EE579S Computer Security
Download
Report
Transcript EE579S Computer Security
EE579T
Network Security
12: Intrusion Detection & Wireless Security
Prof. Richard A. Stanley
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #1
Overview of Today’s Class
•
•
•
•
Administrivia
Review last week’s lesson
Intrusion Detection
Wireless security
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #2
Reminders
• April 20/21: class at usual time with project
presentations
• Final for this course is take-home
– Final exam was distributed on the web site
today
– Exam is due 27 April
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #3
Last time…
• Firewalls are an important item in network
security, but not a cure-all
• There are many ways to employ firewalls,
and care must be taken to analyze what is to
be protected, and how
• SNMP is widely-used for managing clients
distributed across a network
• SNMP security is a major issue!
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #4
Intrusion Detection Systems
• Oddly enough, these are systems designed
to detect intrusions into protected systems
• Security intrusion (per RFC 2828):
– A security event, or a combination of multiple
security events, that constitutes a security
incident in which an intruder gains, or attempts
to gain, access to a system (or system resource)
without having authorization to do so.
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #5
What’s a Security Incident?
• A security event that involves a security violation. (See:
CERT, GRIP, security event, security intrusion, security
violation.)
• In other words, a security-relevant system event in which
the system's security policy is disobeyed or otherwise
breached.
• "Any adverse event which compromises some aspect of
computer or network security." [R2350]
Source: RFC 2828, page 152; emphasis added
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #6
Why Do We Need This?
• With the exception of authentication
systems, most of the defenses we have
studied up to now are directed towards
intruders coming from outside the firewall
• These systems are not perfect--some
intruders will get through
• Moreover, defenses such as firewalls cannot
protect against intruders on the inside
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #7
Intrusion Detection Functions
• Monitor protected networks and computers in real
time (or as close to real time as is practicable)
• Detect security incidents
– Requires a policy, and a way for the IDS to know what
that policy is
• Respond
– Raise an alarm
– Send some automated response to the attacker
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #8
IDS vs. Auditing
• Audits tend to be a posteriori
– But an IDS can be seen as performing a
constant, near real time audit function
• To perform an audit, you need to know what
the policy is
– Audit measures departures from the policy
norms
– Audits depend on system logs
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #9
Early IDS’s
• Emulated the audit function
– Crawled the logs, looking for deviations from
policy-permitted actions
– Intent was to speed up the audit, making it
nearly real time
– Still a useful approach
• IDS technology has been around only since
the early 1990’s; not too mature
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #10
IDS Uses
• Monitor system usage
– Determine access, usage patterns
– Plan for capacity engineering
• Monitor specific problem areas
• Serve as a deterrent
– Sort of like the “burglar alarm” label on a
house, even if there is really no alarm
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #11
Log Files
• Are evidence if an intrusion occurs
– Must be stored in their original, unmodified
form, otherwise inadmissible in court
– Provide data from which trends can be deduced
– Can be subjected to forensic analysis
– Probably needed to assess level of system
compromise/damage and to restore to state
prior to intrusion
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #12
Legal Issues - 1
• Privacy of your employees
– Courts have held that employees have little
expectation of privacy in the workplace,
especially if told so at the outset
• email can be monitored at work by employer
• phone calls can be monitored at work by employer
• doing either of these things outside the workplace
violates the wiretap statutes (18 USC § 2516, etc.)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #13
Legal Issues - 2
• What if the IDS discovers illegal acts being
performed on/by your network?
– Employees using the network for illegal
activities
– Outsiders having planted zombie programs so
that your system attacks others
– What is your responsibility and liability?
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #14
Legal Issues - 3
• This may be a Catch-22 issue
– If an attacker is using your system, law enforcement
may want you to continue to allow that to happen so
they can apprehend the attacker
• If you interrupt the attack, could be interpreted as obstruction
of justice
– But, if you allow the attack to continue, you may be
liable for damages to those attacked
• Get legal advice--beforehand!
