CE Advanced Network Security Wireless Security

Similar documents
Overview of Security

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CE Advanced Network Security

2013 Summer Camp: Wireless LAN Security Exercises JMU Cyber Defense Boot Camp

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Attacks and Countermeasures

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

A Configuration Protocol for Embedded Devices on Secure Wireless Networks

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Wireless Security Security problems in Wireless Networks

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

How Insecure is Wireless LAN?

Analyzing Wireless Security in Columbia, Missouri

How crypto fails in practice? CSS, WEP, MIFARE classic. *Slides borrowed from Vitaly Shmatikov

Security in IEEE Networks

5 Tips to Fortify your Wireless Network

Network Security - ISA 656 Review

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Stream Ciphers. Stream Ciphers 1

Chapter 24 Wireless Network Security

Wireless Network Security

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

05 - WLAN Encryption and Data Integrity Protocols

Network Encryption 3 4/20/17

Configuring WEP and WEP Features

CSC 4900 Computer Networks: Security Protocols (2)

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

NETWORK SECURITY. Ch. 3: Network Attacks

LESSON 12: WI FI NETWORKS SECURITY

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

Wireless technology Principles of Security

Security in Data Link Protocols

Wireless Security Algorithms

CS 161 Computer Security

WPA Migration Mode: WEP is back to haunt you

Computer and Network Security

Wireless Network Security

Appendix E Wireless Networking Basics

Network Security. Thierry Sans

Wireless Security. Training materials for wireless trainers

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

Wireless and Mobile Networks Reading: Sections 2.8 and 4.2.5

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Wireless LAN Security. Gabriel Clothier

Implementing Cryptography: Good Theory vs. Bad Practice

Hacking Air Wireless State of the Nation. Presented By Adam Boileau

Wireless Security and Monitoring. Training materials for wireless trainers

Cryptography ThreeB. Ed Crowley. Fall 08

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

network security s642 computer security adam everspaugh

Wireless Network Security Spring 2011

Security and Authentication for Wireless Networks

Wireless Networking. Chapter The McGraw-Hill Companies, Inc. All rights reserved

COSC4377. Chapter 8 roadmap

Internet Security in my Crystal Ball

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

WarDriving. related fixed line attacks war dialing port scanning

Temporal Key Integrity Protocol: TKIP. Tim Fielder University of Tulsa Tulsa, Oklahoma

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with SRX 400. User Guide WIRELESS WMP54GX4. Model No.

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Cryptanalysis. Ed Crowley

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Introduction to Computer Security

ECHONET Lite SPECIFICATION. ECHONET Lite System Design Guidelines 2011 (2012) ECHONET CONSORTIUM ALL RIGHTS RESERVED

Wireless Network Security Spring 2015

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Chaos Communication Congress (CCC), 27 December 2017

Lecture 13 Page 1. Lecture 13 Page 3

CSCD 433/533 Advanced Networking

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

KRACKing WPA2 by Forcing Nonce Reuse. Mathy Nullcon, 2 March 2018


What is Eavedropping?

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

U S E R M A N U A L b/g PC CARD

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Integrating Wireless into Campus Networks

Review. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD

Wireless-N. User Guide. USB Network Adapter WUSB300N WIRELESS. Model No.

Network Security - ISA 656 Routing Security

Steven M. Bellovin AT&T Labs Research Florham Park, NJ 07932

Wireless Router at Home

Best Practice - Protect Against TCP SYN Flooding Attacks with TCP Accept Policies

Wireless Network Security Spring 2016

An introduction to wireless security at home, on the road and on campus. Sherry Callahan and Kyle Crane

CIT 380: Securing Computer Systems. Network Security Concepts

Network Security. Security in local-area networks. Radboud University Nijmegen, The Netherlands. Autumn 2014

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter. User Guide WIRELESS WUSB54G. Model No.

Securing Wireless Networks by By Joe Klemencic Mon. Apr

Security in Data Link Protocols

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Wireless MAXg Technology

Transcription:

CE 817 - Advanced Network Security Wireless Security Lecture 23 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other sources. Reference is noted on the bottom of each slide, when the content is fully obtained from another source. Otherwise a full list of references is provided on the last slide.

Wireless Security What is Wireless Security? The usual: confidentiality, integrity, availability? 2

Confidentiality Obvious danger it s easy to intercept traffic Obvious countermeasure cryptography 3

Integrity At first glance, integrity seems ok This is radio how can an attacker change messages in mid-packet? Solution: the Evil Twin (or Sybil ) attack 4

Wireless Architecture The obvious architecture is pure peer-to-peer each machine has a radio, and talks directly to any other machine In fact, 802.11 (WiFi) can work that way, but rarely does More common scenario: base stations (also known as access points) IBSS (ad hoc) mode BSS (infrastructure) mode [Bellovin06, Shmatikov] 5

Access Points An ordinary wireless node associates with an access point (AP) More precisely, it associates with the AP having a matching network name (if specified) and the strongest signal If another AP starts sending a stronger signal (probably because the wireless node has moved), it will re-associate with the new access point All transmissions from the laptop go to the access point All transmissions to the laptop come from the access point 6

Access Point SSID Service Set Identifier (SSID) is the name of the access point By default, access point broadcasts its SSID in plaintext beacon frames every few seconds Default SSIDs are easily guessable Linksys defaults to linksys, Cisco to tsunami, etc. This gives away the fact that access point is active Access point settings can be changed to prevent it from announcing its presence in beacon frames and from using an easily guessable SSID But then every user must know SSID in advance [Shmatikov] 7

Example You could find defaults easily: Netgear 802.11 DS products, ME102 and MA401 Default SSID: Wireless Default Channel: 6 Default IP address: 192.168.0.5 Default WEP: Disabled Default WEP KEY1: 11 11 11 11 11 Default WEP KEY2: 20 21 22 23 24 Default WEP KEY3: 30 31 32 33 34 Default WEP KEY4: 40 41 42 43 44 Default MAC: 00:30:ab:xx:xx:xx [http://www.wardriving.ch/hpneu/info/doku/ssiddefaults.txt] 8

Which AP? Which AP is your laptop associated with? Which network (SSID)? Many people know neither My ISP is Linksys Those who specify anything specify the SSID 9

The Evil Twin Attack Simplest way: carry an access point with you Simpler solution: many laptops can emulate access points On Linux, use: iwconfig eth0 mode Master Force others to associate with your laptop, and send you all their traffic... 10

Why This Works Conventionally, we worry about authenticating the client to the server Here, we need to authenticate the server to the client The infrastructure wasn t designed for that; more important, users don t expect to check for it (and have no way to do so in any event) 11

Integrity Attacks We now see how to do integrity attacks We don t tinker with the packet in the air, we attract it to our attack node You don t go through strong security, you go around it 12

Availability Simple version: black-hole evil twin Sophisticated version: battery exhaustion 13

Black Holes Emulate an access point Hand out IP addresses Do nothing with received packets More subtly, drop 10-15% of them connections will work, but very slowly 14

Battery Exhaustion Wi-Fi is also a power-hungry technology that can cause phone batteries to die quickly in some cases, within an hour or two of talk time. When you turn on the Wi-Fi it does bring the battery life down, said Mike Hendrick, director of product development for T-Mobile. New York Times, 27 November 2006 15

Battery Exhaustion Send your enemy large ping packets The reply packets will be just as big and transmitting such packets uses a lot of power The more you transmit, the more power often battery power you use up 16

WEP

WEP Using a Flawed Cipher in a Bad Way for the Wrong Application It was obvious from the start that some crypto was needed Choice: WEP Wireline Equivalent Privacy for 802.11 networks Many different mistakes Case study in bad crypto design 18

Datagrams and Stream Ciphers WEP uses RC4 because RC4 is very efficient But 802.11 is datagram-oriented --> Must rekey for every packet But you can t reuse a stream cipher key on different packets... 19

Key Setup 20

Key Setup for WEP Each WEP node keeps a 24-bit packet counter (the IV) Actual cipher key is configured key concatenated with counter Two different flaws... 2^24 packets isn t that many you still get key reuse when the packet counter overflows RC4 has a cryptanalytic flaw But it s worse than that 21

Cryptanalysis of RC4 In 2001, Fluhrer, Mantin and Shamir showed that RC4 could be cryptanalyzed if the keys were close to each other a related key attack Because of the IV algorithm, they are close in WEP Key recovery attacks are feasible and have been implemented 22

IV Replay Suppose you recover the complete plaintext of a single packet You can generate new packets that use the same counter Receiving nodes don t and can t check for rapid counter reuse Indefinite forgery! 23

Packet Redirection Suppose you know (or can guess) the destination IP address of a packet Because RC4 is a stream cipher, you can make controlled changes to the plaintext by flipping ciphertext bits Flip the proper bits to send the packet to you instead, and reinject it 24

Checksums WEP does use a checksum However, it s a CRC rather than a cryptographic hash It s also unkeyed Result: it s feasible to compensate for plaintext changes without disturbing the checksum 25

The Biggest Flaw in WEP There s no key management; all users at a site always share the same WEP key. --> You can t rekey when the counter overflows --> Everyone shares the same key; if it s cryptanalyzed or stolen or betrayed, everyone is at risk --> It s all but impossible to rekey a site of any size, since everyone has to change their keys simultaneously and you don t have a secure way to provide the new keys 26

What WEP Should Have Been Use a block cipher in CBC mode Use a separate key per user, plus a key identifier like the SPI Provide dynamic key management WPA WiFi Protected Access is better than WEP; forthcoming wireless security standards will use AES. 27

War-Driving

War-Driving Put a laptop in network (SSID) scanning mode Drive around a neighborhood looking for access points Perhaps include a GPS receiver to log locations Detect presence or absence of WEP 29

Unprotected Networks! Statistics show that only O(1/3) use even WEP The rest tend to be wide open Many people don t change or hide the SSID 30

The Consequences Some incidence of theft of service (Is it war-driving a crime? Unclear under US law) Sometimes done to hide criminal activity 31

Network Access Control

No Perimeter The fundamental difference: there s no physical boundary On a wired net, physical access control can compensate for lack of technical security Most of the attacks are the same, for wired or wireless nets 33

Tracing Attacks With wired networks, you can trace an attack to a given switch port With wireless networks, you can trace an attack to a given AP, but the AP might serve hundreds or thousands of square meters No good way to trace all you can do is log and block MAC addresses 34

MAC Address Filtering Can allow or block endpoints based on MAC address However MAC address spoofing is pretty easy Evade blocks and/or impersonate accepted hosts What s accepted? Look for machines that receive non-syn TCP packets 35

Clayton s Spoofing Attack Impersonate a known-good IP and MAC address TCP replies will go to the real owner and the fake one The real one will send out a TCP RST packet Build a circuit that listens for the bit pattern of the RST and sends a jam signal instead 36

Windows XP SP2 and Spoofing With SP2, the built-in firewall blocks most inbound packets In particular, it only allows in replies to outbound packets The TCP reply packets don t match any outbound connections TCP never sees the reply, and hence doesn t generate RST No need for Clayton s attack 37

Network Access Control Fundamentally, the problem is network access control We have none with wireless Usual solution: let people onto your network, but require some sort of Webbased login 38

Evil Twin Redux Set up your evil twin in a hotspot Intercept the login session and/or the registration Registration often involves a credit card... 39

Living with Wireless For residential use, turn off SSID broadcast (Hard to do in an enterprise) Put your wireless net outside the firewall Use WEP it s still (marginally) better than nothing Better yet, use WPA Use end-to-end crypto Check the certificate on registration or login pages 40

Acknowledgments/References COMS W4180 Network Security Class Columbia University, Steven Bellovin, 2006. [Shmatikov] CS 378 - Network Security and Privacy, Vitaly Shmatikov, University of Texas at Austin, Fall 2007. 41

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback