Docstoc

Wireless Security - Download as PowerPoint

Document Sample
Wireless Security - Download as PowerPoint Powered By Docstoc
					      Wireless Security

       802.11, RFID, WTLS




SMU          CSE 5349/7349
                          802.11
• 802.11 a, b, …
• Components
      – Wireless station
         • A desktop or laptop PC or PDA with a wireless NIC.
      – Access point
         • A bridge between wireless and wired networks
             – Radio
             – Wired network interface (usually 802.3)
             – Bridging software
         • Aggregates access for multiple wireless stations to
           wired network.

SMU                         CSE 5349/7349
                   802.11 modes
• Infrastructure mode
      – Basic Service Set
         • One access point
      – Extended Service Set
         • Two or more BSSs forming a single subnet.
      – Most corporate LANs in this mode.
• Ad-hoc mode (peer-to-peer)
      – Independent Basic Service Set
      – Set of 802.11 wireless stations that
        communicate directly without an access point.
         • Useful for quick & easy wireless networks.

SMU                           CSE 5349/7349
         Infrastructure mode



                                              Access Point



      Basic Service Set (BSS) –
                                                             Station
              Single cell


                                           Extended Service Set (ESS) –
                                                   Multiple cells



SMU                        CSE 5349/7349
             Ad-hoc mode




      Independent Basic Service Set (IBSS)



SMU                   CSE 5349/7349
  Open System Authentication
• Service Set Identifier (SSID)
• Station must specify SSID to Access Point
  when requesting association.
• Multiple APs with same SSID form
  Extended Service Set.
• APs broadcast their SSID.



SMU               CSE 5349/7349
           MAC Address Locking
• Access points have Access Control Lists
  (ACL).
• ACL is list of allowed MAC addresses.
      – E.g. Allow access to:
         • 00:01:42:0E:12:1F
         • 00:01:42:F1:72:AE
         • 00:01:42:4F:E2:01
• But MAC addresses are sniffable and
  spoofable.
• Access Point ACLs are ineffective control.
SMU                        CSE 5349/7349
         Interception Range
                                              Station outside
                                            building perimeter.




      Basic Service Set (BSS) –
              Single cell




SMU                         CSE 5349/7349
                 Interception
• Wireless LAN uses radio signal.
• Not limited to physical building.
• Signal is weakened by:
      – Walls
      – Floors
      – Interference
• Directional antenna allows interception
  over longer distances.

SMU                    CSE 5349/7349
              Directional Antenna
• Directional antenna provides focused
  reception.
• D-I-Y plans available.
      – Aluminium cake tin.
      – 11 Mbps at 750 meters.




      – http://www.saunalahti.fi/~elepal/antennie.html

SMU                            CSE 5349/7349
       802.11b Security Services
• Two security services provided:
      – Authentication
         • Shared Key Authentication
      – Encryption
         • Wired Equivalence Privacy




SMU                        CSE 5349/7349
       Wired Equivalence Privacy
• Shared key between
      – Stations.
      – An Access Point.
• Extended Service Set
      – All Access Points will have same shared key.
• No key management
      – Shared key entered manually into
         • Stations
         • Access points
         • Key management a problem in large wireless LANs

SMU                        CSE 5349/7349
                            RC4
Refresher:
      – RC4 uses key sizes from 1 bit to 2048 bits.
      – RC4 generates a stream of pseudo random bits
         • XORed with plaintext to create ciphertext.




SMU                        CSE 5349/7349
               WEP – Sending
• Compute Integrity Check Vector (ICV).
   – Provides integrity
   – 32 bit Cyclic Redundancy Check.
   – Appended to message to create plaintext.
• Plaintext encrypted via RC4
   – Provides confidentiality.
   – Plaintext XORed with long key stream of pseudo random
      bits.
   – Key stream is function of
       • 40-bit secret key
       • 24 bit initialisation vector (more later)
• Ciphertext is transmitted.

SMU                      CSE 5349/7349
            Initialization Vector
• IV must be different for every message
  transmitted.
• 802.11 standard doesn’t specify how IV is
  calculated.
• Wireless cards use several methods
      – Some use a simple ascending counter for each
        message.
      – Some switch between alternate ascending and
        descending counters.
      – Some use a pseudo random IV generator.
SMU                     CSE 5349/7349
                 WEP Encryption
                                                          IV
Initialisation
 Vector (IV)                           Key Stream
                 ||          PRNG
                      Seed                               Cipher
Secret key
                                                         text
Plaintext
                                             ||
                      32 bit CRC
                                      ICV
                                                        Message

   SMU                       CSE 5349/7349
               WEP – Receiving
• Ciphertext is received.
• Ciphertext decrypted via RC4
      – Ciphertext XORed with long key stream of
        pseudo random bits.
• Check ICV
      – Separate ICV from message.
      – Compute ICV for message
      – Compare with received ICV


SMU                     CSE 5349/7349
      Shared Key Authentication
• When station requests association with
  Access Point
      – AP sends random number to station
      – Station encrypts random number
         • Uses RC4, 40 bit shared secret key & 24 bit IV
      – Encrypted random number sent to AP
      – AP decrypts received message
         • Uses RC4, 40 bit shared secret key & 24 bit IV
      – AP compares decrypted random number to
        transmitted random number

SMU                        CSE 5349/7349
             Security - Summary
• Shared secret key required for:
      – Associating with an access point.
      – Sending data.
      – Receiving data.
• Messages are encrypted.
      – Confidentiality.
• Messages have checksum.
      – Integrity.
• But SSID still broadcast in clear.

