WLANs & SecurityWLANs & Security

Standards (802.11)Standards (802.11)802.11b - up to 11 Mbps, several hundred feet802.11b - up to 11 Mbps, several hundred feet802.11g - up to 54 Mbps, backward compatible, same frequency802.11g - up to 54 Mbps, backward compatible, same frequency802.11a - up to 54 Mbps, emerging standard802.11a - up to 54 Mbps, emerging standard

bluetooth - 1 Mbpsbluetooth - 1 Mbps

Why wireless?Why wireless?

Security IssuesSecurity Issues- to be continued...- to be continued...

Legal & Social IssuesLegal & Social Issues- who owns the bandwidth?- who owns the bandwidth?“Wireless local area networking has taken the world by storm. As is often the case, proper security was not built in at the beginning, and the act ofretrofitting it has not been without difficulty” -- Aviel Rubin, Technical Director of the Information Security Institute,

Johns Hopkins University

“Wireless local area networking has taken the world by storm. As is often the case, proper security was not built in at the beginning, and the act ofretrofitting it has not been without difficulty” -- Aviel Rubin, Technical Director of the Information Security Institute,

Johns Hopkins University

802.11 Crash Course802.11 Crash Course

What does the AP do?What does the AP do?

Station (radio) communicationStation (radio) communication- protocols rely upon media access control (MAC) addresses- protocols rely upon media access control (MAC) addresses

Access PointAccess PointStationStation

networknetwork

Where are the vulnerabilities?Where are the vulnerabilities?

- packets are called MPDUs these include a frame sequence number and CRC-32

- packets are called MPDUs these include a frame sequence number and CRC-32

802.11 Security802.11 Security

- optional- optional

- based on challenge and response protocol- based on challenge and response protocol

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)

Challenge and Response Exchange

Challenge and Response ExchangePremise: verify the correctness of a password without sending itPremise: verify the correctness of a password without sending it

Given: - two systems (client & server) that share a symmetric key - a server that “knows” the password

Given: - two systems (client & server) that share a symmetric key - a server that “knows” the password

1 .. client requests password from user1 .. client requests password from user

Note: Many systems use this protocol - e.g. Windows Web site authentication

Note: Many systems use this protocol - e.g. Windows Web site authentication

client systemclient system

server systemserver system2 .. client sends random block of data (challenge) to server2 .. client sends random block of data (challenge) to server

3 .. server uses password to encrypt challenge3 .. server uses password to encrypt challenge4 .. server sends encrypted data (response)4 .. server sends encrypted data (response)

5 .. client uses user-supplied password to encrypt the challenge5 .. client uses user-supplied password to encrypt the challenge

6 .. the user’s password is correct iff the encrypted challenge identical to the response6 .. the user’s password is correct iff the encrypted challenge identical to the response

802.11 Security802.11 Security

- optional- optional

- based on challenge and response protocol- based on challenge and response protocol

- uses RC4 (symmetric) algorithm- uses RC4 (symmetric) algorithm

- uses 24-bit nonce (challenge) per packet (called initialization vector (IV)- uses 24-bit nonce (challenge) per packet (called initialization vector (IV)

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)

- note that WEP does not specify any way to obtain shared keys- note that WEP does not specify any way to obtain shared keys

802.11 Security Problems

802.11 Security Problems

- identity of a package is based upon the client MAC address- identity of a package is based upon the client MAC address- open source drivers typically permit user to alter MAC addresses- open source drivers typically permit user to alter MAC addresses

1) relies upon an access control list in the AP - these are stored by MAC address

1) relies upon an access control list in the AP - these are stored by MAC address

IdentityIdentity

2) “closed network” - use proprietary mechanism based upon a shared “secret” string that is broadcast in cleartext within management frames.

2) “closed network” - use proprietary mechanism based upon a shared “secret” string that is broadcast in cleartext within management frames.

Access Control (two alternatives)Access Control (two alternatives)

Authentication (two alternatives)Authentication (two alternatives)1) open system - AP permits everyone to authenticate1) open system - AP permits everyone to authenticate

2) challenge & response between station and AP2) challenge & response between station and AP

2001 - RC4 is found to be vulnerable to attack given millions ofcleartext - ciphertext pairs

2001 - RC4 is found to be vulnerable to attack given millions ofcleartext - ciphertext pairs

The RC4 attack on WEP is automated with publicly released tools.The RC4 attack on WEP is automated with publicly released tools.

Current 802.11 “Solutions”

Current 802.11 “Solutions”

1) place WLAN outside firewalls1) place WLAN outside firewalls

2) use virtual private networks (VPN)2) use virtual private networks (VPN)

Note that VPNs work with IP-based protocols, but WLANsrely upon MAC-based protocol.

Note that VPNs work with IP-based protocols, but WLANsrely upon MAC-based protocol.

Future 802.11 Standards (in progress)

Future 802.11 Standards (in progress)

- will arrive in the form of firmware & driver patched (when released)- will arrive in the form of firmware & driver patched (when released)- message integrity code (MIC) included to eliminate forgeries- message integrity code (MIC) included to eliminate forgeries

- uses a 48-bit IV, instead of 24 bits used by WEP- uses a 48-bit IV, instead of 24 bits used by WEP

Temporary Key Integrity Protocol (TKIP)Temporary Key Integrity Protocol (TKIP)

CCMPCCMP

- packet sequencing rules changed to prohibit replay attacks- packet sequencing rules changed to prohibit replay attacks- a per packet key mixing function used to prevent key cracking- a per packet key mixing function used to prevent key cracking

- TKIP is a patch for WEP- TKIP is a patch for WEP

- uses AES, instead of RC4- uses AES, instead of RC4- uses larger MIC than TKIP- uses larger MIC than TKIP

- intended as eventual replacement for TKIP- intended as eventual replacement for TKIP