Security in IEEE Networks

Similar documents
CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE WIRELESS LAN STANDARD

Wireless Network Security

FAQ on Cisco Aironet Wireless Security

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

05 - WLAN Encryption and Data Integrity Protocols

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Securing Your Wireless LAN

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Wireless LAN Security. Gabriel Clothier

Standard For IIUM Wireless Networking

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Wireless Security i. Lars Strand lars (at) unik no June 2004

Appendix E Wireless Networking Basics

Authentication and Security: IEEE 802.1x and protocols EAP based

Overview of Security

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Chapter 24 Wireless Network Security

COPYRIGHTED MATERIAL. Contents

From wired internet to ubiquitous wireless internet

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Security and Authentication for Wireless Networks

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

The following chart provides the breakdown of exam as to the weight of each section of the exam.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Authentication and Security: IEEE 802.1x and protocols EAP based

Wireless Network Security Spring 2015

Viewing Status and Statistics

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

WLAN Security. รศ. ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D.

Configuring a Wireless LAN Connection

CS 393/682 Network Security

Wireless Network Security Spring 2016

Securing Wireless LANs with Certificate Services

Wireless Attacks and Countermeasures

Configuring the Client Adapter through Windows CE.NET

Stream Ciphers. Stream Ciphers 1

Network Systems. Bibliography. Outline. General principles about Radius server. Radius Protocol

COSC4377. Chapter 8 roadmap

Advanced Security and Mobile Networks

Wireless technology Principles of Security

Chapter 17. Wireless Network Security

CUA-854 Wireless-G Long Range USB Adapter with Antenna. User s Guide

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Securing a Wireless LAN

TestsDumps. Latest Test Dumps for IT Exam Certification

Configuring the Client Adapter through the Windows XP Operating System

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Wireless Network Security

Exam Questions CWSP-205

CSC 4900 Computer Networks: Security Protocols (2)

Exam : PW Title : Certified wireless security professional(cwsp) Version : DEMO

Configuring Cipher Suites and WEP

802.1x. ACSAC 2002 Las Vegas

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

b/g/n 1T1R Wireless USB Adapter. User s Manual

Configuring the Client Adapter

Wireless Networks. Authors: Marius Popovici Daniel Crişan Zagham Abbas. Technical University of Cluj-Napoca Group Cluj-Napoca, 24 Nov.

EEC-682/782 Computer Networks I

Overview. SSL Cryptography Overview CHAPTER 1

Network Security and Cryptography. 2 September Marking Scheme

Wireless Networking Basics. Ed Crowley

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Configuring a VAP on the WAP351, WAP131, and WAP371

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Network Encryption 3 4/20/17

Cisco Wireless LAN Controller Module

Configuring WLANsWireless Device Access

Security in Data Link Protocols

A Comparison of Data-Link and Network Layer Security for IEEE Networks

11B/G Wireless Mini PCI Adapter WL533MAM User s Manual

WarDriving. related fixed line attacks war dialing port scanning

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

CHAPTER SECURITY IN WIRELESS LOCAL AREA NETWORKS

Configuring the WMIC for the First Time

ClearPass QuickConnect 2.0

Security Setup CHAPTER

Cross-organisational roaming on wireless LANs based on the 802.1X framework Author:

Cisco Exam Questions and Answers (PDF) Cisco Exam Questions BrainDumps

Designing AirPort Extreme n Networks

Network Security and Cryptography. December Sample Exam Marking Scheme

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

WPA-GPG: Wireless authentication using GPG Key

Summary on Crypto Primitives and Protocols

Configuring Layer2 Security

Chapter 1 Describing Regulatory Compliance

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

Cisco Desktop Collaboration Experience DX650 Security Overview

Most Common Security Threats (cont.)

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Protected EAP (PEAP) Application Note

3 Data Link Layer Security

Transcription:

Security in IEEE 802.11 Networks Mário Nunes, Rui Silva, António Grilo March 2013

Sumário 1 Introduction to the Security Services 2 Basic security mechanisms in IEEE 802.11 2.1 Hidden SSID (Service Set Identifier) do AP 2.2 MAC address restriction at the Access Point 3 WEP (IEEE 802.11) 4 - IEEE802.11i 4.1 TKIP 4.2 CCMP 5 - IEEE 802.1X 6 Complementary security solutions 6.1 Layer3: Virtual Private Network (VPN) 6.2 Layer4: IP Address Control and Firewall 6.3 Layer 7: Proxy/Gateway

1- Introduction to the Security Services 1. Confidentiality 2. Data Integrity 3. Authentication 4. Non-repudiation 5. Service Availability 6. Access Control

1. Introduction to the Security Services 1. Confidentiality Sender Receiver Transformation Coded! Attacker s Domain

1. Introduction to the Security Services 2. Data Integrity Insertion Transformation Integrity Check Error! Attacker s Domain Receiver s Domain

1. Introduction to the Security Services 3. Authentication To verify the sender s identity Identity Check Ok! Error! Receiver s Domain

1. Introduction to the Security Services 3.1. Digital Certificate issued by Certificate Authority (typical contents): Serial Number: Used to uniquely identify the certificate. Subject: The person, or entity identified. Signature Algorithm: The algorithm used to create the signature. Signature: The actual signature to verify that it came from the issuer. Issuer: The entity that verified the information and issued the certificate. Valid-From: The date the certificate is first valid from. Valid-To: The expiration date. Key-Usage: Purpose of the public key (e.g. encypherment, signature, certificate signing...). Public Key: The public key. Thumbprint Algorithm: The algorithm used to hash the public key certificate. Thumbprint: The hash itself, used as an abbreviated form of the public key certificate.

1. Introduction to the Security Services 4. Non-Repudiation Sending Receipt Reception Receipt Sender s Domain

1. Introduction to the Security Services 5. Service Availability (corresponding attack: denial of service ) Service Access Service Blocking Attacker s Domain

1. Introduction to the Security Services 6. Access Control Access Request Access Request Receiver s Domain User Validation Username/ Password Ok! Error!

2 Basic IEEE 802.11 Mechanisms 2.1 Hidden SSID (Service Set Identifier) by the AP To avoid the periodic broadcast of the Access Point (AP) identity in order to prevent its interception and misuse by an attacker.. 2.2 Restriction of authorized MAC addresses by the Access Point To specify the MAC addresses that are allowed to use the network and associate with the AP.

2.1 Hidden SSID B Beacon, periodically sent by the APs, without SSID SuperFrame SuperFrame B B B t (s)... ; SSID;... Beacon w/o SSID AP Beacon w/o SSID Beacon Frame B AP B SSID??? Beacon w/o SSID B

2.1 Hidden SSID

2.1 Hidden SSID AP A user who knows the SSID, sends a Probe Request The attacker waits for the Probe Response Probe Response includes the SSID!

2.2 MAC Address restriction by the AP Type: SubType: 00 Management Probe 01 Control Beacon 10 Data Association Re/, Des/ 11 Reserved Authentication Des/ RTS, CTS, ACK, CF, CF+ACK Power-Save Poll Protocol Type SubType To From Version DS DS (2bits) (2bits) (4bits) (1bit) (1bit) More Frag. (1bit) Retry (1bit) Distribution System AP AP Pwr. More Mgmt. Data (1bit) (1bit) WEP Order (1bit) (1bit) AP Valid MAC ADDRESS Captured Generic MAC IEEE 802.11 Frame Format Frame Duration/ Address Address Address Sequence Address Frame FCS Control ID 1 2 3 Control 4 Body (2 Octetos) (2 Octetos) (6 Octetos) (6 Octetos) (6 Octetos) (2 Octetos) (6 Octetos) (0-2312 Octetos) (4 Octetos) - The MAC addresses are transmitted in plain text and thus can be captured by the attacker. - Most Wi-Fi cards allow the user to dynamically re-configure the MAC address.

3 - Wired Equivalent Privacy (WEP) Characteristics: - Included in IEEE 802.11 - Symmetric Key protocol - Key distribution is not addressed by the standard - Uses the RC4 cipher Ron Cipher 4 created in 1987 and publicly broken in the Internet in 1994 Supported Services: - Authentication: 1º) Open System Authentication: in means no Authentication 2º) Shared Key Authentication: Performs authentication (Pseudo) based on a shared secret key - Data Integrity: Adds a CRC to the message, sending it encrypted. - Confidentiality: Encrypts the data based on a secret key shared by the communicating parites and the RC4 algorithm.

