Transcript Diapositiva 1 - International Centre for Theoretical Physics

WLAN SECURITY and other 802
protocols
Pietrosemoli, ICTP, Feb 03
Addenda to the basic 802.11
protocol
•
•
•
•
•
•
•
802.11 a, b,
802.11 e
802.11 d
802.11 g
802.11 h
802.11 i
802.1 x
Pietrosemoli, ICTP, Feb 03
Task Group H:
Spectrum Managed 802.11a
802.11 radios transmit and without getting appropriate
feedback, halt and retransmit.
802.11h overlays 802.11a to solve both interference and
overuse problems, as well as improve coexistence with
other specs that might reside on the same band. The h spec
requires devices to check whether given frequencies
are in use before transmitting (Dynamic Frequency Selection
or DFS), as well as only transmitting at the minimum
necessary power level (Transmit Power Control or TPC).
Pietrosemoli, ICTP, Feb 03
Task Group H:
Spectrum Managed 802.11a
These additions were formulated specifically to meet
requirements for using the 5 GHz band in the European
Union, which has been promoting its own specification
called HiperLAN2
There's a chance for spillover of h into other standards like b
and g, of course, to improve their responsiveness
Pietrosemoli, ICTP, Feb 03
Task Group E:
Quality of Service
• Every packet has an equal chance of getting
through in 802.11b. Task Group E wants to
change that, allowing for what's known as
"quality of service" or QoS, to guarantee that
some packets have more priority than others.
This is a fairly tricky task, involving coordination
between client radios, access points, and
system administrators.
• QoS is needed for consistent voice-quality calls
using VOIP (voice over IP) and for streaming
multimedia.
Pietrosemoli, ICTP, Feb 03
Task Group I:
Enhanced Security
• Originally, 802.11e covered both scheduling and
security. With the constant release of weakness
reports in the WEP (Wireless Equivalent
Privacy) encryption system built into 802.11b,
however, security popped into its own group,
letter I.
• Task Group I has been working to find a
replacement for WEP that, hopefully, would also
have enough compatibility to be implemented
without vastly revising the current generation of
systems
Pietrosemoli, ICTP, Feb 03
Task Group I:
Enhanced Security
The long-term goal of 802.11i, however, is
to replace WEP. The failure in public
confidence has the group looking at
specifications that are at a much higher
level of complexity but still computationally
efficient enough to embed in lower-power,
inexpensive devices, such as chipsets
used for PC cards.
Pietrosemoli, ICTP, Feb 03
Task Group I:
Enhanced Security
The failure of WEP resulted in the group
dropping the name WEP2 for the new
standard and replacing it with Temporal
Key Integrity Protocol (TKIP), something
which is much more descriptive: assuring
that a key retains its security over a
period of time .
Pietrosemoli, ICTP, Feb 03
Task Group 802.1x
Is developing a method of authenticating
users through a back-end system in a
secure fashion. Some weaknesses in the
approach have already been discovered,
unfortunately, as there is a lot of room for
man-in-the-middle style interception
Pietrosemoli, ICTP, Feb 03
• Wireless LAN Security Issues Wireless
LAN Security Issues
• Issue
• • Wireless sniffer can view all WLAN data
packets
• • Anyone in AP coverage area can get on
WLAN
• 802.11 Solution
• • Encrypt all data transmitted between
client and AP
• • Without encryption key, user cannot
transmit or receive data
Pietrosemoli, ICTP, Feb 03
Limitations of 802.11 Security Limitations of 802.11 Security
• Shared, static WEP keys
No centralized key management
Poor protection from variety of security attacks
• No effective way to deal with lost or
stolen adapter
Possessor has access to network
Re-keying of all WLAN client devices is required
• Lack of integrated user administration
Need for separate user databases; no use of RADIUS
Potential to identify user only by device attribute like MAC
address
Pietrosemoli, ICTP, Feb 03
802.1X Authentication 802.1X Authentication Process
Pietrosemoli, ICTP, Feb 03
Require VPNs for WLAN Access? Require Ns for WLAN
Access?
