Wireless Security - McMaster Universityrzheng/course/COSC6397/lecture15.pdfIntrusion and...
-
Upload
truongkhue -
Category
Documents
-
view
221 -
download
1
Transcript of Wireless Security - McMaster Universityrzheng/course/COSC6397/lecture15.pdfIntrusion and...
56
Wireless SecurityAll vulnerabilities that exist in conventional wired networks apply and likely easierTheft, tampering of devices
PortabilityTamper-proof devices?
Intrusion and interception of poorly encrypted communicationWireless medium is “open”, unauthorized users can get around firewallsRogue APs
Denial of serviceEx: Jamming channel
57
Problems with WEP RevisitedIVs are short
24-bit IVs cause the generated key stream to repeatRepetition allows easy decryption of data for a moderately sophisticated adversary
Cryptographic keys are sharedAs the number of people sharing the key grows, the security risks also grow
RC4 has a weak key schedule and is inappropriately used in WEPWeakness in the first few bits in RC4 scheduleRC4 schedule is restarted for every packet
Packet integrity is lowCRC and other linear block codes are inadequate for providing cryptographic integrity
No user authenticationClient does not authenticate AP
Anyone can pretend to be an APDevice authentication is simple shared-key challenge-response
Shared-key challenge response is subject to man-in-the-middle attack
58
An Illustration of Man-in-the-middle attack
Authorization Request
Challenge
Response
Confirm Success
Encrypt Challenge using RC4 algo
Generate a random #
Decrypt response and verify
59
An Illustration of Man-in-the-middle attack
Authorization Request 2
Challenge 2
Response
Generate a random #
Authorization Request 1
Challenge 1
Response
Confirm Success
Authorization Request 2
Challenge 1
60
Counter-measurements in WLANMAC Access Control (ACL)
Grant or deny a list of NIC addressesHowever, MAC addresses are transmitted clear-text and can be spoofedSet up ACL can be cumbersome for medium to large networks
Wireless Protected Access (WPA)IEEE 802.1X port access control
Stop intruders from sending traffic through the access point into adjacent networksUse Extensible Authentication Protocol (EAP)
TKIP (temporal key integrity protocol)Add a per-packet key mixing function to de-correlate the public initialization vectors (IVs) from weak keysRe-keying with fresh encryption and integrity keys every 1000 packetsTKIP utilizes RC4 with 128-bit keys for encryption and 64-bit keys for authentication. Now replaced by RSN (Robust Security Network) which use AES block cipher
61
AP acts as a middle manRADIUS: authorization serverEAPOW 4-way hanshake can be used to exchange shared-key (for session)
62
Counter-measurements (cont’d)Personal firewallVirtual private network (VPN)
Corporate intranet, e.g., access UH resource using VPN
63
VPN (cont’d)
“Secured tunnel” built on IPsec (layer 3)Access control:
Wireless networks on campus
Enterprise Network
Enterprise Network
RADIUS Server
Firewall
64
An Example – Home Wireless Network
Enable WEPMAC ACLFirewall
DSL Modem Wireless Router
00:1C:58:23:BD:9A
66
67
68
69
A Real Life ExampleScreen shot from Radisson Bahia Mar (Fort Lauderdale)
70
Security Issues in MANETMANETs inherently assume “cooperation” and thus are subject to security attack by design
Ex: DSR routing uses cached routesSecurity problems
AvailabilityRF jamming“sleep deprivation torture”Inject false routing information or simply drop packets
IntegrityData integrityDevice integrity: how do you know your thermometer is telling the truth?
AuthenticityAbsence of online serverSecure transient association
ConfidentialityThese problems are aggravated by the fact that many devices, e.g., a thermometer is incapable of performing cryptographic operations by itself
71
An Example Attack in DSRBackhole:
A wants to communicate with D.
Node A will broadcast a message asking the better path to reach the node D.The best path is chosen depending on the metric of the different routesIf an intruder replies with the shortest path, it inserts itself in the networkNode can drop any packet forwarded to him
Node A Node B
Node DNode C
Intruder
72
Counter-attack to blackholePassively acknowledge
Node A Node B
Node DNode C
Intruder
Data 1Data 1
73
A “Secured” MANET Routing ProtocolNodes need to be authenticated
Source, destination, relay nodesHow? Shared-key or public keyBut how to establish keys? – key management is a hard problem
Route message content needs to be protectedSome are dynamically updated each hopSome are static
Integrity of data messages
Example: hash chain for AODV to ensure hop count fieldSource RREP (seed, HTTL(seed), H)Intermediate node, kth hop, (Hk, HTTL(seed), H)
74
Further Readinghttp://csrc.nist.gov/publications/nistpubs/800-
48/NIST_SP_800-48.pdf