Network Security. Security in local-area networks. Radboud University, The Netherlands. Spring 2017

Similar documents
Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

CIT 380: Securing Computer Systems. Network Security Concepts

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Switched environments security... A fairy tale.

Plaintext Recovery Attacks Against WPA/TKIP

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Section 4 Cracking Encryption and Authentication

Wireless Attacks and Countermeasures

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Wireless Network Security

Overview of Security

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

WPA Migration Mode: WEP is back to haunt you

Appendix E Wireless Networking Basics

Network Security. Thierry Sans

Gaining Access to encrypted networks

Wireless Network Security

CE Advanced Network Security Wireless Security

Hacking Wireless Networks by data

Wireless LAN Security. Gabriel Clothier

Security in IEEE Networks

AN INTRODUCTION TO ARP SPOOFING

Physical and Link Layer Attacks

Wireless technology Principles of Security

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

Wireless LAN Security (RM12/2002)

Wireless Network Security Spring 2016

Muhammad Farooq-i-Azam CHASE-2006 Lahore

What is Eavedropping?

Wireless Network Security Spring 2015

CS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

CSC 574 Computer and Network Security. TCP/IP Security

ETHICAL HACKING OF WIRELESS NETWORKS IN KALI LINUX ENVIRONMENT

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Security of WiFi networks MARCIN TUNIA

A Framework for Optimizing IP over Ethernet Naming System

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Configuring Wireless Security Settings on the RV130W

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Securing a Wireless LAN

Chapter 24 Wireless Network Security

Attacks on WLAN Alessandro Redondi

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

NETWORK SECURITY. Ch. 3: Network Attacks

CCNP Switch Questions/Answers Securing Campus Infrastructure

Chapter 5 Local Area Networks. Computer Concepts 2013

How Insecure is Wireless LAN?

Network Security. CSC 482/582: Computer Security Slide #1

ELEC5616 COMPUTER & NETWORK SECURITY

Is Your Wireless Network Being Hacked?

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Lab Configure Enterprise Security on AP

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Post Connection Attacks

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Configuring Cipher Suites and WEP

Basic Wireless Settings on the CVR100W VPN Router

CSc 466/566. Computer Security. 18 : Network Security Introduction

Some of the slides borrowed from the book Computer Security: A Hands on Approach by Wenliang Du. TCP Attacks. Chester Rebeiro IIT Madras

Man in the middle. Bởi: Hung Tran

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

A Practical, Targeted, and Stealthy attack against WPA-Enterprise WiFi

Hacking Encrypted Wireless Network

CSC 4900 Computer Networks: Security Protocols (2)

On the Internet, nobody knows you re a dog.

Wireless Security Security problems in Wireless Networks

GETTING THE MOST OUT OF EVIL TWIN

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Switching & ARP Week 3

Configuring a VAP on the WAP351, WAP131, and WAP371

Analyzing Wireless Security in Columbia, Missouri

CS263: Wireless Communications and Sensor Networks

Security Setup CHAPTER

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture 13 Page 1. Lecture 13 Page 3

Foundations of Network and Computer Security

Threat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

WL-5420AP. User s Guide

Summary on Crypto Primitives and Protocols

Wireless Network Security

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

Once in BT3, click the tiny black box in the lower left corner to load up a "Konsole" window. Now we must prep your wireless card.

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Configuring Layer2 Security

Computer and Network Security

Transcription:

Network Security Security in local-area networks Radboud University, The Netherlands Spring 2017

A two-slide intro to networking I Command on tyrion: netcat -lp 51966 Command on arya: echo "Hi tyrion" netcat tyrion 51966 Behind the scenes How/why does arya know tyrion? (or, what does tyrion mean from arya s perspective?) What s the magic value 51966? Could we use another one? Does it have to be the same on tyrion and arya? How does arya know that information should go through the cable? Does it actually go through the cable? What information (sequence of bits) goes through the cable? Network Security Security in local-area networks 2

A two-slide intro to networking II tyrion s netcat listens on TCP port 51966 arya looks up the IP address of tyrion: 192.168.42.1 arya sends an ARP request (ARP who has 192.168.42.1) to the broadcast MAC address ff:ff:ff:ff:ff:ff tyrion answers with ARP reply 192.168.42.1 is at 50:7b:9d:f3:db:29 arya establishes a TCP/IP connection to tyrion (TCP port 51966) arya sends "Hi tyrion" through the established TCP connection TCP segment with destination port 51966 IP packet with source IP addr: 192.168.42.2 and dest. IP addr: 192.168.42.1 Ethernet frame with source MAC addr: 00:1e:68:b8:c7:eb, and dest. MAC addr: 50:7b:9d:f3:db:29 arya sends all the bits of the Ethernet frame through the cable tyrion receives frame, opens it up, hands payload of TCP segment to the application listening on port 51966 (netcat) tyrion confirms receipt of the TCP segment (ACK) arya closes the session, tyrion closes the session Network Security Security in local-area networks 3

Sniffing traffic the good old days Can connect two computers directly by Ethernet cable (old installations need a crossover cable) For > 2 computers need some joint connection A hub (active hub) repeats bits received on one port on all other ports Simplified view: all connected Ethernet cables soldered together joffrey plugs his computer into the hub: Can listen (sniff, eavesdrop) to all communication between arya and tyrion Can jam all communication between arya and tyrion (DOS) Can impersonate tyrion or arya (more later) Network Security Security in local-area networks 4

Switched Ethernet Hubs are now largely obsolete, having been replaced by network switches except in very old installations or specialized applications. Wikipedia article Ethernet hub Disadvantage of hubs: lots of frame collisions in busy networks Idea: only forward bits to the actual receiver(s) of the frames Network switches are aware of MAC addresses sitting behind their ports ( port here only refers to a physical plug socket, not a TCP port) Forward data only to the port with the receiver MAC address Switched Ethernet creates separate collision domains for each port Switched Ethernet also creates separate sniffing domains for each port How about our nice attacks, do they still work? Network Security Security in local-area networks 5

Put back the hub Before the attack arya---------- tyrion-------- Switch joffrey------- After the attack arya------------- Switch tyrion-- Hub -- joffrey ---* Can only sniff traffic to and from tyrion, but often that s enough If you have an old hub, keep it! Could also replace the switch by a hub, but that causes all kind of problems (performance, need access to the switch, etc) Network Security Security in local-area networks 6

ARP Cache poisoning Before arya contacts tyrion, she will ask for tyrion s MAC address Idea: joffrey can simply answer with his MAC address arya will update her ARP cache entry for tyrion s IP address with joffrey s MAC address arya will then (unknowingly) talk to joffrey instead of tyrion This attack is called ARP spoofing or ARP cache poisoning It gets better than that: joffrey does not have to wait for arya to send an ARP request Gratuitous ARP packets are announcements ( replies without a request ) Various good reasons for gratuitous ARP: Announce IP+MAC at boot time Announce changed IP address to other hosts IP-address takeover in high-performance clusters Network Security Security in local-area networks 7

arpspoof convenient ARP spoofing Let s become man in the middle on tyrion (192.168.42.1) between 192.168.42.2 and 192.168.42.3 First enable IP forwarding in the Linux kernel: root@tyrion# echo 1 > /proc/sys/net/ipv4/ip_forward Now poison the ARP cache of 192.168.42.2: root@tyrion# arpspoof -t 192.168.42.2 192.168.42.3... and the ARP cache of 192.168.42.3: root@tyrion# arpspoof -t 192.168.42.3 192.168.42.2 Now use your favorite sniffer on tyrion to see traffic between 192.168.42.2 and 192.168.42.3 Remark: arpspoof is part of the dsniff suite Network Security Security in local-area networks 8

Ettercap Very versatile tool for various low-level (ARP related) network attacks: ettercap Text mode and different GUIs Some features of Ettercap: ARP cache poisoning MAC flooding Injection attacks Support for plugins OS fingerprinting Very simple (but important) aspect: find all hosts of the network Simply send ARP requests for all hosts on the (sub)-network Network Security Security in local-area networks 9

From RFC 826 An Ethernet Address Resolution Protocol?Do I have the hardware type in ar$hrd? Yes: (almost definitely) [optionally check the hardware length ar$hln]?do I speak the protocol in ar$pro? Yes: [optionally check the protocol length ar$pln] Merge_flag := false If the pair <protocol type, sender protocol address> is already in my translation table, update the sender hardware address field of the entry with the new information in the packet and set Merge_flag to true.?am I the target protocol address? Yes: If Merge_flag is false, add the triplet <protocol type, sender protocol address, sender hardware address> to the translation table.?is the opcode ares_op$request? (NOW look at the opcode!!) Yes: Swap hardware and protocol fields, putting the local hardware and protocol addresses in the sender fields. Set the ar$op field to ares_op$reply Send the packet to the (new) target hardware address on the same hardware on which the request was received. Network Security Security in local-area networks 10

Another kind of ARP spoofing ctd. First a clarification of terms: ar$hrd: Hardware address space, e.g., Ethernet ar$pro: Protocol address space ar$hln: byte length of each hardware address ar$pln: byte length of each protocol address ares_op$request/reply: Distinguish type (opcode) Note: Update the table entry before checking REQUEST/REPLY Does not depend on gratuitous ARP Can use ARP requests to poison the ARP cache Can also create new entries in the ARP cache, not just overwrite existing ones Ettercap supports this: set arp_poison_request = 1 in /etc/ettercap/etter.conf Network Security Security in local-area networks 11

MAC flooding A switch stores MAC-address-port mappings in a Content addressable memory (CAM) table Attack idea: send many Ethernet frames with different source MAC addresses Overflow the table Effects of this depend highly on the switch Some (many?) switches will fall back to behave like a hub Network Security Security in local-area networks 12

ARP-attack countermeasures For small networks: static ARP table entries Disable gratuitous ARP (this may break things) Also, it s not so easy (at least on Linux): echo 0 > /proc/sys/net/ipv4/conf/eth0/arp_accept is sometimes claimed to disable gratuitous ARP Disables gratuitous ARP only for new IP addresses! Fine-grained configuration through ARP filter arptables Use arpwatch to monitor ARP messages Protection mechanisms on advanced switches (like Dynamic ARP Inspection on Cisco switches) Generally it s hard to defend against ARP spoofing, because ARP does not have any authentication mechanism Network Security Security in local-area networks 13

VLANs Advanced switches support partitioning of a local-area network (LAN) into multiple virtual LANs (VLANs) You can think of a VLAN as physically separated LANs (but easier to manage) VLANs are separate broadcast domains ARP requests/replies don t go from one VLAN to another Example use: Logical network for staff of university institute Logical network containing computers with student access This does not prevent ARP-level attacks Can limit the damage caused by ARP-level attacks ( students can only attack each other ) Network Security Security in local-area networks 14

MAC address filtering Switches are aware of MAC addresses Idea: Switches can just ignore computers with unknown MAC addresses Set up a white list of MAC addresses on the switch Question: Can joffrey spoof his MAC address? A MAC address is a unique character string, and since it identifies a specific physical device one individual NIC the MAC address, by convention, never changes for the life of the NIC. [...] Because your NIC s MAC address is permanent, it s often referred to as the "real," or physical, address of a computer. http://www.watchguard.com/infocenter/editorial/135250.asp Network Security Security in local-area networks 15

