Wireless LAN Security

Download Report

Transcript Wireless LAN Security

Wireless LAN Security
CS391
Overview
 Wireless
LAN Topology
 802.11 Standards
 Simple Security
 WEP
 802.1x
 WPA
 802.11i
Wi-Fi

Wi-Fi (short for “Wireless Fidelity") is the popular
term for a high-frequency wireless local area
network (WLAN)


Promoted by the Wi-Fi Alliance (Formerly WECA Wireless Ethernet Carriers Association)
Used generically when referring to any type of
802.11 wireless networks, whether 802.11a,
802.11b, 802.11g, dual-band, etc. The term is
promulgated by the Wi-Fi Alliance
Wi-Fi


Wi-Fi standards use the Ethernet protocol and
CSMA/CA (carrier sense multiple access with
collision avoidance) for path sharing
The 802.11b (Wi-Fi) technology operates in the
2.4 GHz range offering data speeds up to 11
megabits per second. The modulation used in
802.11 has historically been phase-shift keying
(PSK).

Note, unless adequately protected, a Wi-Fi wireless
LAN is easily accessible by unauthorized users
Wireless LAN Topology

Wireless LAN is typically deployed as an extension of
an existing wired network as shown below.
Wireless LAN Topology

Here is an example of small business usage of Wi-Fi
Network.
DSL
Connection
Etc.
DSL Router
The DSL router and
Wi-Fi AP are often
combined into a
single unit
What is 802.11?

802.11 refers to a family of specifications
developed by the IEEE for wireless LAN
technology. 802.11 specifies an over-the-air
interface between a wireless client and a base
station or between two wireless clients.
 The IEEE accepted the specification in 1997.
802.11 Family Members

There are several specifications in the 802.11 family:

802.11


Applies to wireless LANs and provides 1 or 2 Mbps
transmission in the 2.4 GHz band using either
frequency hopping spread spectrum (FHSS) or direct
sequence spread spectrum (DSSS).
802.11a

An extension to 802.11 that applies to wireless LANs
and provides up to 54 Mbps in the 5GHz band.
802.11a uses an orthogonal frequency division
multiplexing encoding scheme rather than FHSS or
DSSS.
802.11 Family Members

802.11b


(also referred to as 802.11 High Rate or Wi-Fi) is an
extension to 802.11 that applies to wireless LANs and
provides 11 Mbps transmission (with a fallback to 5.5,
2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses
only DSSS. 802.11b was a 1999 ratification to the
original 802.11 standard, allowing wireless
functionality comparable to Ethernet.
802.11g

Applies to wireless LANs and provides 20+ Mbps in
the 2.4 GHz band.
802.11
 The
newest IEEE standard in the Wi-Fi
category is 802.11n.
 Designed to improve on 802.11g in the
amount of bandwidth supported by utilizing
multiple wireless signals and antennas
instead of one. 802.11n connections
should support data rates of over 100
Mbps (up to 600Mbps). 802.11n also
802.11n
 offers
somewhat better range over earlier
Wi-Fi standards due to its increased signal
intensity. 802.11n equipment will be
backward compatible with 802.11g gear.
802.11 Standards
802.11
The original WLAN Standard. Supports 1 Mbps to 2 Mbps.
802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps.
802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps.
802.11e Address quality of service requirements for all IEEE WLAN radio
interfaces.
802.11f Defines inter-access point communications to facilitate multiple
vendor-distributed WLAN networks.
802.11g Establishes an additional modulation technique for 2.4 Ghz
band. Intended to provide speeds up to 54 Mbps. Includes
much greater security.
802.11h Defines the spectrum management of the 5 Ghz band for use in
Europe and in Asia Pacific.
802.11i
Address the current security weaknesses for both authentication
and encryption protocols. The standard encompasses 802.1X,
TKIP, and AES protocols.
802.11 Authentication

The 802.11 standard defines several services that
govern how two 802.11 devices communicate. The
following events must occur before an 802.11 station can
communicate with an Ethernet network through a
wireless access point provides:
1.
2.
3.
4.
5.
6.
7.
8.
Turn on the wireless Client
Client listens for messages from any access points (AP) that are
in range
Client finds a message from an AP that has a matching SSID
Client sends an authentication request to the AP
AP authenticates the station
Client sends an association request to the AP
AP associates with the station
Client can now communicate with the Ethernet network thru the
AP
What Exactly Is 802.1x?
 Standard
set by the IEEE 802.1 working group.
 Describes a standard link layer protocol used for
transporting higher-level authentication
protocols.
 Works between the Supplicant (Client Software)
and the Authenticator (Network Device).
 Maintains backend communication to an
Authentication (Typically RADIUS) Server.
What Does it Do?




Transport authentication information in the form of
Extensible Authentication Protocol (EAP) payloads.
The authenticator (switch) becomes the middleman for
relaying EAP received in 802.1x packets to an
authentication server by using RADIUS to carry the EAP
information.
Several EAP types are specified in the standard.
Three common forms of EAP are
EAP-MD5 – MD5 Hashed Username/Password
EAP-OTP – One-Time Passwords
EAP-TLS – Strong PKI Authenticated Transport Layer
Security (SSL)
802.1x Header
EAP Payload
What is RADIUS?






