Wireless Network Security

Similar documents
Chapter 17. Wireless Network Security

Chapter 24 Wireless Network Security

Chapter - 6 WIRELESS NETWORK SECURITY

Wireless Network Security

Security in IEEE Networks

Wireless Network Security Spring 2015

05 - WLAN Encryption and Data Integrity Protocols

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Wireless Network Security Spring 2016

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Network Encryption 3 4/20/17

Wireless Internet: layers 3,4,5. Wireless Internet: Layers 3,4,5 Case Study: WAP. WAP: Wireless Application Protocol

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

M.SARAVANA KARTHIKEYAN

WPA Passive Dictionary Attack Overview

Configuring Layer2 Security

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

WPA-GPG: Wireless authentication using GPG Key

IEEE i and wireless security

Appendix E Wireless Networking Basics

FAQ on Cisco Aironet Wireless Security

Link Security A Tutorial

Wireless LAN Security. Gabriel Clothier

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Table of Contents 1 WLAN Security Configuration Commands 1-1

COSC4377. Chapter 8 roadmap

Troubleshooting WLANs (Part 2)

Wireless technology Principles of Security

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Key Management and Distribution

Wireless Networked Systems

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Outline. CS5984 Mobile Computing HTTP. HTTP (especially 1.0) Problems 1/2. Dr. Ayman Abdel-Hamid, CS5984. Wireless Web.

Cisco Wireless LAN Controller Module

WarDriving. related fixed line attacks war dialing port scanning

Configuring a VAP on the WAP351, WAP131, and WAP371

Wireless Security i. Lars Strand lars (at) unik no June 2004

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

The security of existing wireless networks

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

CSC 4900 Computer Networks: Security Protocols (2)

Configuring Cipher Suites and WEP

Add a Wireless Network to an Existing Wired Network using a Wireless Access Point (WAP)

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

From wired internet to ubiquitous wireless internet

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Physical and Link Layer Attacks

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Security and Authentication for Wireless Networks

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

Configuring a WLAN for Static WEP

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

MOBILE IP AND WIRELESS APPLICATION PROTOCOL

Exam Questions CWSP-205

Status of P Sub-Specification

Configuring the Client Adapter through Windows CE.NET

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017

Part II. Raj Jain. Washington University in St. Louis

Security in Data Link Protocols

Configuring WEP and WEP Features

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

Cisco Desktop Collaboration Experience DX650 Security Overview

Wireless and Mobile Networks

Kerberos V5. Raj Jain. Washington University in St. Louis

3 Data Link Layer Security

Selection of EAP Authentication Method for use in a Public WLAN: Implementation Environment Based Approach

Transport Level Security

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Securing Your Wireless LAN

CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE WIRELESS LAN STANDARD

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

Network Access Control and Cloud Security

Configuring the Client Adapter through the Windows XP Operating System

Configuring Authentication Types

Configuring WLANsWireless Device Access

Wireless Attacks and Countermeasures

Configuring the Client Adapter through the Windows XP Operating System

WLAN Roaming and Fast-Secure Roaming on CUWN

Securing a Wireless LAN

Block Cipher Operation

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

WLAN The Wireless Local Area Network Consortium

Configuring r BSS Fast Transition

Configuring WLANs CHAPTER

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

COPYRIGHTED MATERIAL. Contents

Light Mesh AP. User s Guide. 2009/2/20 v1.0 draft

Network Security and Cryptography. 2 September Marking Scheme

Authentication and Security: IEEE 802.1x and protocols EAP based

PowerStation2 LiteStation2 LiteStation5 User s Guide

Transcription:

Wireless Network Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/ 17-1

Overview 1. IEEE 802.11 Wireless LAN Overview 2. Legacy 802.11 Security: WEP 3. IEEE 802.11i Wireless LAN Security: WPA, WPA2 4. Wireless Application Protocol (WAP) Overview 5. Wireless Transport Layer (WTLS) Security These slides are based partly on Lawrie Brown Lawrie Brown s slides supplied with William Stallings s book Cryptography and Network Security: Principles and Practice, 5 th Ed, 2011. 17-2