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #15
What About Automated
Response?
• Tempting capability
• If attacking your system is illegal, what
makes your attack on the attacker less
illegal?
• What if you are, or are acting on behalf of, a
governmental entity and the attacker is also
a governmental entity?
– Casus belli
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #16
IDS Architecture
Management
Console
Sensor
Sensor
Sensor
Sensor
Sensor
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #17
Console
• Monitors and controls sensors
– Sets policy, alarm levels, etc.
– Stores logs
• Must have secure communications with
sensors
– Encrypted connection
– Out of band (OOB)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #18
IDS Types
• Network-based (NIDS)
– Monitors the network backbone
• Network node-based (NNIDS)
– Monitors network nodes, not the backbone
• Host-based (HIDS)
– This is the “log crawler” that started it all
• Gateway (GIDS)
– NIDS in series with the network
– Leads to Intrusion Protection Systems (IPS)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #19
What Can It See?
• Network packets
• OS API calls
• System logs
• How do we merge this data to detect
intrusions?
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #20
Host-Based
• Sits on a host as a background task
• Monitors (potentially)
– traffic to and from the host
– OS API calls
– system logs
• Adds to processing load on the host, so host
must be able to support the extra load
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #21
Network-based
• NIDS sensors placed on network backbone
– Can view only packet traffic passing by, much
like a classic passive sniffer
– Does not place processing load on network, but
the NIDS platform must be capable of dealing
with network traffic speeds
• Software can usually handle 100 Mbps
• Hardware only 2-3 times faster
• If network is faster, looks only at subset of packets
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #22
Network Node-based
• Used to inspect intrusions directly into
network nodes
– Effectively a blending of HIDS and NIDS
– Used to protect mission-critical machines
– Again, a background process on existing nodes,
so node must be able to handle added
processing load
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #23
Gateway
• In series with network
– Often set to block prohibited traffic
automatically
– Think of it as an in-network firewall with an
extended rule set
– Must be able to keep up with network load
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #24
Deployment
• Putting in an IDS is a complex and timeconsuming affair
– Typically, start simple and add functionality as
you learn more about the network
– NIDS tends to see more and load network least
– Follow up with HIDS on selected hosts,
perhaps NNIDS on critical nodes
• Policy has to be in place first
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #25
Attack Signatures
• Critical to success of any IDS
• Must be maintained, just like virus signatures
– You want some visibility into this
– Do you want strangers deciding what is an attack on
your critical systems?
• Some IDS’s let you write/modify signatures,
others do not
• CVE: http://www.cve.mitre.org/
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #26
IDS Deployment
• First, design the IDS sensor and
management layout
• Next, deploy the IDS
– Test the network for normal operation
– Test the IDS
• Run packaged attacks to see if all are detected
• Document performance and repeat test regularly
– Tune the IDS
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #27
Sampling of IDS Products
• RealSecure:
http://www.iss.net/products_services/enterp
rise_protection/rsnetwork/sensor.php
• NFR: http://www.nfr.net/
• Snort: http://www.snort.org/
• SnortSnarf:
http://www.silicondefense.com/software/sn
ortsnarf/
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #28
IDS Summary
• IDS’s can be useful in monitoring networks
for intrusions and policy violations
• Up-to-date attack signatures and policy
implementations essential
• Many types of IDS available, at least one as
freeware
• Serious potential legal implications
• Automated responses to be avoided
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #29
Wireless Security:
What’s the Problem?
•
•
•
•
Rapid, extensive wireless deployment
Little to no installation RF engineering
Ineffective built-in security protocols
Lack of awareness of ways that wireless
access can compromise networks
– Inadvertently
– Maliciously
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #30
Standards
• This is new territory
• Until the late 1990’s, no overall standards
existed for WLANs
– Each manufacturer did their own thing
– Interoperability virtually nonexistent
• Cross-vendor operability still an issue in
some settings
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #31
WLANs Today Are Largely
Standardized
• Dominant -- but not only -- standard is IEEE 802.11x
– 802.11b: currently most popular, large $$
• 2.4 gHz ISM band, DSSS, 1-11 MBps
Incompatible
– 802.11a: about to take over?
• 5 gHz UNII band, OFDM, up to 54 MBps
– 802.11i: coming on fast, includes integrated, improved
security features
• Intended to be 802.11a compatible
• Single standard allows intruders to focus their efforts to
maximum effect
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #32
Most
Common
WLAN
Standards
Protocol
Author
Frequency
802.11
IEEE
900 MHz ISM
802.11a
IEEE
802.11b
IEEE
802.11e
Data Rate
Comments
FHSS
~ 300 Kbps
Original standard of the
series Obsolescent
5 GHz UNII
OFDM
Up to 54 Mbps
DSSS
FHSS legacy
1 to 11 Mbps
IEEE
2.4 GHz ISM,
900MHz
legacy
5 GHz UNII
Emerging Standard Not
backward compatible
with 802.11b
Most popular at this
writing. Often called
“Wi-Fi”
OFDM
Up to 54 Mbps
802.11g
IEEE
2.4 GHz ISM
DSSS
FHSS
Up to 54 Mbps
802.11h
IEEE
5 GHz UNII
OFDM
Up to 54 Mbps
802.11i
IEEE
5 GHz UNII
OFDM
54 Mbps or
beyond
802.11j
(5UP-2003)
IEEE, ETSI
5 GHz UNII
OFDM,
GMSK
54 Mbps or
beyond
HiperLAN
ETSI
5.15-5.30 GHz
or 17.1-17.3
GHz
OFDM,
GMSK
23.529 Mbps
HiperLAN/2
ETSI
5.15-5.30 GHz
or 17.1-17.3
GHz
OFDM,
GMSK
54 Mbps
HomeRFTM
Industry
group
Bluetooth
Consortium
2.4 GHz
FHSS
Up to 10 Mbps
2.4 GHz
FHSS
1 Mbps
TM
HomeRF
Bluetooth
Spring 2004
© 2000-2004, Richard A. Stanley
Modulation
Adds QoS capability to
802.11h
Not yet available
Intended to maintain
backward compatibility
with 802.11b.
Adds transmit power
control dynamic freq.
selection to 802.11a, to
counter EU area
interference issues
Intended to specifically
include security and
authentication.
Effort to converge
802.11 and HiperLAN
standards to permit
interoperation in the 5
1
GHz band . Committee
forming
European Community
backed standard,
expected to appear by
mid 2002
European Community
developed standard,
expected to appear in
2002
Integrated voice, data &
entertainment for home
networking
Cable replacement, not
comparable to 802.11 or
HiperLAN
EE579T/12 #33
WLANs Don’t Usually Stand
Alone
• Wireless LANs are usually extensions to
wired LANs, using access points (AP)
– An AP functions as an IP bridge between the
wired and wireless media
• While all-wireless LANs are possible, they
are uncommon as intentional configurations
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #34
WLAN Operation
• Probes
– Signals from clients seeking to connect
– Elicit response from potential APs
– Connection established w/strongest signal
• Beacons
– Advertise presence and ID of AP
– Provide public notice of network presence
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #35
Typical WLAN Topology
AP
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #36
But What If The Topology
Actually Looks Like This?
Unauthorized
Client
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #37
Internal Security Vulnerabilities
• Rogue WLANs
– Created by unauthorized APs on network
– Modern computer configurations facilitate
• Accidental Associations
– WLAN client inadvertently associating with
another network within range
• Insecure Network Configurations
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #38
External Security Vulnerabilities
• Eavesdropping
– Common, easy to do
• Denial of service & interference
– Simply a jamming problem
• Masquerade
– Capture legitimate info, use to log on
• Man-in-the-middle attacks
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #39
RF Engineering Issues
• Most WLANs are installed without benefit
of detailed RF engineering
• Access points, although low power, still can
cover a large geographic area
• Addition of directional antennas to AP or
receiver can further extend range
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #40
RF Issues
• Mapping the coverage of your APs is
critical, but seldom done
• Widely available data on WLAN coverage
that can be used for “free” service
• It isn’t just your system. What about
overlapping coverage from your neighbors?
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #41
Measured Coverage of One
Access Point in Lawrence, KS
It was
intended to
cover only
the interior
of the
building in
red!
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #42
Northeast US Wi-Fi Coverage
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #43
Free Wi-Fi in NYC (one view)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #44
Rogue WLANs
• “Standard” computer configuration today
includes WLAN NIC, especially on laptops
(cf. Intel Centrino®)
• Result is same as when modems connecting
around the firewall were the primary
problem
• User may be totally unaware W/L device is
activated and in use
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #45
Inadvertent Association
• When the client can “see” multiple APs, it
may be difficult to force it to associate with
the correct one
• Result: network client connected to foreign
network, which can leak sensitive info and
anything else available over the network
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #46
Insecure Configurations
•
•
•
•
Default settings
SSID broadcast
Weak or no encryption
Weak authentication
• Beware the “helpful” employee or the
power-up reset menu!
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #47
Configuration Settings
• As with so many other network elements,
many default settings remain at their factory
setting in deployed nets
• SSIDs should always be changed from the
default, and rarely broadcast
– This makes it harder, but far from impossible,
for intruders to “find” the net
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #48
WEP: Too Literal An
Implementation
• WEP=Wired Equivalent Privacy
– That’s exactly what it provides, perhaps even
better than that
– Problem? That isn’t enough
• Wired signals are confined to cables (mostly)
• Wireless signals are available to all listeners
• Although flawed, WEP is better than
nothing, but most users turn it off
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #49
Origins of WEP
• Marketing and Political Issues:
– Developed as part of a wireless LAN research
project at Apple Computer, Inc.
– Eavesdropping was perceived as a barrier to
market acceptance
– Apple sells into a worldwide market so solution
had to be exportable
– When WEP developed, NSA allowed only 40bit encryption to be exported
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #50
Origins of WEP (cont.)
• Technical Issues:
– Eavesdropping on wireless link => privacy and
authentication problems
– Multiple network protocols (in 1993) =>
solution required at data link layer
– Data link layer is “best effort” => crypto-state
(other than shared key) must accompany each
frame
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #51
WEP Solution
• Apple had unlimited RC4 license from
RSA, Inc.
• Method and apparatus for variableoverhead cached encryption, US Patent
5,345,508 applied for 23 Aug 1993, granted
6 Sept 1994
• Licensed for export in mid-1994
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #52
WEP Encryption
IV
Initialization
Vector (IV)
Key Sequence
Seed
+
PRNG
RC4()
Cache
(MAX_MSG_SZ)
Secret Key
Ciphertext
+
Plaintext
The problems with this approach are obvious!
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #53
IEEE 802.11’s use of WEP
• WEP introduced in March 1994
• Strong pushback in standards committee
regarding cost and overhead of encryption
• Dilution of proposal; privacy in 802.11x
made optional
– By default, WEP is not activated in 802.11x
devices; requires positive user intervention
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #54
WEP Security Problems
• Papers submitted to 802.11 committee
highlight the problems with WEP; “Unsafe
at any Key Size” presented in October 2000
• 802.11 Task Group I formed to solve WEP
security problems
• Press gets wind of the issue
• Public domain attacks; “war driving”
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #55
WEP Security Problems (cont.)
• Passive attacks to decrypt traffic based on
statistical analysis
• Active ‘known plaintext’ attack to inject new
traffic from unauthorized mobile stations
• Active attacks to decrypt traffic, based on tricking
the access point
• Dictionary-building attack; real-time automated
decryption of all traffic after a day’s sampling
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #56
Wardriving Sample
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #57
The Threat: A Sampler of WLAN
Hacker Tools
Courtesy AirDefense
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #58
802.11 Task Group I
• Long term security architecture for 802.11
• Based on 802.1X authentication standard
and two new encryption protocols (TKIP
and CCMP)
– Labeled Robust Security Network (RSN)
• Uses Upper Layer Authentication (ULA)
protocols outside the scope of 802.11i (e.g.