RADIUS – The Remote Authentication Dial In User Service
A protocol used to communicate between a network device
and an authentication server or database.
Allows the communication of login and authentication
information. i.e. Username/Password, OTP, etc. using
Attribute/Value pairs (Attribute = Value)
Allows the communication of extended attribute value pairs
using “Vendor Specific Attributes” (VSAs).
Can also act as a transport for EAP messages.
RFC2865, RFC2866 and others
UDP Header RADIUS Header
EAP Payload
802.11 Authentication Flow
Basic 802.11 Security: SSID (the bottom
line)

SSID (Service Set Identifier) or ESSID (Extended
Service Set Identifier)


Each AP has an SSID that it uses to identify itself.
Network configuration requires each wireless client to
know the SSID of the AP to which it wants to connect.
SSID provides a very modest amount of control. It keeps
a client from accidentally connecting to a neighboring AP
only. It does not keep an attacker out.
SSID

SSID (Service Set Identifier) or ESSID
(Extended Service Set Identifier)


The SSID is a token that identifies an 802.11
network. The SSID is a secret key that is set by
the network administrator. Clients must know the
SSID to join an 802.11 network; however, network
sniffing can discover the SSID.
The fact that the SSID is a secret key instead of a
public key creates a management problem for the
network administrator.
• Every user of the network must configure the SSID into
their system. If the network administrator seeks to lock a
user out of the network, the administrator must change
the SSID of the network, which requires reconfiguration
of every network node. Some 802.11 NICs allow you to
configure several SSIDs at one time.
Basic 802.11 Security: MAC Filters

MAC filters



Some APs provide the capability for checking the MAC
address of the client before allowing it to connect to the
network.
Using MAC filters is considered to be very weak security
because with many Wi-Fi client implementations it is
possible to change the MAC address by reconfiguring
the card.
An attacker could sniff a valid MAC address from the
wireless network traffic .
Basic 802.11 Security: WEP

Static WEP keys




Wired Equivalent Privacy (WEP) is part of the 802.11
specification.
Static WEP key operation requires keys on the client and AP
that are used to encrypt data sent between them. With WEP
encryption, sniffing is eliminated and session hijacking is
difficult (or impossible).
Client and AP are configured with a set of 4 keys, and when
decrypting each are used in turn until decryption is
successful. This allows keys to be changed dynamically.
Keys are the same in all clients and AP. This means that
there is a “community” key shared by everyone using the
same AP. The danger is that if any one in the community is
compromised, the community key, and hence the network
and everyone else using it, is at risk.
WEP – How?






When WEP is active in a wireless LAN, each 802.11 packet is
encrypted separately with a RC4 cipher stream generated by
a 64 bit RC4 key. This key is composed of a 24 bit
initialization vector (IV) and a 40 bit WEP key.
The encrypted packet is generated with a bit-wise exclusive
OR (XOR) of the original packet and the RC4 stream.
The IV is chosen by the sender and should be changed so
that every packet won't be encrypted with the same cipher
stream.
The IV is sent in the clear with each packet.
An additional 4 byte Integrity Check Value (ICV) is computed
on the original packet using the CRC-32 checksum algorithm
and appended to the end.
The ICV (be careful not to confuse this with the IV) is also
encrypted with the RC4 cipher stream.
WEP – Sending

Compute Integrity Check Vector (ICV).




Plaintext encrypted via RC4



Provides confidentiality.
Plaintext XORed with long key stream of pseudorandom bits.
Key stream is function of



Provides integrity
32 bit Cyclic Redundancy Check.
Appended to message to create plaintext.
40-bit secret key
24 bit initialization vector (IV).
Ciphertext is transmitted.
WEP – Receiving
Ciphertext is received.
 Ciphertext decrypted via RC4



Ciphertext XORed with long key stream of
pseudo random bits.
Key stream is function of
• 40-bit secret key
• 24 bit initialization vector (IV)

Check ICV



Separate ICV from message.
Compute ICV for message
Compare with received ICV
WEP - Weaknesses



Key Management and Key Size

Key management is not specified in the WEP standard, and
therefore is one of its weaknesses, because without
interoperable key management, keys will tend to be longlived and of poor quality.
The Initialization Vector (IV) is Too Small

WEP’s IV size of 24 bits provides for 16,777,216 different
RC4 cipher streams for a given WEP key, for any key size.
Remember that the RC4 cipher stream is XOR-ed with the
original packet to give the encrypted packet which is
transmitted, and the IV is sent in the clear with each packet.
The Integrity Check Value (ICV) algorithm is not appropriate

The WEP ICV is based on CRC-32, an algorithm for
detecting noise and common errors in transmission. CRC-32
is an excellent checksum for detecting errors, but an awful
choice for a cryptographic hash.
WEP - Weaknesses

WEP’s use of RC4 is weak



RC4 in its implementation in WEP has been found to have
weak keys. Having a weak key means that there is more
correlation between the key and the output than there should
be for good security. Determining which packets were
encrypted with weak keys is easy because the first three
bytes of the key are taken from the IV that is sent
unencrypted in each packet.
This weakness can be exploited by a passive attack. All the
attacker needs to do is be within a hundred feet or so of the
AP.
Authentication Messages can be easily forged

802.11 defines two forms of authentication:
• Open System (no authentication) and
• Shared Key authentication.

