Wireless Network Security Spring 2016

Similar documents
Wireless Network Security Spring 2015

Mobile Security Fall 2013

Chapter 24 Wireless Network Security

The security of existing wireless networks

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Wireless Network Security

Wireless Network Security

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Network Encryption 3 4/20/17

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Physical and Link Layer Attacks

Chapter 17. Wireless Network Security

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Wireless LAN Security. Gabriel Clothier

Wireless Security Security problems in Wireless Networks

Securing Your Wireless LAN

What is Eavedropping?

WPA Passive Dictionary Attack Overview

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

Security in IEEE Networks

WPA-GPG: Wireless authentication using GPG Key

Configuring Layer2 Security

FAQ on Cisco Aironet Wireless Security

Troubleshooting WLANs (Part 2)

Network Security. Thierry Sans

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy CCS 2017, 1 October 2017

05 - WLAN Encryption and Data Integrity Protocols

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

WLAN Roaming and Fast-Secure Roaming on CUWN

Appendix E Wireless Networking Basics

Table of Contents 1 WLAN Security Configuration Commands 1-1

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Wireless Attacks and Countermeasures

How Insecure is Wireless LAN?

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Configuring Authentication Types

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

KRACKing WPA2 in Practice Using Key Reinstallation Attacks. Mathy BlueHat IL, 24 January 2018

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Open System - No/Null authentication, anyone is able to join. Performed as a two way handshake.

Configuring Cipher Suites and WEP

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Cisco Desktop Collaboration Experience DX650 Security Overview

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

Section 4 Cracking Encryption and Authentication

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

COSC4377. Chapter 8 roadmap

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Exam Questions CWSP-205

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Configuring the Client Adapter through Windows CE.NET

CSC 4900 Computer Networks: Security Protocols (2)

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

IEEE i and wireless security

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

Standard For IIUM Wireless Networking

Wireless technology Principles of Security

Lab Configure Enterprise Security on AP

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Cisco Exactexams Questions & Answers

WarDriving. related fixed line attacks war dialing port scanning

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Cisco Questions & Answers

Securing a Wireless LAN

A Comparison of Data-Link and Network Layer Security for IEEE Networks

Configuring WEP and WEP Features

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Mathy Vanhoef, PhD Wi-Fi Alliance meeting Bucharest, 24 October 2017

Secure Initial Access Authentication in WLAN

Configuring a WLAN for Static WEP

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Vulnerability issues on research in WLAN encryption algorithms WEP WPA/WPA2 Personal

Wireless Network Security Spring 2011

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

CS 393/682 Network Security

3 Data Link Layer Security

Wireless KRACK attack client side workaround and detection

Endpoint Security - what-if analysis 1

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Link Security A Tutorial

Wireless Network Security

Improved KRACK Attacks Against WPA2 Implementations. Mathy OPCDE, Dubai, 7 April 2018

Security Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router

Configuring a VAP on the WAP351, WAP131, and WAP371

Secure Wireless LAN Design and Deployment

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

Overview of Security

TestsDumps. Latest Test Dumps for IT Exam Certification

Security Setup CHAPTER

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

LESSON 12: WI FI NETWORKS SECURITY

Wireless Networked Systems

Hooray, w Is Ratified... So, What Does it Mean for Your WLAN?

Multipot: A More Potent Variant of Evil Twin

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Transcription:

Wireless Network Security Spring 2016 Patrick Tague Class #7 WiFi Security 1

Announcements Please do HW#2 in using the stable OMNET++ 4.6, not the beta version. Porting has proven difficult... Form project teams. Register project teams. 2

WLAN/WiFi security Class #7 WiFi vulnerabilities 3

WiFi Link Security WiFi link security focuses primarily on access control and encryption In private WiFi systems, access is controlled by a shared key, identity credentials, or proof of payment Most often, authentication is of user/device only, but mutual authentication may be desired/required by some users/devices Confidentiality and integrity over the wireless link Shared medium among untrusted WiFi users

Device AP Private WiFi Networks Local AAA Server Home AAA Server Credentials Access Network Credentials Internet Credentials Authorization Decision and master key for access point Decision and master key for access point Authorization Decision Key Derivation Key Derivation Internet Access

Wired Equivalent Privacy As name suggests, WEP aims to make the easy task of accessing WLAN much more difficult, as in wired WEP provides encryption and authentication Authentication is challenge-response to prove knowledge of a shared secret key Encryption is based on RC4 stream cipher using same key IV Shared Key RC4 msg + ICV K C IV Shared Key IV RC4 msg + ICV K M E{msg + ICV} IV E{msg + ICV} R IV Shared Key RC4 K M msg + ICV

WEP Authentication Challenge-response authentication w/ XOR Issue 1: auth is not mutual Issue 2: auth + enc use same secret key Issue 3: auth only occurs on initial connection Issue 4: RC4 w/ XOR Attacker can obtain C and R = C XOR K, thereby getting K Can authenticate in future sessions using same IV from R Since secret key is shared, attacker can spoof anyone

WEP Integrity Protection Integrity protection is based on the Integrity Check Value (ICV) which is based on CRC Encrypted message is (M CRC(M)) XOR K CRC is linear, i.e., CRC(X XOR Y) = CRC(X) XOR CRC(Y) Uh oh... ((M CRC(M)) XOR K) XOR (DM CRC(DM)) = ((M XOR DM) (CRC(M) XOR CRC(DM))) XOR K = ((M XOR DM) CRC(M XOR DM)) XOR K Also, WEP doesn't provide replay protection

WEP Confidentiality Confidentiality is handled by the WEP IV Issue 1: 24 bits IVs repeat every few hours per user All users have the same secret key... Issue 2: IV = 0; for each packet: IV++; Pseudo-random sequences are same for every user Attacker can inject messages on time Issue 3: Inappropriate use of RC4 Weak keys as RC4 seeds allow inference of key bits Experts: always throw away first 256B of RC4 output WEP doesn't do this + small number IVs = weak keys encountered attacker can recover entire secret key

So, WEP is completely broken. How did we solve the WEP problem?