3 - Wired Equivalent Privacy (WEP) Authentication Shared Key Authentication (request) Authentication (challenge) AP The challenge text is an arbitrary number of 128 bits Authentication (response) Authentication (sucess) Authentication (Failure) Response Check OK! ERRO!

3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [1/3] 1 Collection of <challenge; response> pairs followed by an authentication attempt AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Data Base <c1; r1>... <cn; rn> Attacker s Domain Captured challenge? YES No! Abort!!!

3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [2/3] 2 Collection of <challenge; response> pairs followed by Cryptanalysis Authentication (request) Authentication (challenge) AP Authentication (response) Authentication (sucess) Attacker s Domain Secret Key Data Base <c1; r1>... <cn; rn>

3 - Wired Equivalent Privacy (WEP) Shared Key Authentication Attacks [3/3] 3 Collection of IVs and creation of KeyStream library Note: The Initialization Vector (IV) is a 24 bit string that is sent in plain text and constitutes the first 24 bits of the cipher key AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Data Base <IV 1; KeyStream 1>... <IV n; KeyStream n> IV x <IV x; KeyStream x> <challenge> XOR <response> = <KeyStream> Attacker s Domain

3 - Wired Equivalent Privacy (WEP) RC4 Algorithm - Secret Key - Operation in Two Phases: 1ª) KSA Key Setup Algorithm System Initialization 2ª) PRNG Pseudo-Random Number Generator Byte Encryption in Stream Mode

3 - Wired Equivalent Privacy (WEP) RC4 Algorithm KSA

3 - Wired Equivalent Privacy (WEP) RC4 Algorithm PRNG and Cipher

3 - Wired Equivalent Privacy (WEP) RC4 Algorithm Weakness XOR Function Properties: a XOR b = c c XOR a = b c XOR b = a <Original Message> XOR <KeyStream> = <Ciphertext> <Original Message> XOR <Ciphertext> = <KeyStream> <Ciphertext> XOR <KeyStream> = <Original Message> Since the KeyStream is always the same for the same Key, if we the attacker knows the KeyStream it is not necessary to know the Key in order to calculate the Original Message, based on the Ciphertext. The IVs are used to make the KeyStream variable for the same secret key. E.g. 40-bit secret key + 24-bit IV = 64-bit key

3 - Wired Equivalent Privacy (WEP) Integrity Check Attack on the ICV: Due to CRC-32 s linear properties, it is easy to modify the frame and fix the encrypted CRC-32 accordingly

3 - Wired Equivalent Privacy (WEP) Confidentiality

3 - Wired Equivalent Privacy (WEP) Confidentiality Attack (Eavesdropping) 1º) To collect <IV, KeyStream> pairs - Walker, J. 2000. Unsafe at any key size: an analysis of the WEP encapsulation. IEEE 802.11-00/362. 2º) To explore certain characteristics resulting from the concatenation of the IVs with the Secret Key, which originate Keys with predictable properties in RC4 - Fluhrer, S., I. Martin, and A. Shamir. 2001. Weaknesses in the key scheduling algorithm of RC4. In Eigth Annual Workshop on Selected Areas in Cryptography. FMS attack

3 - Wired Equivalent Privacy (WEP) Confidentiality Attacks: Collection of IVs 802.11b at 11Mbps Method 1: Taking advantage of the Shared Key Authentication messages AP Authentication (request) Authentication (challenge) Authentication (response) Authentication (sucess) Maximum frame length is 2346 bytes 18768 bits 586 frames per second 586/4 authentication procedures per second It takes 114500 seconds (circa 32 hours) to repeat the Ivs (2 24 =16777216) Data Base <IV 1; KeyStream 1>... <IV n; KeyStream n> IV x <IV x; KeyStream x> <challenge> XOR <response> = <KeyStream> Attacker s Domain

3 - Wired Equivalent Privacy (WEP) Confidentiality Attacks: Collection of IVs Method 2: To send know messages from the fixed network to the WLAN and retrieving the Ciphertext at the WLAN. By obtaining the Plaintext and the corresponding Ciphertext, it is possible: 1) To collect <IV, KeyStream> pairs. 2) To obtain the Key based on Cryptanalysis. This method is potentially faster, but requires the attacker s domain to encompass the fixed network (e.g., internal attacker).

3 - Wired Equivalent Privacy (WEP) Problems of WEP key distribution: Key is manually set in the driver. The key cannot be protected from local users. When a user leaves the organization, technically you must change the key information on all stations. What if a station is stolen? For a large organization, there is a need to publish the key which is a security problem.

3 - Wired Equivalent Privacy (WEP) Problems of WEP key distribution (cont.): Weakness in the Key Scheduling Algorithm: http://www.crypto.com/papers/others/rc4_ksaproc.pdf A weakness of RC4 in generating the keystream. Hacker attack: using weak IV to attack a particular byte of the secret portion of the RC4 key. The time to attack is a linear algorithm to the key length. This is a complete break for WEP.

3 - Wired Equivalent Privacy (WEP) WEPCrack breaks 802.11 keys http://wepcrack.sourceforge.net/ AirSnort breaks 802.11 keys Needs only 5-10 million packets http://airsnort.shmoo.com/ NetStumbler access point reconnaissance http://www.netstumbler.com

4 IEEE 802.11i Robust Secure Network 4.1 Temporal Key Interchange Protocol TKIP (WPA - Wi-Fi Protected Access) Employs RC4 as the Cipher basis Supports the improvement of existing WEP products (the user is allowed to configure either WEP or TKIP) Temporary security solution for Wi-Fi 4.2 - Counter Mode-CBC MAC Protocol CCMP Employs AES as the Cipher basis Incompatible with WEP Final security solution implemented in 802.11i WLANs 4.3 Wi-Fi and the introduction of IEEE 802.11i WPA (Wi-Fi Protected Access) WPA2

4.1 Temporal Key Integrity Protocol (TKIP) Problems to Solve Problems detected in WEP 1 Short IV and its Fast Reuse 2 Direct attachment of the IV to the Secret Key FMS Attack 3 Does not use a trustable Integrity Check 4 Use of a Unique Key; There are no Session Keys 5 Does not avoid Message-Replay attacks Solutions implemented in TKIP 1 Extends the IV Dimension to avoid its reuse and the IV generation is based on a counter TSC 2 Generation of a New Session Key for each MPDU 3 Uses a Trustable Integrity Check to avoid message-replay attack 4 Uses a scheme to exchange and distribute Broadcast Keys

4.2 Counter Mode-CBC MAC Protocol (CCMP) Implementation challenge:

4.1 Temporal Key Integrity Protocol (TKIP) IV Generation and Sequence Number System of TKIP - WEP is vulnerable to Message-Replay Attack - The TKIP Solution includes: - Sequence Numbering of each MPDU - MPDUs with lower Sequence Numbers are discarded - The possibility of implementing a Sliding-Window mechanism - Sliding-Windows for 16 MPDUs replay-window - The Sliding-Window records the last well received 16 MPDUs - According to the TCS of the received MPDUs, they are classified as: ACCEPT / REJECT / WINDOW

4.1 Temporal Key Integrity Protocol (TKIP) TKIP MPDU Format:

4.1 Temporal Key Integrity Protocol (TKIP) Message Integrity Check (MIC) Generation for each MSDU Michael Mechanism Integrity Check = Just with CRC???

4.1 Temporal Key Integrity Protocol (TKIP) New Key Generation for each MPDU

4.2 Counter Mode-CBC MAC Protocol (CCMP) Counter Mode-CBC MAC Protocol CCMP: Uses AES as the Cipher basis Adopted for use in 802.11i WLANs Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government in 2002. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively.

4.3. Wi-Fi e IEEE 802.11i Wi-Fi Alliance Strategy for the introduction of 802.11i 1) Interim standard WPA (Wi-Fi Protected Access) - TKIP or AES - 802.1X - For immediate implementation - Changes the SW at the APs and NICs 2) WPA2 - Fully implements 802.11i

5. IEEE 802.1X Logical level solution for all IEEE 802 networks (both cabled and wireless). Based on the access control to logical entities (ports). The AP opens the network port if the Authentication Server (AS) validates the supplicants s authentication data. In the beginning, the AP only opens the AS communication port. Supplicant EAP over LAN Authenticator EAP over RADIUS Authentication Server (RADIUS) EAP - Extensible Authentication Protocol

5. IEEE 802.1X (2) Remaining resources Supplicant AP Authenticator (1) LAN/ VLAN Authentication Server (RADIUS)

5. IEEE 802.1X Extensible Authentication Protocol (EAP) EAP is an IETF standard (RFC 2284) and adopted by IEEE as the basis for 802.1X. It is called the port based network access control. (also known as post-based authentication protocol) EAP supports both wired and wireless authentication. MD5 TLS TTLS LEAP PEAP EAP PPP 802.3 802.11 802.5 TLS: Transport Layer Security TTLS: Tunnel TLS LEAP: Lightweight EAP PEAP: Protected EAP

