Transcript Power Point- Wireless Network Security

Wireless Network Security
Secure Unix Administration
Josh Rountree
[email protected]
History
First Developed During WWII
 Heavily encrypted
 inspired a group of researchers in
1971 at the University of Hawaii to
create the first packet based radio
communications network, ALOHNET

Topologies
Star
 Mesh

Star
One central base or access point
(AP) for communication
 Information packets transmitted by
the originating node are received by
the central station and routed to the
proper wireless destination node
 Infrastructure mode

Mesh
No centralized base station
 Each node that is in range of one
another can communicate freely
 Ad Hoc mode

Standards
IEEE 802.11
 IEEE 802.11a
 IEEE 802.11b
 IEEE 802.11g

IEEE 802.11
1997
 Operates at a radio frequency (RF)
band that surrounds 2.4GHz
 Data rates of 1Mbps and 2Mbps
 Set of fundamental signaling
methods and services

IEEE 802.11a & IEEE 802.11b
1999
 Operates at a radio frequency (RF)
band that surrounds 5.8GHz & 2.4GHz
 Define new physical layers for data
rates from 5Mbps, 11Mbps, 54Mbps
with IEEE 802.11a

IEEE 802.11g
Expected to be approved in July 2003
 Backward compatible with 802.11b
 54 Mbps raw data rate

Security?
Wired Equivalency Protocol (WEP)
 Protect Network privacy
 Prevent unauthorized access to the
wireless network
 Falls short of both goals

How does WEP Work?





Relies on secret key that is shared in a basic
service set (BSS) – a wireless AP and a set of
associated nodes
Uses the key to encrypt data packets before they
are transmitted
Integrity checking also to ensure packets haven’t
been modified
802.11 does not address the issue of how shared
keys are to be established
In most implementations it is a single key that is
shared between all and is manually set
How does WEP Work? cont.





WEP used the RC4 algorithm, which is a stream
cipher
A stream cipher expands a short key into in infinite
pseudo-random key stream
Sender uses this key stream by XORing the key
stream with the plaintext of the message to produce
the ciphertext
The receiver uses its copy of the key to generate
the identical key stream
XORing the ciphertext received with this key stream
produces the original plaintext
Attacks






Changing of a bit by an attacker in an intercepted
packet resulting in the data that will be decrypted is
corrupt
Ability to recover all plaintexts sent by
eavesdropping two ciphertexts encrypted with the
same key stream
Possible to obtain the XOR of the two plaintexts
Knowledge of the two plaintexts enables statistical
attacks that can recover the plaintexts
As more ciphertexts with the same shared key are
known, the attack becomes more convenient
Once one of the plaintexts is known, it is trivial to
decipher the others
Other Security Features of WEP

Integrity Check field in packet to help
guarantee a packet hasn’t been modified
 Initialization Vector supplements the shared
key to avoid encrypting two plaintexts with
the same key stream
 These two security features are
implemented incorrectly
Integrity Check Field





Implemented as a CRC-32 checksum – a very
common error detection scheme
Problem arises from the scheme being linear
It’s possible to compute the bit difference of the two
CRC’s based on the bit difference of the data
packets
Allows attacker to be able to determine which bits
of the CRC-32 code to correct when flipping
arbitrary bits in the packet
Resulting packet appears valid
Initialization Vector (IV)







24-bit initialization vector
Very small range of possibilities
Guarantees that there will be a reuse of the same key stream
in a relatively short period of time
On a busy access point with relatively average sized packets,
the time before key reuse is about 5 hrs.
Allows attacker to gather two ciphertexts that were encrypted
with the same key stream and begin the statistical analysis to
recover the plaintext
When all mobile nodes use the same key the chances for IV
collision is greatly increased
802.11 standard specifies the IV changing with each packet to
be optional
Hardware


Most 802.11 equipment is designed to disregard
encrypted content for which is doesn’t have the key
Changing the configuration of the drivers and
confusing the hardware enough so that the
unrecognized ciphertext is returned for further
examination and analysis
Screen Shot
RC4 Remedies
RSA Security & Hifn





RC4 Fast Packet Keying: different RC4 Keys are
generated in rapid succession for every data packet
transmitted.
Both sides use an RC4 128-bit key, the Temporal
Key (TK)
Every sender uses a different keystream as the TK
is linked with the sender’s address
To this is a 16-bit Initialization Vector is added,
which once again results in a 128-bit RC4 key
Updates via firmware and driver software
Cisco’s remedies



Mutual, rather than unilateral, authentication by
using LEAP (Lightweight Extensible Authentication
Protocol)
Cisco uses the shared-key method to generate
responses to mutual requests. Irreversible and
unidirectional hash keys make attacks from
reproduced passwords impossible
Dynamic, user and session based WEP keys that
are generated by the system without any
administrative effort
Final Words


IEEE is concentrating on developing an updated
WEP standard
RC4 is to be replaced by a newer encryption
protocol with particular interest in AES (Advanced
Encryption Standard)
Further Reading


http://www.tomshardware.com
http://www.smallnetbuilder.com/Sections-article15page1.php