1 / 43

NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions

NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions. By Mohammad Shanehsaz Spring 2005. Objectives. Static and Dynamic WEP & TKIP Explain the functionality, strengths, and weaknesses of WEP and TKIP

korbin
Download Presentation

NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions By Mohammad Shanehsaz Spring 2005

  2. Objectives • Static and Dynamic WEP & TKIP • Explain the functionality, strengths, and weaknesses of WEP and TKIP • Explain appropriate scenarios and applications of static and dynamic WEP and TKIP • Install and configure static and dynamic WEP & TKIP • Illustrate feasibility of WEP exploitation • Manage scalable WEP & TKIP solutions

  3. Objectives • 802.1x and EAP • Explain the functionality of 802.1x & EAP • Explain dynamic key generation and rotation for solution scalability • Explain the strengths, weaknesses, and appropriate applications of 802.1x & EAP • Install and configure 802.1x & EAP, including LEAP, EAP-TLS, EAP-TTLS, EAP-MD5, PEAP, • Manage scalable 802.1x and EAP solutions

  4. 802.11 MAC Basics • Management and control frames are sent in clear text and unauthenticated • This is the basis for many types of attack scenarios • For some types of attacks particular vendors have instituted proprietary solutions • Many of these vulnerabilities will be addressed by the 802.11i standards

  5. Categories of Authentication & Encryption • There are three main categories: • Static WEP • Dynamic WEP • Proprietary protocols • There are variations on each type

  6. Static WEP • Security solution based on unchanging shared keys that are preconfigured on all nodes by network administrator • Protects the wireless link with simple authentication and data encryption • Not a complete solution, it can be cracked using common tools such as WEPcrack or Airsnort

  7. Cracking WEP • Cracking WEP requires three things: • Large number of captured packets • Long periods of time to capture those packets • Fast machine to process the information contained in the packets to derive the WEP key • It can takes days to crack it, is it worth it ?

  8. TKIP • Temporal Key Integrity Protocol is a set of modifications to the existing WEP algorithm • IEEE 802.11i task group created TKIP • TKIP is a type of dynamic WEP solution where WEP keys are rotated on a changeable interval, but static WEP key is still used as keying material

  9. WEP Weaknesses Addressed • TKIP algorithms address the following weaknesses: • Forgery • Weak-Key attacks • Collision attacks • Replay attacks

  10. Forgery • TKIP supports per-packet authentication • Forgery attacks are performed by capturing encrypted packets, changing some data within them, and then resending the packets • TKIP uses message-integrity check (MIC) called “Michael” to thwart attempts • MICs add significant network overhead

  11. Weak Key Attacks • WEP construct a per-packet RC4 key by concatenating an RC4 base key and 24 bits IV • TKIP uses key-mixing to derive short–lived encryption keys • TKIP uses 128 bit temporal key combined with the client’s MAC address and large 48 bit IVs to produce the key for encryption

  12. Collision and Replay attacks • TKIP uses 48 bit IVs, which increases the possible number of IVs, to prevent collision attacks • TKIP prevents replay attacks by using sequencing number for generated packets

  13. Availability • For those products that are currently Wi-Fi certified, most can be upgraded to support TKIP, assuming the vendor has made a firmware upgrade available- • check the web site for upgrades

  14. 802.1x / EAP • 802.1x with use of the Extensible Authentication Protocol implements what is generally referred to as dynamic WEP • Dynamic Key Generation, Distribution, & Rotation • EAP is a layer 2 authentication protocol replacing PAP and CHAP • It is appropriate for medium to large enterprise environment • Basing authentication on individualized user credentials such as usernames and passwords, certificates, smartcards and other like methods

  15. 802.1x Standard • IEEE standard that provides an authentication framework for 802-based LANs • It was originally used in wired networks and has since been adapted for wireless networks • It provides port-based access control so that before the switch or access point will establish a connection, the user credentials must be verified • 802.1x standard addresses only access control and authentication framework and does not address data privacy, so that the problems with WEP still exist, EAP eliminates the problems through dynamic key generation

  16. 802.1x Standard • There are three terms defined by the IEEE standard that describe the devices used in 802.1x • Supplicant-a client that is being authenticated • Authenticator-an access layer device such as AP or bridge that requires supplicants to be authenticated in order to pass traffic through it • Authentication server-( typically a RADIUS ) the device that is doing the authentication of the supplicant

  17. 802.1x Standard Advantages • Maturity & Interoperability • User-based identification • Dynamic Key Management • Flexible Authentication

  18. Maturity & Interoperability • The industry’s choice to use in WLAN because of time-proven use in wired network • Supports of mature protocols such as EAP and RADIUS which are open standards providing max interoperability in centralized identification and key management

  19. User-based Identification • Basing authentication on actual user not a particular wireless device, on a scalable database such as RADIUS or other databases that RADIUS directly supports (Active Directory, NDS, LDAP, SQL) • Centralized authentication and management save time and money

  20. Dynamic Key Management • Per-user per-session keys eliminates attacks based on obtaining the WEP key • Automated key management systems allow keys to be reissued without an administrator’s intervention

  21. Flexible Authentication • There are several supported authentication solutions to choose from • Changing the authentication mechanism does not require any hardware replacement

  22. EAP Protocol • Provides an extensible method for PPP server to authenticate its clients • EAP supports two-and three-factor authentication (passwords, certificates, biometrics, etc) • EAP was designed to prevent proprietary authentication solutions from being implemented which would have had a negative effect on the interoperability and compatibility between systems • EAP is within OS of the server or application software on the client • Windows XP natively supports EAP

  23. EAP Authentication Types • There are many EAP types : • EAP-MD5 • EAP-TLS • LEAP • EAP-TTLS • PEAP

  24. EAP-MD5 • First Authentication type created by RFC2284 for 802.1x • Uses the same challenges handshake protocol as PPP-based CHAP, except challenges and responses are sent as EAP messages • It has three weaknesses: • One-way authentication • Challenge passwords • No per-session WEP keys • Rarely used because of its weaknesses

  25. EAP-MD5 Weaknessesone-way Authentication • Because only the supplicant gets authenticated, an impersonator could be added as rogue RADIUS server to obtain the login credentials of a legitimate user

  26. EAP-MD5 WeaknessesChallenge Passwords • Authentication server challenge the supplicant with a random string of text • The supplicant hashes the challenge with its password and send it back • The server validates the response based on its knowledge of the password • Eavesdropper can obtain both the challenge and the hash, which he/she can break it with dictionary attack to obtain user’s password

  27. EAP-MD5 Weaknessesno per-session WEP keys • After authentication, communication is either not encrypted, or encrypted with a static WEP key • Because of static WEP vulnerability , it allows eavesdropping on the data

  28. EAP-TLS (EAP-Transport Level Security ) • Developed by Microsoft and standardized by Internet Engineering Task Force • It is based on the secure socket layer protocol used for secure web traffic • It uses both server-side and client-side certificates for user identification (mutual authentication) • More appropriate for organizations that have already deployed a PKI (public key infrastructure) • Per-session WEP key is set up, and client can be re-authenticated and re-keyed as often as needed without inconveniencing the end user

  29. TLS Authentication • The TLS process begins with the handshake process: 1. The SSL client connects to a server and makes an authentication request 2. The server sends its digital certificates to the client 3. The client verifies the certificate’s validity and digital signature 4. The server requests client-side authentication 5. The client sends its digital certificate to the server 6. The server verifies the certificate’s validity and digital signature 7. The encryption and message integrity schemes are negotiated 8. Application data is sent over encrypted tunnel via the record protocol

  30. EAP-TLS Authentication • The EAP-TLS authentication process is as follows: 1. The client sends an EAP start message to the access point 2. The access point replies with an EAP Request Identity message 3. The client sends its network access identifier (NAI), which is username, to the access point in an EAP Response message 4. The access point forwards the NAI, encapsulated in a RADIUS Access Request message to the RADIUS server 5. The RADIUS server responds to the client with its digital certificate

  31. EAP-TLS Authentication 6. The client validates the RADIUS server’s digital certificate 7. The client replies to the RADIUS server with its digital certificate 8. The RADIUS server validates the client’s credentials against the client digital certificate 9. The client and RADIUS server derive encryption keys 10. The RADIUS server sends the access point a RADIUS ACCEPT message, including the client’s WEP key, indicating successful authentication 11. The access point sends the client an EAP Success message 12. The access point sends the broadcast key and key length to the client, encrypted with the client’s WEP key