SMU                        CSE 5349/7349
                  Security Attacks
•   Targeted network segment
      – Free Internet
      – Malicious use of identity
      – Access to other network resources
•   Malicious association
      – Host AP
•   Interference Jamming
      – Easy to jam the signals
      – DOS through repeated, albeit unsuccessful access requests
        (management messages are not authenticated. Egs. Wlan-jack)
      – DoS through disassociation commands
      – Interference with other appliances (2.4 G spectrum)
•   Attack against MAC authentication
      – Can spoof MAC with loadable firmware
      – Defense?
•   Vulnerability through ad hoc mode

SMU                              CSE 5349/7349
              802.11 Insecurities
• Authentication – two options
      – Open
      – Shared-key
      – Shared-key more insecure?
• Static key management
      – If one device is compromised/stolen, everyone should
        change the key
      – Hard to detect
• WEP keys
      – 40 or 128 can be cracked in less than 15 minutes

SMU                         CSE 5349/7349
              IV Collision attack
• If 24 bit IV is an ascending counter,
      – If Access Point transmits at 11 Mbps, IVs
        exhausted in roughly 5 hours.
• Passive attack:
      – Attacker collects all traffic
      – Attacker could collect two encrypted messages:
         • If two messages EM1, EM2, both encrypted with same
           key stream ( same key and same IV)
         • EM1  EM2 = M1  M2
         • Effectively removes the key stream
         • Can now try to derive plaintext messages


SMU                         CSE 5349/7349
               Limited WEP keys
• Some vendors allow limited WEP keys
      – User types in a password
      – WEP key is generated from passphrase
      – Passphrases creates only 21 bits of 40 bit key.
         • Reduces key strength to 21 bits = 2,097,152
         • Remaining 19 bits are predictable.
         • 21 bit key can be brute forced in minutes.




SMU                        CSE 5349/7349
         Brute Force Key Attack
• Capture ciphertext.
      – IV is included in message.
• Search all 240 possible secret keys.
      – 1,099,511,627,776 keys
      – ~200 days on a modern laptop
• Find which key decrypts ciphertext to
  plaintext.


SMU                      CSE 5349/7349
                   128 bit WEP
• Vendors have extended WEP to 128 bit
  keys.
      – 104 bit secret key.
      – 24 bit IV.
• Brute force takes 10^19 years for 104-bit
  key.
• Effectively safeguards against brute force
  attacks.

SMU                      CSE 5349/7349
                  IV weakness
• WEP exposes part of PRNG input.
      – IV is transmitted with message.
• Initial keystream can be derived
      – TCP/IP has fixed structure at start of packets
• Attack is practical.
• Passive attack.
      – Non-intrusive.
      – No warning.

SMU                      CSE 5349/7349
                      Wepcrack
• First tool to demonstrate attack using IV
  weakness.
      – Open source
• Three components
      – Weaker IV generator.
      – Search sniffer output for weaker IVs & record
        1st byte.
      – Cracker to combine weaker IVs and selected 1st
        bytes.

SMU                     CSE 5349/7349
                       Airsnort
• Automated tool
      –   Does it all!
      –   Sniffs
      –   Searches for weaker IVs
      –   Records encrypted data
      –   Until key is derived.




SMU                      CSE 5349/7349
                Safeguards
•   Security Policy & Architecture Design
•   Treat as untrusted LAN
•   Discover unauthorised use
•   Access point audits
•   Station protection
•   Access point location
•   Antenna design

SMU                 CSE 5349/7349
      Wireless as Untrusted LAN
• Treat wireless as untrusted.
      – Similar to Internet.
• Firewall between WLAN and Backbone.
• Extra authentication required.
• Intrusion Detection
      – WLAN / Backbone junction.
• Vulnerability assessments


SMU                      CSE 5349/7349
          Discover Unauthorised Use
• Search for unauthorised access points or ad-hoc
  networks
• Port scanning
      – For unknown SNMP agents.
      – For unknown web or telnet interfaces.
• Warwalking!
      –   Sniff 802.11 packets
      –   Identify IP addresses
      –   Detect signal strength
      –   May sniff your neighbours…

SMU                          CSE 5349/7349
                 Location of AP
• Ideally locate access points
      – In centre of buildings.
• Try to avoid access points
      – By windows
      – On external walls
      – Line of sight to outside
• Use directional antenna to “point” radio
  signal.

SMU                       CSE 5349/7349
              IPSec VPN
• IPSec client placed on every PC connected
  to the WLAN
• Filters to prevent traffic from reaching
  anywhere other than VPN gateway and
  DHCP/DNS server
• Can combine user authentication also




SMU               CSE 5349/7349
                     IEEE 802.11i
• A new framework for wireless security
      – Centralized authentication
      – Dynamic key distribution
      – Will apply to 802.11 a,b & g
• Uses 802.1X as authentication framework
      – Extensible Authentication Protocol (EAP), RFC 2284
        (EAP-TLS & LEAP)
      – Mutual authentication between client and authentication
        server (RADIUS)
      – Encryption keys dynamically derived after authentication
      – Session timeout triggers reauthentication

SMU                          CSE 5349/7349
802.11i – Encryption Enhancements

• Temporal Key Integrity Protocol (TKIP)
      –   RC4 still used
      –   Per-packet keys
      –   Hash functions for MIC instead of CRC 32
      –   Only firmware upgrade required
• AES
      – AES cipher replaces RC4
      – Will require new hardware


SMU                       CSE 5349/7349

				
DOCUMENT INFO