Wireless security
Download
1 / 35

Wireless Security - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

Wireless Security. 802.11, RFID, WTLS. 802.11. 802.11 a, b, … Components Wireless station A desktop or laptop PC or PDA with a wireless NIC. Access point A bridge between wireless and wired networks Radio Wired network interface (usually 802.3) Bridging software

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless Security' - winfred


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wireless security

Wireless Security

802.11, RFID, WTLS

CSE 5349/7349


802 11
802.11

  • 802.11 a, b, …

  • Components

    • Wireless station

      • A desktop or laptop PC or PDA with a wireless NIC.

    • Access point

      • A bridge between wireless and wired networks

        • Radio

        • Wired network interface (usually 802.3)

        • Bridging software

      • Aggregates access for multiple wireless stations to wired network.

CSE 5349/7349


802 11 modes
802.11 modes

  • Infrastructure mode

    • Basic Service Set

      • One access point

    • Extended Service Set

      • Two or more BSSs forming a single subnet.

    • Most corporate LANs in this mode.

  • Ad-hoc mode (peer-to-peer)

    • Independent Basic Service Set

    • Set of 802.11 wireless stations that communicate directly without an access point.

      • Useful for quick & easy wireless networks.

CSE 5349/7349


Infrastructure mode
Infrastructure mode

Access Point

Basic Service Set (BSS) –

Single cell

Station

Extended Service Set (ESS) –

Multiple cells

CSE 5349/7349


Ad hoc mode
Ad-hoc mode

Independent Basic Service Set (IBSS)

CSE 5349/7349


Open system authentication
Open System Authentication

  • Service Set Identifier (SSID)

  • Station must specify SSID to Access Point when requesting association.

  • Multiple APs with same SSID form Extended Service Set.

  • APs broadcast their SSID.

CSE 5349/7349


Mac address locking
MAC Address Locking

  • Access points have Access Control Lists (ACL).

  • ACL is list of allowed MAC addresses.

    • E.g. Allow access to:

      • 00:01:42:0E:12:1F

      • 00:01:42:F1:72:AE

      • 00:01:42:4F:E2:01

  • But MAC addresses are sniffable and spoofable.

  • Access Point ACLs are ineffective control.

CSE 5349/7349


Interception range
Interception Range

Station outside

building perimeter.

100 metres

Basic Service Set (BSS) –

Single cell

CSE 5349/7349


Interception
Interception

  • Wireless LAN uses radio signal.

  • Not limited to physical building.

  • Signal is weakened by:

    • Walls

    • Floors

    • Interference

  • Directional antenna allows interception over longer distances.

CSE 5349/7349


Directional antenna
Directional Antenna

  • Directional antenna provides focused reception.

  • D-I-Y plans available.

    • Aluminium cake tin.

    • 11 Mbps at 750 meters.

    • http://www.saunalahti.fi/~elepal/antennie.html

CSE 5349/7349


802 11b security services
802.11b Security Services

  • Two security services provided:

    • Authentication

      • Shared Key Authentication

    • Encryption

      • Wired Equivalence Privacy

CSE 5349/7349


Wired equivalence privacy
Wired Equivalence Privacy

  • Shared key between

    • Stations.

    • An Access Point.

  • Extended Service Set

    • All Access Points will have same shared key.

  • No key management

    • Shared key entered manually into

      • Stations

      • Access points

      • Key management a problem in large wireless LANs

CSE 5349/7349


RC4

Refresher:

  • RC4 uses key sizes from 1 bit to 2048 bits.

  • RC4 generates a stream of pseudo random bits

    • XORed with plaintext to create ciphertext.

CSE 5349/7349


Wep sending
WEP – Sending

  • Compute Integrity Check Vector (ICV).

    • Provides integrity

    • 32 bit Cyclic Redundancy Check.

    • Appended to message to create plaintext.

  • Plaintext encrypted via RC4

    • Provides confidentiality.

    • Plaintext XORed with long key stream of pseudo random bits.

    • Key stream is function of

      • 40-bit secret key

      • 24 bit initialisation vector (more later)

  • Ciphertext is transmitted.

CSE 5349/7349


Initialization vector
Initialization Vector

  • IV must be different for every message transmitted.

  • 802.11 standard doesn’t specify how IV is calculated.

  • Wireless cards use several methods

    • Some use a simple ascending counter for each message.

    • Some switch between alternate ascending and descending counters.

    • Some use a pseudo random IV generator.

CSE 5349/7349


Wep encryption
WEP Encryption

IV

Cipher

text

Initialisation

Vector (IV)

||

PRNG

Key Stream

Seed

Secret key

Plaintext

||

32 bit CRC

ICV

Message

CSE 5349/7349


Wep receiving
WEP – Receiving

  • Ciphertext is received.

  • Ciphertext decrypted via RC4

    • Ciphertext XORed with long key stream of pseudo random bits.

  • Check ICV

    • Separate ICV from message.

    • Compute ICV for message

    • Compare with received ICV

CSE 5349/7349


Shared key authentication
Shared Key Authentication

  • When station requests association with Access Point

    • AP sends random number to station

    • Station encrypts random number

      • Uses RC4, 40 bit shared secret key & 24 bit IV

    • Encrypted random number sent to AP

    • AP decrypts received message

      • Uses RC4, 40 bit shared secret key & 24 bit IV

    • AP compares decrypted random number to transmitted random number

CSE 5349/7349


Security summary
Security - Summary

  • Shared secret key required for:

    • Associating with an access point.

    • Sending data.

    • Receiving data.

  • Messages are encrypted.

    • Confidentiality.

  • Messages have checksum.

    • Integrity.

  • But SSID still broadcast in clear.

CSE 5349/7349


Security attacks
Security Attacks

  • Targeted network segment

    • Free Internet

    • Malicious use of identity

    • Access to other network resources

  • Malicious association

    • Host AP

  • Interference Jamming

    • Easy to jam the signals

    • DOS through repeated, albeit unsuccessful access requests (management messages are not authenticated. Egs. Wlan-jack)

    • DoS through disassociation commands

    • Interference with other appliances (2.4 G spectrum)

  • Attack against MAC authentication

    • Can spoof MAC with loadable firmware

    • Defense?

  • Vulnerability through ad hoc mode

CSE 5349/7349


802 11 insecurities
802.11 Insecurities

  • Authentication – two options

    • Open

    • Shared-key

    • Shared-key more insecure?

  • Static key management

    • If one device is compromised/stolen, everyone should change the key

    • Hard to detect

  • WEP keys

    • 40 or 128 can be cracked in less than 15 minutes

CSE 5349/7349


Iv collision attack
IV Collision attack

  • If 24 bit IV is an ascending counter,

    • If Access Point transmits at 11 Mbps, IVs exhausted in roughly 5 hours.

  • Passive attack:

    • Attacker collects all traffic

    • Attacker could collect two encrypted messages:

      • If two messages EM1, EM2, both encrypted with same key stream ( same key and same IV)

      • EM1  EM2 = M1  M2

      • Effectively removes the key stream

      • Can now try to derive plaintext messages

CSE 5349/7349


Limited wep keys
Limited WEP keys

  • Some vendors allow limited WEP keys

    • User types in a password

    • WEP key is generated from passphrase

    • Passphrases creates only 21 bits of 40 bit key.

      • Reduces key strength to 21 bits = 2,097,152

      • Remaining 19 bits are predictable.

      • 21 bit key can be brute forced in minutes.

CSE 5349/7349


Brute force key attack
Brute Force Key Attack

  • Capture ciphertext.

    • IV is included in message.

  • Search all 240 possible secret keys.

    • 1,099,511,627,776 keys

    • ~200 days on a modern laptop

  • Find which key decrypts ciphertext to plaintext.

CSE 5349/7349


128 bit wep
128 bit WEP

  • Vendors have extended WEP to 128 bit keys.

    • 104 bit secret key.

    • 24 bit IV.

  • Brute force takes 10^19 years for 104-bit key.

  • Effectively safeguards against brute force attacks.

CSE 5349/7349


Iv weakness
IV weakness

  • WEP exposes part of PRNG input.

    • IV is transmitted with message.

  • Initial keystream can be derived

    • TCP/IP has fixed structure at start of packets

  • Attack is practical.

  • Passive attack.

    • Non-intrusive.

    • No warning.

CSE 5349/7349


Wepcrack
Wepcrack

  • First tool to demonstrate attack using IV weakness.

    • Open source

  • Three components

    • Weaker IV generator.

    • Search sniffer output for weaker IVs & record 1st byte.

    • Cracker to combine weaker IVs and selected 1st bytes.

CSE 5349/7349


Airsnort
Airsnort

  • Automated tool

    • Does it all!

    • Sniffs

    • Searches for weaker IVs

    • Records encrypted data

    • Until key is derived.

CSE 5349/7349


Safeguards
Safeguards

  • Security Policy & Architecture Design

  • Treat as untrusted LAN

  • Discover unauthorised use

  • Access point audits

  • Station protection

  • Access point location

  • Antenna design

CSE 5349/7349


Wireless as untrusted lan
Wireless as Untrusted LAN

  • Treat wireless as untrusted.

    • Similar to Internet.

  • Firewall between WLAN and Backbone.

  • Extra authentication required.

  • Intrusion Detection

    • WLAN / Backbone junction.

  • Vulnerability assessments

CSE 5349/7349


Discover unauthorised use
Discover Unauthorised Use

  • Search for unauthorised access points or ad-hoc networks

  • Port scanning

    • For unknown SNMP agents.

    • For unknown web or telnet interfaces.

  • Warwalking!

    • Sniff 802.11 packets

    • Identify IP addresses

    • Detect signal strength

    • May sniff your neighbours…

CSE 5349/7349


Location of ap
Location of AP

  • Ideally locate access points

    • In centre of buildings.

  • Try to avoid access points

    • By windows

    • On external walls

    • Line of sight to outside

  • Use directional antenna to “point” radio signal.

CSE 5349/7349


Ipsec vpn
IPSec VPN

  • IPSec client placed on every PC connected to the WLAN

  • Filters to prevent traffic from reaching anywhere other than VPN gateway and DHCP/DNS server

  • Can combine user authentication also

CSE 5349/7349


Ieee 802 11i
IEEE 802.11i

  • A new framework for wireless security

    • Centralized authentication

    • Dynamic key distribution

    • Will apply to 802.11 a,b & g

  • Uses 802.1X as authentication framework

    • Extensible Authentication Protocol (EAP), RFC 2284 (EAP-TLS & LEAP)

    • Mutual authentication between client and authentication server (RADIUS)

    • Encryption keys dynamically derived after authentication

    • Session timeout triggers reauthentication

CSE 5349/7349


802 11i encryption enhancements
802.11i – Encryption Enhancements

  • Temporal Key Integrity Protocol (TKIP)

    • RC4 still used

    • Per-packet keys

    • Hash functions for MIC instead of CRC 32

    • Only firmware upgrade required

  • AES

    • AES cipher replaces RC4

    • Will require new hardware

CSE 5349/7349


ad