TKIP - Openloop Technologies

Download Report

Transcript TKIP - Openloop Technologies

WLAN SECURITY
TEAM NAME : Crypto_5
TEAM MEMBERS:
Rajini Ananthoj
Srimani Reddy Gatla
Ishleen Kour
Pallavi Murudkar
Deepagandhi Vadivelu
Agenda







WLAN and architecture
Security issues faced in WLAN
Basic security of WLAN
solutions for WLAN security
802.1X
EAP Authentication methods
TKIP
CCMP
Intrusion prevention system
Hardware solutions
Things you can do to secure your wireless network
Conclusion
References
WLAN and Architecture

WLAN: Linking of two
or more computers
without using wires
which uses spread
spectrum technology
based on radio waves.
Basic security in WLAN
SSIDs, WEP, and MAC Address Authentication:
Service Set Identifiers: Prevents access by any client device that
does not have the SSID.
Open or shared-key authentication, static WEP key: Access
point sends the client device a challenge-text packet which client
must encrypt
Media Access Control authentication: clients MAC address
matches an address in an authentication table
Issues of WLAN Security





Ad- hoc Networks
Policy violation
Identify theft
Man in the middle attack
Denial of service attack
How WEP works…
WEP Issues…





Uses RC4, a synchronous stream cipher
Does not provide mechanism for sharing Keys
Changing the Initialization Vector (IV) with each packet is
optional
CRC-32 checksum used for message integrity is linear
Concatenates IV directly to the Pre- shared key to produce a key
for RC4
What is wrong with 802.11 security





Binds itself to cryptographic algorithm
No security support for handshake
Pre- shared keys
One –way authentication
Wired equivalent privacy (WEP)
Wi-Fi Protected Access (WPA)
 Interim interoperable standard created by Wi-fi alliance in
response to weaknesses in Wired Equivalent Privacy (WEP)
 Intermediate measure to take the place of WEP while 802.11i
was prepared
 Designed to work with all wireless network interface cards, but
not all first generation wireless access points.




Goals of WPA
To address the issues with WEP encryption through a software
upgrade
To provide a secure wireless networking solution for small
office/home office (SOHO) wireless users
To be forward-compatible with the upcoming IEEE 802.11i
standard
Features of WPA


WPA Authentication
Pre-shared key (PSK)




every user given the same pass-phrase
less secure
preferred for Personal mode - homes, small offices
IEEE 802.1X authentication



server distributes different keys to each user
enhanced security and authentication
preferred for enterprise mode - business, government, education

Encryption



Key Management


RC4 stream cipher using 128-bit key, 48-bit IV
larger IV defeats Key recovery attack
Temporal Key Integrity Protocol (TKIP) - dynamically changes
encryption keys for each packet.
Payload Integrity




8 Byte Message integrity code( MIC)
Calculated by algorithm called Michael
Between the payload of the 802.11 frame and the 4-byte ICV
MIC includes a frame counter to prevent replay attacks
Thus, WPA makes breaking into a Wireless LAN difficult by

Increasing the size of the keys and IVs

Reducing the number of packets sent with related keys

Adding a secure message verification system
IEEE 802.11i / WPA2




An amendment to the 802.11, specifying security mechanisms for
wireless networks
The draft standard was ratified on 24 June 2004
adds stronger encryption, authentication, and key management
strategies
makes use of the Advanced Encryption Standard (AES) block
cipher instead of RC4 stream cipher.

the use of WPA2 needs firmware or driver support of the wireless
host (router or access point) and the wireless client (adapter).
Components of WPA2




802.1X Port-Based Network Access Control – for
authentication
Counter Mode with CBC-MAC Protocol (CCMP) – for
confidentiality, integrity and origin authentication
Temporary Key Integrity Protocol (TKIP) (check)
4-Way Handshake – for Encryption key distribution
Comparisons between WPA and WPA2 modes
Enterprise Mode
(Business,
Government,
Education)
Personal Mode
(SOHO,
Home/Personal)
WPA
WPA2
Authentication:
IEEE
802.1X/EAP ·
Encryption:
TKIP/MIC
Authentication:
PSK ·
Encryption:
TKIP/MIC
Authentication:
IEEE
802.1X/EAP ·
Encryption: AESCCMP
Authentication:
PSK ·
Encryption: AESCCMP
IEEE 802.1X





802.1X is an IEEE standard for port-based Network Access
Control for LANs
For WLANs, it is based on the EAP, Extensible Authentication
Protocol
Fullfills the security loopholes of access control, authentication
and key management in 802.11 architecture
Contributes to a solution –RSN
The authentication is usually done by a third-party entity, such as
a RADIUS server
802.1X Authentication and Access Control
Client -Supplicant
Access point -Authenticator

Authenticator deals with controlled and uncontrolled ports








802.1X Key Management : Broadcast Key Rotation
(BKR):
AP periodically broadcasts the WEP shared / root key
Mobiles creates session encryption keys by combining
the IV with the broadcast root key
Larger key space: key-hopping cycles through IV
space as well as the session key set
Message Integrity
A non-linear MIC prevents bit-flip attacks on encrypted
packets.
Implemented on access point and client devices
Adds a few bytes to each packet to make the packets
tamper-proof
EAP AUTHENTICATION METHODS

EAP-MD5: Requires username/password , does not provide dictionary attack
resistance, mutual authentication, or key derivation

Lightweight EAP (LEAP): A username/password combination is sent to a
Authentication Server (RADIUS) for authentication.