5. IEEE 802.1X EAP Authentication Methods: MD5 (Message Digest 5) - Username/Password. This is similar to MS_CHAP. TLS (Transport Layer Security) - PKI (certificates), strong authentication TTLS (Tunnel TLS) - Username/Password LEAP - Cisco proprietary lightweight EAP. It is to be phased out in favor of PEAP. PEAP Protected EAP. Supported on Windows XP.

5. IEEE 802.1X EAP over LAN EAP over RADIUS Supplicant AP Authenticator Authentication Server (RADIUS) EAP Start Identity request Identity response EAP Request EAP Response Access request Access challenge Access response EAP Start Ask client for identity Provide identity Pass request to RADIUS Perform sequence defined by authentication method e.g. EAP-TLS, LEAP, etc EAP success EAPoW key Access success Pass session key to AP Deliver broadcast key encrypted with session key Note: Applicable to TKIP or any other system that uses session keys 46

5. IEEE 802.1X New Product: Wireless Switch: It is not cost effective to implement 802.1X on all Access points. It is also a management issue. Authenticator (Wireless Switch) RADIUS Supplicant

5. IEEE 802.1X Client AP Attacker EAP Request EAP Response EAP success MAC Dissociate MAC Associate Dados (1) The client is authenticated at the AP (2) The attacker captures the client s MAC address and sends it Dissociate command, using the AP s MAC address as sender address (it simulates the AP) The client jumps to the Unassociate state, but is still authenticated. (3) The attacker sends an Associate frame with the client s MAC address and is now authenticated (it simulates the client). Nota: It is assumed that the attacker knows the Cipher Key

5. IEEE 802.1X EAP was initially conceived in association with PPP and adapted to 802.1X The AP only allows the EAP traffic into the DS EAP was not conceived for wireless networks - The communication between clients and the AP during the EAP procedures should be encrypted - There may not be mutual authentication

6. Complementary Security Solutions 6.1 Layer3: Virtual Private Network (VPN) 6.2 Layer4: IP Address Control and Firewall 6.3 Layer 7: Proxy

6.1 - Layer3: VPN What is a VPN Secure (encrypted) communication channel between two points (called tunnel) What is Tunneling Putting a packet inside another packet Advantages of VPN Provides secure channel: authentication, privacy and integrity Easy to setup because it uses the same infrastructure Easy to deploy

6.1 - Layer3: VPN VPN: Creation of a Tunnel between the wireless users and the organization s VPN. VPN Gateway LAN Layer 2/3 tunnel over a layer 3 protocol Data (encrypted) VPN Tunnel IP IP Wireless LAN LAN RADIUS server

6.1 - Layer3: VPN Local VPN (company, campus) Public location VPN

6.1 - Layer3: VPN Disadvantages of VPN Overhead: encryption, encapsulation Single failure (Gateway) in the path disconnects the entire network Hard to troubleshoot because headers are encrypted IDS (Intrusion Detection System) is less effective because traffic is encrypted Integration difficulties with NAT (Ipsec Authentication Header only) Not scalable (Gateway must encrypt/decrypt all packets from all users )

6.1 - Layer3: VPN Types of VPNs Layer 2: PPTP (Point-to-Point Tunneling Protocol) L2TP (Layer 2 Tunneling Protocol) Layer 3: IPSec

6.2 Layer4: Router / Firewall LAN temporary IP authentication official IP Security Server Internet 1. Standard WLAN and DHCP procedure for a temporary IP to the wireless station. 2. The temporary IP address is used for authentication only. All other traffic is blocked by the router. 3. After user authentication, the station is given an official IP address which can go through the router. 4. May also register the MAC address to reduce the risk of hacker attack.

6.3 Layer7: Proxy Gateway Security Server LAN Proxy Gateway 1. Standard WLAN and DHCP procedure for an IP address to the wireless station. 2. User types any URL and the request is routed to the security server web page. All other traffic is blocked. Internet 3. After entering account info or credit card, the user is authenticated. 4. The gateway authorizes the traffic from the authenticated station.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback