Developments in Wireless Security Standards and Threats - PDF

Document Sample
Developments in Wireless Security Standards and Threats - PDF Powered By Docstoc
					                              A Seminar for ISACA




    Developments in Wireless
           Security:
     Standards and Threats
            Hugh Callaghan
            Senior Manager
             Ernst & Young
         Risk Advisory Services
              18 April 2007
1           April 19, 2007
Quick straw poll

• How many people use wireless?
• How many aware of any wireless security
  measures in use?
    – Don’t know
    – None
    – WEP
    – WPA
    – 802.11i
    – Other

2                  April 19, 2007
Newsflash: WEP is dead (yet again)

• From TheRegister, April 4
    – “Code breakers have discovered a technique for
      extracting a 104-bit Wired Equivalent Privacy (WEP)
      key in under a minute.”

• WEP crypto attacks long known
    – Rely on capture and analysis of encrypted packets
    – Latest attacks need only 40,000 packets
    – Actual cracking in a few seconds CPU time on PC
    – Article refers to need for WPA …
      … but also acknowledged it is little used
3                    April 19, 2007
Contents

• 802.11 status quo
• Standards overview
• Threats
• Security protocols
• Some leading practice
• Discussion

4                April 19, 2007
Current status of 802.11 wireless

• 802.11 now everywhere
    – In laptops
    – In many PDAs
    – Handheld gaming devices
    – Also in some ‘smart’ phones
    – Mature(ish) Linux support

• Cheap! ~€50 for an access point
• Competition: 802.16d WiMAX?

5                    April 19, 2007
Wireless applications

• ‘Normal’ applications
    – Hotspots – hotels, lounges & cafes
    – Homes!
    – Corporate hot-desking & mobile office
    – Transient networks     (training, conference)
                             (training, conference)

• More novel uses
    – Restaurants
    – Warehouses
    – Security cameras
    – Wireless displays

6                        April 19, 2007
Quick tour of 802.11 standards
                Year       Freq         Speed*   Chan   Radio
                          (GHz)         (Mbps)           tech
     802.11     1997        2.4           1       3     DSSS
    802.11b     1999        2.4           11       3    DSSS
    802.11a     1999         5            54     8-12   OFDM
    802.11g     2003        2.4           54       3    DSSS
    802.11n    2007?       2.4/5         540       ?    MIMO
• No of usable channels varies with frequency
    – Must be “non-overlapping”
    – Typically 1,6,11 for 802.11g
    – Many more for 802.11a
7                      April 19, 2007
Quick tour of 802.11 standards

• Range considerations:
    – Range increases with power
    – 2.4GHz range higher than 5GHz
    – Higher speed, lower range

• Standards hopelessly lagging demand
    – Products based on draft standards
    – Bad of interoperability?
    – 802.11n a case in point!


8                    April 19, 2007
Other 802.11 standards developments

• Other ratified standards extensions
      Protocol       Main feature        Ratified
    – 802.11e        QoS extensions      2005
    – 802.11i        WPA2 (AES)          2005



• Verdict
    – Less confusion over standards (for now!)
    – 802.11g (and n!) the clear European favourite


9                     April 19, 2007
Factors inhibiting corporate adoption

• Concerns about security
• “Why do we need it?”
• Bandwidth constraints
• Reliability
• Poorly defined return on investment
• Financial institutions still reluctant to deploy
     – But often provided as courtesy for visitors

10                      April 19, 2007
Known wireless threats

• Inadvertent bridging of networks
     – Software/firmware solutions

• Unauthorised (‘rogue’) access points
     – Accessible to novices and hackers
     – Rogue AP’s tricky to detect
     – Often invisible on the wired network
     – Products emerging for detection – but costly?

• Vulnerable client devices

11                     April 19, 2007
Known wireless threats

• Compromised encryption
     – Advanced cracking tools (Aircrack, CoWPAtty)
     – Mostly dictionary/brute-force

• Wireless MITM attacks (Wiphishing?)
• Users!
     – Client local administrators
     – Willingness to connect to anything
     – Lack of understanding of risks


12                     April 19, 2007
New wireless threats

• Cisco Wireless Control System
     – Advisory issued April 2007
     – Information disclosure, privilege escalation and
       unauthorised access through fixed credentials

• Client vulnerability
     – August 2006 Intel Centrino driver issue
     – Malformed frames may lead to system compromise
     – No user interaction required
     – Basis of theoretical WiFi worm?

13                     April 19, 2007
Overview of security standards

• WEP
• WPA
• WPA2/802.11i
• Others




14               April 19, 2007
Early “security” standard – WEP

• WEP = wired equivalent privacy
     – Designed to offer basic security
     – But both design and implementation flawed

• Bottom line: WEP is broken
• Freely available hacking tools
     – Compromise a 128-bit WEP key in minutes
     – More media headlines April 2007



15                    April 19, 2007
Security – LEAP

• Cisco standard introduced Nov 2000
• Encryption based on WEP with:
     – Mutual, user-level auth based on MS-CHAP V2
     – Dynamic, per user, per session WEP keys
     – Tuneable WEP session key timeout

• Popular in past, but now broken too
     – AsLeap tool released April 2004



16                    April 19, 2007
Security – 802.1x & EAP

• 802.1x ª LAN port access control standard
     – Enforces port-based authentication
     – Does not provide authentication mechanisms
     – Multiple EAP authentication types allowed
        • EAP-MD5            (1-way auth, static keys – poor)
        • EAP-TLS            (client & server certs)
        • EAP-TTLS           (server certs)
        • PEAP               (tunnels auth data - TLS)
        • EAP-FAST           (Cisco, LEAP replacement)


17                     April 19, 2007
Security – common EAP types
                 EAP-MD5
                 EAP-MD5               LEAP
                                       LEAP                 EAP-TLS
                                                            EAP-TLS             EAP-TTLS
                                                                                EAP-TTLS        PEAP
                                                                                                PEAP



Server
Server           None
                 None                  Password Hash
                                       Password Hash        Public Key
                                                            Public Key          Public Key
                                                                                Public Key      Public Key
                                                                                                Public Key
Authentication
Authentication                                              (Certificate)
                                                            (Certificate)       (Certificate)
                                                                                (Certificate)   (Certificate)
                                                                                                (Certificate)


Supplicant
Supplicant       Password Hash
                 Password Hash         Password Hash
                                       Password Hash        Public Key
                                                            Public Key          CHAP, PAP,
                                                                                CHAP, PAP,      Any EAP, like
                                                                                                Any EAP, like
Authentication
Authentication                                              (Certificate or
                                                            (Certificate or     MS-CHAP(v2),
                                                                                MS-CHAP(v2),    EAP-MS-
                                                                                                EAP-MS-
                                                            Smart Card)
                                                            Smart Card)         EAP
                                                                                EAP             CHAPv2 or
                                                                                                CHAPv2 or
                                                                                                Public Key
                                                                                                Public Key

Dynamic Key
Dynamic Key      No
                 No                    Yes
                                       Yes                  Yes
                                                            Yes                 Yes
                                                                                Yes             Yes
                                                                                                Yes
Delivery
Delivery


Security Risks
Security Risks   Identity exposed,
                  Identity exposed,    Identity exposed,
                                        Identity exposed,   Identity exposed
                                                             Identity exposed   MitM attack
                                                                                MitM attack     MitM attack
                                                                                                MitM attack
                 dictionary attack,
                  dictionary attack,   dictionary attack
                                        dictionary attack
                 MitM attack,
                  MitM attack,
                 session hijacking
                  session hijacking




18                                     April 19, 2007
Security – WPA

• Interim, pre-802.11i standard
     – Introduced 2003 as upgrade for Wi-Fi certified kit
     – Forward compatible with 802.11i

• Better than WEP:
     – Improved encryption     (still RC4)
     – Message integrity       (a.k.a. MICHAEL)
     – Improved IV             (48 bit, plus sequencing rules)
     – Dynamic keys            (TKIP, per packet key functions)
     – Mutual authentication   (802.1x / EAP or pre-shared key)

19                     April 19, 2007
WPA versus WEP
                                WEP             WPA
         Cipher                  RC4             RC4
        Key size            40 or 104 bit       128 bit
           IV                   24 bit          48 bit
       Packet key          Concatenated     Mixing function
      Data integrity           CRC-32          Michael
     Header integrity             No           Michael
      Replay attack               No         IV sequence
     Key managing                 No             Yes



20                     April 19, 2007
Security – WPA2 (802.11i)

• Supersedes interim WPA standard
     – Introduced 2003 as upgrade for Wi-Fi certified kit
     – Forward compatible with 802.11i

• Features
     – All the goodness of WPA …
     – Plus improved AES encryption (up to 256 bit)

• Supported on the majority of new hardware


21                     April 19, 2007
Security – 802.11i 4-way Handshake
                                (Wikipedia)
• EAP handshake yields PMK, still need PTK




22             April 19, 2007
How useful are the top 10 tips?

1. Change default device passwords
2. Limit the extent of wireless coverage
3. Turn on WEP/WPA encryption
4. Change the default SSID
5. Enable MAC address filtering
6. Disable SSID broadcast
7. Use 802.11a equipment
8. Disable DHCP
9. Enable router and client firewalls
10.Turn off the wireless network when not in use

23                      April 19, 2007
Most common security measure?

• None of the above!
     – Previous solutions only work with own access points
     – Do not help in hotspots

• But VPN solutions very common
     – Ignore authentication of access points
     – Use standard encryption (SSL/IPSec)
     – Consistent user experience
     – Works in hotspots, home, office …


24                     April 19, 2007
Wireless leading practice

• If you don’t use 802.1X, deploy AP’s on DMZ
     – Treat wireless network as hostile
     – Monitor wireless network usage
• If allowing internal access
     – Strong authentication: PKI certs or 2-factor
• Monitor for rogue access points
     – Dual-mode APs, wireless device agents
• Client controls
     – AV, firewall, patch, anti-bridging mechanism

25                     April 19, 2007
Questions?




26           April 19, 2007
Important information

– The information in this pack is intended to provide only a general
  outline of the subjects covered. It should not be regarded as
  comprehensive or sufficient for making decisions, nor should it be
  used in place of professional advice.
– Accordingly, Ernst & Young accepts no responsibility for loss arising
  from any action taken or not taken by anyone using this pack.
– The information in this pack will have been supplemented by matters
  arising from any oral presentation by us, and should be considered in
  the light of this additional information.
– If you require any further information or explanations, or specific
  advice, please contact us and we will be happy to discuss matters
  further.



27                       April 19, 2007