Introduction Wireless Security - apca-att.org · Introduction Wireless Security Arshad Hussain Tel:...

Introduction Wireless Security

Arshad Hussain

Tel: (732) 420-5915

Email: [email protected]: http://www.4a-att.org/National/notices/sj_20061102.html

[email protected] November 2, 2006

IEEE 802.11 – OSI model

Application

Presentation

Session

Transport

Network

Data Link

Physical

LLC Layer (802.2)

MAC Layer 802.11• CSMA• Virtual collision Detection• Asynchronous Service• Error Correction, Roaming, etc

Physical Layer Radio (802.11)• 2.4GHz band• DSSS & FHSS• 1 –2Mbps• 10 – 500 meters transmission range

802.11 in the OSI model


OSI vs. IEEE 802.x


Wireless Technologies

BRAN &

HiPER LAN

UMTS802.11a

DS & FH

Range

Ban

dwid

th

10m 30m 100m >400m

802.11bDS

HomeRF

BT

0.5

1

2

11

54MbpsWLAN Multimedia

WLAN Broadband

Short range connectivityFor portables

WLAN High-speed

Wireless WAN


5GHz vs. 2.4GHz

The Better Spectrum Band for Wireless LANs• 2.4GHz Band

– Most LANs operate in this unlicensed band– Several limitations

• Only 80MHz wide• Mandates use of spread spectrum technology• WLAN users must not interfere with primary license holders

• 5GHz Band– Developed after recognition of the limitations of 2.4GHz band– Licensing authorities around the world have allocated large blocks

of spectrum in the 5GHz band– Broad blocks of spectrum & lenient operating rules enable high-

speed operation by large numbers of users


IEEE 802.11 PHY Layer• At the PHY layer, IEEE 802.11 defines three physical characteristics

for wireless LANs

– Diffused infrared operating at baseband– DSSS operating at 2.4 GHz band - Used in IEEE 802.11b– FHSS operating at 2.4 GHz band – speed limited to 2Mbps

• The original 802.11 standard supported 1Mbps & 2Mbps data rates

– All 11 Mbps radios are DSSS– Choice between FHSS & DSSS depends on the users applications &

environment that the system will be operating– Remember DSSS and FHSS are not compatible with each other– Using the frequency hopping technique:

• The 2.4 GHz band is divided into 75 1-MHz subchannels. • The sender and receiver agree on a hopping pattern, and • Data is sent over a sequence of the subchannels.


• Using the Direct Sequence technique:

– The direct sequence signaling technique divides the 2.4 GHz band into 14 22-MHz channels.

– Adjacent channels overlap one another partially, with three of the 14 being completely non-overlapping.

– Data is sent across one of these 22 MHz channels without hopping to other channels.

IEEE 802.11 PHY Layer


IEEE 802.11 WLAN Types• IEEE 802.11 a

– PHY layer: 5 GHz, OFDM– Data rate: 54 Mbps

• IEEE 802.11 b

– PHY layer: 2.4 GHz, DSSS– Data rate: 11 Mbps– Wireless version of the IEEE 802.3 wired Ethernet

• IEEE 802.11 g

– PHY layer: 2.4 GHz, DSSS– Data rate: 6 - 54 Mbps– Design to provide higher speeds and range for

802.11b


Wireless Networking Technology Comparison

DSSS – Direct Sequence Spread SequenceFHSS – Frequency Hopping Spread SpectrumOFDM – Orthogonal Frequency Division Multiplexing

Standards body

PHY Layer

Data Rate (Mbps)

Rage (meters)

Frequency (GHz) Channels

(width)IEEE

802.11aIEEE OFDM 54 TBD 5

8 (20MHz)IEEE

802.11bIEEE DSSS 11 100 2.4

3 (5.5, 2, 1Mbps)

IEEE 802.11g

IEEE DSSS/OFDM

150 2.4 3 (5.5, 2, 1Mbps)

WLAN

Technology

6 - 54

IEEE 802.11 Security


Typical WLAN Configuration

Wired-LANHub

Access Point

No security or security provided thru other means 802.11 Security


Review How Wired-LANs Work– Wired networks can have a physically secure transmission

medium– Access to the network is easily controlled

• Wireless network is more difficult to secure– Since the transmission medium is open to anyone within

the geographical range of a transmitter

– Data privacy is accomplished over a radio medium using encryption & authentication• Encryption comes at increased cost and decreased performance



IEEE 802.11 SecurityWEP Privacy Mechanism• Provides encryption

– Uses RSA Data Security Inc.'s 40-bit RC4 algorithm for encrypting data (plain text) contained in the frames

• Provides protection against unauthorized data modification– Integrity algorithm (CRC-32) operates on the the plaintext to produce the

integrity check value– Produces the ciphertext

• 802.11 Selected WEP Protocol– Reasonably strong– Self synchronizing– Computationally efficient– Exportable outside the US– Optional - Defined as an optional functionality of the MAC


Review How WLANs Work– A WLAN uses radio waves to communicate among devices.

– An access point (AP) with an antenna is physically connected to a conventional wired Ethernet network and serves as a bridge to the wireless network.

– Up to approximately 150 feet, a Wi-Fi 802.11b WLAN typically can deliver broadband performance with a signaling speed of up to 11 Mbps.

– Beyond that distance, it can operate at fallback speeds of 5.5 Mbps, 2 Mbps and 1 Mbps. • At these lower speeds the signal can travel as far as 1,500 feet.

– Actual performance depends upon the signal pattern and the number of walls, floors and other architectural obstacles in the area.

– IEEE 802.11a WLANs can achieve speeds of up to 54 Mbps within a somewhat reduced range.



Review How WLANs Work– In order to indicate its presence to wireless clients in its listening area,

an AP announces itself by beaconing, or broadcasting, a Service Set Identifier (SSID) approximately 10 times per second.

– The SSID identifies the name of the network.

– PCs that are within range and equipped with a wireless network interface card can • Receive the SSID, • Associate with the WLAN and request an IP address that will allow them to

connect to the local network, surf the Internet, and view network folders.

• The Challenge– The open broadcast of the SSID and the ease with which a mobile PC can

associate with an unsecured WLAN



Security - Authentication– Means by which one station is verified to have

authorization to communicate with a second station in a given coverage area

– In the infrastructure mode, authentication is established between an access point (AP) and each station


802.11 Authentication

Open System Auth

• 1-stage challenge response

• Non-Cryptographic (No RC4)

•

Shared-Key Auth

• 2-stage challenge response

• Cryptographic (uses RC4)

• shared-key provide auth


Security - Encryption– Intended to provide wired-LAN compatible security– In IEEE 802.11 the Wired Equivalent Privacy (WEP)

feature uses the RC4 PRNG algorithm from RSA Data Security

– The WEP algorithm was intended to be• Reasonably strong• Self-synchronizing• Computationally efficient• Exportable• Optional

• Encryption comes at increased cost & decreased performance



Security – Data Integrity– To ensure that messages are not modified in transit

between the wireless clients & Access Point


Problems with 802.11 Security


Security problems with WEP include the following:

– The use of static WEP keys

– To initialize the RC4 algorithm, a 24-bit field sent in the clear text – a clear violation of security

– The attack is publicly available as an “attack script”and open source code

– WEP provides no cryptographic integrity protection



Taxonomy of Security Attacks

Attacks

Passive Attacks Active Attacks

Eavesdropping Traffic

Analysis

Masquerade

Replay

Message

Modification

Denial-of-Service


• Identify who may use WLAN technology in an enterprise

• Identify whether Internet access is required

• Describe who can install access points and other wireless equipment

• Provide limitations on the location of and physical security for access points

• Describe the type of information that may be sent over wireless links

• Describe conditions under which wireless devices are allowed

• Define standard security settings for access points

• Describe limitations on how the wireless device may be used, such as location

Management Countermeasures


• Describe the hardware and software configuration of all wireless devices

• Provide guidelines on reporting losses of wireless devices and security incidents

• Provide guidelines for the protection of wireless clients to minimize/reduce theft

• Provide guidelines on the use of encryption and key management

• Define the frequency and scope of security assessments to include access point discovery.

Management Countermeasures


– Updating default passwords

– Establishing proper encryption settings– Controlling the reset function– Using MAC ACL functionality– Changing the SSID– Maximize the Beacon Interval– Disable broadcast SSID feature– Changing default cryptographic keys– Using SNMP– Changing default channel– Using DHCP

Access Point Configuration

WPA – WiFi Protected Access


WiFi Protected Access• By late 2002, the WiFi alliance started the WPA standard work

• Includes two main features:– 802.1X

• The 802.1X port-based access control provides a framework to allow the use of robust upper layer authentication protocols

• facilitates the use of session keys

– Temporal Key Integrity Protocol (TKIP)• allows for per-packet key construction• provides cryptographic integrity


– Temporal Key Integrity Protocol (TKIP)• Allows for per-packet key construction• Provides cryptographic integrity, and • Provides key derivation and distribution.

• TKIP, through these algorithms– Provides protection against various security attacks

discussed earlier, including replay attacks and attacks on data integrity

– objective of WPA is to bring a standards-based security solution to the marketplace to replace WEP while giving the IEEE 802.11 Task Group i enough time to complete

WiFi Protected Access


• Authentication• Personal Firewalls• Intrusion Detection System (IDS)• Encryption• Security Assessments• Smart Cards• Virtual Private Networks

– Confidentiality– Integrity– Data origin authentication– Traffic analysis protection

How to Secure WLAN


How to Secure WLAN

VPN Security in Addition to WEP


• 802.11i– An amendment to the existing wireless LAN standard– Includes the Advanced Encryption Standard (AES) for

confidentiality and integrity

• Temporal Key Integrity Protocol (TKIP)– address the problems without requiring hardware

changes

• IEEE 802.1X-2001

Emerging Security Standards and Technologies

Introduction Wireless Security - apca-att.org · Introduction Wireless Security Arshad Hussain Tel:...

Documents

Transcript of Introduction Wireless Security - apca-att.org · Introduction Wireless Security Arshad Hussain Tel:...