1 / 18

IWD2243 Wireless & Mobile Security

IWD2243 Wireless & Mobile Security. Chapter 3 : Wireless LAN Security. 3.1 Introduction. 802.11 security architecture – Wired Equivalent Privacy (WEP) Responsible for the CIA in 802.11 network. Designed to be “Wireless Ethernet” Important architectural differences between 802.11 & TWNs

duncan
Download Presentation

IWD2243 Wireless & Mobile Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IWD2243Wireless & Mobile Security Chapter 3 : Wireless LAN Security Prepared by : Zuraidy Adnan, FITM UNISEL

  2. 3.1 Introduction • 802.11 security architecture – Wired Equivalent Privacy (WEP) • Responsible for the CIA in 802.11 network. • Designed to be “Wireless Ethernet” • Important architectural differences between 802.11 & TWNs • 802.11 limited support for roaming, restricted to wireless access network only • While TWN support seamless roaming over large geographical areas. Prepared by : Zuraidy Adnan, FITM UNISEL

  3. 3.2 WEP • Key establishment in 802.11 • None, out of scope • Relies on preshared key STAs and APs • Does not specify how the keys are established. • Anonymity in 802.11 • Not a major concern. • The use of IP address unlike IMSI in TWNs • IP address assign to user can change over time • The use of Network Address Translation (NAT) • Mapping the internal IP with Global IP (GIP) Prepared by : Zuraidy Adnan, FITM UNISEL

  4. 3.2 WEP (cont.) • Authentication in 802.11 • Authentication – control access to the network. • Wired LAN – security features being inherits from the network • WLAN – no physical access authentication • Net authenticate STAs – STA authenticate Net • APs – Broadcast beacon (mgmt frame which announce the existence of the network) • Each beacon have Service Set Identifier (SSID) – or – Net name – identify ESS. • STA want to connect – passive / active scan. • STAs send probe request to all available channel Prepared by : Zuraidy Adnan, FITM UNISEL

  5. 3.2 WEP (cont.) • Authentication in 802.11 (cont.) • Concerned Aps received a probe – send probe-response • STAs find out which station it can join • STAs choose the network it whishes to join – based on signal strength • The authentication process start – two options :- • Open System Authentication (OSA) • See figure 18.2 : 802.11 OSA, page 408 • Using OSA – mean no authentication at all • Shared Key Authentication (SKA) Prepared by : Zuraidy Adnan, FITM UNISEL

  6. 3.2 WEP (cont.) • Authentication in 802.11 (cont.) • Shared Key Authentication (SKA) • See figure 18.3 : 802.11 SKA, page 410 • Challenge – response system • SKA divide STAs into 2 groups, 1 – allowed access, 2 – all other STAs • Group 1 – STAs share secret key with Aps • Using SKA requires, the STAs and APs capable of using WEP, and the STAs and AP have preshared key. Prepared by : Zuraidy Adnan, FITM UNISEL

  7. 3.2 WEP (cont.) • Authentication in 802.11 (cont.) • Authentication and Handoffs • See figure 18.4 : 802.11 handoffs and security, page 411 • What’s wrong with 802.11 authentication? • No method specified in WEP for each STA to be assigned with unique key • Many 802.11 deployment share key across Aps • One way – no provision for the STA to authenticate the Net. • Pseudo-Authentication scheme • Allows only STAs that knows the SSID to join the Net • Using MAC address as a secret. • Aps maintain a list of STA’s MAC, only registered MAC can access the Net Prepared by : Zuraidy Adnan, FITM UNISEL

  8. 3.2 WEP (cont.) • Confidentiality in 802.11 • See figure 18.5 : WEP, page 414 • 5 steps to provide confidentiality in 802.11 • See figure 18.6 : A WEP packet, page 415 • The packet that been produced after encryption process. • What’s wrong with WEP • Usage of RC4 stream chiper, always failed in wireless medium. • Solution : shift synchronization requirement from session to a packet – change keys for every packet. • IV which concatenated with master key per packet being sent in clear text • Susceptible to Fluhrer-Mantin-Shamir (FMS) attack. • Specify no rules for IV selection Prepared by : Zuraidy Adnan, FITM UNISEL

  9. 3.2 WEP (cont.) • Data Integrity in 802.11 • 802.11 uses Integrity Check Value (ICV) field in the packet • See figure 18.7 : Data integrity in WEP, page 419 • ICV – Cyclic Redundancy Check-32bits (CRC32) • CRC32 is linear and not cryptographically computed • Eve still can modify the message! • Loopholes in 802.11 security (summary) • The list 1-9, page 421 & 422. Prepared by : Zuraidy Adnan, FITM UNISEL

  10. 3.3 WPA • Wi-Fi Protected Access (WPA) • Prestandard subset of 802.11i • Biggest differences – • Usage of AES (Advanced Encryption Standard) for providing confidentiality and integrity • Usage of Temporal Key Integrity Protocol (TKIP) and MICHAEL. • Both differences makes big changes in WLAN security architecture & hardware parts. • Most parts (h/ware) in 802.11 implementation cannot be used in WPA 802.11i Prepared by : Zuraidy Adnan, FITM UNISEL

  11. 3.3 WPA (cont.) • Key establishment • WEP used preshared key establish using out of band mechanism • 2 environments – home & enterprise • Diff infra capacities to provide security • Enterprise – 802.11i use IEEE 802.1X for key establishment & authentication. • 802.1X use backend authentication server • Home user – no backend authentication server – allow out-of-band mechanism for key establishment • See figure 18.8 : Key hierarchy in 802.11, page 425 Prepared by : Zuraidy Adnan, FITM UNISEL

  12. 3.3 WPA (cont.) • Key establishment (cont.) • WPA solve the problem of authentication in WEP by reducing exposure of master key (MK) • WPA extends the two-tier hierarchy to multiple hierarchy. • Pair-wise master key (PMK) – preshared key, or derived from 802.1X • PMK – 32bytes – too long for human to remember • Allow user to enter shorter password which will be used as a seed to generate 32byte key. • Pair-wise transient key (PTK) – Session key, consist of 4 keys, 128bits long. Prepared by : Zuraidy Adnan, FITM UNISEL

  13. 3.3 WPA (cont.) • Key establishment (cont.) • 4 keys – encryption key for data, integrity key for data, encryption key for EAPoLmsg, and integrity key for EAPoL msg. • PTK derived from PMK using pseudorandom function (PRF) • PRF is based on HMAC-SHA algorithm. • Five input values to obtain PTK from PMK :- • PTK = PRF-512(PMK, “pair-wise expansion”, AP_MAC || STA_MAC || Anonce || Snonce) • 5 values – PMK, MAC add for two endpoints, one nonce for each endpoints. Prepared by : Zuraidy Adnan, FITM UNISEL

  14. 3.3 WPA (cont.) • Key establishment (cont.) • Nonce – “number-once” – generated at both side • Anonce = PRF-256(Random Number, “Init counter”, AP_MAC || Time) • Snonce = PRF-256 (Random Number, “Init counter”,STA_MAC || Time) • Next step – derive per-packet keys from PTK. • See figure 18.9 : TKIP encryption, page 427 • See “important features to note in (TKIP encrypt) process”, page 428. Prepared by : Zuraidy Adnan, FITM UNISEL

  15. 3.3 WPA (cont.) • Authentication • Home user, 802.11i allows WEP like configuration • Enterprise user, 802.11i specify the use of 802.1X • 802.1X architected along with Extensible Authentication Protocol over LAN (EAPoL) • See figure 18.10a : 802.1X/EAP port model, page 429 • See figure 18.10b : EAPoL, page 429 • EAP specify 3 net elements – Supplicant, Authenticator, Authentication Server • See figure 18.10c : EAP over WLAN, page 430 • STA – supplicant, AP – authenticator, backend authentication server Prepared by : Zuraidy Adnan, FITM UNISEL

  16. 3.3 WPA (cont.) • Authentication (cont.) • See figure 18.10d : 802.1X network architecture • Confidentiality • Enhancement from WEP confidentiality • TKIP double the IV size from 24 to 48bits • Used for per-packet mixing function, instead of just add more bits into the size, and still can co-exist in WEP compatible hardware. • Integrity • TKIP use a new message integrity check (MIC) protocol, MICHAEL Prepared by : Zuraidy Adnan, FITM UNISEL

  17. 3.3 WPA (cont.) • Integrity (cont.) • MICHAEL – no multiplication operation, instead, just rely on shift and add operations. • Another enhancement – to use IV as a sequence counter. • Overall picture : confidentiality + integrity • See figure 18.10e : TKIP – the complete picture, page 435 • How does WPA Fix WEP loopholes • See table 18.1 : WEP loopholes and WPA fixes Prepared by : Zuraidy Adnan, FITM UNISEL

  18. 3.4 WPA2 • Only few enhancements features from WPA • Enhancements :- • Authentication - Replaces a stream chiper (RC4) with a strong block chiper (AES). Instead, WPA2 embed AES in stream chiper. • Integrity – provides for stronger integrity protection using AES-based CCMP. • See figure 18.15 : WPA2 – the complete picture • See table 18.2 : comparison of WEP, WPA, and WPA2 security architectures. Prepared by : Zuraidy Adnan, FITM UNISEL

More Related