IV - CCCure.org
Download
Report
Transcript IV - CCCure.org
WIRELESS LAN SECURITY
Clément Dupuis,CD
CISSP, GCFW, GCIA, CCSA (NG), CCSE (NG),ACE
Groupe CGI, Montreal, Canada / CCCure.Org
1
Overview of Presentation
Introduction
The Jargon
The 802.11 family of standards
Security
Defend yourself
Deployment
Counter Measures
Conclusion
25
2
Introduction
Roller Coaster Ride
What or Who to believe?
Most talk about technology
Most hyped technology (Reminds me of bluetooth)
Most controversial LAN technology right now
A challenge to secure
Different standards and access control methods
Does not respect the typical security defences
It is being deployed in large numbers right now
Now, lets take a look at some number…
25
3
Introduction - WLAN Penetration
40%
42%
37%
31%
19%
33%
16%
46%
34%
10%
9%
18%
1%
Total (n=180)
23%
19%
500-999 PC's
(n=31)
2%
1,000-4,999
PC's (n=105)
9%
11%
5,000+ PC's
(n=44)
Wireless access today
Will add w/in 18 mos.
Will add in 19+ mos.
No plans to add
25
Don't know
Statistics provided by WECA
4
Introduction - WLAN Depth of Penetration
1%
2%
5%
Access to mo
employees
40%
70%
Access to som
workgroups/
Access to few
57%
23%
1%
Adopters
Access to all
employees
Don't know
Intenders
Access to all employees
Access to most employees
Access to some workgroups/
divisions
Access to few
25
Don't know
Statistics provided by WECA
5
Introduction - WLAN Top Drivers
38%
Allows mobility
No cabling/ wires/ No
cabling cost
28%
To allow our people
access to e-mail/servers
when they are not in office
14%
To test/see how it works
10%
Ease of use/access
10%
Portability
Other
6%
17%
25
Statistics provided by WECA
6
Introduction - WLAN Top Barriers
50%
Authentication/Security Concerns
72%
3%
Budget
19%
16%
Resources for
Deployment and Support
34%
Allows mobility
38%
9%
32%
No cabling/ wires/ No
cabling cost
vide employees access
mail/servers when out
of office
13%
Speed
Adopters
Intenders
28%
9%
11%
25
14%
Statistics provided by WECA
7
Overview of Presentation
Introduction
The Jargon
The 802.11 family of standards
Security
The Threats
Defend yourself
Deployment
Counter Measures
Conclusion
25
8
The Jargon - WarXing
A new series of words have come into play as the world Wireless
LAN and methods of attacks have evolved.
They are derived from the term WarDialing that was used to
described someone attempting all phone number in series to find
modems or other devices.
WarDriving
WarFlying
WarBoating
Plug (noun)
a piece of favorable publicity or a
favorable mention usually incorporated
in general matter
WarCycling
- Merriam-Webster
WarWalking
WarChalking
25
WarPlugging (i:e Tell Joes Pizza and get 10% Off)
9
The Jargon - WarChalking
A marking method is only as good as the number of people that
knows it. There is a common standard being developed amongst
warchalkers to offer a common marking scheme.
Bumper Sticker
25
www.warchalking.org
10
The Jargon - Acronyms
IEEE
Institute of Electrical and Electronics Engineers
802.11
Specifications for Wireless Standards
Wi-Fi
Wireless Fidelity, often used in lieu of 802.11b
WECA
Wireless Ethernet Compatibility Alliance
WLAN
Wireless Local Area Network
AP
Access Point
FHSS
Frequency Hoping Spread Spectrum
DSS
Direct Sequence Spread Spectrum
OFDM
Orthogonal Frequency Division Multiplexing
WEP
Wired Equivalent Privacy
EAP
Extensible Authentication Protocol
CRC
Cyclic Redundancy Check
HotSpot
Area where wireless access is offered
25
11
The Jargon - Hotspots
Some airport are not offering HotSpots but there is also
businesses that have taken opportunities of this by
offering Internet Access while people grab lunch.