IEEE 802.11i IEEE specification for robust network security Authentication and access control based on 802.1x Integrity protection and confidentiality mechanisms based on AES to replace RC4

802.1x Authentication and access control standard Designed for wired LAN, but extended to WLAN Supplicant: authentication and authorization entity on the wireless device requesting access N1, N4 Interfaces Authenticator: authentication and authorization entity in the wired access network (AP/BS or router) N2 Interface N3 Interface Account Authority: trusted third party in the access network or Internet; can authenticate credentials and authorize service types; may handle key management

NAC Protocols Protocols involved in NAC Extensible Authentication Protocols (EAP) End-to-end auth. between device and account authenticator Supports a variety of client-server authentication methods IEEE 802.1x (extended to 802.11i) Carries EAP over the wireless LAN link (EAPoL) between device and AP 802.11i requires session key per station, not in wired due to per-wire ports Radius Transports EAP between AP and account authenticator Carries provisioned keys, etc. between AP and account authenticator

Beyond the Shared Key STA and AP share pairwise master key (PMK) used to derive pairwise transient key (PTK) PTK = data encrypt key (DEK), data integrity key (DIK), key encrypt key (KEK), key integrity key (KIK) Four-way handshake using nonces AP sends nonce to STA, STA computes PTK STA sends nonce and MIC using KIK to AP AP computes PTK, verifies MIC, sends MIC + SN (for replay protection) to STA, ready STA verifies MIC, ACK for ready AP and all STAs also share group transient key (GTK)

But, RC4 and AES were implemented in hardware, so the upgrade couldn't happen overnight

WiFi Protected Access Temporal Key Integrity Protocol TKIP 802.11i using RC4 instead of AES Immediate firmware upgrade allowed for use of TKIP WPA is the subset of 802.11i supported through TKIP Auth and access control in WPA and 802.11i are the same Integrity and confidentiality are TKIP-based WPA2 is full 802.11i implementation WPA2 still has some weaknesses.

So what kind of attacks are possible?

Fake AP Threats Internet Open AP SSID Network X Open AP SSID Attacker Network X Laptop Laptop w/ policy to Connect to any Network open AP X

Fake AP Threats in Enterprise Intranet Internet Enterprise AP SSID Company WiFi Personal AP SSID My WiFi Laptop w/ policy to Connect to Company to My WiFi WiFi

Another Interesting Attack Inverse Wardriving [Beetle & Potter, shmoo.com] Wardriving is using a WiFi client to find open APs to get free service to the Internet Inverse Wardriving is using a Fake AP to find WiFi clients that will connect to it What if the client has an unpatched vulnerability? IW can be used to locate vulnerable clients and exploit them E.g., infect them with a worm Creating a Fake AP is very easy, especially using tools like Airsnarf or similar KARMA attack = probe sniffing + Inverse Wardriving

What about insider threats?

Hole196 Vulnerability Discovered in 2010 by Md. Sohail Ahmad of AirTight Security Named for the page number in IEEE 802.11-v2007 Malicious insider can misuse the GTK Ex: ARP poisoning using the GTK allows the insider to advertise itself as the gateway, tricking them into redirecting their data to the insider via the AP [Image from AirTight Networks whitepaper]

Hole196 DoS Vulnerability Hole196 also involves a DoS vulnerability Insider can use the replay protection framework in WPA2 to DoS another device Broadcast GTK-encrypted packet with higher sequence number than the current counter value All clients will update their counter to the new value All legitimate broadcast with sequence number below the attacker's value will be dropped

More Hole196 Issues The insider can launch a number of other attacks using the Hole196 vulnerability Including other malicious payload in spoofed GTKencrypted packets can lead to higher-layer exploits Ex: IP layer attacks on a specific IP address, TCP reset, TCP indirection, DNS manipulation, port scanning, malware injection, privilege escalation See the AirTight Networks whitepaper for details 24

Client isolation Patching Hole196 (1) Some controllers and APs can logically separate clients from each other, preventing data traffic from the victim to the insider when both are connected to the same AP or controller domain Not a complete solution, as variants of ARP poisoning and MitM can bypass client isolation Not standardized, so implementations are proprietary and likely vary among vendors

Don't use the GTK Patching Hole196 (2) Most controller-based WLAN architectures don't use the GTK for anything, as the AP doesn't transmit broadcast traffic Vendors can circumvent the vulnerability by replacing the GTK with a unique (random) value for each client Neutralizes the Hole196 vulnerability with no associated overhead If the AP sends broadcast traffic, it will have to be encrypted using the unique values and unicasted

WIPS Patching Hole196 (3) Wireless intrusion prevention systems can provide a protective layer to detect GTK-based attacks and block them until the vulnerability is patched

Summary WiFi security is fairly mature, but still not completely understood, partially due to ubiquity and partially due to complexity

Feb 4: Project Intro Presentations 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback