Transcript Tenth-Part-Security_Tahani-Qaisix

Wireless Networks
Security
Tahani Qaisi
Outlines
•
•
•
•
•
•
•
Introduction to wireless security
Modes of unauthorized access.
Security measures
Security risks
Implementing a secure network
Conclusion
references
Wireless Security
 Security context between two (network) entities should
provide
• Authentication - to prove identity
• Integrity - to detect altered packets
• Privacy - to prevent eavesdropping
Wireless Security
• Wireless security is the prevention of unauthorized access or damage to
computers using wireless networks.
• The mobility advantage:
• Crackers have found wireless networks relatively easy to break into,
and even use wireless technology to crack into wired networks.
• Wireless Intrusion Prevention Systems (WIPS)
• Great number of security risks associated with the current wireless
protocols and encryption methods, as carelessness and ignorance exists at
the user and corporate IT level.
• Cracking methods have become much more sophisticated and innovative
with wireless.
Unauthorized Access
There are four modes for unauthorized access:
 Accidental Associations:
When a user turns on a computer and it latches on to a
wireless access point from a neighboring company’s
overlapping network.
 Non-traditional Networks:
Such as personal network Bluetooth devices are not safe from
cracking and should be regarded as a security risk.
Unauthorized Access
 Malicious Associations:
• When the attackers use their wireless devices to connect
to a company network through their cracking laptop
instead of a company access point (AP).
• These laptops are known as “soft APs” and are created
when a cracker runs some software that makes his wireless
network card look s like a legitimate access point.
Unauthorized Access
 Ad hoc Networks:
• The security hole provided by Ad hoc networking is not the
Ad hoc network itself but the bridge it provides into other
networks.
• Bridging is in two forms:
• Direct: when the user actually configure the bridge
between the two connections.
• Indirect: which is the shared resources on the user
computer, the critical data will be exposed to discovery,
and will provide a route to the secured network.
Wireless intrusion prevention system
• (WIPS) is a network device that monitors the radio spectrum for the
presence of unauthorized access points (intrusion detection), and can
automatically take countermeasures (intrusion prevention).
• A wireless intrusion detection system (WIDS) monitors the radio
spectrum used by wireless LANs, and immediately alerts a systems
administrator whenever a rogue access point is detected.
Conventionally it is achieved by comparing the MAC address of the
participating wireless devices.
• A WIPS also includes features that prevent against the threat
automatically.
Security Measures
• Default 802.11b Authentication Schemes
•
•
•
•
•
Service Set Identifier (SSID)
MAC ID filtering
Static IP addressing
Open Authentication (null)
Shared-Key Authentication
• Wired Equivalent Privacy (WEP)
• Temporal Key Integrity Protocol – TKIP
• Remote Authentication Dial-In Service (RADIUS)
• WPA (Wi-Fi Protected Access)
• 802.11i security
• WPAv2
Security Measures
• SSID hiding:
A simple but ineffective method to attempt to secure a wireless network is
to hide the SSID (Service Set Identifier).
• MAC ID filtering:
One of the simplest techniques is to only allow access from known, preapproved MAC addresses. Most wireless access points contain some type
of MAC ID filtering.
• Static IP addressing
Typical wireless access points provide IP addresses to clients via DHCP.
Requiring clients to set their own addresses makes it more difficult for a
casual or unsophisticated intruder to log onto the network, but provides
little protection against a sophisticated attacker.
Security Measures
• Open System Authentication
Any client can associate with AP
• Null authentication algorithm
• Consists of two messages
 Authentication Request
 Authentication Response
Security Measures
• Shared-Key Authentication
 A shared secret (!) key to authenticate the client to the AP
• Uses a challenge response protocol
– A random number as a challenge
 A simple Attack
• Record one challenge/response by a sniffer
• Use the challenge to decrypt the response and recover the
key stream
• Use the recovered key stream to encrypt any subsequent
challenge
AP
STA
Wired Equivalent Privacy (WEP)
• Introduced in 1997 to provide “privacy of wire”
• Uses RC4 for encryption
 WEP Key + initialization vector (IV) are fed into a pseudorandom
number generator
 40 bits or 128 bits (104 + 24 IV)
• The IV, Encrypted Message, and checksum are sent in the
802.11 packet
• IV is changed periodically
 Reuse of key streams
• No Key Management Protocol
• Uses pre-shared static keys (PSK)
 Manually distributed keys
802.11 WEP Frame
802.11
header
IV
KEY ID
Unencrypted
Encrypted
Payload
ICV
(FCS)
ICV is a CRC-32
checksum over the
Payload (802 Header
and the Data)
Security in WEP
Caffe Latte attack
• The Caffe Latte attack is a way to defeat WEP. It is not
necessary for the attacker to be in the area of the network
using this exploit, it is possible to obtain the WEP key from a
remote client.
