wireless networking designing and implementing wlan security module 11 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Wireless Networking Designing and Implementing WLAN Security Module-11 PowerPoint Presentation
Download Presentation
Wireless Networking Designing and Implementing WLAN Security Module-11

Loading in 2 Seconds...

play fullscreen
1 / 50

Wireless Networking Designing and Implementing WLAN Security Module-11 - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

Wireless Networking Designing and Implementing WLAN Security Module-11. Jerry Bernardini Community College of Rhode Island . Presentation Reference Material. CWNA Certified Wireless Network Administration Official Study Guide, Fourth Edition, Tom Carpenter, Joel Barrett

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless Networking Designing and Implementing WLAN Security Module-11' - joey


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
wireless networking designing and implementing wlan security module 11

Wireless NetworkingDesigning and Implementing WLAN SecurityModule-11

Jerry Bernardini

Community College of Rhode Island

Wireless Networking J. Bernardini

presentation reference material
Presentation Reference Material
  • CWNA Certified Wireless Network Administration Official Study Guide, Fourth Edition, Tom Carpenter, Joel Barrett
    • Chapter-10, pages475-525
  • Cisco White Paper - A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite

www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.htm

  • Your 802.11 Wireless Network has No Clothes¤
    • William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan, Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001
    • http://www.cs.umd.edu/~waa/wireless.pdf

Wireless Networking J. Bernardini

early ieee 802 11 security
Early IEEE 802.11 Security
  • Referred to as: Pre-RSNA Security
    • RSNA=Robust Security Network Association
  • Pre-RSNA Security includes
    • Open System Authentication
    • Share Key Authentication
    • Wired Equivalent Privacy
  • This technology has many flaws and should not be considered for new systems
  • But we should understand Pre-RSNA to appreciate WLAN vulnerabilities

Wireless Networking J. Bernardini

open authentication
Open Authentication
  • Open authentication allows any device network access.
  • If no encryption is enabled on the network, any device that knows the SSID of the access point can gain access to the network.
  • With WEP encryption enabled on an access point, the WEP key itself becomes a means of access control.

CCRI J. Bernardini

802 11 client authentication process
802.11 client authentication process
  • 1. Client broadcasts a probe request frame on every channel
  • 2. Access points within range respond with a probe response frame
  • 3. The client decides which access point (AP) is the best for access and sends an authentication request
  • 4. The access point will send an authentication reply
  • 5. Upon successful authentication, the client will send an association request frame to the access point
  • 6. The access point will reply with an association response
  • 7. The client is now able to pass traffic to the access point

CCRI J. Bernardini

open authentication vulnerabilities
Open Authentication Vulnerabilities
  • No way for the access point to determine whether a client is valid.
  • A major security vulnerability if WEP or better encryption is not implemented
    • Cisco does not recommend deploying wireless LANs without WEP encryption.
  • When WEP encryption is not needed or is not feasible to deploy - such as public WLAN deployments
  • Higher-layer authentication can be provided by implementing a Service Selection Gateway (SSG).

CCRI J. Bernardini

shared key authentication
Shared Key Authentication
  • The client sends an authentication request to the access point requesting shared key authentication
  • The access point responds with an authentication response containing challenge text
  • The client uses its locally configured WEP key to encrypt the challenge text and reply with a subsequent authentication request
  • If the access point can decrypt the authentication request and retrieve the original challenge text, then it responds with an authentication response that grants the client access

CCRI J. Bernardini

wired equivalent privacy wep
Wired Equivalent Privacy-WEP
  • Wired Equivalent Privacy, a security protocol for WLANs defined in the 802.11b standard.
  • A secret key is shared between STAs and an AP
  • The secret key is used to encrypt packets (MSDU) before they are transmitted.
  • LANs are inherently more secure than WLANs
  • WLANs are over radio waves and can be intercepted
wep uses rc4
WEP uses RC4
  • It is reasonably strong:
  • It is self-synchronizing:
  • WEP is self-synchronizing for each message. This property is critical for a
  • data-link level encryption algorithm, where “best effort” delivery is assumed and packet loss rates may be high.
  • It is efficient:
  • The WEP algorithm is efficient and may be implemented in either hardware or software.
  • It may be exportable:

Wireless Networking J. Bernardini

what is rc4
What is RC4
  • RC4 is a stream cipher designed by Ronald L. Rivest (MIT Professor) for RSA Data Security (now RSA Security).
  • It is a variable key-size stream cipher with byte-oriented operations.
  • The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100.
  • Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software.
  • Independent analysts have scrutinized the algorithm and it is considered secure.

Wireless Networking J. Bernardini

correct wep key required
Correct WEP Key Required
  • If a device does not have the correct WEP key, even though authentication is successful, the device will be unable to transmit data through the access point.
  • Neither can it decrypt data sent from the access point

CCRI J. Bernardini

wep encryption process
WEP Encryption Process

802.11 recommends IV change per-frame

same packet is transmitted twice resulting cipher-text will be different

Ciphertext

IV

Initialization

Vector (IV)

PRNG

Key Stream

Seed

C1

Secret

Key

Pseudorandom Number Generator

Plain

text

Exclusive-OR

C2

Integrity Algorithm

Integrity

Check

Value (ICV)

What is Transmitted

initialization vector
Initialization Vector
  • The IV is a 24-bits that augments a 40-bit WEP key to 64 bits and a 104-bit WEP key to 128 bits.
  • The IV is sent in the clear in the frame header so the receiving station knows the IV value and is able to decrypt the frame
  • Although 40-bit and 104-bit WEP keys are often referred to as 64-bit and 128-bit WEP keys, the effective key strength is only 40 bits and 104 bits, respectively, because the IV is sent unencrypted.

CCRI J. Bernardini

wep encryption process15
WEP Encryption Process

Data

1 0 1 1 1 0 0 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 1 0 1

Key Stream

1 1 1 1 0 1 1 0 0 1 1 1 1 0 1 0 1 0 1 0 1 1 1 0 1

Cipher Stream (Transmitted and Received)

0 1 0 0 1 1 1 1 0 0 0 0 1 1 1 1 0 0 1 1 0 0 0 0 0

Key Stream

1 1 1 1 0 1 1 0 0 1 1 1 1 0 1 0 1 0 1 0 1 1 1 0 1

Data

1 0 1 1 1 0 0 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 1 0 1

wep encryption process16
WEP Encryption Process

The WEP Encrypted Frame Body

Encrypted

IV

4

Data PDU

>=1

ICV

4

Init. Vector

3

1 Octet

Pad

6-bits

Key ID

2-bits

wep keys
WEP Keys
  • 802.11b – 64-bit shared RC4 Key.

24-bit IV plus a 40-bit Secret Key.

  • 128-bit shared RC4 Key

24-bit IV plus a 104-bit Secret Key.

  • 152-bit shared RC4 Key

24-bit IV plus a 128-bit Secret Key.

23|24

0

63

IV

24 - bits

Secret Key

40 - bits

PRNG Seed

wep weaknesses
WEP Weaknesses
  • Key management and key size. 40-bit
  • The IV is too small.

24-bit = 16,777,216 different cipher streams.

  • The ICV algorithm is not appropriate

Uses CRC-32 when MD5 or SHA-1 would be better.

  • Authentication messages can be easily forged.
initialization vector replay attacks
Initialization Vector Replay Attacks
  • 1. A known plain-text message is sent to an observable wireless LAN client (an e-mail message)
  • 2. The network attacker will sniff the wireless LAN looking for the predicted cipher-text
  • 3. The network attacker will find the known frame and derive the key stream
  • 4. The network attacker can "grow" the key stream using the same IV/WEP key pair as the observed frame
  • This attack is based on the knowledge that the IV and base WEP key can be reused or replayed repeatedly to generate a key stream large enough to subvert the network.

CCRI J. Bernardini

block cipher operation
Block Cipher Operation
  • Block ciphers deal with data in defined blocks
  • The block cipher fragments the frame into blocks of predetermined size and performs the XOR function on each block.
  • Each block must be the predetermined size, and leftover frame fragments are padded to the appropriate block size

CCRI J. Bernardini

electronic code book encryption
Electronic Code Book Encryption
  • The process of encryption described stream ciphers and block ciphers is known as Electronic Code Book (ECB) mode encryption.
  • With ECB mode encryption, the same plain-text input always generates the same cipher-text output.
  • The Figure illustrates, the input text of "FOO" always produces the same cipher-text.
  • This is a potential security threat because eavesdroppers can see patterns in the cipher-text and start making educated guesses about what the original plain-text is.
  • There are two encryption techniques to overcome this issue:
  • Initialization vectors
  • Feedback modes

CCRI J. Bernardini

feedback modes encryption process
Feedback ModesEncryption Process
  • Feedback modes are modifications to the encryption process to prevent a plain-text message from generating the same cipher-text during encryption.
  • Feedback modes are generally used with block ciphers, and the most common feedback mode is known as cipher block chaining (CBC) mode.
  • The premise behind CBC mode is that a plain-text block has the XOR function performed with the previous block of cipher-text.
  • Because the first block has no preceding cipher-text block, an IV is used to change the key stream.

CCRI J. Bernardini

growing a key stream attack
"Growing" a Key Stream Attack
  • Once a key stream has been derived for a given frame size, it can be "grown" to any size required.
  • 1. The network attacker can build a frame one byte larger than the known key stream size; an Internet Control Message Protocol (ICMP) echo frame is ideal because the access point solicits a response
  • 2. The network attacker then augments the key stream by one byte
  • 3. The additional byte is guessed because only 256 possible values are possible
  • 4. When the network attacker guesses the correct value, the expected response is received: in this example, the ICMP echo reply message
  • 5. The process is repeated until the desired key stream length is obtained

CCRI J. Bernardini

rsna security
RSNA Security
  • Robust Security Network Association
  • IEEE 802.11. Clause 8 (previously IEEE 802.11i)
  • TKIP and RC4
  • CCMP and AES
  • IEEE 802.1X
  • Preshared Keys
  • Certificates and PACs
  • Four way Handshake
  • Key Hierarchies
  • Transition Security Network

Wireless Networking J. Bernardini

ieee 802 11 clause 8
IEEE 802.11, Clause 8

Discusses and defines the following issues

Wireless Networking J. Bernardini

temporal key integrity protocol tkip
Temporal Key Integrity Protocol - TKIP
  • Part of the IEEE 802.11i encryption standard for wireless LANs (Pronounced tee-kip )
  • TKIP is the next generation of WEP (initially call WEP2).
  • Provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.
  • TKIP Process
    • begins with a 128-bit "temporal key" shared among clients and access points
    • Combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data.
    • This procedure ensures that each station uses different key streams to encrypt the data.
  • Older WEP based devices can be upgraded to TKIP and not processor intensive
ccmp and aes
CCMP and AES
  • Counter Mode with Cipher Block Chaining-Message Authentication Code (CCMP)
  • CCMP uses Advanced Encryption Standard (AES) instead of RC4 algorithm
  • CCMP/AES uses 128-bit encryption, encrypts 128-bit blocks, uses 8-bytes integrity check
  • AES is very processor intensive
  • Not upgradable for older devices

Wireless Networking J. Bernardini

advanced encryption standard aes
Advanced Encryption Standard - AES
  • Relatively new U.S. National Institute of Standards and technology (NIST) for single-key encryption; approved in 2002.
  • 16-byte Block Cipher based on Rijndael
    • (pronounced “Rain Doll”)
  • Key Lengths of 128, 192, and 256-bit
  • Time to brute-force break an AES 256-bit key… several years.
  • AES Encryption is a four step process
http en wikipedia org wiki advanced encryption standard aes four steps
http://en.wikipedia.org/wiki/Advanced_Encryption_StandardAES Four Steps

3

1

2

4

Wireless Networking J. Bernardini

802 1x and eap
802.1X and EAP
  • IEEE’s 802.1X Port Based Network Access Control standard provides strong authentication and network access control for 802.11 networks.
  • Extensible Authentication Protocol (EAP) is used to pass authentication information between the supplicant and the AS.

Supplicant

Authenticator

Authentication Server

1

802 1x requires three entities
802.1X Requires Three Entities:
  • The supplicant-—Resides on the wireless LAN client
  • The authenticator-—Resides on the access point
  • The authentication server—Resides on the RADIUS server

CCRI J. Bernardini

cisco wireless security suite and 802 1x
Cisco Wireless Security Suite and 802.1X
  • authentication framework—The IEEE 802.1X standard provides a framework for many authentication types and the link layer
  • Extensible Authentication Protocol (EAP) Cisco authentication algorithm—The EAP Cisco Wireless authentication type, also called Cisco LEAP supports centralized, user-based authentication with the ability to generate dynamic WEP keys
  • Temporal Key Integrity Protocol (TKIP)—Cisco has implemented two components to augment WEP encryption:
    • Message Integrity Check (MIC)—The MIC function provides effective frame authenticity to mitigate man-in-the-middle vulnerabilities
    • Per-Packet Keying—Per-packet keying provides every frame with a new and unique WEP key that mitigates WEP key derivation attacks
  • Broadcast Key Rotation—Dynamic key rotation

CCRI J. Bernardini

four way handshake
Four-Way Handshake
  • Used to establish temporary transient keys with AP
  • Four-packet exchange
  • Number used once (Anounce)
  • Supplicant nounce (Snounce)
  • Authenticator Nounce
  • Message Integrity Check (MIC)

Wireless Networking J. Bernardini

ipsec vpn secure your wireless with ipsec by dan langille 10 21 2004
IPsec VPN (Secure Your Wireless with Ipsec by Dan Langille 10/21/2004 )
  • IPsec is short for IP security
  • It is a set of protocols for securely exchanging packets at the IP layer.
    • VPNs frequently use it. can use the same approach to secure our wireless network.
  • uses shared secrets to encrypt data.
  • uses security policies to decide what types of traffic to encrypt between which hosts.
  • IPsec can create a point-to-point tunnel between two hosts.
  • IPsec cannot exist on its own -need to have IPsec at both ends
  • IPsec uses a database to decide how to treat traffic.
    • The two main types of rules are policy and association.
    • Security Policy Database (SPD) determines what traffic IPsec should handle.
    • Security Association Database (SAD) specifies how to encrypt that traffic.

Wireless Networking J. Bernardini

wireless vpns
Wireless VPNs
  • Virtual Private Networks, or VPNs, use publicly accessible or wireless network infrastructures combined with private connections to securely exchange private applications and data.
  • All VPN systems use encryption and other security mechanisms to ensure that only authorized users can access the network, so that the data cannot be intercepted.
wireless gateways
Wireless Gateways
  • A network device or base station, usually providing shared network access, firewall security and encryption.
  • An Access Point, LAN Switch, Firewall, and WAN Interface in one enclosure.
slide37
WPA
  • There are 2 modes of WPA and WPA2 certification—Enterprise and Personal
wpa wpa2 7 steps
WPA & WPA2, 7-steps
  • The 7 steps are:

• Step 1: Security Mechanism and Credentials

• Step 2: User Authentication Database

• Step 3: Client Operating Systems

• Step 4: Supplicants

• Step 5: EAP Types (EAP-TTLS)

• Step 6: Authentication Server

• Step 7: Access Points and Client NIC Cards

example of a wpa2
Example of a WPA2
  • Windows

1. Security Credentials: Digital Certificate X.509

2. Database: Microsoft Active Directory

3. Client OS: Windows XP

4. Supplicant: Built into Windows XP for EAP-TLS

5. Authentication EAP Type: EAP-TLS

6. Authentication Server: Cisco Secure Access Control Server (RADIUS server)

7. Access Points and Client Devices: WPA2-Enterprise Wi-Fi CERTIFIED

wpa deployment
WPA Deployment

Authentication

Database

Radius Server

802.1X EAP Type

Wired LAN

Support for802.1X EAP TypeTKIP

Access Points

AP-1

Wireless

Clients

WiFi Cert with WPA802.1X EAP TypeSupplicant for EAP & OSTKIP Encryption

1

2

corporate security policy
Corporate Security Policy
  • Develop a wireless security policy to define what is and what is not allowed with wireless technology.
  • Know the technologies and the users that use the network.
  • Measure the basic field or illumination coverage of the wireless network.
  • Physical Security
corporate security policy42
Corporate Security Policy
  • Set base lines and perform audits/monitoring of the network.
  • Harden AP’s, servers, and gateways.
  • Determine level of security protocols and standards.
  • Consider using switches, DMZ, RADIUS servers, and VPN.
  • Update firmware and software.
to secure the wlan
To Secure the WLAN
  • If possible, put the wireless network behind its own routed interface so you can shut it off if necessary.
  • Pick a random SSID that gives nothing about your network away.
  • Use WPA or have your broadcast keys rotate every ten minutes.
  • Use 802.1X for key management and authentication
    • Look over the available EAP protocols and decide which is right for your environment.
    • Set the session to time out every ten minutes or less.
security solutions
Security Solutions

802.1X

Authentication

TKIP

Temporal Key Integrity

Protocol

MIC

Message Integrity

Checking

Cipher and

Authentication

Negotiation

Key

Management

WPA / WPA2Wi-Fi Protected Access

AES

Advanced Encryption

Standard

802.11i

service set identifier myth
Service Set Identifier Myth
  • The SSID is a construct that allows logical separation of wireless LANs.
  • A client must be configured with the appropriate SSID to gain access to the wireless LAN.
  • The SSID does not provide any data-privacy functions, nor does it truly authenticate the client to the access point.

CCRI J. Bernardini

mac address authentication
MAC Address Authentication
  • MAC address authentication is not specified in the 802.11 standard
  • Many vendors—including Cisco—support it.
  • MAC address authentication verifies the client's MAC address against a locally configured list of allowed addresses or against an external authentication server
  • MAC authentication is used to augment the open and shared key authentications provided by 802.11

CCRI J. Bernardini

mac address authentication vulnerabilities myth
MAC Address Authentication Vulnerabilities Myth
  • MAC addresses are sent in the clear as required by the 802.11 specification.
  • In wireless LANs that use MAC authentication, a network attacker might be able to subvert the MAC authentication process by "spoofing" a valid MAC address.
  • MAC address spoofing is possible in 802.11 network interface cards (NICs) that allow the universally administered address (UAA) to be overwritten with a locally administered address (LAA).
  • A network attacker can use a protocol analyzer to determine a valid MAC address in the business support system (BSS) and an LAA-compliant NIC with which to spoof the valid MAC address.

CCRI J. Bernardini

authentication vulnerabilities with ssid
Authentication Vulnerabilities with SSID
  • The SSID is advertised in plain-text in the access point beacon messages Although beacon messages are transparent to users
  • Eavesdropper can easily determine the SSID with WLAN packet analyzer
  • Some access-point vendors, offer the option to disable SSID broadcasts in the beacon messages.
  • The SSID can still be determined by sniffing the probe response frames from an access point
  • Disabling SSID broadcasts might have adverse effects on Wi-Fi interoperability for mixed-client deployments.

CCRI J. Bernardini

wireless security summary
Wireless Security Summary

CCRI J. Bernardini

wireless security terms
Wireless Security Terms
  • SSID –Service Set Identifier
  • WPA –Wi-Fi Protected Access
  • WEP- Wired Equivalent Privacy
  • PSK –Pre-Shared Key
  • TKIP –Temporal Key Integrity Protocol
  • MAC –Media Access Control
  • MIC –Message Integrity Check
  • AES –Advanced Encryption Standard
  • CCMP -Counter Mode CBC-MAC Protocol
  • RADIUS –Remote Dial-In User Service

CCRI J. Bernardini