EAP-TLS: Creates a TLS session within EAP, between the Supplicant and the
Authentication Server. Both the server and the client(s) need a valid (x509)
certificate, and therefore a PKI. This method provides authentication both ways.

EAP-TTLS: Sets up a encrypted TLS-tunnel for safe transport of authentication
data. Within the TLS tunnel, (any) other authentication methods may be used.

Protected EAP (PEAP): Uses, as EAP-TTLS, an encrypted TLS-tunnel.
Supplicant certificates for both EAP-TTLS and EAP-PEAP are optional, but
server (AS) certificates are required

EAP-MSCHAPv2: Requires username/password, and is basically an EAP
encapsulation of MS-CHAP-v2 .Usually used inside of a PEAP-encrypted tunnel
TKIP - Temporal Key Integrity
Protocol




RC4 stream cipher as in WEP
Keys used for encryption - 128-bit long
Keys used for authentication - 64 bit long
TKIP provides


Per-Packet Key Hashing to Mitigate "Weak IV" Attacks:
Each time a wireless station associates to an access point,
a new base key is created which is built by hashing base
key with the IV.
Prevention of Collision attacks: Each packet transmitted
using TKIP has a unique 48-bit serial number which
incremented every time a packet is transmitted. This
solves another problem in WEP, called "collision attacks,"
which can occur when the same key is used for two
different packets.
CCMP (Counter Mode with CBC
MAC Protocol)





CCMP uses the counter mode (CTR) for data confidentiality
and the Cipher Block Chaining Message Authentication Code
(CBC-MAC) for data integrity.
It uses the Advanced Encryption Standard (AES) algorithm
with a 128-bit key and a 128-bit block size.
CCMP provides MIC protection over both the frame body and
nearly the entire header in a MAC frame, which prevents an
adversary from exploiting the MAC headers.
CCMP uses a 48-bit Packet Number (PN) to prevent replay
attacks and construct a fresh nonce for each packet
Analysis suggests that once CCMP is implemented, an
adversary will not able to break the data confidentiality and
integrity without the knowledge of the key.
Dynamic Key Exchange and
Management
802.11i - key derivation/management regime
IPS - Intrusion Prevention
System



An intrusion prevention system is a computer
security device that exercises access control to
protect computers from exploitation.
IPS make access control decisions based on
application content, rather than IP address or ports
as traditional firewalls.
Access points acts as air monitors and data
forwarding devices which allows access points to
communicate real-time information about the
wireless domain, including potential security threats
to Wireless LAN controllers
Cisco Unified IDS/IPS


The Cisco Unified IDS/IPS is part of the Cisco Self-Defending
Network and is the industry's first integrated wireline and
wireless security solution.
When an associated client sends malicious traffic through the
Unified Wireless network, the Cisco wireline IDS device
detects the attack and sends shun requests to Unified WLAN
controllers which will then disassociate the client device
Some other solutions



Smart cards
 Beneficial in environments requiring authentication beyond
simple username and password
 User certificate and other information are stored on the cards
 Portable - users can securely access their networks from
various locations
VPN
 Provides secure data transmission across public network
infrastructures.
 VPNs employ cryptographic techniques to protect IP
information as it passes from one network to the next .
 Use IPsec Protocol suite for ensuring private communications.
Biometrics
 For agencies needing higher levels of security, biometrics such
as fingerprint/palm-print scanners , optical scanner can be
integrated with wireless smart cards
Things you can do to secure your wireless
network.






Change the default Admin password on your Access Point
Check / Update the firmware for your Wireless Access Point and
drivers for your Wireless Adapter.
Use the highest level of WEP/WPA (WPA2/802.11i strongly
preferred) -- Use decent keys.
Authenticate wireless users with protocols like 802.1X, RADIUS,
EAP (including EAP-PAX, EAP-PSK, EAP-TLS, EAP-TTLS,
PEAP, and EAP-SIM).
Use strong encryption for all applications you use over the
wireless network, e.g., use SSH and TLS/HTTPS.
Encrypt wireless traffic using a VPN (Virtual Private Network),
e.g. using IPSEC or other VPN solutions.
Conclusion
The optimal security solution for WLAN
involves a combination of security
technologies.
 A detailed threat risk assessment and
analysis is essential to determine which
security measures or combination of
measures are the most effective.

References








en.wikipedia.org/wiki/Wi-Fi_Protected_Access
en.wikipedia.org/wiki/WPA2
http://en.wikipedia.org/wiki/IEEE_802.1x
en.wikipedia.org/wiki/TKIP
http://www.networkworld.com/reviews/2004/1004wir
elesstkip.html
http://tldp.org/HOWTO/html_single/8021XHOWTO/#p8021x
www.wi-fiplanet.com/tutorials/article.php/953561
www.drizzle.com/~aboba/IEEE/