Wi-Fi Operation Station Access Points (APs) periodically broadcast a beacon with SSID (service set ID) and security level Subscriber stations listen to these beacons, measure signal strength and determine which AP to join Subscribers can also send a Probe to find AP s in the neighborhood AP authenticates the subscriber station using shared keys Subscriber stations and AP exchange encrypted packets Subscriber station send a Disassociate message and log off Ref: http://en.wikipedia.org/wiki/service_set_%28802.11_network%29 Access Point 17-3

IEEE 802.11 Architecture Distribution System Server Station Access Point Station Basic Service Set Access Point Station 2nd BSS 17-4 Station IBSS Ad-hoc Station Ad-hoc Station Ad-hoc network

IEEE 802.11 Architecture (Cont) Basic Service Area (BSA) = Cell Each BSA may have several access points (APs) Basic Service Set (BSS) = Set of stations associated with one AP Distribution System (DS) - wired backbone Extended Service Area (ESA) = Multiple BSAs interconnected via a distribution system Extended Service Set (ESS) = Set of stations in an ESA Independent Basic Service Set (IBSS): Set of computers in adhoc mode. May not be connected to wired backbone. Ad-hoc networks coexist and interoperate with infrastructurebased networks 17-5

IEEE 802.11 Services Association: A STA connecting with an AP. Disassociation: Termination of association. Re-association: Transfer of association from one AP to another. Mobility within BSS, within ESS, between two ESSs. MSDU Delivery: Interchange of packets between STAs Distribution: Delivery of packets between STAs possibly via the backbone distribution system Integration: Interchange of packets between STAs and wired stations connected to LANs on the distribution system Authentication: The station is authenticated De-authentication Privacy: Encryption 17-6

Wired Equivalent Privacy (WEP) WEP Privacy similar to a wired network Intellectual property not exposed to casual browser Not protect from hacker First encryption standard for wireless. Defined in 802.11b Provides authentication and encryption Shared Key Authentication Single key is shared by all users and access points Two modes of authentication: Open system and Shared Key Shared Key: Challenge-response verifies client has the key Manual key distribution If an adapter or AP is lost, all devices must be re-keyed 17-7

WEP Review Four 40-bit or 104-bit Keys are manually programmed in each subscriber station and AP A 24-bit IV and WEP key is used to form a 64b or 128b RC4 key A keystream is generated using the RC4 key A 32-bit CRC is added as Integrity check value (ICV) to the packet Plain text and keystream is xor ed. A 32-bit CRC is added in clear. Ref: http://en.wikipedia.org/wiki/wired_equivalent_privacy, http://en.wikipedia.org/wiki/wi-fi_protected_access 17-8

WEP Problems No centralized key management Manual key distribution Difficult to change keys Single set of Keys shared by all Frequent changes necessary No mutual authentication No user management (no use of RADIUS) IV value is too short. Not protected from reuse. Weak integrity check. Directly uses master key No protection against replay Ref: http://en.wikipedia.org/wiki/wireless_security, http://en.wikipedia.org/wiki/wireless_lan_security, http://en.wikipedia.org/wiki/cracking_of_wireless_networks 17-9

802.11i Wireless LAN Security Wi-Fi Alliance Wi-Fi Protected Access (WPA) Software modification to existing WEP systems Key mixing function to generate per packet key Sequence Number to protect against replay attacks 64-bit message integrity check (MIC) Uses the same RC4 encryption 802.11i Robust Security Network (RSN) or WPA2 Requires hardware replacement Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) AES encryption with counter mode Ref: http://en.wikipedia.org/wiki/ieee_802.11i-2004, http://en.wikipedia.org/wiki/temporal_key_integrity_protocol, http://en.wikipedia.org/wiki/ccmp 17-10

802.11i Phases of Operation 17-11

IEEE 802.11i Discovery Phase STA AP Probe Request: May I join please? Probe Response: Yes, you can. Null Authentication Request Null Authentication Response Secure Association Request Association Response with Security Parameters Encryption, Integrity, Authentication Methods Capability negotiation Confidentiality and Integrity: WEP, TKIP, CCMP, vendor specific Authentication: 802.1x, Pre-shared key, vendor specific 17-12

802.1X Authentication framework for IEEE802 networks Supplicant (Client), Authenticator (Access point), Authentication server No per packet overhead Can run at any speed Need to upgrade only driver on NIC and firmware on switches User is not allowed to send any data until authenticated Authenticator Ref: http://en.wikipedia.org/wiki/802.1x External Device 17-13 Authenticator Connected Device

