1 / 61

Wireless LANs Security

Wireless LANs Security. Matthew Joyce Rutherford Appleton Laboratory, CCLRC. Contents. Wireless LAN 802.11 Understand the technology. Investigate vulnerabilities. Examine how security can be provided. Demonstration. Wireless LAN Standards. IEEE ratified 802.11 in 1997.

patsy
Download Presentation

Wireless LANs Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless LANs Security Matthew Joyce Rutherford Appleton Laboratory, CCLRC WLAN Security

  2. Contents • Wireless LAN 802.11 • Understand the technology. • Investigate vulnerabilities. • Examine how security can be provided. • Demonstration WLAN Security

  3. Wireless LAN Standards • IEEE ratified 802.11 in 1997. • Also known as Wi-Fi. • 802.11 provides Layer 1 & Layer 2 of OSI model. • Physical layer • Data link layer • Wireless LAN at 1 Mbps & 2 Mbps. • Wi-Fi Alliance formed to promote interoperability. • 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps. WLAN Security

  4. Wireless LAN Standards • 802.11a • Ratified 2001 • 5 Ghz radio spectrum. • Maximum speed 54 Mbps. • In practice about 20Mbps • More energy efficient, less battery drain, better range • 802.11g • Ratified June 2003 • 2.4Ghz spectrum again • Maximum speed 54 Mbps • In practice from 10 to 20Mbps WLAN Security

  5. 802.11 Components • Two pieces of equipment defined: • Wireless station • A desktop or laptop PC or PDA with a wireless NIC. • Access point • A bridge between wireless and wired networks • Composed of • Radio • Wired network interface (usually 802.3) • Bridging software • Aggregates access for multiple wireless stations to wired network. WLAN Security

  6. 802.11 modes • Infrastructure mode • Basic Service Set • One access point • Extended Service Set • Two or more BSSs forming a single subnet. • Most corporate LANs in this mode. • Ad-hoc mode • Also called peer-to-peer. • Independent Basic Service Set • Set of 802.11 wireless stations that communicate directly without an access point. • Useful for quick & easy wireless networks. WLAN Security

  7. Infrastructure mode Access Point Basic Service Set (BSS) – Single cell Station Extended Service Set (ESS) – Multiple cells WLAN Security

  8. Ad-hoc mode Independent Basic Service Set (IBSS) WLAN Security

  9. 802.11 Physical Layer • Three alternative physical layers • Two incompatible spread-spectrum radio in 2.4Ghz ISM band • Frequency Hopping Spread Spectrum (FHSS) • 75 channels • Direct Sequence Spread Spectrum (DSSS) • 14 channels (11 channels in US) • One diffuse infrared layer WLAN Security

  10. Speed & Range • 802.11 standard. • 1 Mbps or 2 Mbps. • 802.11b standard. • Adds 5 Mbps or 11 Mbps. • DSSS as sole physical layer. • So only 14 channels. • Dynamic rate shifting. • Transparent to higher layers • Ideally 11 Mbps. • Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps. • Higher ranges. • Interference. • Shifts back up when possible. • Maximum specified range 100 metres WLAN Security

  11. 802.11 Data Link Layer • Layer 2 split into: • Logical Link Control (LLC). • Media Access Control (MAC). • LLC - same 48-bit addresses as 802.3. • MAC - CSMA/CD not possible. • Can’t listen for collision while transmitting. • CSMA/CA – Collision Avoidance. • Sender waits for clear air, waits random time, then sends data. • Receiver sends explicit ACK when data arrives intact. • Also handles interference. • But adds overhead. • 802.11 always slower than equivalent 802.3. WLAN Security

  12. Joining a BSS • When 802.11 client enters range of one or more APs • APs send beacons. • AP beacon can include SSID. • AP chosen on signal strength and observed error rates. • After AP accepts client. • Client tunes to AP channel. • Periodically, all channels surveyed. • To check for stronger or more reliable APs. • If found, reassociates with new AP. WLAN Security

  13. Access Point Roaming Channel 1 Channel 4 Channel 9 Channel 7 WLAN Security

  14. Roaming and Channels • Reassociation with APs • Moving out of range. • High error rates. • High network traffic. • Allows load balancing. • Each AP has a channel. • 14 partially overlapping channels. • Only three channels that have no overlap. • 1, 6, 11 • Best for multicell coverage. WLAN Security

  15. Open System Authentication • Service Set Identifier (SSID) • Station must specify SSID to Access Point when requesting association. • Multiple APs with same SSID form Extended Service Set. • APs can broadcast their SSID • But this can be turned off • Some 802.11b clients allow * as SSID. • Associates with strongest AP regardless of SSID. WLAN Security

  16. MAC Address locking • Access points have Access Control Lists (ACL). • ACL is list of allowed MAC addresses. • E.g. Allow access to: • 00:01:42:0E:12:1F • 00:01:42:F1:72:AE • 00:01:42:4F:E2:01 • But MAC addresses are sniffable and spoofable. • Access Point ACLs are ineffective control. WLAN Security

  17. Interception Range Station outside building perimeter. 100 metres Basic Service Set (BSS) – Single cell WLAN Security

  18. Interception • Wireless LAN uses radio signal. • Not limited to physical building. • Signal is weakened by: • Walls • Floors • Interference • Directional antenna allows interception over longer distances. WLAN Security

  19. Directional Antenna • Directional antenna provides focused reception. • DIY plans available. • Aluminium cake tin. • 11 Mbps at 750 meters. • http://www.saunalahti.fi/~elepal/antennie.html • http://www.turnpoint.net/wireless/has.html • Pringles vs Coffee vs Pasta Sauce vs Beef Stew WLAN Security

  20. WarDriving • Software • Netstumbler • THC-Wardrive • Laptop • 802.11b PC card • Optional: • Global Positioning System • Car, bicycle, boat… • Logging of MAC address, network name, SSID, manufacturer, channel, signal strength, noise (GPS - location). WLAN Security

  21. WarDriving results >http://www.wigle.net/ • 568,000 GPS located wireless networks • WorldWide WarDrive Autumn 2002 • Chris Hurley, DefCon11 WLAN Security

  22. WarDriving map Source: www.dis.org/wl/maps/ WLAN Security

  23. WLAN Security

  24. Further issues • Access Point configuration • Mixtures of SNMP, web, serial, telnet. • Community strings, default passwords. • Evil Twin Access Points • Stronger signal, capture user authentication. • Hub broadcasts • If AP connected to hub, all broadcasts transmitted. • Renegade Access Points • Unauthorised wireless LANs. WLAN Security

  25. 802.11b Security Services • Two security services provided: • Authentication • Shared Key Authentication • Encryption • Wired Equivalence Privacy WLAN Security

  26. Wired Equivalence Privacy • Shared key between • Stations. • An Access Point. • Extended Service Set • All Access Points will have same shared key. • No key management • Shared key entered manually into • Stations • Access points • Key management nightmare in large wireless LANs WLAN Security

  27. RC4 • Ron’s Code number 4 • Symmetric key encryption • RSA Security Inc. • Designed in 1987. • Trade secret until leak in 1994. • RC4 can use key sizes from 1 bit to 2048 bits. • RC4 generates a stream of pseudo random bits • XORed with plaintext to create ciphertext. WLAN Security

  28. WEP – Sending • Compute Integrity Check Vector (ICV). • Provides integrity • 32 bit Cyclic Redundancy Check. • Appended to message to create plaintext. • Plaintext encrypted via RC4 • Provides confidentiality. • Plaintext XORed with long key stream of pseudo random bits. • Key stream is function of • 40-bit secret key • 24 bit initialisation vector • Ciphertext is transmitted. WLAN Security

  29. WEP Encryption IV Cipher text Initialisation Vector (IV) || PRNG  Secret key Plaintext || 32 bit CRC WLAN Security

  30. WEP – Receiving • Ciphertext is received. • Ciphertext decrypted via RC4 • Ciphertext XORed with long key stream of pseudo random bits. • Key stream is function of • 40-bit secret key • 24 bit initialisation vector (IV) • Check ICV • Separate ICV from message. • Compute ICV for message • Compare with received ICV WLAN Security

  31. Shared Key Authentication • When station requests association with Access Point • AP sends random number to station • Station encrypts random number • Uses RC4, 40 bit shared secret key & 24 bit IV • Encrypted random number sent to AP • AP decrypts received message • Uses RC4, 40 bit shared secret key & 24 bit IV • AP compares decrypted random number to transmitted random number • If numbers match, station has shared secret key. WLAN Security

  32. WEP Safeguards • Shared secret key required for: • Associating with an access point. • Sending data. • Receiving data. • Messages are encrypted. • Confidentiality. • Messages have checksum. • Integrity. • But SSID still broadcast in clear. WLAN Security

  33. Initialisation Vector • IV must be different for every message transmitted. • 802.11 standard doesn’t specify how IV is calculated. • Wireless cards use several methods • Some use a simple ascending counter for each message. • Some switch between alternate ascending and descending counters. • Some use a pseudo random IV generator. WLAN Security

  34. WEP attacks • Statistical attack • If 24 bit IV is an ascending counter, • If Access Point transmits at 11 Mbps, • All IVs are exhausted in roughly 5 hours. • Passive attack: • Attacker collects all traffic • Attacker could collect two messages: • Encrypted with same key and same IV • So XORed with same key stream • Ciphertext 1 XOR Ciphertext 2 = Plaintext 1 XOR Plaintext 2 • Statistical attacks to reveal plaintext • More than two messages with same key and same IV… WLAN Security

  35. More WEP attacks • If attacker knows plaintext and ciphertext pair • Key is known. • Attacker can create correctly encrypted messages. • Access Point is deceived into accepting messages. WLAN Security

  36. Limited WEP keys • Some vendors allow limited WEP keys • User types in a password • WEP key is generated from passphrase • Passphrases creates only 21 bits of entropy in 40 bit key. • Reduces key strength to 21 bits = 2,097,152 • Remaining 19 bits are predictable. • 21 bit key can be brute forced in minutes. • http://www.lava.net/~newsham/wlan/ WLAN Security

  37. Creating limited WEP keys WLAN Security

  38. Brute force key attack • Capture ciphertext. • IV is included in message. • Search all 240 possible secret keys. • 1,099,511,627,776 keys • ~100 days on a modern machine • Find which key decrypts ciphertext to plaintext. WLAN Security

  39. 128 bit WEP • Vendors have extended WEP to 128 bit keys. • 104 bit secret key. • 24 bit IV. • Brute force takes 10^19 years for 104-bit key. • Effectively safeguards against brute force attacks. WLAN Security

  40. Key Scheduling Weakness • Paper from Fluhrer, Mantin, Shamir, 2001. • Two weaknesses: • Certain keys leak into key stream. • Invariance weakness. • If portion of PRNG input is exposed, • Analysis of initial key stream allows key to be determined. • IV weakness. WLAN Security

  41. IV weakness • WEP exposes part of PRNG input. • IV is transmitted with message. • Attack is practical. • For 40 bit keys – WEP. • For 128 bit keys – enhanced WEP. • Passive attack. • Non-intrusive. • No warning. WLAN Security

  42. Wepcrack • First tool to demonstrate attack using IV weakness. • Open source, Anton Rager. • Three components • Weaker IV generator. • Search sniffer output for weaker IVs & record 1st byte. • Cracker to combine weaker IVs and selected 1st bytes. • Cumbersome. WLAN Security

  43. Airsnort • Automated tool • Cypher42, Minnesota, USA. • Does it all! • Sniffs • Searches for weaker IVs • Records encrypted data • Until key is derived. • 100 Mb to 1 Gb of transmitted data. • 3 to 4 hours on a busy WLAN. WLAN Security

  44. 802.11b safeguards • Security Policy & Architecture Design • Treat as untrusted LAN • Discover unauthorised use • Access point audits • Station protection • Access point location • Antenna design WLAN Security

  45. Security Policy & Architecture • Define use of wireless network • What is allowed • What is not allowed • Holistic architecture and implementation • Consider all threats. • Design entire architecture • To minimise risk. WLAN Security

  46. Wireless as untrusted LAN • Treat wireless as untrusted. • Similar to Internet. • Firewall between WLAN and Backbone. • Extra authentication required. • Intrusion Detection • at WLAN / Backbone junction. • Vulnerability assessments WLAN Security

  47. Discover unauthorised use • Search for unauthorised access points or ad-hoc networks. • Port scanning • For unknown SNMP agents. • For unknown web or telnet interfaces. • Warwalking! • Sniff 802.11 packets • Identify IP addresses • Detect signal strength • NetStumbler, but may sniff your neighbours… WLAN Security

  48. Access point audits • Review security of access points. • Are passwords and community strings secure? • Use Firewalls & router ACLs • Limit use of access point administration interfaces. • Standard access point config: • SSID • WEP keys • Community string & password policy WLAN Security

  49. Station protection • Personal firewalls • Protect the station from attackers. • VPN from station into Intranet • End-to-end encryption into the trusted network. • But consider roaming issues. • Host intrusion detection • Provide early warning of intrusions onto a station. • Configuration scanning • Check that stations are securely configured. WLAN Security

  50. Location of Access Points • Ideally locate access points • In centre of buildings. • Try to avoid access points • By windows • On external walls • Line of sight to outside • Use directional antenna to “point” radio signal. WLAN Security

More Related