Wireless Security
Download
Report
Transcript Wireless Security
Wireless Security
Chi-Shu Ho, Raymond Chi
CS265
Cryptography and Computer Security
SJSU
November 18, 2003
Wireless Networks
According to PC Magazine, 14 million American
household equipped with PC based data networks
by end of 2003
40% are wireless networks
Growing in popularity due to
– Convenience compare to traditional wired networks
– price cuts of wireless networking components, full setup
for under $200
Commercial establishments offering wireless
access as ways to attract customers.
They are everywhere! Parents have filed lawsuits
against some (elementary) schools for putting up
wireless access points!
Standards
IEEE formed 802 working group in 1980s
– Researchers, academics, and industrial
professionals working toward the development
of an industry standard
Adopted 802 standard as the ground level
networking standard in 1990.
– 802.3 for Ethernet networking
– 802.11 for wireless networking in 1997
Incremental enhancements of 802.11
– 802.11a, 802.11b, 802.11.g
802.11 Basics
Operating Frequency
US: 2.4000-2.4835Ghz
Europe: 2.4000-2.4845Ghz
Japan: 2.471-2.497Ghz
France: 2.4465-2.4835Ghz
Spain: 2.445-2.475Ghz
Transfer Rate: 1.2mbps
Mechanism:
Direct Sequence Spread Spectrum (DSSS)
http://www.pcwebopedia.com/TERM/D/DSSS.html
Frequency Hopped Spread Spectrum (FHSS)
http://www.pcwebopedia.com/TERM/F/FHSS.html
The Big Three
802.11b
– A Great Leap Forward
• First major revision of 802.11, approved in
1999
– Frequency: 2.4Ghz
– Transfer Rate (theoretical): 1, 2, 5.5, 11Mbps
– Transfer Rate (throughput): 4Mbps (average)
– Mechanism: Direct Sequence Spread Spectrum
(DSSS)
– Channels Available: 11 (3 non-overlapping)
– Maximum Range: 175ft (average)
– Pros: Cost, Range
– Cons: 2.4Ghz is unlicensed, overcrowded,
microwave oven, cordless phone, bluetooth
device…
The Big Three
802.11a
– Faster and Faster
• Approved and ratified by IEEE in in 2001
– Frequency: 5.8Ghz
– Transfer Rate (theoretical): up to 54Mbps
– Transfer Rate (throughput): 20-30Mbps (average)
– Mechanism: Orthogonal Frequency Division Multiplexing
(OFDM)
– Channels Available: 12 (all non-overlapping)
– Maximum Range: 80ft (average)
– Pros: increased data rate, less interference
– Cons: short range, lack of backward compatibility with
802.11b
The Big Three
802.11g
–
–
–
–
–
–
–
–
–
New Guy on the Block
Frequency: 2.4Ghz
Transfer Rate (theoretical): up to 54Mbps
Transfer Rate (throughput): 20-30Mbps
(average)
Mechanism: Complimentary Code Keying (CCK),
backward compatible with DSSS
Channels Available: 3 (1, 6, 11)
Maximum Range: 175ft (average)
Pros: compatible with 802.11b, speed
Cons: relatively new
802.11 Security Mechanism
Authentication
– Between stations and access points (AP)
Data Encryption
– Wired Equivalent Privacy (WEP)
802.11 Authentication
Ad-Hoc Mode
– Direct station to station connection
Infrastructure Mode
– Connection through Access Point (AP)
– Process of finding an access point and
establish connection has the following 3
states
• 1: Unauthenticated and unassociated
• 2: Authenticated and unassociated
• 3: Authenticated and associated
State 1
Unauthenticated and unassociated
In this state when a wireless station is
searching for an access point.
Finds AP by
– Listen for AP’s beacon management frame
– Knowing AP’s Service Set Identifiers (SSID)
• Sending out probe request to locate desired access
point
State 2
Authenticated and unassociated
After station finds AP, a series of message is
exchanged to authenticate each other’s identity
Open System Authentication
– Station sends message, AP determines whether to grant
access or not
Shared key Authentication
– Uses WEP to determine if a station has access
authentication
– AP and station shares a secret key
– AP sends a 128bit generated challenge text
– Station encrypts and sends data back to AP
– Grant access if AP can decrypt it using the shared key
State 3
Authenticated and associated
After both parties have been
authenticated, the station is in state 2.
It then sends an association request, and
AP accepts the request.
Useful for roaming
Wired Equivalent Privacy
Encryption standard defined by the IEEE
802.11 Standard
Uses a shared secret key for both
encryption and decryption
Distribution of shared secret key to
stations is not standardized.
Based on RC4 stream cipher
has built-in defense against known attacks
Initialization Vector (24-bit) concatenated
with 40-bit shared secret key to produce
different RC4 key for each packet
Integrity Check (IC) field to protect content
WEP Encryption
WEP Frame
802.11 Header
IV
Data
WEP Only Protects DATA
Not
Physical Layer Transmissions
IC
Good Guy vs Bad Guy
How to make your wireless
network secure?
SSID
– Configure AP not to broadcast SSID, station
has to know SSID in advance to connect.
SSID Weakness!
SSID is sent across the
wireless network in
plaintext!
– Not difficult to configure
off the shelf equipment to
sniff for wireless traffic
Imposter Access point can
easily be set up
– How do you know you’ve
connected to the right AP?
SSID Map
Network Stumbler
How to make your wireless
network secure?
Access Control Lists
– Base on MAC address
– Configure AP to only allow connection from
‘trusted’ stations with the right MAC address
– Most vendors support this, although not in the
standard
MAC Weakness
MAC address can be sniffed by an
attacker because they are again sent
in the clear!
MAC addresses can be easily changed
via software (no guarantee of
uniqueness!)
How to make your wireless
network secure?
Use WEP encryption/decryption as
authentication mechanism
Use WEP to encrypt data
transmitted to guard against
eavesdropping
WEP Weakness
WAP’s security mechanism not implemented
correctly!!!
IC field is to protect data integrity, but CRC-32 is linear
(flipping a bit in the message causes a set number of bits
to flip in the IC)!
IV is 24-bit, too short! Easily capture ciphertext with
the same IV. Same IV => same encryption key =>
attacker can obtain multiple key/ciphertext pair for
statistical analysis.
Secret Key is too short, 40 bits, shared, cannot be
updated frequently!
AirSnort (http://airsnort.shmoo.com/)
AirSnort is a wireless LAN (WLAN) tool which recovers
encryption keys. AirSnort operates by passively
monitoring transmissions, computing the encryption key
when enough packets have been gathered.
WEP Conclusion
Existing security mechanism of 802.11 is very
weak and can only provide protection against
incompetent “script kiddy”
Unless other security mechanism are used,
determined hackers will be able to break all the
security measures in 802.11.
Example of designing security features without
consulting experts!!
Ok for home use, insufficient for company to use
What can you do?
– Hide (good/random) SSID, MAC list
– Increase secret key length, change frequently
– WPA, 802.11i
WPA (Wi-Fi Protected Access)
Improved data encryption through the temporal key
integrity protocol (TKIP).
– 48-bit initialization vector
– Per packet key mixing function, automatically generates a new
unique encryption key periodically for each client
– Message integrity check (Michael)
• Calculates an 8-byte MIC, placed between the data portion of
802.11 frame and the IV, encrypted
– Dynamic key encryption
Enterprise level User authentication via 802.1x and EAP
– Utilize a central authentication server (such as RADIUS) to
authenticate user on the network before they join in
– Mutual authentication, station doesn’t join rogue network that
might steal its network credentials.
– For SOHO environment, operates in Pre-Shared Key mode
Forward compatible with 802.11i (subset of 802.11i that are
ready for market today), Designed to run on existing
hardware as a software upgrade
Interim standard that will be replaced with the IEEE’s
802.11i standard upon its completion (potential DOS attack?)
802.11i
Currently in draft form includes an Enhanced
Security Network (ESN) that uses 802.1x to
deliver its authentication and key management
services
802.11i will also provide key distribution, data
origin authentication and replay detection.
All stations and access points in an ESN must
contain an 802.1x port entity and an 802.11i
authentication agent.
An authentication server that participates in the
authentication of all mobile devices and access
points. It may authenticate these devices itself or
it may provide information that the devices can
use to authenticate each other.
References
http://www.pcwebopedia.com/TERM/8/802_11.html
– Contains many excellent links to 802.11
Security (problems) of the WEP algorithm
(http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html)
– Group that published the WEP weakness
http://www.weca.net/OpenSection/pdf/WiFi_Protected_Access_Overview.pdf
Schwartz, Ephraim. Researchers Crack New Wireless
security Spec. InfoWorld 2002.
http://www.infoworld.com/articles/hn/xml/02/02/14/020
214hnwifispec.xml
WPA Security Enhancements (http://www.wifiplanet.com/tutorials/article.php/2148721)