• By sending a flood of encrypted ARP requests, the assailant
takes advantage of the shared key authentication and the
message modification flaws in 802.11 WEP.
• The attacker uses the ARP responses to obtain the WEP key in
less than 6 minutes.
Security Measures
• Temporal Key Integrity Protocol – TKIP
– Defined in IEEE 802.11i specs for WiFi networks to replace
WEP
– Short-term solution to WEP
• Deployed on existing H/W
– Uses a key scheme based on RC4 like WEP, but encrypts every data
packet with its own unique encryption key
• Hashes IVs
– Encrypted IVs, not easy to sniff
– IV sent as plaintext in weak WEP
• Message Integrity Check (MIC)
– Provides per-packet key-mixing
TKIP cont..
• MIC – Message Integrity Check
– Prevent Insertion Attack
• Hacker can determine the encrypted value & the plaintext
– When results are XORed the PRGA streaming key is
revealed
• Disable extracting the streaming key from the message
Security Measures
• Remote Authentication Dial-In Server (RADIUS)
– Authentication, Authorization, Accounting (AAA)
– Originally developed for remote modem users by
Livingston Enterprises, 1997
– Responsible for authenticating remote connections
– Provide authorization to network resources
– Logging for accountability purposes
– Controls various aspects of authorization
• Time-limits
• Re-keying
– Many RADIUS servers use EAP
EAP
• The Extensible Authentication Protocol (EAP), defined in RFC
2284.
• EAP provides support of multiple authentication methods by
using anything from smartcards to digital certificates to
authenticate a user, instead of using a username and
password.
• Originally created for use with PPP
• Inherent weaknesses:
– Lack of protection of the user identity or EAP negotiation
– No standardized mechanism for key exchange
– No built-in support for fragmentation and reassembly
– Lack of support for fast reconnect
Some Authentication Protocols
• EAP-TLS (Transport Level Security)
– a TLS handshake is used to mutually authenticate a client and server
• EAP-TTLS extends this (Tunneled TLS)
– Uses the secure connection established by the TLS handshake to
perform additional authentication, such as another EAP or another
authentication protocol such as CHAP
– Establish keying material
• PEAP (Protected EAP)
– Similar to EAP-TTLS but only allows EAP for authentication
– Also has key exchange, session resumption, fragmentation and
reassembly
WTLS’s Security Problems
 Security GAP
• reason: WTLS session exists only between the WAP device and
the Gateway.
 Solutions:
• Place Gateway and the back-end system within a secure
environment.
• Provide integrity protection on information(digital signatures).
Challenge Message
• Authentication depends on a secret key known only to authenticator
and client
• Radius server sends challenge to client via access point
• This challenge packet will vary for each authentication attempt
• The challenge is pulled from information contained a table of known
secrets
• New challenge can be sent at intervals based on Radius server
settings, or upon client roaming
Calculated Hash
Start
• Client responds with a calculated value using
a “one way hash” function
• This value is derived from a known secrets list
Authentication Granted/Denied
• Radius server checks response against it own calculated
hash
• If it matches, then authentication is acknowledged to AP
and client
• If authentication is not achieved, the AP will not permit
any traffic for that client to pass
Wireless
Laptop
Computer
Radius
Server
Access
Point
Ethernet
Association
Access Blocked
802.11 Associate
802.11
Radius
EAPOW
EAPOL-Start
EAP-Request/Identity
EAP-Response/Identity
Radius-Access-Request
Radius-Access-Challenge
EAP-Request
EAP-Response (Cred)
Radius-Access-Request
Radius-Access-Accept
EAP-Success
EAPOW-Key (WEP)
Access Allowed
Wi-Fi Protected Access (WPA)
• Wi-Fi Protected Access
– Works with 802.11b, a and g
•
•
•
•
“Fixes” WEP’s problems
Existing hardware can be used
802.1x user-level authentication
TKIP
–
–
–
–
–
RC4 session-based dynamic encryption keys
Per-packet key derivation
Unicast and broadcast key management
New 48 bit IV with new sequencing method
Michael 8 byte message integrity code (MIC)
• Optional AES support to replace RC4
WPA
•
•
•
•
•
Created by Wi-Fi Alliance
Used basic outline of 802.11i (partly implemented of 802.11i)
802.11i requires more powerful H/W for AES
Instead, employ a software/firmware upgrade
Michael Algorithm
802.11i
• WPA2 Robust Security Network extends WPA
– Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)
– Based on a mode of AES, with 128 bits keys and 48 bit IV.
