1 / 24

Wireless Security

Wireless Security. How does the wireless dimension change the security problem?. SYN. SYN Wireless Dimension Weak assumptions & security How is wireless different? 802.11 Security Further Readings FIN. Wireless Dimension. Access to Medium:

susanna
Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security How does the wireless dimension change the security problem?

  2. SYN • SYN • Wireless Dimension • Weak assumptions & security • How is wireless different? • 802.11 Security • Further Readings • FIN Wireless Security

  3. Wireless Dimension Access to Medium: Unlike wired medium (cables) wireless medium (air) is ubiquitous hence access restrictions to the medium must be handled explicitly, where as in wired environments it is implicit. War Dialing:Attacker gains access to wired medium by exhaustive dialing of phone numbers War Driving: Attacker gains access to wireless medium by just driving by the network coverage area. Wireless Security

  4. Expansion of Wireless Dimension • Expansion of Wireless Dimension… • Wired networks – e.g LAN, WAN, Internet • Wireless networks – e.g 802.11 networks • Wireless environments or “Evernet” • “Evernet” is the future wireless network with billions of “always on” electronic devices – from cell phones to refrigerators– communicating with each other. (Bluetooth) • Security has to be built into the design not built on top of it! • Question: How does the wireless dimension change the security problem? Wireless Security

  5. Assumptions & Security • Security mechanisms make implicit and/or explicit assumptions • Wired networks implicitly assume certain level of authentication by having access to the medium (wire) • For instance, only students who have physical access to the Poly’s lab can connect to lab’s network • This is not true in a wireless environment! • Wrong assumptions lead to weak security Wireless Security

  6. How is wireless different? • The Medium • Wireless medium has no explicit packet boundary • This property weaken privacy and authentication mechanisms adopted from wired environment • Portability • Wireless devices are smaller in size and portable • Data in those devices require more protection than data on non-portable devices • Mechanisms to recover stolen or lost devices are important • Mechanisms for self-destruction of data is also important Wireless Security

  7. How is wireless different? • Mobility • Mobility brings even bigger challenges • Trust in infrastructure • Wired networks assume certain level of trust in local infrastructure (we trust our routers) • In wireless networks this is a weak assumption • Would you put same level of trust on an Access Point in JFK as you put on your home AP? • Security mechanisms should anticipate these variances in trust • Or, security mechanisms should be independent of location or infrastructure • Trust in location • Wired networks implicitly assume network address is equivalent to physical location (128.238.x.x is Poly’s resources) • In wireless networks physical location is not tied to network address. Physical location may change transparent to end nodes. Wireless Security

  8. How is wireless different? • Mobility • Privacy of location • On wired network privacy of location is not a concern • In wireless networks location privacy of the user is a serious issue because users can be tracked, their travel behaviors can be used for marketing purposes etc. • Similar scenario exists on the Web: A user’s web surfing pattern can be tracked and this raised several privacy issues in 1999 (Double Click’s Cookie Tracking) Wireless Security

  9. How is wireless different? • Processing power, memory & energy requirements • Handheld devices have stringent processing power, memory, and energy requirements • Current security solutions require expensive processing power & memory • Handheld devices mandate inexpensive substitutes for • Crypto algorithms (AES instead of 3-DES) • Authentication schemes • Better one-time password schemes with feasible remote key updates Wireless Security

  10. Power consumption & crypto algorithms Piyush Mishra et al. Wireless Security

  11. How is wireless different? • Network Topologies • Wired networks usually rely on network topology to deploy security solutions • E.g: firewall is installed on a machine where all traffic is visible • Wireless networks (esp. ad-hoc) have dynamic topologies • Wireless networks may not have single point of convergence (hidden host problem!) • Wireless networks put emphasize on host based solutions e.g: distributed firewalls Wireless Security

  12. BSS (1) STA 1 (AP) DS STA 2 (AP) BSS (2) 802.11 & Security • A MAC, PHY layer specification • Should serve mobile and portable devices • What is mobile? • What is portable? • Should provide transparency of mobility • Should appear as 802 LAN to LLC (“messy MAC”) • Basic Service Set (BSS) • Distribution System (DS) • Station (STA) • STA that is providing access to Distribution System Service (DSS) is an Access Point (AP) • 802.11 supports Ad-hoc networking • Provide link level security Components of 802.11 Wireless Security

  13. Jargons • Association • STAs need to associate themselves with an AP • Reassociation • Done when STAs move between APs in an ESS • Preauthentication • Done during Reassociation • Like, WTSL Abbreviated Handshake • Deauthentication • Deauthenticate a STA before Disassociation • It’s a notice as oppose to a request • Disassociation • Disassociate a STA from an AP • It’s a notice as oppose to a request • Can Deauthentication, Disassociation notices be spoofed? (Possibility of DoS) Wireless Security

  14. Wired Equivalent Privacy (WEP) • Wired equivalence privacy? • Wireless medium has no packet boundaries • WEP control access to LAN via authentication • Wireless is an open medium • Provides link-level security equivalent to a closed medium • No end-to-end privacy • Security Goals of WEP • Access Control • Provide access control to the underlying medium through authentication • Confidentiality • Provide confidentiality to data on the underlying medium through encryption • Data Integrity • Provide means to determine integrity of data between links Wireless Security

  15. Wired Equivalent Privacy (WEP) • An attack on WEP should compromise at least one of these properties • Three levels of security • Open system – WEP is disabled in this mode. No security. • Shared Key Authentication – provides access control to medium • Encryption – provides confidentiality to data on network • You can have confidentiality on an open system! • That is, you can encrypt all the traffic and not have access control to the medium! • Which also means, a wily hacker can have all his traffic encrypted on our network so that no one “see” what s/he is doing! Wireless Security

  16. Properties of WEP • It is reasonably strong • Withstand brute force attacks and cryptanalysis • It is self-synchronizing • Uses self-synchronizing stream cipher • It is efficient • Hardware/software implementation • It may be exportable • Rest of the world need security too! • It is optional • WEP layer should be independent of other layers Wireless Security

  17. PDU >=1 ICV4 IV 4 WEP Frame • Key id is used to choose between four secret keys • ICV is integrity check sum (CRC-32) • Pad is zero. Unused. IV 3 pad (6) Key id (2) Wireless Security

  18. IV init. vector seed key sequence WEPPRNG secret key cipher text plaintext ICV + integrity algorithm message WEP crypto function • WEP uses RC4 PRNG • CRC-32 for integrity algorithm • IV is renewed for each packet (usu. iv++) • actual key size = (vendor advertised size – 24) 24 64 40 Wireless Security

  19. Attacks on WEP • Stream ciphers and keystream reuse • Stream ciphers expand a secret key to a stream of pseudo random numbers • Message is XORed (denoted by ‘+’ here after) with random number stream to produce the cipher text • Suppose two messages used the same secret key then stream cipher is easily broken so WEP uses an IV to extend the life of secret key • But, reusing IV is same as reusing the secret key! • Given two cipher texts with the same IV, we can remove the effects of XORing with the RC4 stream! (for the same secret key) C1 = P1 + RC4(IV, key) C2 = P2 + RC4(IV, key) but… (C1+C2) = (P1+P2) and (P1+P2) can be easily cryptanalyzed Wireless Security

  20. Attacks on WEP • Two assumptions for this attack • Availability of ciphertexts with same IV • IV length is fixed 24 bits (224 = 16,777,216) • Implementations make the reuse factor worse! • Every time a card is initialized IV is set to zero! • IV is usually reused after only 5,000 packets! • So, obtaining cipher text with same IV is practical • Partial knowledge of plaintexts • Can use legitimate traffic to obtain known plain texts e.g: Login:, password: prompts in a telnet session • Bouncing Spam off a mail server through wireless network Wireless Security

  21. Dictionary Attack • Assuming secret key is rarely changed, this attack compromises WEP’s confidentiality goal… • A dictionary of IVs (~224 entries) can be built • For each IV find the associated key stream C1= P1 + RC4(IV, key), C2= P2 + RC4(IV, key)if we know either P1 or P2 we can find RC4(IV, key) • Tabulate these two fields searchable by IV • For each packet, scan the table to find the IV first and then XOR the message with corresponding keystream in the dictionary to decrypt the message.Cn = Pn + RC4(IV, key) we know RC4(IV, key) from the dictionary, we know Cn so we can find Pn! • Size of the dictionary depends on size of the IV, which is fixed by the standard at 24 bits! • Increasing key size has no affect on this attack! Wireless Security

  22. Request.Authentication Request.Authentication 128 nonce 128 nonce nonce+RC4(IV, key) IV nonce+RC4(IV, key) IV Attack on Access Control • It is possible to get authenticated without knowing the secret key! (shown in red) • We only need a plaintext, ciphertext pair of a legitimate authentication. (shown in black) Request received nonce+RC4(IV, key) Normal session Decrypt the packet and verify nonce client Request received Hacker Using Data Obtained From Previous Session nonce+RC4(IV, key) Decrypt the packet and verify nonce hacker server Wireless Security

  23. Further Readings • 802.11 specification • Overview of IEEE 802.11b Security, Sultan Weatherspoon • Intercepting Mobile Communications: The Insecurity of 802.11, Nikita Borisov, Ian Goldberg et al. • Coping with Risk: Moving to Coping with Risk: Moving to Wireless Wireless • Using the Fluhrer, Mantin, and Shamir Attack to Break WEP, Adam Stubblefield, John Ioannidis, et al. • http://www.practicallynetworked.com/tools/wireless_articles_security.htm • http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html Wireless Security

  24. FIN Comments, Concerns, Questions? Wireless Security

More Related