) ))
) ))
In Austin, Texax, 11 stores with HotSpots
25
12
Overview of Presentation
Introduction
The Jargon
The 802.11 family of standards
Security
Defend yourself
Deployment
Counter Measures
Conclusion
25
13
802.11 Standard and it’s annexes
802.11 represents Wireless LAN standards and annexes
The original standard was 802.11, which was a standard
which defined wireless LAN using Infrared
First annex was 802.11b
Second annex was 802.11a
Then a series of 802.11x followed
It is a “shared” medium
It makes use of CSMA-CA
802.11a and 802.11b are radio systems
25
14
802.11Whatever – What does it mean
802.11
MEDIUM
SPEED
(Mbps)
MODULATION
ACCEPTANCE
REMARK
Infrared
1 and 2
FHSS
DSSS
Low
Low speed
Line of sight
802.11b
Radio Wave
2.4 Ghz
1, 2, 5.5, 11
DSSS
Most widely used
802.11a
Radio Wave
5 Ghz
1, 2, 5,5, 11
OFDM
New, low number of
units shipped
Up to 54 Mbps
Incompatible with
802.11b
Shorter Range
8 Channels
802.11d
Internationalization
802.11e
Quality of service
802.11g
Radio Wave
2.4 Ghz
1, 2, 5,5, 11
Up to 54 Mbps
OFDM
Slow acceptance in
Europe, it interferes
with radar systems
in the 5 Ghz range
Compatible with
802.11b and 802.11a
networks
Less interference in the
5 Ghz range but shorter
range
Only 3 channels
802.11i
Security
25
802.1x
Authentication
Framework for 802 LAN
15
What is a WLAN
25
Picture from: www.smarthomeforum.com
16
Hardware – WLAN Hardware
WLAN Network Adaptor Chipsets
Cisco Aironet Based Series (Hermes Chipset)
Lucent Orinoco (Agere) Series
Prism II Chipset (Linksys, Compaq, Dlink)
Format
USB External Card
PCI Card
PCI Adaptor with PCMCIA Card
PCMCIA Card
Antennas
After all we are talking Radio Frequency and Signal here
25
Some have connector for external antenna and some don’t
17
What does it looks like in real life!
25
18
What does it looks like in real life!
25
Pictures from: www.hdcom.com
19
Overview of Presentation
Introduction
The Jargon
The 802.11 family of standards
Security
Defend yourself
Deployment
Counter Measures
Conclusion
25
20
Security – A few more terms
A few more terms:
Station
Describe any device on a wireless network,
either a client or an access point
Ad Hoc
Refers to a network between two clients
Access
Point
Used by client to communicate with other
clients, either wireless or wired clients. This
is also referred to as Infrastructure Networks
BSS
Basic Service Set – An access point with all
it’s clients that form a network
SSID
Service Set Identifier – The name given to a
BSS network, also called Network Name
25
21
Security - WEP
From ANSI/IEEE Std. 802.11:
“3.49 wired equivalent privacy (WEP):
The
optional
cryptographic
confidentiality
algorithm specified by IEEE 802.11 used to
provide data confidentiality that is subjectively
equivalent to the confidentiality of a wired local
area network (LAN) medium that does not
employ cryptographic techniques to enhance
privacy.”