Pros
• Ensures 3DES encryption from client to concentrator
• Is in use at most shops
• Makes WLAN and remote access UIs consistent
•Supports central security management
Pietrosemoli, ICTP, Feb 03
Cons
• Client does encryption, decryption in software
• Requires VPN concentrators behind APs, increasing
cost
• User must reinitialize VPN connection when roaming
between concentrators
Pietrosemoli, ICTP, Feb 03
802.1X
The IEEE 802.1X standard, Port Based Network Access
Control, defines a mechanism for port-based network
access control that makes use of the physical access
characteristics of IEEE 802 LAN infrastructure. It provides
a means of authenticating and authorizing devices
attached to a LAN port that has point-to-point connection
characteristics. The 802.1X specification includes a
number of features aimed specifically at supporting the
use of Port Access Control in IEEE 802.11 Wireless LANs
(WLANs). These include the ability for a WLAN Access
Point to distribute or obtain global key information to/from
attached stations, following successful authentication.
Pietrosemoli, ICTP, Feb 03
Wireless LAN Analysis- tools
•
•
•
•
•
•
AiroPeek from WildPackets
Grasshopper from BV Systems
Mobile Manager from Wavelink
Sniffer Wireless from Network Associates
NetStumbler
AirSnort via the SourceForge
– AirSnort has been designed to break WEP encryption
keys.
– It operates by passively monitoring transmissions, and
when enough “interesting” packets have been gathered,
usually over a 24 hour period, it can then calculate the
WEP key.
.
Pietrosemoli, ICTP, Feb 03
Extensible Authentication Protocol (EAP)
The Extensible Authentication Protocol (EAP), specified in
RFC 2284, is a method of conducting an authentication
conversation between a Supplicant and an
Authentication Server. Intermediate devices such as
Access Points and proxy servers do not take part in the
conversation. Their role is to relay EAP messages between
the parties performing the authentication. The EAP
messages are transported between a wireless station and
an 802.1X Authenticator using EAPOL. The EAP
messages are transported between an 802.1X
Authenticator and the Authentication Server using
RADIUS. The EAP framework supports the definition of
Authentication Methods. Currently implemented EAP
Authentication Methods include MD5, TLS, TTLS, PEAP, and
Ciscos’s LEAP
Pietrosemoli, ICTP, Feb 03
Pietrosemoli, ICTP, Feb 03
Supplicant
The Supplicant is the client authentication
software/firmware. It runs on the station seeking WLAN
access and conducts an authentication conversation with
the Authentication Server using EAP. Until
authenticated, the Supplicant can only communicate
with the Authentication Server.
Pietrosemoli, ICTP, Feb 03
Authenticator
An Authenticator performs port-based access control on a
Network Access Server such as a Wireless Access Point.
During authentication it relays EAP messages between the
Supplicant and Authentication Server and discards all
other traffic from the Supplicant. Once notified of successful
authentication by the Authentication Server, the
Authenticator establishes the session and provides network
access to the Supplicant using any session keys provided by
the Authentication Server.
Pietrosemoli, ICTP, Feb 03
Authentication Server
The Authentication Server provides authentication
services to the Authenticator. The Authenticator
and Authentication Server have a trusted
(client/server) relationship over the secure (usually
wired) portion of the network. The Authentication
Server conducts an authentication conversation with
the Supplicant using EAP. The Authentication
Server authenticates the Supplicant based upon a
user profile that can be maintained either locally or
remotely. The Authentication Server may also
perform authorization, collect accounting, and provide
session keys to the Authenticator.
Pietrosemoli, ICTP, Feb 03
The WLAN access points can identify every wireless card ever manufactured by its
unique Media Access Control (MAC)
address that is burned into and printed on the card. Some WLANs require that the
cards be registered before the wireless
services can be used. The access point then identifies the card by the user, but this
scenario is complex because every access
point needs to have access to this list. Even if it were implemented, it cannot
account for hackers who use WLAN cards that
can be loaded with firmware that does not use the built-in MAC address, but a
randomly chosen, or deliberately spoofed,
address. Using this spoofed address, a hacker can attempt to inject network traffic
or spoof legitimate users.
It is also easy to interfere with wireless communications. A simple jamming
transmitter can make communications
impossible. For example, consistently hammering an AP with access requests,
whether successful or not, will eventually
exhaust its available radio frequency spectrum and knock it off the network. Other
wireless services in the same frequency
range can reduce the range and usable bandwidth of WLAN technology.
Pietrosemoli, ICTP, Feb 03
• Access
point security recommendations:
– Enable user authentication for the management interface.
– Choose strong community strings for Simple Network
Management Protocol (SNMP) and change them often.
– Consider using SNMP Read Only if your management
infrastructure allows it.
– Disable any insecure and nonessential management
protocol provided by the manufacturer.
– Limit management traffic to a dedicated wired subnet.
– Encrypt all management traffic where possible.
– Enable wireless frame encryption where available.
• Client security recommendations:
– Disable ad hoc mode.
– Enable wireless frame encryption where available.
Pietrosemoli, ICTP, Feb 03
On a busy network, 128-bit static WEP keys can be obtained
in as little as 15 minutes.
WEP uses the RC4 stream cipher that was invented by Ron
Rivest of RSA Data Security, Inc., (RSADSI) for encryption.
The RC4 encryption algorithm is a symmetric stream cipher
that supports a variable-length key.
The IEEE 802.11 standard describes the use of the RC4
algorithm and key in WEP, but does not specify specific
methods for key distribution. Without an automated method
for key distribution, any encryption protocol will have
implementation problems due to the potential for human
error in key input, escrow, and management. As discussed
later in this document, 802.1X has been ratified in the IEEE
and is being embraced by the WLAN vendor community as
a potential solution for this key distribution problem.
Pietrosemoli, ICTP, Feb 03
IP Security
• When deploying IPSec in a WLAN environment, an
IPSec client is placed on every PC connected to the
wireless network and the user is required to establish an
IPSec tunnel to route any traffic to the wired network.
Filters are put in place to prevent any wireless traffic
from reaching any destination other than the VPN
gateway and DHCP/DNS server. IPSec provides for
confidentiality of IP traffic, as well as authentication and
antireplay capabilities.
• Confidentiality is achieved through encryption using a
variant of the Data Encryption Standard (DES), called
Triple DES (3DES), which encrypts the data three times
with up to three different keys.
• Though IPSec is used primarily for data confidentiality,
extensions to the standard allow for user authentication
and authorization to occur as part of the IPSec process.
This scenario offers a potential solution to the user
differentiation problem
with ICTP,
WLANs
Pietrosemoli,
Feb 03
EAP/802.1X
• An alternative WLAN security approach focuses
on developing a framework for providing
centralized authentication and dynamic key
distribution
• EAP allows wireless client adapters, that may
support different authentication types, to
communicate with different back-end servers
such as Remote Access Dial-In User Service
(RADIUS)
• IEEE 802.1X, is a standard for port based
network access control
Pietrosemoli, ICTP, Feb 03
EAP/802.1X
When these features are implemented, a wireless client
that associates with an AP cannot gain access to the
network until the user performs a network logon. When
the user enters a username and password into a network
logon dialog box or its equivalent, the client and a
RADIUS server perform a mutual authentication, with the
client authenticated by the supplied username and
password. The RADIUS server and client then derive a
client-specific WEP key to be used by the client for the
current logon session. User passwords and session keys
are never transmitted in the clear, over the wireless link.
Pietrosemoli, ICTP, Feb 03
Summary
Organizations should choose to deploy either IPSec or
EAP/802.1X, hereafter referred to as LEAP, but
generally not both.
Organizations should use IPSec when they have the
utmost concern for the sensitivity of the transported
data, but remember that this solution is more complex
to deploy and manage than LEAP. LEAP should be
used when an organization wants reasonable
assurance of confidentiality and a transparent user
security experience.
The basic WEP enhancements can be used anywhere
WEP is implemented.
Pietrosemoli, ICTP, Feb 03
Wireless Encryption Technology Comparison
Pietrosemoli, ICTP, Feb 03
Key LEAP Devices
• Wireless client adapter and software—A software solution that
provides the hardware and software necessary for wireless
communications to the AP; it provides mutual authentication to
the AP via LEAP
• Wireless access point—Mutually authenticates wireless clients
via LEAP
• Layer 2/3 switch—Provides Ethernet connectivity and Layer 3/4
filtering between the WLAN AP and the corporate
network
• RADIUS server—Delivers user-based authentication for
wireless clients and access-point authentication to the wireless
clients
• DHCP server—Delivers IP configuration information for
wireless LEAP clients
Pietrosemoli, ICTP, Feb 03
Pietrosemoli, ICTP, Feb 03