e Nc Wireless Security Short Version

8/6/2019 e Nc Wireless Security Short Version

1/28

Wireless (802.11) SecurityWireless (802.11) Security

Douglas ReevesDouglas Reeves

NC State UniversityNC State University

Southeast Wireless SymposiumSoutheast Wireless Symposium

December 02, 2003December 02, 2003


2/28

Whats New?Whats New?

AnybodyAnybody (in range) can listen or transmit!(in range) can listen or transmit!

Security problemsSecurity problems notnot specific to wirelessspecific to wireless

SpamSpam

VirusesViruses WormsWorms

Insider attacks (e.g., corrupt employees)Insider attacks (e.g., corrupt employees)


3/28

Characteristics of 802.11 ServiceCharacteristics of 802.11 Service

Wireless LAN standard, introduced 1997Wireless LAN standard, introduced 1997

802.11b802.11b

most widely used version, up to 11 Mb/smost widely used version, up to 11 Mb/s

2.4GHz (unlicensed) frequency band2.4GHz (unlicensed) frequency band rangerange

several hundred feetseveral hundred feet with omnidirectional antennawith omnidirectional antenna

up to 25 milesup to 25 miles with directional antennawith directional antenna


4/28

ModesModes

InfrastructureInfrastructure modemode clients connect to base stationsclients connect to base stations

multiple base stations may cover larger area,multiple base stations may cover larger area,allow client roamingallow client roaming

identified by SSIDidentified by SSID

Ad HocAd Hoc modemode

clients communicate directly with each otherclients communicate directly with each other


5/28

Scanning for Access PointsScanning for Access Points

Access points periodically transmitAccess points periodically transmit beaconbeaconframesframes (SSID, data rate, etc.)(SSID, data rate, etc.)

Client scans frequencies and picks an accessClient scans frequencies and picks an access

point based on SSID, signal strength, ...point based on SSID, signal strength, ...

Client switches to assigned channel andClient switches to assigned channel andestablishes an associationestablishes an association


6/28

Sending DataSending Data

Sender waits until no one transmittingSender waits until no one transmitting

Then waits random interval and transmitsThen waits random interval and transmits

Optional slot reservationOptional slot reservation

Client first sends requestClient first sends request--toto--send (send (RTSRTS) frame) frame

Access point sends clearAccess point sends clear--toto--send (send (CTSCTS) frame) framewhen ready to receivewhen ready to receive

Requesting client sends data, all other clientsRequesting client sends data, all other clientsmust waitmust wait


7/28

ReliabilityReliability

Receiving station checks CRC code in frameReceiving station checks CRC code in frameto detect errorsto detect errors

Acknowledges faultAcknowledges fault--free frame, lack offree frame, lack of

acknowledgment means resend dataacknowledgment means resend data


8/28

Energy ConservationEnergy Conservation

Client can turn off radio interface whenClient can turn off radio interface whennothing to send or receivenothing to send or receive

Access Point periodically transmits aAccess Point periodically transmits a specialspecial

frameframe clients have packets waitingclients have packets waiting Each clientEach client wakes up periodicallywakes up periodically to receiveto receive

the special framethe special frame

if a node has a packet waiting, requests packetif a node has a packet waiting, requests packetafter waiting random intervalafter waiting random interval


9/28

Security Problems of 802.11Security Problems of 802.11

1.1. Unauthorized orUnauthorized orrogue access pointsrogue access points onontrusted networkstrusted networks

2.2. Access to network byAccess to network by unauthorized clientsunauthorized clients

(theft of service, "war driving")(theft of service, "war driving")3.3. Interception andInterception and monitoring of wirelessmonitoring of wireless

traffictraffic

range can be hundreds of feetrange can be hundreds of feet

packet analyzer software freely availablepacket analyzer software freely available

4.4. JammingJamming is easy, unlicensed frequencyis easy, unlicensed frequency


10/28

Security Problems (cont'd)Security Problems (cont'd)

5.5. ClientClient--toto--client attacksclient attacks (in ad hoc mode)(in ad hoc mode)

6.6. DenialDenial or degradationor degradation of serviceof service

flood with bogus packets,flood with bogus packets,association/authentication requests, association/authentication requests,

7.7. MisconfigurationMisconfiguration possibilitiespossibilities

no encryption usedno encryption used

weak (guessable) password used to generateweak (guessable) password used to generate

keykey

weak protection of encryption key on clientweak protection of encryption key on clientmachinemachine

weak protection of management interface forweak protection of management interface for

access pointaccess point


11/28

Attacks on Control MessagesAttacks on Control Messages

Ex.: Attacker issues spoofedEx.: Attacker issues spoofed"deauthenticate" or "disassociate" frames"deauthenticate" or "disassociate" frames

Ex.: Attacker continually sends RTS framesEx.: Attacker continually sends RTS frames

to reserve slotsto reserve slots Ex.: PowerEx.: Power--saving attackssaving attacks

attacker causes access point to discard packetsattacker causes access point to discard packetswhile client is still sleepingwhile client is still sleeping

attacker convinces client there is no data waitingattacker convinces client there is no data waiting

Trivial to implement (e.g., on PDA)Trivial to implement (e.g., on PDA)

May require changes to the standardMay require changes to the standard


12/28

(In)Security in 802.11b(In)Security in 802.11b

Authentication is the process of provingAuthentication is the process of provingidentityidentity

open: just supply correct SSIDopen: just supply correct SSID

shared key: relies on WEPshared key: relies on WEP

WEPWEP: Wired Equivalent Privacy: Wired Equivalent Privacy


13/28

WEPWEP

Without WEP,Without WEP, nono confidentiality, integrity, orconfidentiality, integrity, orauthentication of user dataauthentication of user data

The cipher used in WEP is RC4, keylengthThe cipher used in WEP is RC4, keylength

from 40 up to 128 bitsfrom 40 up to 128 bits Key isKey is sharedshared by all clients and the baseby all clients and the base

stationstation

compromising one node compromises networkcompromising one node compromises network

Manual key distributionManual key distribution among clientsamong clientsmakes changing the key difficultmakes changing the key difficult


14/28

WEP Encryption WeaknessWEP Encryption Weakness

Initialization Vector (IV) used duringInitialization Vector (IV) used duringencryption isencryption is only 24 bitsonly 24 bits longlong

Key to cracking: find packets with duplicateKey to cracking: find packets with duplicate

public IVspublic IVs repetition of IV guaranteed on busy networksrepetition of IV guaranteed on busy networksdue to small IV spacedue to small IV space

Tools:Tools: WEPCrackWEPCrack,, AirSnortAirSnort

15 minutes to 24 hours to collect enough15 minutes to 24 hours to collect enoughpacketspackets


15/28

Improvement (to WEP) #1:Improvement (to WEP) #1: 802.1x802.1x

PortPort--based user authentication and keybased user authentication and keydistributiondistribution

Currently supported by most access pointsCurrently supported by most access points

and client OSesand client OSes


16/28

Improvement #2:Improvement #2: WPAWPA (Wi(Wi--Fi ProtectedFi Protected

Access)Access)

Incorporates 802.1XIncorporates 802.1X

AdvantagesAdvantages

stronger, centralized user authenticationstronger, centralized user authentication

automatically negotiated perautomatically negotiated per--user keys withuser keys withfrequent key updatesfrequent key updates

stronger encryption algorithm choicesstronger encryption algorithm choices

Hardware support may be needed forHardware support may be needed foradequate performanceadequate performance


17/28

TKIP (Temporal Key Integrity Protocol)TKIP (Temporal Key Integrity Protocol)

Extension of IV to 48 bitsExtension of IV to 48 bits

Includes IV sequencing (rotates keys moreIncludes IV sequencing (rotates keys moreoften)often)

Adds a frame integrityAdds a frame integrity--check function that ischeck function that ismuch stronger than CRCmuch stronger than CRC


18/28

Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)

1.1. During association, client must provideDuring association, client must providecredentialscredentials

2.2. Access point requests authentication ofAccess point requests authentication of

user from RA

DIUS serveruser from RA

DIUS server3.3. If successful, access point will accept trafficIf successful, access point will accept traffic

from client, encryption keys derived for thefrom client, encryption keys derived for thesessionsession

4.4. When client logs off, the access point willWhen client logs off, the access point willdisable the client's portsdisable the client's ports


19/28

EAP Authentication TypesEAP Authentication Types

5 contenders, no clear consensus (wait for5 contenders, no clear consensus (wait forthe dust to settle?)the dust to settle?)

PEAPPEAP has support from Microsoft+Cisco+RSA,has support from Microsoft+Cisco+RSA,being standardized by IETFbeing standardized by IETF

EAPEAP--TTLSTTLS also being standardizedalso being standardized LEAPLEAP is Ciscois Cisco--proprietaryproprietary

interoperability problemsinteroperability problems

User credentials = name/password, orUser credentials = name/password, ordigital certificatedigital certificate

use of certificates requires certificate serveruse of certificates requires certificate serverinfrastructureinfrastructure


20/28

Improvement #3:Improvement #3: 802.11i802.11i

WPA + dynamic negotiation ofWPA + dynamic negotiation ofauthentication and encryption algorithmsauthentication and encryption algorithms

AES is the primary encryption algorithmAES is the primary encryption algorithm

Requires hardware supportRequires hardware support newer access points + wireless cards will benewer access points + wireless cards will be

firmware upgradeablefirmware upgradeable

older access points + wireless cards will have toolder access points + wireless cards will have to

be replacedbe replaced

Still under development; ratified andStill under development; ratified andavailableavailable midmid--2004?2004?


21/28

Security Through OtherMeansSecurity Through OtherMeans

UseUse firewallsfirewalls to isolate wireless traffic fromto isolate wireless traffic fromwired networkwired network

UseUse intrusion detectionintrusion detection to detect attacks onto detect attacks on

wireless networkswireless networks UseUse IPSec / VPNsIPSec / VPNs to protect traffic at IPto protect traffic at IP

layerlayer

UseUse TLS (SSL)TLS (SSL) to protect traffic atto protect traffic atapplication layerapplication layer


22/28

Recommendations: GeneralRecommendations: General

1.1. Get informedGet informed about risks!about risks!

2.2. RegularRegular security auditssecurity audits and penetrationand penetrationassessmentsassessments

3.3. RequireRequire "strong" passwords"strong" passwords, limit number, limit numberof login attemptsof login attempts

4.4. Disable ad hocDisable ad hoc modemode

invites access by unauthorized nodes to yourinvites access by unauthorized nodes to yourcomputercomputer


23/28

Recommendations: Access PointsRecommendations: Access Points

5.5. EnforceEnforce standard security settingsstandard security settings for eachfor each802.11b access point802.11b access point

6.6. Regularly search toRegularly search to identify unknownidentify unknown

access pointsaccess points7.7. RequireRequire centralized user authenticationcentralized user authentication

(RADIUS) to configure the access point(RADIUS) to configure the access point

8.8. EncryptEncrypt all access pointall access point managementmanagementtraffictraffic


24/28

Recommendations: OtherRecommendations: Other

9.9. UseUse distributed personal firewalldistributed personal firewall on eachon eachclientclient

10.10.UseUse VPNsVPNs to supplement encryption andto supplement encryption and

authentication for 802.11bauthentication for 802.11b11.11.Maintain anMaintain an intrusion detection systemintrusion detection system onon

the wireless networkthe wireless network

12.12.UseUse firewallsfirewalls to separate wireless networksto separate wireless networksfrom internal networksfrom internal networks


25/28

Recommendations: WLAN SecurityRecommendations: WLAN Security

WEP (WEP (fairfair)) enable wireless frame encryptionenable wireless frame encryption

use longest keyuse longest key

change the WEP key regularly (manually)change the WEP key regularly (manually)

802.1X and WPA (user authentication +802.1X and WPA (user authentication +dynamic keys) (dynamic keys) (betterbetter))

use as soon as practical and stableuse as soon as practical and stable

set rekeying to occur every few hoursset rekeying to occur every few hours

802.11i (802.11i (bestbest))

upgrade / use when available and supportedupgrade / use when available and supported


26/28

SSL / TLSSSL / TLS

Widely used for webWidely used for web--based transactionsbased transactions

Requires end users to have digitalRequires end users to have digitalcertificatescertificates


27/28

VPNs and IPsecVPNs and IPsec

Wireless network is untrustedWireless network is untrusted higher layer provides securityhigher layer provides security

all IP traffic protectedall IP traffic protected

Critical stepsCritical steps1.1. client establishes security association with VPNclient establishes security association with VPNgatewaygateway

2.2. no nonno non--VPN traffic is allowed out of the LANVPN traffic is allowed out of the LAN(filtered by firewall)(filtered by firewall)

Have to install IPSec software on clientHave to install IPSec software on client


28/28

Tools for Breaking WEPTools for Breaking WEP

WEPCrackWEPCrack is an open source tool foris an open source tool forbreaking 802.11 WEP secret keysbreaking 802.11 WEP secret keys

AirSnortAirSnort is a wireless LAN (WLAN) toolis a wireless LAN (WLAN) toolwhich recovers encryption keyswhich recovers encryption keys

requires approximately 5requires approximately 5--10 million encrypted10 million encryptedpackets to be gatheredpackets to be gathered

on a busy network:on a busy network: 15 minutes15 minutes

on a typical network: 24 hourson a typical network: 24 hours

e Nc Wireless Security Short Version

Documents

Transcript of e Nc Wireless Security Short Version