EAP/TLS)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #59
RSN Data Privacy Protocols
• Temporal Key Integrity Protocol (TKIP)
– a cipher suite enhancing the WEP protocol on pre-RSN
hardware
• Counter Mode/CBC-MAC Protocol
– based on AES and Counter-Mode/CBC-MAC (CCM)
– Mandatory for RSN compliance
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #60
Robust Security Network
Includes:
• Better key derivation/distribution based on 802.1X
– For TKIP: per message 128 bit key derivation
• Improved encryption (TKIP, CCMP)
• Stronger keyed Message Integrity Checks
– Custom MIC for TKIP with 22 bit effective strength
– Strong AES-based MIC for CCMP
• IV sequencing to control message replay
– 44 bits to avoid re-keying (4 bits for QoS)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #61
802.1X
• Originally designed as port-based network
access control for PPP
• Provides support for a centralized
management model
• Primary encryption keys are unique to each
station and generated dynamically
• Provides support for strong upper layer
authentication (ULA)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #62
802.1X Architectural Framework
• Employs Extensible Authentication Protocol
(EAP)
– EAP built around challenge-response paradigm
– operates at network layer = flexibility
• Provides transport for ULA protocols
• Two sets of keys dynamically generated
– Session Keys, Group Keys
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #63
802.1X Overview
• Generic method for Port Based Network Access and
Authentication for IEEE 802 LAN’s
• Specifies protocol between devices (wireless clients)
desiring access to the bridged LAN and devices (Access
Points) providing access to the bridged LAN
• Specifies the protocol between the authentication server
(e.g. RADIUS) and the authenticator
• Specifies different levels of access control
• Specifies the behavior of the port providing access to
the LAN
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #64
802.1x Definitions
• Authenticator : System port that is responsible for granting
access to services that are accessible via the port (e.g. AP)
• Supplicant : The port requesting access to the service via
the authenticator (e.g. wireless client)
• Port Access Entity: The software that is associated with the
port. It supports the functionality of Authenticator,
Supplicant or both
• Authentication Server: An entity that provides the
authentication service to the authenticator. Usually an
external or remote server (e.g. RADIUS)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #65
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #66
Description cont.
IEEE 802.1X Terminology
Pieces of the system.
Supplicant
Authenticator
Authentication Server
Uncontrolled port
Controlled port
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #67
Normal Data Initially Blocked by
Access Point
802.1X traffic
Wireless laptop
Authentication traffic
Access Point
Authentication Server
Authentication traffic flows
Normal Data Blocked
• Wireless client associates with the AP
• Only Authentication Traffic is allowed to flow through Access Point
• The Access Point Blocks all Normal Data Traffic
• Access point correctly encapsulates the 802.1x traffic and Authentication Traffic
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #68
Mutual Authentication
802.1X traffic
Authentication traffic
Wireless laptop
(Supplicant)
Access Point
Authentication Server
(Authenticator)
• The Supplicant securely obtains the WEP key during Proper Authentication
• The RADIUS Server sends the WEP Key to the Access Point
• The WEP Key is then used by the Access Point to send the Broadcast WEP key
• Normal Data Traffic is still blocked
• Only Authentication Traffic is passed by the AP
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #69
Client Access Granted
802.1X traffic
Authentication traffic
Wireless laptop
(Supplicant)
Access Point
Authentication Server
(Authenticator)
• The client decrypts the broadcast key using the session WEP key
• The client sets the broadcast WEP key through the NIC interface
• Successful EAP Authentication
Authentication traffic flows
• Normal Data traffic is now enabled
Data traffic flows
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #70
New Authentication Types
802.1X traffic
Authentication traffic
Wireless laptop
(Supplicant)
Access Point
Authentication Server
(Authenticator)
• Only Authentication server is aware of the authentication type, e.g.
- Kerberos
- One Time Password
• Client and AP need not be modified to add new authentication
types
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #71
Key Distribution
• Dynamic Session Key
- Session key depends on EAP authentication type
- The client specific session key is sent to the AP from the RADIUS
• Broadcast Key
- The Dynamic session Key is used to encrypt the broadcast key sent
from the AP to the wireless client
- Authentication server timeouts can be configured to re-authenticate
the client (adds extra security)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #72
Client-AP Implementation
• Client (Supplicant)
- Prior to 802.1x authentication, the client-AP use an open
authentication model
- On authentication, dynamic WEP is used
- Both the client and AP must be able to support WEP and nonWEP traffic
• Access Point (Authenticator)
- Communicates with the client using 802.1x
- Communicates with the Authentication Server using RADIUS
- Encapsulates incoming EAPOL traffic into RADIUS traffic
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #73
Drawbacks
• EAPOL traffic for Shared-Media LANS
means that WLANs should be encrypted.
Encryption of EAPOL not mandatory in
802.1x
• Port Based Network access defined only for
“Infrastructure Mode” of WLANs. Peer-topeer (Ad Hoc) mode not dealt with.
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #74
EAP Summary
• EAP is an end-to-end security solution
– Mitigates the current WLAN security threats of stolen
hardware and rogue access points.
– User-specific session-based WEP keys used. Reduces
risk of static WEP keys lying around on clients and APs
– Replaces currently deployed Static WEP with a more
secure Dynamic WEP key distribution mechanism
– Centralized authentication and access model via the
RADIUS server
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #75
802.11i - Summary
• Draft provides a system to greatly enhance
security for users of Wi-Fi equipment
• Improved encryption and 802.1X standard
for authentication – address all the shortfalls
in the current standard
• Draft standard expected to be ratified in fall
of 2003
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #76
Issues
• 802.11i draft standard exists on paper, but
compliance cannot be claimed before
ratification
• Solution required now
• Current proprietary solutions do not
interoperate
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #77
Existing Solutions & Other Methods
• MAC address filtering
• Access Point Placement
• Proprietary Solutions
– Cisco’s LEAP
– NextComm’s Key Hopping
– 3Com’s Embedded firewall in wireless APs
• Virtual Private Networks (VPNs)
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #78
Wi-Fi Protected Access - WPA
• WPA is a response by the industry to offer strong
and immediate security solution that would
replace WEP
• It is a subset of 802.11i draft standard and is going
to maintain forward compatibility
• Main idea - “Bring what is ready now to the
market”
• Increases the level of security for Wireless LAN
• It is a standards-based, interoperable security
specification
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #79
WPA
• Provides user authentication
– Central authentication server (like RADIUS)
– Via 802.1x and EAP
• Improves data encryption
– Temporal Key Integrity Protocol (TKIP)
• Eventually will support full 802.11i
compliance
• Some implementation issues remain
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #80
Best Practices For Now
• WEP is better than nothing; turn it on and
change keys often
• Engineer placement of access points
• Upgrade firmware and drivers on APs and
wireless cards as they are released
• VPN (treat wireless users as you would
dial-in users)
– No panacea, but much better than nothing
• Check for 802.1x support before buying
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #81
The Future
• Improved encryption and authentication
– Part of 802.11i standard
– Likely to be deployed soon (2004?)
– Major problems with installed base
• Increased user sensitivity to security issues
driving demand for solutions
• Products entering the marketplace to
automatically identify vulnerabilities
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #82
Summary
• Wireless is becoming the preferred method
for mobile users to connect to LANs
• Wireless brings with it many security
issues, which span several technical fields
• Careful attention must be paid to wireless
security issues, else the entire network will
be compromised
Spring 2004
© 2000-2004, Richard A. Stanley
EE579T/12 #83