1 / 44

Security of Wireless LANs

Security of Wireless LANs. Naveen Kumar Santhapuri 09/06/2005. Outline. Wireless LANs Wireless Standards Overview Wireless (In)Security WEP Wireless Security Goals Redefined WPA 802.11i RSN An attack on RSN authentication WDAP Future wireless and security challenges. Introduction.

tiffanyedwards
Download Presentation

Security of Wireless LANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security of Wireless LANs Naveen Kumar Santhapuri 09/06/2005

  2. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  3. Introduction • Personal Area networks (WPAN) • Bluetooth, Infrared • Local Area networks (WLAN) • 802.11 • Wide Area Networks (WWAN) • 802.16 • 3G Cellular and beyond

  4. WLAN Terminology and principles Image credit: http://hit.bme.hu/mcl

  5. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • More attacks, tools • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  6. 802 Overview And architecture 802.1 Management 802.2 Logic link control( LLC) 802.3 802.5 802.11 MAC Physical Layer 802.11 FHSS PHY 802.11 DSSS PHY 802.11a OFDM 802.11b HR/DSSS PHY 802.11g Wireless Standards Overview

  7. Wireless Standards Overview • 802.11 – 1 or 2 Mbps • 802.11b – 1, 2, 5.5 and 11 Mbps • introduced as extension to wired Ethernet standards • 802.11a – 5 Ghz – 54 Mbps – less range • 802.11g – Combines good parts of a and b • 802.11i – Enhanced Security • 802.11e – QoS, 802.11f – IAPP, 802.11c, d, h, j • More to come… k, m, n, o, p, q, r, s

  8. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  9. Wireless Security Issues • Do not need physical access to attack • Sophisticated attack tools • Weak Security • Low awareness (at least 50% of wireless users do not turn on security features) • Risks: - Low bandwidth (in case of home users) - Loss of data and privacy - Monetary and reputation loss

  10. Simple attacks • Stumbling • Tools to identify wireless networks • Beacon information • Netstumbler.com • Sniffing • Capture data from the wireless network which is passed across the air • Ethereal, AiroPeek Image credit: http://www.wildpackets.com

  11. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  12. 802.11 Security and goals • Goal was to create privacy achieved by wired network • Optional Authentication and optional Encryption • Data Encapsulation called WEP (Wired Equivalent Privacy) • Authentication algorithm called shared key authentication

  13. RC4 algorithm Stream Cipher Image credit: The definitive guide O’Reilly

  14. 802.11 Hdr Data Encapsulate WEP Encryption WEP Summary: • Encryption Algorithm = RC4 • Per-packet encryption key = 24-bit IV concatenated to a pre-shared key • WEP allows IV to be reused with any frame • Data integrity provided by CRC-32 of the plaintext data (the “ICV”) • Data and ICV are encrypted using the per-packet encryption key 802.11 Hdr IV Data ICV

  15. AP WS Shared secret distributed out of band Challenge (Nonce) Response (Nonce RC4 encrypted under shared key) Decrypted nonce OK? 802.11b Authentication 802.11 Authentication Summary: • Authentication key distributed out-of-band • Access Point generates a “random” challenge • Station encrypts challenge using pre-shared secret and responds

  16. Attacks on WEP Authentication and Access Control • P R = C and C P = R • R is a part of RC4 key stream • We’ve Cipher text and plain text from 1st step of authentication phase • Use the same IV • Encrypt the challenge and send it! • Adversary gets authenticated without knowing the key!! • No encryption key yet to decipher messages • Access Control based on MAC is flawed

  17. Attacks on WEP Confidentiality • IV is used along with the key stream to get a different encryption key each time • Only 16 million possibilities of IV, at 500 frames/sec IV space gets exhausted in a few hours • For two messages with same IV: C1 C2 = (P1 K) (P2 K) = P1 P2 – Statistical attacks? • RC4 weak keys – “weaknesses in key scheduling algorithm of RC4”, Aug 2001 • Direct Key attacks (brute force)

  18. The attacks keep coming… • ICV is calculated using CRC which is a linear method – bits changes in ICV can be predicted • Replay attacks • Key distribution and refreshing done manually • DoS attacks

  19. More attack tools • WEP cracking • AirSnort • WEP crack

  20. COEIT Wireless VPN Image credit: http://www.engr.sc.edu/its

  21. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  22. Wireless Security Goals Redefined • Robust Method for proving identity that cannot be spoofed • Do not trust the access point! - Mutual Authentication • Key Hierarchy to localize failure – session keys, Master keys

  23. New Security Standard • Mutual Authentication – Strong MAC Layer Authentication • Port Authentication – 802.1x/EAP • User Authentication – TLS/Kerberos • Strong Encryption and Integrity • IEEE 802.11i – draft approved in June 2004 • WPA (stop gap arrangement) – improve security before the actual standard gets ratified

  24. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  25. Wi-Fi Protected Access (WPA) • Subset of 802.11i Transitional Security Network (TSN) • Patches to WEP - Extended IV (24 to 48-bit) - Integrity code calculated using ‘Michael’ - Per packet keying, defeating weak keys • Snapshot of unfinished 802.11i (TKIP + 802.1x) • Degrades Performance • Not an ideal design

  26. EAP Identity Request EAP Identity Response EAP Identity Response EAP Auth Request EAP Auth Request EAP Auth Response EAP Auth Response EAP-Success 802.1x port based Authentication WS AP AS Associate PMK derived

  27. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • An attack on RSN authentication • WDAP • Future wireless and security challenges

  28. Robust Security Network • 3 Security Layers • Upper-Layer Authentication • 802.1x Authentication • 4-Way Handshake • AES - CCMP 128-bit • HMAC-MD5/SHA-1 for integrity • Key hierarchy

  29. 4-way Handshake • PMK Exchanged between AS and WS during 802.1x • AP has no knowledge of PMK • AP  WS : Nonce1, WS generates Nonce2 and session keys • WS  AP : Nonce2 + MIC, AP generates session keys, verifies MIC • AP  WS : Nonce1 + Seq + MIC • WS  AP : Nonce2 + Seq + MIC, for synchronization • Mutual Authentication complete • By product: EAPOL KEK, EAPOL KIK, AES session key

  30. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • Not safe yet. An attack on RSN authentication • WDAP • Future wireless and security challenges

  31. Attack on RSN Authentication • Malicious AP!? Improbable but not impossible (insider attack) • Attack due to some bias for AP in the Mutual Authentication mechanism • Malicious AP can spoof any AP in range – more possibilities with a mobile AP

  32. Solution • Use an authentication mechanism which provides unbiased authentication • Idea: Authentication provided by third party (AS) ? • Should eliminate the problem of using same Primary Master Key (PMK) which gave additional power to the AP

  33. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • Not safe yet. An attack on RSN authentication • WDAP • Future wireless and security challenges

  34. Wireless Dual Authentication Protocol • Third party (AS) authenticates the duo (AP and WS), instead of Mutual Authentication • No 4-way Handshake • Thwarts an attack by malicious AP

  35. WDAP Deauthentication • Can be initiated either way • Better clean up operations • Thwarts DoS attacks

  36. WDAP Roaming Authentication • Key Revocation • Adds strength to authentication mechanism • Helps in maintenance

  37. Hostap Driver • Open source for 802.11b drivers • Works with the Intersil Prism Chipset 2/2.5 • V0.1.3 supports just WEP • Recent version has support for TKIP and RSN

  38. Network Setup • Two APs for Roaming • Authentication Server • One Wireless Station • NetGear MA311 Cards used as wireless station and AP • Used a user generated signal for roaming • User space program (host) which interacts with the driver needed for this

  39. Comparison of Architecture • WDAP seems to have a 2-layered architecture – 3rd layer embedded in the 2nd one • No 4-way handshake • WDAP fits into the scheme of 802.11i recommendations

  40. Comparison of Authentication Latencies • RSN phases - Open Authentication and 802.1x authentication - Association - 4-way Handshake • WDAP Authentication phases - Open and 802.1x authentication - Association • Did not make use of TLS/Kerberos (common time for both)

  41. Latency Comparison (RSN and WDAP)

  42. Outline • Wireless LANs • Wireless Standards Overview • Wireless (In)Security • WEP • Wireless Security Goals Redefined • WPA • 802.11i RSN • Not safe yet. An attack on RSN authentication • WDAP • Future wireless and security challenges

  43. Conclusions • 802.11 technology is very insecure • RSN is robust enough? • Results show that WDAP has almost equal (slightly better) latency times as RSN (without key caching) and performs slightly worse than RSN (with key caching) • Some works show DoS attacks and Key capture attacks on 802.11i - even before release!! • Further study needed before deploying 802.11i compliant hardware

  44. Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Capitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie Future Wireless • Integration of PAN, WLAN and WWAN (mobility and authentication issues) • RFID tags (privacy issues) • Spychips.com • “Blocker Tag” • Simulates all RFIDs and acts like a jammer Image credit: RSA Security

More Related