MAC spoofing It is possible to spoof the MAC address, so an attacker could potentially capture details about a MAC address from your network and pretend to be that device to connect to your network, but no casual hacker or curious snooper will go to those lengths so MAC filtering will still protect you from the majority of users. (http://netsecurity.about.com/od/quicktip1/qt/ qtwifimacfilter.htm) Going to "those lengths" means the following: root@tyrion# ip link set dev eth0 down root@tyrion# ip link set dev eth0 address 42:42:42:42:42:42 root@tyrion# ip link set dev eth0 up Obviously, 42:42:42:42:42:42 can be any MAC address Network Security Security in local-area networks 16

More applications of MAC spoofing It is widely believed that MAC spoofing is hard Various security concepts rely on the fact that you cannot spoof MAC addresses: Some proprietary software uses MAC addresses to bind a copy of the software to a fixed computer In some public places each MAC address gets free WiFi for a fixed amount of time Summary: MAC spoofing is easy Security based on MAC uniqueness is bad Network Security Security in local-area networks 17

Wireless Networks Most important standard for wireless networks: IEEE 802.11 (released 1997) Designed to behave in many ways like a wired network Uses the same kind of MAC addresses as Ethernet Association with a network corresponds to plugging in the network cable Networks in vicinity are logically separated by their network names (service set identification, SSID) Communication is physically separated by using different channels (frequencies) Two different modes of operation: Ad-hoc mode: peer-to-peer communication between nodes Infrastructure mode: communication through access point (AP) Typical (and recommended) setup for permanent installations: infrastructure mode (managed mode) Network Security Security in local-area networks 18

Connecting to a WiFi network Connections to a wireless network are handled through management frames APs send beacon frames (by default, 10/second) containing: Timestamp Beacon interval SSID Frequency-hopping parameters Connecting to a network: Client sends authentication request with its identification (MAC), the network s SSID, etc. If AP decides to accept the client, sends authentication OK Client sends association request AP sends association OK Other important management frames Reassociate request/response frames: change the AP Disassociate frame: leave the network Network Security Security in local-area networks 19

Hidden SSID Clients need to know the SSID to authenticate/associate Idea: Don t send this SSID in beacon frames (legitimate users know it anyway) Advertise this as network cloaking Network is not really cloaked, SSID is contained also in other frames Clearly security by obscurity, bad practice Not intended by the standard Windows XP machines always prefer access points that broadcast their SSID Very easy to lure those machines into a fake AP Network Security Security in local-area networks 20

Nice summary on hidden SSIDs Do you ever wonder sometimes how it is that some ideas just won t die? Like the thought that not broadcasting your wireless network s SSID will somehow make you more secure? This is a myth that needs to be forcibly dragged out behind the woodshed, strangled until it wheezes its last labored breath, then shot several times for good measure. Steve Riley http://blogs.technet.com/b/steriley/archive/2007/10/16/ myth-vs-reality-wireless-ssids.aspx Network Security Security in local-area networks 21

Encrypted WiFi part I WiFi is even more susceptible to eavesdropping attacks than cable-based networks Idea of original 802.11: use encryption to provide Wired Equivalent Privacy (WEP) Encryption uses RC4 with 40-bit key and 24-bit IV Access to a wireless LAN only with pre-shared key Weak encryption because of US export laws at the time of standardization Once export restrictions got lifted, extend to 104-bit key (WEP-104) Two possible authentication mechanisms: Open System Authentication: no authentication Challenge-Response Authentication WEP was optional; in the early days of WiFi most networks were not encrypted Network Security Security in local-area networks 22

RC4 Stream cipher designed by Rivest in 1987 Algorithm was a trade secret of RSA Security Posted anonymously to the cypherpunks mailing list in 1994 Two parts of the algorithm: key schedule and pseudo-random generation Supports keys of length between 1 and 256 bytes Very small and simple C code, quickly became popular Network Security Security in local-area networks 23