– Also adds dynamic negotiation of authentication and
encryption algorithms
– Allows for future change
• Does require new hardware
• Not backward compatible with WEP
WEP vs. WPA
• Poor encryption
• 40 bit keys
• Keys are static and
shared
• Manual key distribution
• WEP key is used for
authentication and
encryption
• No known flaws in
encryption
• 128-bit keys
• Session keys are
dynamic
• Automatic key
distribution
• 802.1x/EAP user
authentication
WPA and 802.1x
• 802.1x is a general purpose network access control mechanism
– Port based network access
• Provides Authentication to devices attached to a LAN port
– Establishes point-to-point connection
– Based on EAP
• WPA has two modes
– Pre-shared mode, uses pre-shared keys
– Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS
server making the authentication decision
– EAP is a transport for authentication, not authentication itself
– EAP allows arbitrary authentication methods
Practical WAP Attacks
• Dictionary attack on pre-shared key mode
• Denial of service attack
– If WPA equipment sees two packets with invalid MICs in 1
second
• All clients are disassociated
• All activity stopped for one minute
• Two malicious packets a minute enough to stop a
wireless network
Typical WLAN Attacks
•
•
•
•
•
•
WEP Cracking
MAC Attack
Man-in-the-Middle Attack (Rogue AP)
Dictionary Attack
Session Hijacking
Denial-of-Service (DoS)
WEP Cracking
• Static Encryption Keys
– Periodical & manual change on all devices
•
•
•
•
Manually Distributed Keys
Key stream Reuse
RC4 Key Scheduling Algorithm
Message Authentication
• Solutions:
– Authentication mechanisms using VPN
– AES like advanced encryption methods
MAC Attack
• Same as WEP cracking
• Address spoofing
• MAC Filtering won’t work
• Solution: authentication mechanisms such as 802.1x or VPN
Man-in-the-Middle Attack
• Rogue AP
• Capture Necessary Info
–
–
–
–
–
Network’s SSID
IP addresses
Wireless NIC’s association ID
Re-associate user’s NIC with bogus AP
Access to all data b/w them, including login info
• Solution: VPN and authentication mechanisms
Dictionary Attack
• Relies on conventional names & words being used as
login name & password
• Gathers a challenge & response exchange from a
password-based protocol.
• Use of open source tools to decrypt login
information
• Solutions:
– Use a combination of letters and numbers
– Use authentication mechanisms as 802.1x or VPN
Session Hijacking
•
•
•
•
Insertion attacks
Redirect the session from a legitimate end point
Set up an access point
WLAN clients try to connect by sending their authentication
information
• Solution: Authentication mechanisms 802.1X and VPN
Denial-of-Service (DoS) Attack
• Flooding APs with illegitimate traffic
• Overwhelm available bandwidth
• Slow or Stop legitimate users from accessing the network
• Solution: MAC filtering
Secure Implementation
1.
2.
3.
4.
5.
6.
7.
8.
Implement Strong Physical Security Controls
Avoid Excessive Coverage of Wireless Networks
Secure Access Points
Use Non-suggestive Service Set Identifier (SSID) Naming
Conventions
Disable Direct Client-to-Client “Ad-Hoc Mode” Transmissions
Keep Security Patches Up-to-date
Employ MAC Address Filtering on Access Points
Deploy Wireless Intrusion Detection Systems
Conclusion
• 802.11 is insecure:
– 802.11 encryption is readily breakable, and 50-70% of networks never
even turn on encryption.
– Hackers are exploiting these weaknesses in the field.
• Today wireless networks are helping and definitely providing the
opportunity to cut costs, to increase the productivity and mobility.
• The key to keep up and creating a security wireless network is take in
consideration the security measures.
References
• www.en.wikipedia.org/wiki/Wireless_security
• Frankel, Sheila, et al. "Establishing wireless robust
security networks: a guide to IEEE 802.11 i." National
Institute of Standards and Technology (2007).
• http://www.metageek.net/blog/2012/12/wirelesssecurity-basics/
• Karygiannis, Tom, and Les Owens. "Wireless network
security." NIST special publication 800 (2002): 48.
• http://en.wikipedia.org/wiki/IEEE_802.1X
• http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy