on upcoming 802.11 variations
  • Assorted 802.11 related crypto algorithms written in ANSI C
ad