  32. EAP-Cisco Wireless (LEAP) • Cisco’s proprietary Lightweight Extensible Authentication Protocol was designed to support 802.1x/EAP based authentication • It was developed to support networks with a variety of OS that may not natively support EAP • LEAP supports mutual authentication between a client and a RADIUS server • LEAP provides user-based, centralized authentication as well as per-session WEP keys • Used in Cisco’s Aironet products • Its security level is considered moderate or strong based on the strength of the passwords used • See figure 11.12 on page 256 for LEAP Process

  33. EAP-TTLS (Tunneled Transport Layer Security ) • Was co-developed by Funk Software and Certicom, supported in Funk’s Odyssey software • EAP-TTLS requires only an authentication server certificate • TTLS uses TLS channel to exchange “attribute-value pairs” (AVPs) • After authentication server is authenticated using its digital certificate, an encrypted tunnel is established between the supplicant and authentication server to pass the supplicant’s authentication credentials • See figure 11.13 for EAP-TTLS Process

  34. Key security Features of EAP-TTLS • Almost any kind of supplicant authentication credentials (passwords, tokens, etc ) can be used inside the encrypted tunnel • Low overhead since requirement of only server-side certificate • Many types of authentication algorithms may be used inside the encrypted tunnel-MS-CHAPv2, MS-CHAP, CHAP, PAP,EAP-MD5 • Strong protection against eavesdroppers seeking to perform dictionary attack • Mutual authentication, fast connections while roaming, and automatic re-keying of encryption keys

  35. Protected EAP ( PEAP ) • PEAP was developed by Microsoft, Cisco and RSA Security to address deficiencies of EAP (Unprotected user information during the EAP negotiation, No support for fast reconnections when roaming, No support for fragmentation and reassembly) • PEAP was designed to protect EAP communication between clients and authenticators • It provides support for identity protection by using TLS to create an encrypted tunnel after verifying the identity of authentication server

  36. Protected EAP (PEAP) continue • After encrypted tunnel is established a second EAP authorization process occurs inside the tunnel • The client is authenticated inside the tunnel using any implemented EAP authorization type (tokens, passwords,etc) • It has built-in support for packet fragmentation and reassembly, as well as fast reconnects • See figure 11.15 on page 263 for PEAP process

  37. PEAP Authentication 1. The client sends an EAP start message to the access point 2. The access point replies with an EAP Request Identity message 3. The client sends its network access identifier (NAI), which is its username, to the access point in an EAP Response message 4. The access point forwards the NAI to the RADIUS server encapsulated in a RADIUS Access Request message 5. The RADIUS server responds to the client with its digital certificate 6. The client validates the RADIUS server’s digital certificate

  38. PEAP Authentication 7. The client and server negotiate and create an encrypted tunnel 8. This tunnel provides a secure data path for client authentication 9. Using the TLS Record protocol, a new EAP authentication is initiated by the RADIUS server 10. The exchange includes the transactions specific to the EAP type used for client authentication 11. The RADIUS server sends the access point a RADIUS ACCEPT message, including the client’s WEP key, indicating successful authentication

  39. EAP-TTLS vs PEAP • Both were designed to use older authentication methods while maintaining the strong cryptographic foundation of TLS • Both have similar structure • Both are two-stage protocols that establish security in stage one and then exchange authentication in stage two • Stage one establish a TLS tunnel and authenticates the authentication server to the client with a certificate

  40. EAP-TTLS vs PEAP • Microsoft and Cisco both support PEAP Cisco’s Aironet Client Utility (ACU) and Windows XP with service pack1 • There are two types of PEAP supported by Microsoft: PEAP-EAP-MS-CHAPv2 and PEAP-EAP-TLS • PEAP-EAP-TLS, server and client side certificates are required • PEAP-EAP-MS-CHAPv2, server certificates and client passwords are required

  41. EAP Considerations • The factors to include when deciding: • Mutual Authentication • Dynamic Key Generation, Rotation, and Distribution • Cost and Management Overhead • Acceptance, Standardization, and Support • Availability and Implementation

  42. Proprietary Protocols • These protocols are used because: • Added security through per packet authentication • Added security through use of leading-edge encryption algorithms not yet supported by standards • Added security due to the entire communications process between client and server being strongly encrypted • Compression to increase throughput over the half-duplex medium

  43. Proprietary Protocols • Enterprise Encryption Gateways use proprietary protocols in order to achieve stronger security and increased throughput, but the main disadvantage here is vendor interoperability

More Related