RC4/WEP security One major problem: short 24-bit IVs After 5000 frames there is a 50% chance of repeating IVs Another problem: WEP concatenates key and IV to input for key schedule Fluhrer, Mantin, Shamir, 2001: First few output bytes of RC4 are biased FMS attack against WEP uses biases to find the master key Klein 2005: even more correlations between key and output Tews, Weinmann, Pyshkin, 2005: tune Klein s attack for WEP-104 Break WEP key after 40000 frames with probability > 50% Break WEP key after 85000 frames with probability > 95% Consequence: Can break WEP-104 in < 1 minute Network Security Security in local-area networks 24

aircrack-ng aircrack-ng is a suite of tools to break WiFi encryption Part of most Linux distributions airmon-ng: switch the wireless interface into monitor mode, create monitor interface mon0 airodump-ng: scan for networks, sniff and dump received data to a file aireplay-ng: generate traffic by replaying frames Can also be used, e.g., to de-authenticate/disassociate clients Take the MAC address of that client if MAC filtering is enabled Record the re-authentication of that client to obtain (hidden) SSID aircrack: Use data recorded by airodump-ng to break encryption The aircrack suite has various filters and switches that influence performance Generally a very powerful tool to break WiFi encryption (see homework) Network Security Security in local-area networks 25

Encrypted WiFi part II Drop-in replacement for WEP: WiFi Protected Access (WPA) Available since 2003 (draft of 802.11i) Uses Temporal Key Integrity Protocol (TKIP) for encryption TKIP is a wrapper around RC4 to address some weaknesses in WEP Changes compared to WEP: Use 128-bit keys instead of 40-bit keys Use 48-bit IV instead of 24-bit IV Use a mixing function to combine key and IV Use IV as a sequence counter to protect against replay attacks (drop out-of-order packets) Use a rekeying mechanism to change the key every 10000 packets Reason for WPA/TKIP: No need to update hardware, only firmware Network Security Security in local-area networks 26

Weaknesses in WPA Core problem of WPA/TKIP: It still uses RC4 AlFardan, Bernstein, Paterson, Poettering, Schuldt, 2013: Plaintext-recovery attack against RC4 in TLS Paterson, Poettering, Schuldt, 2014: Plaintext-recovery attack against RC4 in WPA/TKIP Better attacks against RC4 by Garman, Paterson, and van der Merwe in 2015... and by Vanhoef and Piessens in 2015... and by Bricout, Murphy, Paterson, and van der Merwe in 2016 Network Security Security in local-area networks 27

Encrypted WiFi part III In 2004, IEEE announces 802.11i (WPA2) Most important chance compared to WEP and WPA: get rid of RC4 Use CCMP instead (AES in Counter Mode Cipher Block Chaining Message Authentication Code Protocol) 128-bit AES key Since 2006 all WiFi-certified cards need to support WPA2 Different ways of handling authentication and keys, easiest one: pre-shared-key (PSK) PSK is typically derived from a passphrase through a key-derivation-function (specifically, PBKDF2) Network Security Security in local-area networks 28

Everything fine with WPA2? Essentially three problems with WPA2: Weak passphrases (aircrack-ng has support for brute force): A key generated from a pass-phrase of less than about 20 characters is unlikely to deter attacks. IEEE 802.11i standard WPA2 still supports TKIP (with RC4) for backwards compatibility Many WPA2 routers support WiFi Protected Setup (WPS) WPS attack by Viehböck, 2011 WPS defines various ways to set up a secure home network One way: Enter the AP s WPS PIN into the new network client (your laptop) PIN has 8 digits, 10 8 possibilities Two halves of PIN are checked indendently; brute-force takes only 2 10 4 Last bit of the PIN is a parity bit, hence, only 11000 guesses Brute-forcing this PIN takes < 4 hours Network Security Security in local-area networks 29

The cryptographer s response It is very hard to prevent an attacker from sniffing your communication It is even harder to prevent an attacker from disrupting your communication System administrators can do something, even harder for users Most of the network is typically not under your control Go for the safe worst-case assumption: Everybody can read and modify everything you send over the network. Solution for confidentiality and integrity: end-to-end encrypt/authenticate everything. Network Security Security in local-area networks 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback