Wireless security
Download
1 / 24

Wireless Security - PowerPoint PPT Presentation


  • 109 Views
  • Updated On :

Wireless Security. How does the wireless dimension change the security problem?. SYN. SYN Wireless Dimension Weak assumptions & security How is wireless different? 802.11 Security Further Readings FIN. Wireless Dimension. Access to Medium:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Wireless Security' - susanna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wireless security l.jpg

Wireless Security

How does the wireless dimension change the security problem?


Slide2 l.jpg
SYN

  • SYN

  • Wireless Dimension

  • Weak assumptions & security

  • How is wireless different?

  • 802.11 Security

  • Further Readings

  • FIN

Wireless Security


Wireless dimension l.jpg
Wireless Dimension

Access to Medium:

Unlike wired medium (cables) wireless medium (air) is ubiquitous hence access restrictions to the medium must be handled explicitly, where as in wired environments it is implicit.

War Dialing:Attacker gains access to wired medium by exhaustive dialing of phone numbers

War Driving:

Attacker gains access to wireless medium by just driving by the network coverage area.

Wireless Security


Expansion of wireless dimension l.jpg
Expansion of Wireless Dimension

  • Expansion of Wireless Dimension…

    • Wired networks – e.g LAN, WAN, Internet

    • Wireless networks – e.g 802.11 networks

    • Wireless environments or “Evernet”

      • “Evernet” is the future wireless network with billions of “always on” electronic devices – from cell phones to refrigerators– communicating with each other. (Bluetooth)

  • Security has to be built into the design not built on top of it!

  • Question: How does the wireless dimension change the security problem?

Wireless Security


Assumptions security l.jpg
Assumptions & Security

  • Security mechanisms make implicit and/or explicit assumptions

    • Wired networks implicitly assume certain level of authentication by having access to the medium (wire)

    • For instance, only students who have physical access to the Poly’s lab can connect to lab’s network

    • This is not true in a wireless environment!

  • Wrong assumptions lead to weak security

Wireless Security


How is wireless different l.jpg
How is wireless different?

  • The Medium

    • Wireless medium has no explicit packet boundary

    • This property weaken privacy and authentication mechanisms adopted from wired environment

  • Portability

    • Wireless devices are smaller in size and portable

    • Data in those devices require more protection than data on non-portable devices

    • Mechanisms to recover stolen or lost devices are important

    • Mechanisms for self-destruction of data is also important

Wireless Security


How is wireless different7 l.jpg
How is wireless different?

  • Mobility

    • Mobility brings even bigger challenges

    • Trust in infrastructure

      • Wired networks assume certain level of trust in local infrastructure (we trust our routers)

      • In wireless networks this is a weak assumption

      • Would you put same level of trust on an Access Point in JFK as you put on your home AP?

      • Security mechanisms should anticipate these variances in trust

      • Or, security mechanisms should be independent of location or infrastructure

    • Trust in location

      • Wired networks implicitly assume network address is equivalent to physical location (128.238.x.x is Poly’s resources)

      • In wireless networks physical location is not tied to network address. Physical location may change transparent to end nodes.

Wireless Security


How is wireless different8 l.jpg
How is wireless different?

  • Mobility

    • Privacy of location

      • On wired network privacy of location is not a concern

      • In wireless networks location privacy of the user is a serious issue because users can be tracked, their travel behaviors can be used for marketing purposes etc.

      • Similar scenario exists on the Web: A user’s web surfing pattern can be tracked and this raised several privacy issues in 1999 (Double Click’s Cookie Tracking)

Wireless Security


How is wireless different9 l.jpg
How is wireless different?

  • Processing power, memory & energy requirements

    • Handheld devices have stringent processing power, memory, and energy requirements

    • Current security solutions require expensive processing power & memory

    • Handheld devices mandate inexpensive substitutes for

      • Crypto algorithms (AES instead of 3-DES)

      • Authentication schemes

        • Better one-time password schemes with feasible remote key updates

Wireless Security


Power consumption crypto algorithms l.jpg
Power consumption & crypto algorithms

Piyush Mishra et al.

Wireless Security


How is wireless different11 l.jpg
How is wireless different?

  • Network Topologies

    • Wired networks usually rely on network topology to deploy security solutions

      • E.g: firewall is installed on a machine where all traffic is visible

    • Wireless networks (esp. ad-hoc) have dynamic topologies

    • Wireless networks may not have single point of convergence (hidden host problem!)

    • Wireless networks put emphasize on host based solutions e.g: distributed firewalls

Wireless Security


802 11 security l.jpg

BSS (1)

STA 1

(AP)

DS

STA 2

(AP)

BSS (2)

802.11 & Security

  • A MAC, PHY layer specification

  • Should serve mobile and portable devices

    • What is mobile?

    • What is portable?

  • Should provide transparency of mobility

  • Should appear as 802 LAN to LLC (“messy MAC”)

  • Basic Service Set (BSS)

  • Distribution System (DS)

  • Station (STA)

  • STA that is providing access to Distribution System Service (DSS) is an Access Point (AP)

  • 802.11 supports Ad-hoc networking

  • Provide link level security

Components of 802.11

Wireless Security


Jargons l.jpg
Jargons

  • Association

    • STAs need to associate themselves with an AP

  • Reassociation

    • Done when STAs move between APs in an ESS

  • Preauthentication

    • Done during Reassociation

    • Like, WTSL Abbreviated Handshake

  • Deauthentication

    • Deauthenticate a STA before Disassociation

    • It’s a notice as oppose to a request

  • Disassociation

    • Disassociate a STA from an AP

    • It’s a notice as oppose to a request

  • Can Deauthentication, Disassociation notices be spoofed? (Possibility of DoS)

Wireless Security


Wired equivalent privacy wep l.jpg
Wired Equivalent Privacy (WEP)

  • Wired equivalence privacy?

    • Wireless medium has no packet boundaries

      • WEP control access to LAN via authentication

    • Wireless is an open medium

      • Provides link-level security equivalent to a closed medium

      • No end-to-end privacy

  • Security Goals of WEP

    • Access Control

      • Provide access control to the underlying medium through authentication

    • Confidentiality

      • Provide confidentiality to data on the underlying medium through encryption

    • Data Integrity

      • Provide means to determine integrity of data between links

Wireless Security


Wired equivalent privacy wep15 l.jpg
Wired Equivalent Privacy (WEP)

  • An attack on WEP should compromise at least one of these properties

  • Three levels of security

    • Open system – WEP is disabled in this mode. No security.

    • Shared Key Authentication – provides access control to medium

    • Encryption – provides confidentiality to data on network

  • You can have confidentiality on an open system!

    • That is, you can encrypt all the traffic and not have access control to the medium!

    • Which also means, a wily hacker can have all his traffic encrypted on our network so that no one “see” what s/he is doing!

Wireless Security


Properties of wep l.jpg
Properties of WEP

  • It is reasonably strong

    • Withstand brute force attacks and cryptanalysis

  • It is self-synchronizing

    • Uses self-synchronizing stream cipher

  • It is efficient

    • Hardware/software implementation

  • It may be exportable

    • Rest of the world need security too!

  • It is optional

    • WEP layer should be independent of other layers

Wireless Security


Wep frame l.jpg

PDU

>=1

ICV4

IV

4

WEP Frame

  • Key id is used to choose between four secret keys

  • ICV is integrity check sum (CRC-32)

  • Pad is zero. Unused.

IV

3

pad (6)

Key id (2)

Wireless Security


Wep crypto function l.jpg

IV

init. vector

seed

key sequence

WEPPRNG

secret key

cipher text

plaintext

ICV

+

integrity algorithm

message

WEP crypto function

  • WEP uses RC4 PRNG

  • CRC-32 for integrity algorithm

  • IV is renewed for each packet (usu. iv++)

  • actual key size = (vendor advertised size – 24)

24

64

40

Wireless Security


Attacks on wep l.jpg
Attacks on WEP

  • Stream ciphers and keystream reuse

    • Stream ciphers expand a secret key to a stream of pseudo random numbers

    • Message is XORed (denoted by ‘+’ here after) with random number stream to produce the cipher text

    • Suppose two messages used the same secret key then stream cipher is easily broken so WEP uses an IV to extend the life of secret key

    • But, reusing IV is same as reusing the secret key!

    • Given two cipher texts with the same IV, we can remove the effects of XORing with the RC4 stream! (for the same secret key)

C1 = P1 + RC4(IV, key)

C2 = P2 + RC4(IV, key)

but…

(C1+C2) = (P1+P2) and (P1+P2) can be easily cryptanalyzed

Wireless Security


Attacks on wep20 l.jpg
Attacks on WEP

  • Two assumptions for this attack

    • Availability of ciphertexts with same IV

      • IV length is fixed 24 bits (224 = 16,777,216)

      • Implementations make the reuse factor worse!

      • Every time a card is initialized IV is set to zero!

      • IV is usually reused after only 5,000 packets!

      • So, obtaining cipher text with same IV is practical

    • Partial knowledge of plaintexts

      • Can use legitimate traffic to obtain known plain texts e.g: Login:, password: prompts in a telnet session

      • Bouncing Spam off a mail server through wireless network

Wireless Security


Dictionary attack l.jpg
Dictionary Attack

  • Assuming secret key is rarely changed, this attack compromises WEP’s confidentiality goal…

  • A dictionary of IVs (~224 entries) can be built

    • For each IV find the associated key stream

      C1= P1 + RC4(IV, key), C2= P2 + RC4(IV, key)if we know either P1 or P2 we can find RC4(IV, key)

    • Tabulate these two fields searchable by IV

    • For each packet, scan the table to find the IV first and then XOR the message with corresponding keystream in the dictionary to decrypt the message.Cn = Pn + RC4(IV, key) we know RC4(IV, key) from the dictionary, we know Cn so we can find Pn!

  • Size of the dictionary depends on size of the IV, which is fixed by the standard at 24 bits!

  • Increasing key size has no affect on this attack!

Wireless Security


Attack on access control l.jpg

Request.Authentication

Request.Authentication

128 nonce

128 nonce

nonce+RC4(IV, key) IV

nonce+RC4(IV, key) IV

Attack on Access Control

  • It is possible to get authenticated without knowing the secret key! (shown in red)

  • We only need a plaintext, ciphertext pair of a legitimate authentication. (shown in black)

Request received

nonce+RC4(IV, key)

Normal session

Decrypt the packet

and verify nonce

client

Request received

Hacker Using Data Obtained

From Previous Session

nonce+RC4(IV, key)

Decrypt the packet

and verify nonce

hacker

server

Wireless Security


Further readings l.jpg
Further Readings

  • 802.11 specification

  • Overview of IEEE 802.11b Security, Sultan Weatherspoon

  • Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg et al.

  • Coping with Risk: Moving to Coping with Risk: Moving to Wireless Wireless

  • Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, Adam Stubblefield, John Ioannidis, et al.

  • http://www.practicallynetworked.com/tools/wireless_articles_security.htm

  • http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html

Wireless Security


Slide24 l.jpg
FIN

Comments, Concerns, Questions?

Wireless Security