25
22
Security – WEP Basic Security functions
Network name (SSID), used as a network password, or
key, or in some cases keys are derived from the SSID on
AP (Authentication)
Must have same SSID to communicate
Use the same SSID on all devices
Protect from devices without the SSID
Authentication (Access Control)
Encryption (Confidentiality)
Based on MAC Filtering
Through the use of WEP
40 Bits
128 bits
25
CRC checksum (Integrity)
23
Security – WEP Weaknesses
Key Management
Not define or included
Tend to provide long term or poor quality keys
Keys are manually keyed
Due to the manual labour involved, keys do not change often
Key Size
40 bits defined in standard
Most have deployed 128 bits, which in fact is 104 bits + 24 Bits IV
WEP IV Size is too small
Provides for 16,777,216 different cipher stream
IV are being reused
25
WEP does not specify how IV are chosen or how often they rotate
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
24
Security – WEP ICV Weaknesses
The Integrity Check Value (ICV) Algorithm
Based on CRC-32
Good for detecting errors in data transmission but not for hashes
MD5 or SHA1 would be a better choice
Message can be tampered and still produce same ICV
Allow M-I-M type of attacks, Simply capture an encrypted packet
stream, modify the destination address of each packet to be the
attacker's wired IP address, fix up the CRC-32, and retransmit the
packets over the air to the access point
Key size does not matter with ICV and IV based attack, the attacks
all take the same amount of effort regardless if it is 40 bits or 128 bits
25
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
25
Security – WEP usage of RC4
RC4 in it’s implementation in WEP has weak keys
Too much correlation between the key and the output
First three bytes of the key are taken from the IV
They are sent unencrypted in each packet
It is easy to exploit as it is a passive attack
All that is needed is to collect enough data to derive the key
About 100 megs of data is necessary
Once 100 megs is collected, encryption can be broken in seconds
25
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
26
Security – WEP Authentication
Two forms of authentication
Open System – No authentication
Shared Key Authentication
Shared key is in fact weaker
Knowledge of a shared key is demonstrated by encrypting a challenge
Challenge and Response can be monitored by attacker
From this, the attacker can derive the RC4 steam that was used
The attacker can then use this RC4 stream to reply to any challenge
that he receives in the future
Advantage of Shared Key
Reduce the ability of an attacker to launch a Dos Attack by sending
bogus packet encrypted with the wrong key on the network
25
Shared key should be turned off and 802.1x used instead
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
27
Security – 802.1x
Based on EAP – As per RFC 2284
Allow the use of Radius, Active Directory, SecurID, Certificates
25
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
28
Security – WEP – XOR Operations
XOR () operation
Given two bits, if exactly one of them is a one, the result is one.
Otherwise, it is zero.
Sample XOR () Operation
Value A:
Value B:
A B:
1 1 0 0
0 1 1 0
1 0 1 0
XOR () has the properties such that:
If
A B = C,
then
C B = A,
and
CA=B
A special mention to Ted Ipsen for sharing
with the community his WEP research on
which the info on XOR operations is based
29
25
Security – WEP – XOR Operation
XOR as a symmetric cipher
Message:
10011011101
01101010110
Ciphertext:
11110001011
01101010110
Key:
Key:
Message:
10011011101
25
30
Security – WEP – Operation
The CRC-32 ICV
A 4 byte CRC-32 Integrity Check Value (ICV) is computed for the data
payload of the packet and appended to it.
Plaintext Message (M)
ICV [s(M)]
The UNIQUE seed
The shared secret “key” (k) is static, a 24-bit Initialization
Vector (IV) is concatenated with the key (k), to form a
“unique” seed.
IV
Shared Key (k)
25
31
Security – WEP – Operation
THE KEYSTREAM
This seed is input into the stream cipher RC4, which outputs a
“keystream” of arbitrary length.
IV
Keystream
Shared Key (k)
RC4
000100101011100010110100101011110101010111011…
25
32
Security – WEP – Operation
The plaintext data, and the appended CRC-32 value are
XORed against an equal number of bits from the
keystream to create ciphertext.
Plaintext Message (M)
ICV [s(M)]
00010010101110001011010010101111010101
Ciphertext (C)
25
33
Security – WEP – Operation
The IV is put into the WEP Header in PLAINTEXT, and the
encrypted packet sent to the receiver.
802.11 Hdr
IV
Ciphertext (C)
The receiver uses the IV in the Header along with the
shared key, k to reproduce the RC4 keystream.
802.11 Hdr IV
IV
Ciphertext (C)
Shared Key (k)
RC4
25
000100101011100010110100101011110101010111011…
34
Security – WEP – Operation
The ciphertext is XORed against the RC4 keystream, and
the plaintext recovered.
Ciphertext (C)
00010010101110001011010010101111010101
Plaintext Message (M)
ICV [s(M)]
25
35
Security – WEP – Operation
The CRC-32 Integrity Check Value (ICV) is computed to
verify the integrity of the data.
Plaintext Message (M)
ICV [ s(M)]
Match?
CRC-32
ICV [s’(M)]
25
36
Security – WEP CONFIDENTIALITY
Confidentiality is provided by the XOR operation
To be secure, the keystream must NEVER be reused.
In WEP you are guaranteed to reuse these inputs, and
thus, the keystream!
The shared secret key k, whether 40 or 104 bits long, is
essentially fixed.
Therefore, the only input into the RC4 stream that
changes is the 24 bit IV (2^24 = 16,777,216)
So, about every 16 million packets, you get an IV
“collision”.
This
doesn’t take very long on a moderately busy network.
25
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
37
Security – WEP CONFIDENTIALITY
SCENARIO 1
Send some known plaintext (like spam e-mail), and capture the
encrypted packet with the cleartext IV.
XOR the plaintext against the ciphertext and recover the keystream.
SCENARIO 2
Consider the authentication scheme from the standpoint of an attacker.
You sniff the WLAN and capture the Challenge Message from the
Access Point as it is sent in cleartext to the requesting station.
Challenge (M)
You then capture the encrypted reply that is sent back to the AP
IV
25
Ciphertext (C)
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
38
Security – WEP CONFIDENTIALITY
SCENARIO 2 (Continued)
Compute the CRC-32 ICV for the Challenge, and append it.
XOR the Challenge and ICV against the Ciphertext
CM=K
And get the keystream back !!!
Challenge (M)
ICV
Ciphertext (C)
25
00010010101110001010
Primer from: http://www.nwfusion.com/research/2002/0909wepprimer.html
39
Overview of Presentation
Introduction
The Jargon
The 802.11 family of standards
Security
Defend yourself
Deployment
Counter Measures
Conclusion
25
40
Defend Yourself – WLAN Assessment
Hacking yourself before someone else does
How to assess your WLAN
Home brew
Commercial products
How to hide amongst others in the crowd
If everyone is screaming loudly then who is screaming
what you wish to hear.
How to fool the bad guys
More ways to fool the bad guys
25
41
Defend Yourself – Home Brew
What is required
A card with a connector for an external antenna
Software
Lots of software available for assessment
No software does all of the functions
Not all software works with all cards
Not all cards works with all OS
Will need more than one piece of software, card, and OS
Laptops
Cisco Aironet 352, Agere Orinoco Gold, and the Compaq WL100
With proper OS and Card drivers
External Antenna for better gain
25
42
Defend Yourself – Home Brew toolkit
As easy as 1-2-3
Free User Friendly sniffing and cracking software
Detect rogue networks that you may not know about
+
165$ US
NetStumbler
Kismet
APSniff
Sniffer Pro Wireless
AiroPeek
WepCrack
AirSnort
+
25
43
Defend Yourself – WLAN Assessment
Some of the functionality found in WLAN sniffer, cracker,
protocol analyzer, and assessment software:
SSID
Identification
MAC of AP
WEP
Detection
IP address,
Protocols
decodes
Data Rates,
channels,
signals
Cards
Supported
Netstumbler
(GPS Support)
Y
Y
Y
N
Y
ORINOCO
PRISM II
dstumbler
Y
Y
Y
N
Y
ORINOCO
PRISM II
WEPcrack
(Crack
encryption)
Y
Y
Y
N
N
PRISMII
AirSnort
(Crack
encryption)
Y
Y
Y
N
N
CISCO
PRISM II
ORINOCO
Airopeek NX
(Supports
802.11a)
Y
Y
Y
Y
All 7 layers
Y
CISCO
ORINOCO
Sniffer Pro
Wireless
Y
Y
Y
Y
All 7 layers
Y
CISCO
25
ORINOCO
SPECTRUM
44
Defend Yourself – WLAN assessment
25
45
Defend Yourself – Commercial ToolKit
25
46
Defend Yourself – Commercial ToolKit
Verify Signal Strength and clients on AP
25
47
Defend Yourself - Warfare
In 1978 while deploying HF, VHF, and UHF radio stations
for DOD, I would have never guessed that my antenna
theory would come to use for WLAN one day.
Position of the AP
As far away as possible from the unfriendly zone
Move it toward the centre of coverage zone if possible
Diffusion, Diffraction, Reflexion
Shield between you and remote
Type of antenna
Use a shield if necessary to direct waves
Use a cone shape to direct waves upward
25
48
Defend Yourself – Fake AP Tool
Hide in the crowd
Generates thousand of fake AP
RedHat only
Prism2/2.5/3 based 802.11b cards
Currently in development
Very promising
Available at:
http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
25
49
Defend Yourself – Locate the enemy
Electronic Warfare Techniques
Ekahau Positioning Engine (www.ekahau.com)
Find a device within 1 meter
Need three points at least for accuracy
Marketing potential as well
Show ads to people close to a store for example
Disallow access to people outside your area
Available now
25
50
Defend Yourself – HOWTO
Control who gains access to your network
Use defence in depth
Implement strong user based authentication vs device based
Implement data encryption and do not rely on WEP
Attempt to create a centralize management point
Dynamic session-based encryption keys
it is very costly to maintain manually separate user database or to distribute
keys to each devices.
Keys should be changed automatically at fixed intervals and on
reauthentications, making them more difficult for intruders to crack than
static WEP keys
Mutual authentication
So that a client isn't deceived by a "rogue" (unauthorized) access point
25
51
Defend Yourself – HOWTO
A.
Wireless LAN behind a firewall (treat as untrusted)
B.
Do not use the default SSID
Change it regularly
Disable SSID broadcast if your device supports it
C. Make use of WEP, it is better than nothing
Change the WEP key from the default
Attempt to use product that dynamically generates key
D. Ban rogue networks
E. Ensure a policy exists that restricts WLANs from
being established without formal approval.
25
52
Defend Yourself – HOWTO
F. Add personalized authentication
Using MAC address
(802.1x)-based control lists
G. Leverage existing RADIUS servers
Integrate wireless LANs into the existing RADIUS infrastructure to
more simply manage users. It not only enables wireless
authentication, but also ensures wireless users go through the same
authorization and accounting approvals as remote users.
H. Not all WLANs are created equal, many manufacturer
equipment does not include enhanced security features.
I. Consider using a VPN
Virtual Private Networks have been deployed over the Internet to
allow secure communications for years. The same can be deployed
in a wireless environment to add Layer 3 encryption to the wireless
(Layer 2) communication.
25
53
FUN STUFF – Expedient Antennas
WLAN Can also be fun to experiment with
Keep you Pringles cans for your expedient antennas
25
54
FUN STUFF – WarPumpkin
WLAN Hackers Can Adapt to seasonal changes
Open WLAN, SSID=GoAway, Speed=1.5Mbps
25
55
WAR DRIVING
Are network really as badly protected as it is claimed
25
56
Questions ?
For further info
Clément Dupuis
[email protected]
Downloadable version available at:
http://www.cccure.org/Documents/Wireless/OTS2002.zip
57
25
WLAN Online References
The ultimate guide to WarXing
http://www.kraix.com/downloads/TDGTW-WarXing.txt
Great article on Security News Portal on how to defend yourself:
http://www.securitynewsportal.com/cgi-bin/cgiscript/csNews/csNews.cgi?database=JanR%2edb&command=viewone&id=3
4&op=t
The Ethernet Wireless Compatibility alliance
http://www.wi-fi.org
25
58
WLAN Assessment Software
Netstumbler
http://www.netstumbler.com
WEPcrack
http://wepcrack.sourceforge.net
AirSnort
http://airsnort.shmoo.com/
Kismet
http://www.kismetwireless.net/index.shtml
Aerosol
http://www.sec33.com/sniph/aerosol.php
APSniff
http://www.zdnet.com.au/downloads/pc/swinfo/0,2000036
746,7997854,00.htm
Wellenreiter
http://www.remote-exploit.org
Triangulation
http://www.ekahau.com/
25
59
Commercial WLAN Assessment Software
Distributed Wireless Security Auditor, IBM
http://www.research.ibm.com/resources/news/20020617_
dwsa.shtml
AirDefense Security Appliance
http://www.airdefense.net/
AirMagnet PDA
http://www.airmagnet.com/
Airopeek NX
http://www.wildpackets.com/products/airopeek_nx
NAI Sniffer Pro Wireless
http://www.nai.com/
25
60
Other Fun tools and Projects
Fake AP
http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
Pringle Can Antenna Recipe
http://verma.sfsu.edu/users/wireless/pringles.php
Milk Can Antenna Recipe
http://reseaucitoyen.be/?BoiteDeConserve1
Map and Statistics of Toronto War Driving
http://www.nakedwireless.ca/winudcol.htm
25
61