802.1X Authentication Station q q Can I connect please? What s your user name? My user name is john What s your password? My password is mary? You can connect! Access Point Associate EAP Identity Request EAP Identity Response EAP Auth Request EAP Auth Response EAP-Success 17-14 Authentication Server EAP Identity Response EAP Auth Request EAP Auth Response EAP-Success Authentication method can be changed without upgrading switches and access points Only the client and authentication server need to implement the authentication method

802.11i Key Hierarchy Pre-shared Key 256b Or Pairwise Master Key 256b AAA Key >256b Pair-wise Transient Key 384b Supplicant nonce 4-way Handshake PRF Authenticator nonce Pair-wise Transient Key 512b Group Master Key 128b PRF CCMP: EAPOL Key EAPOL Key Temporal Key Confirmation Key Encryption Key (CCMP) 128b TKIP: 128b 128b EAPOL Key Confirmation Key EAPOL Key Encryption Key Temporal Encryption Key 17-15 Group Temporal Key (CCMP) 128b MIC from AP Key MIC to AP Key 128b 128b 128b 64b 64b Group Temporal Key (TKIP) 256b

Key Management STA AP Generate PTK Anonce, A_MAC_Addr Snonce, S_MAC_Addr PTK installed, A_Addr, MIC I know PTK (Authenticates AP) S_Addr, MIC I know PTK (Authenticates STA) Generate PTK GTK, MIC MIC ACK All messages are EAPOL Key messages. EPOL key confirmation key is used to compute MIC for EPOL messages. Ref: http://en.wikipedia.org/wiki/ieee_802.11i-2004 17-16

802.11i Protected Data Transfer Phase Two schemes for protecting data Temporal Key Integrity Protocol (TKIP) S/w changes only to older WEP Adds 64b Michael message integrity code (MIC) instead of 32b CRC in WEP Encrypts MPDU plus MIC value using 128b RC4 Counter Mode-CBC MAC Protocol (CCMP) Uses cipher block chaining message authentication code (CBC-MAC) for integrity Uses Counter mode AES for encryption Ref: http://en.wikipedia.org/wiki/temporal_key_integrity_protocol, http://en.wikipedia.org/wiki/ccmp 17-17

IEEE 802.11i Pseudo-Random Function PRF is required to generate nonces and keys. HMAC-SHA-1 is used for all 4 Inputs: K=Secret Key, A= Use specific text string, B= Use specific Data, length Set counter to 0 and take desired number of bits from the left (if less than 160) If more than 160 bits needed, run the function again with the next sequence number Example: Pair-wise Temporal Key for CCMP PTK=PRM{PMK, Pairwise key expansion, min(ap Addr, STA Addr) max(ap-addr, STA-Addr) min(anonce, Snonce) max(anonce,snonce), 384} 17-18

Security Problems Addressed No MAC address spoofing: MAC address included in both Michael MIC and CCMP MAC No replay: Each message has a sequence number (TSC in TKIP and PN in CCMP) No dictionary based key recovery: All keys are computer generated binary numbers No keystream recovery: Each key is used only once in TKIP. No keystream in CCMP. No Weak Key Attack: Special byte in IV in TKIP prevents weak keys. Also, keys are not reused. No rouge APs: Mutual authentication optional. Some APs provide certificates. Not Addressed: DoS attack using disassociation or deauthentication attack. Mgmt frames are still not encrypted. 17-19

Wireless Application Protocol (WAP) Standard to provide mobile wireless users access to telephony and information services Significant limitations of devices, networks, displays with wide variations WAP specifications: Programming model Markup language Small browser Lightweight communications protocol stack Applications framework Ref: http://en.wikipedia.org/wiki/wireless_application_protocol 17-20

HTML Filter and WAP proxy may be separate or co-located HTML Filter converts HTML to WML WAP proxy converts WML to binary WML which is more compact WAP Infrastructure 17-21

Describes content and format for data display on devices with limited bandwidth, screen size, and user input capability Features include: Wireless Markup Language Text / image formatting and layout commands Deck/card organizational metaphor Support for navigation among cards and decks HTML Page = Deck = A set of interaction cards <?xml version="1.0"?> <!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/dtd/wml_1.1.xml" > <wml> <card id="main" title="first Card"> <p mode="wrap">this is a sample WML page.</p> </card> </wml> Ref: http://en.wikipedia.org/wiki/wireless_markup_language, http://en.wikipedia.org/wiki/wmlscript 17-22

WAP Architecture 17-23

WAP Architecture (Cont) Security Services: Cryptographic Libraries: Integrity, Signature, Encryption Authentication: WTLS and TLS, HTTP Client Authentication Identity: WAP identity module stores user ID and secrets PKI: Manager Certificates Secure Transport: WTLS over datagrams, TLS over TCP Secure Bearer: Some bearers, e.g., IP provide security (IPSec) Service Discovery: External Functionality Interface (EFI): Allows applications to discover what functions/services are available on the device Provisioning: Set parameters needed to access network services Navigation Discovery: Find new network services Service Lookup: Find service s parameter using DNS 17-24

WAP Application Environment (WAE) Software modules and tools to eases development of applications and devices supported by WAP WAP User Agents: Software modules for various device functions, e.g., display Wireless Telephony Applications: Software modules for telephony Standard Content Encoding: Software modules for servers to generate Web content Push: A push-over-the-air (Push-OTA) service allows mobile to receive content pushed by the servers Multimedia Messaging: Email, text, MMS 17-25

WAP Protocol Architecture Assumes that bearer service does not support TCP/IP Wireless Session Protocol (WSP): Supports connectionless and connection-oriented sessions. Allows sever Push for broadcast and alerts. Wireless Transaction Protocols (WTP): Lightweight TCP. Optional Acks. PDU concatenation. Transaction oriented (no connection setup). Three transaction classes: Class 0: Unreliable send with no response. Used for Push. Class 1: Reliable send with no response. Used for reliable push. Class 2: Send with one reliable response or ack. Wireless Datagram Protocol (WDP): Hides the details of different bearers. May fragment. 17-26

Wireless Transport Layer Security (WTLS) Provides security between mobile device and WAP gateway Provides data integrity, privacy, authentication Based on TLS Compressed data structures, Compressed Certificate format Packet based rather than stream based design WAP gateway translates WTLS / TLS. Wireless may not be IP. WAP V2.0 uses TLS end-to-end Ref: http://en.wikipedia.org/wiki/wireless_transport_layer_security 17-27

WTLS Protocol Architecture Key Exchange and Signature: RSA, ECC (Elliptic) D-H to generate pre-master-secret Encryption: DES, 3DES, RC5 Message Digest: MD5, SHA-1 17-28

WAP2 End-to to-end Security over IP 1. Gateway simply forwards encrypted messages. Does not decrypt. 2. Gateway can act as a router. Assumes both sides are IP-based. 17-29

WAP2 End-to to-end Security over IP (Cont) 3. WAP gateway redirection is allowed. Client connects through an external WAP gateway Application server may request that client connect through private gateway 17-30

Summary 1. 802.11 LANs consist of Basic Service Areas connected via a wired distribution system into an Extended Service Area 2. 802.11 originally used Wired Equivalent Privacy (WEP) which used RC4 for encryption and CRC-32 for MAC. Both were trivial to attack. 3. TKIP or WPA provides per-packet key and 64-bit MIC using RC4. 4. RSN or WPA2 provides stronger encryption and authentication using AES. 5. WAP allows information access via mobile devices. It consists of a session, transaction, and datagram protocol layers. 6. WTLS is used for protection over wireless links. 17-31

Homework 17 WEP assumed all devices in the network share a secret key. The purpose of the authentication scenario is for the STA to prove that it possesses the secret key. As shown in the figure below, the STA sends a message to AP requesting authentication. The AP issues a challenge, which is a sequence of 128 random bytes sent as plain text. The STA encrypts the challenge with the shared key and returns it to the AP. The AP decrypts the incoming value and compares it to the challenge that it sent. If there is a match, the AP confirms that authentication has succeeded. a. This authentication scheme is one-sided. How can it be made mutual? b. What information does it provide to an attacker making it easy to attack? c. The encryption scheme is RC4 stream cipher. How can a attacker create a valid response for any challenge after watching just one valid authentication. STA Request Challenge Response Success AP 17-32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback