Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Background • Wireless and instant messaging are two topics of concern to computer and network security professionals. • Wireless network applications are important because the risks inherent in broadcasting a network signal across public airwaves are similar to posting all your organization's passwords by the front door.
Background • Instant messaging is important to people who control security. • It is hard to suppress these applications. • When installed on any networked machine, they allow: • Unencrypted traffic to and from the Internet-based messaging servers. • Uncontrolled file transfer.
Objectives • Upon completion of this lesson, the learner will be able to: • Describe the security implications of wireless networks. • Describe the security implications of instant messaging.
Wireless • Wireless networking is the transmission of data using a physical topology, and not direct physical links. • Wireless Application Protocol (WAP) • IEEE 802.11
Wireless • This presentation narrows the definition to apply to networks that use radio waves to carry the signals, over either public or private bands.
Two Wireless Systems • Two of the most common point-to-multipoint systems are: • Wireless Application Protocol (WAP) • The Wireless Application Protocol is a system developed to send data to small handheld devices such as cellular phones, wireless e-mail handhelds, and PDAs. • IEEE 802.11 • The 802.11 protocol has been standardized by the IEEE for wireless local area networks and has three versions currently in production, 802.11b, 802.11a, and the most recent 802.11g.
Two Vulnerable Systems • Wireless systems are vulnerable since targets are abundant and unsecured – they are not necessarily attached to crucial infrastructure. • There is no control over the physical layer of the traffic. • If an attacker can get close enough to the signal's source, he can listen and capture all the packets for examination. • Attackers may modify the traffic being sent, or send their own traffic to disrupt the system.
WAP and WTLS • Wireless Application Protocol • Wireless Transport Layer Security
Wireless Application Protocol • WAP fills the demand for additional services as cellular phones and pagers are replaced by wireless e-mail devices and PDAs. • It uses a private-band, point-to-multipoint signal to deliver packet data to small wireless devices.
Wireless Transport Layer Security • WTLS avoids broadcasting data. • The lightweight encryption protocol called Wireless Transport Layer Security (WTLS) is derived from the current Transport Layer Security protocol in use across the Internet.
Wireless Transport Layer Security • The protocol was designed to meet the three fundamental requirements for security: • Confidentiality • Integrity • Authentication
Confidentiality • Confidentiality ensures that no one can read sent and received packets except those who are authorized. • There are many ways to ensure confidentiality – they cannot rely on physical control. • Wireless affords no control over the physical medium that the packets are traveling over, there is no way to stop another party from listening.
WAP Confidentiality • WAP uses a central aggregation point for the network. • For example, a cellular provider's tower. • The best way to ensure confidentiality is to encrypt the data and send it over the airwaves as ciphertext. • The originator and the recipient both have keys to decrypt the data and reproduce the plaintext.
WTLS Confidentiality • WTLS uses a modified version of the TLS protocol, formerly known as SSL. • The WTLS protocol supports several encryption algorithms, including DES, Triple DES (more commonly referred to as 3DES), RC5, and IDEA. • They can support 40- and 56-bit keys in the case of DES and 3DES, and 40-, 56-, and 128-bit keys in the case of RC5 and IDEA.
WTLS Confidentiality • WTLS must carry out a key exchange, exactly as TLS does every time you log on to a secure Web site. • WTLS supports several key exchange methods: Diffie-Hellman, Elliptic Curve Diffie-Hellman, and RSA.
Integrity • Integrity means you have assurances that what you sent is what was received when data is sent or received. • This is accomplished by indicating that the information has been modified.
Integrity • This may be done by generating a checksum of the message with a one-way hash function. • When the receiver gets the data, it hashes it as well and compares the two sums. • If they match, then the data was unaltered.
Integrity • WTLS implements integrity by using message authentication codes (MACs). • A MAC algorithm generates a one-way hash of the compressed WTLS data. WTLS supports the MD5 and SHA MAC algorithms.
Authentication • Authentication is the process by which each end of the data flow proves they are who they claim to be. • Authentication is accomplished by the sending something that proves the senders are who they claim to be. • The sender will also want assurances that the party they are contacting is whom they mean to send data.
Authentication • Authentication can be performed in several ways, including digital certificates, tokens, or simple passwords. • Authentication in WTLS is done with digital certificates. The types of certificates supported by WTLS include the native WTLS type, X509, and X9.68.
Security Issues with WTLS • WTLS implements the three parts of security into the protocol. • It allows the unique requirements of the devices that are using the protocol. • WTLS has to be able to cope with small amounts of memory and limited processor capacity, as well as long round-trip times that TLS could not handle well.
Security Issues with WTLS • Since the protocol is designed around more capable servers than devices, the specification allows connections with little to no security. • Clients with low memory or CPU capabilities cannot support encryption, • Choosing null or weak encryption greatly reduces confidentiality. • Authentication is an option in the protocol. • Omitting authentication reduces security by leaving the connection vulnerable to a man-in-the-middle-type attack.
Security Issues with WTLS • There are known security vulnerabilities in the implementation of WTLS, including: • Chosen plaintext attack • PKCS #1 attack • Alert message truncation attack
WTLS Chosen Plain Text • The chosen plaintext attack works on the principle of predictable Initialization Vectors (IVs). • By the nature of the transport medium that it is using, WAP, WTLS needs to support unreliable transport. • This forces the IV to be based upon data already known to the client, and WTLS uses a linear IV computation. • The IV is based on the sequence number of the packet and several packets are sent unencrypted, severely decreasing entropy. • This lack of entropy in the encrypted data reduces confidentiality.
WTLS and PKCS • PKCS used with RSA encryption gives a standard for formatting the padding used to generate a correctly formatted block size. • When the client receives the block, it will reply to the sender as to the validity of the block. • In the PKCS #1 attack, an attacker attempts to send multiple guesses at the padding to force a padding error.
WTLS and AMT • Alert messages in WTLS are sometimes sent in plaintext and are not authenticated. • This allows an attacker to overwrite an encrypted packet from the actual sender with a plaintext alert message. • It would lead to possible disruption of the connection through a truncation attack.
Security Issues with WTLS • There is concern over the so-called “WAP GAP.” • Confidentiality of information is vulnerable where two different networks meet, the WAP gateway. • WTLS acts as the security protocol for the WAP network, and TLS is the standard for the Internet, so the WAP gateway has to perform translation from one encryption standard to the other. Thus, this translation forces all messages to be seen by the WAP gateway in plaintext. • A WAP gateway is an especially appealing target, as plaintext messages are processed through it from all wireless devices, not just a single user.
Wireless Protocol • The IEEE 802.11b protocol was ratified in late 1999. • It inaugurated a range of products that opened a new genre of attacks for the attackers.
802.11 Standard • This standard specifies sending data traffic packets over radio waves in the unlicensed 2.4 GHz band.
802.11a • The 802.11a protocol operates in the 5 GHz spectrum using orthogonal frequency division multiplexing (OFDM). • Supporting rates of up to 54 Mbps, it is the faster brother of 802.11b; however, the higher frequency shortens the usable range of the devices.
802.11b • The 802.11b protocol provides for multiple-rate Ethernet over 2.4 GHz spread-spectrum wireless. • It provides transfer rates of 1 Mbps, 2 Mbps, 5.5 Mbps, and 11 Mbps and typically uses direct-sequence spread spectrum (DSSS). • The typical range is roughly 100 yards indoors and 300 yards outdoors line of sight.
802.11g • The 802.11g standard uses portions of both the other standards: • It uses the 2.4 GHz band for greater range but uses the OFDM transmission method to achieve the faster 54 Mbps data rates.
802.11 Standard • As 802.11 matured, easy to use and affordable, security experts started to deconstruct the security built into the standard. • The 802.11a protocol works only to improve the speed of the network and does not have security updates. • The 802.11g technology focuses on making traffic in the 2.4 GHz band run at the data rates supported by the 802.11a's 5 GHz band. • The 802.11g standard does support a longer WEP key. • It does not solve the problems with WEP. • For security purposes, 802.11b and 802.11g are nearly identical.
802.11 Authentication and Association • The 802.11 standard includes rudimentary authentication and confidentiality controls. • Authentication is handled in its most basic form by the 802.11 access point. • It forces the clients to perform a handshake when attempting to “associate” to the AP. Association is the process needed before the AP will allow the client to talk across the AP to the network. • Association occurs only if the client has all the correct parameters needed such as the service set identifier (SSID) in the handshake.
802.11 Confidentiality • The standard protects confidentiality with Wired Equivalent Privacy (WEP). • WEP uses the RC4 stream cipher to encrypt data as it is transmitted through the air. • This encryption is synchronous and based upon a key shared by the AP and all the clients using the AP.
802.11 Access Security • Access to actual Ethernet segments is protected by physical security measures. • However, wireless installation broadcasts the network right through the physical controls that are in place. • An attacker can drive up and have the same, or better, access as by plugging into an Ethernet jack inside the building, because 802.11 is a shared medium, allowing sniffers to view all packets being sent to or from the AP and all clients. • These access points were typically behind any security measures, such as firewalls and IDSs.
802.11 Access Security • Attack is easy due to the low cost of the equipment needed. • A single wireless access card costing less than a hundred dollars can give access to any unsecured access point within the driving range. • The final reason for the popularity of attacking wireless is the relative ease compared to other target hosts. • Windows-based tools for locating and sniffing wireless-based networks have turned anyone who can download files from the Internet and has a wireless card into a potential attacker.
802.11 Attack Tools • The most common tools used by an attacker are reception-based programs that listen to the beacon frames put out by wireless devices and programs promiscuously capture all traffic.
Netstumbler • The most widely used of these programs is called Netstumbler by Marius Milner. • It listens for access point beacon frames in a range and logs all available information about the access point for later analysis.
Netstumbler • If the computer has a GPS unit attached to it, the program also logs the coordinates of the access point. • This information can be used to return to the access point, or to plot maps of access points in a city. • This is a Windows-based application, but there are programs that work on the same principle for Mac, BSD, Linux, and other operating systems.
Using a Sniffer • Once a ‘secured’ network is located, an attacker may use the best attack tool, a network sniffer. • A sniffer and a wireless network card are a powerful attack tool. • A shared media wireless network exposes all packets to interception and logging.
Sniffer Examples • Popular wireless sniffers are Ethereal and WildPackets AiroPeek. • A popular wireless sniffer is Sniffer Pro 4.0.
Popularity of 802.11Targets • Anonymity • An attacker can probe for wireless access from the street and log packets from the AP without giving any indication that an attempted intrusion is taking place. • The attempted association is recorded only by the MAC address of the wireless card associated to it. • Most APs do not alert when users associate to it. • Cost of the equipment • A single wireless access card costing less than a hundred dollars can give access to any unsecured access point within driving range.
Popularity of 802.11Targets • The final reason for the popularity of attacking wireless is the relative ease compared to other target hosts. • Windows-based tools for locating and sniffing wireless-based networks have turned anyone who can download files from the Internet and has a wireless card into a potential attacker. • The most common tools for an attacker to use are reception-based programs that listen to the beacon frames put out by other wireless devices and programs that promiscuously capture all traffic.
Popularity of 802.11Targets • The most widely used of these programs is Netstumbler by Marius Milner. • This program listens for the beacon frames of access points that are within the range of the card attached to the Netstumbler computer. • When it receives them, it logs all available information about the access point for later analysis. • Once an attacker has located a network, and assuming they cannot directly connect and start active scanning and penetration of the network, they will use a network sniffer.
Popularity of 802.11Targets • Specialized sniffer tools have emerged recently, with a single objective, to crack WEP keys. • Wired Equivalent Privacy is the encryption protocol that 802.11 uses to attempt to ensure confidentiality of wireless communications but, unfortunately, it has turned out to have several problems.
Popularity of 802.11Targets • These weaknesses are specifically targeted for attack by the specialized sniffer programs. • They work by exploiting weak initialization vectors in the encryption algorithm. • To exploit this weakness, you need a certain number of ciphertext packets. However, once you have captured enough packets, the program can decipher the encryption key being used very quickly.