These are used to authenticate the client to the access point.
• The idea was that authentication would be better than no
authentication because the user has to prove knowledge of the
shared WEP key, in effect, authenticating himself.
Authentication Type

An access point must authenticate a station before the
station can associate with the access point or
communicate with the network. The IEEE 802.11
standard defines two types of authentication:


Open System Authentication
Shared Key Authentication
Authentication Type: Open System
Authentication

The following steps occur when two devices use
Open System Authentication:




The station sends an authentication request to the access
point.
The access point authenticates the station.
The station associates with the access point and joins the
network.
The process is illustrated below.
Authentication Type: Shared Key
Authentication

The following steps occur when two devices
use Shared Key Authentication:
1.
2.
3.
4.
5.
6.
The station sends an authentication request to the access
point.
The access point sends challenge text to the station.
The station uses its configured 64-bit or 128-bit default key to
encrypt the challenge text, and sends the encrypted text to the
access point.
The access point decrypts the encrypted text using its
configured WEP Key that corresponds to the station’s default
key.
The access point compares the decrypted text with the original
challenge text. If the decrypted text matches the original
challenge text, then the access point and the station share the
same WEP Key and the access point authenticates the
station.
The station connects to the network.

Authentication Type: Shared Key
Authentication
If the decrypted text does not match the original challenge text
(i.e., the access point and station do not share the same WEP
Key), then the access point will refuse to authenticate the station
and the station will be unable to communicate with either the
802.11 network or Ethernet network.
 The process is illustrated in below.
Configuring WEP Parameters

Before enabling WEP on an 802.11 network, you must first
consider what type of encryption you require and the key size
you want to use. Typically, there are three WEP Encryption
options available for 802.11 products:




Do Not Use WEP: The 802.11 network does not encrypt data. For
authentication purposes, the network uses Open System
Authentication.
Use WEP for Encryption: A transmitting 802.11 device encrypts
the data portion of every packet it sends using a configured WEP
Key. The receiving device decrypts the data using the same WEP
Key. For authentication purposes, the wireless network uses Open
System Authentication.
Use WEP for Authentication and Encryption: A transmitting
802.11 device encrypts the data portion of every packet it sends
using a configured WEP Key. The receiving 802.11 device decrypts
the data using the same WEP Key. For authentication purposes, the
802.11 network uses Shared Key Authentication.
Note: Some 802.11 access points also support Use WEP for
Authentication Only (Shared Key Authentication without data
encryption).
Recommended 802.11 Security Practices

Change the default password for the Admin account
SSID

•
•
•
•

Enable MAC Address Filtering
Enable WEP 128-bit Data Encryption. Please note that
this will reduce your network performance

•
•
•
•


Change the default
Disable Broadcast
Make it unique
If possible, Change it often
Use the highest level of encryption possible
Use a “Shared” Key
Use multiple WEP keys
Change it regularly
Turn off DHCP
Refrain from using the default IP subnet
Vulnerabilities
Vulnerabilities

There are several known types of wireless
attacks that must be protected against:








SSID (network name) sniffing
WEP encryption key recovery attacks
ARP poisoning (“man in the middle attacks”)
MAC address spoofing
Access Point management password and SNMP
attacks
Wireless end user (station) attacks
Rogue AP attacks (AP impersonation)
DOS (denial of service) wireless attacks
802.1x



IEEE802.1x is the denotation of a standard that is
titled “Port Based Network Access Control”, which
indicates that the emphasis of the standard is to
provide a control mechanism to connect physically to
a LAN.
The standard does not define the authentication
methods, but it does provide a framework that allows
the application of this standard in combination with
any chosen authentication method.
It adds to the flexibility as current and future
authentication methods can be used without having
to adapt the standard.
802.1x Components

The 802.1x standard recognizes the following
concepts:

Port Access Entity (PAE)
• which refers to the mechanism (algorithms and protocols)
associated with a LAN port (residing in either a Bridge or a
Station)

Supplicant PAE
• which refers to the entity that requires authentication before
getting access to the LAN (typically in the client station)

Authenticator PAE
• which refers to the entity facilitating authentication of a
supplicant (typically in bridge or AP)

Authentication server
• which refers to the entity that provides authentication service to
the Authenticators in the LAN (could be a RADIUS server)
General Description of
IEEE 802.1x Terminology
wireless network
enterprise edge
EAP over wireless
enterprise network
EAP over RADIUS
RADIUS
server
Supplicant
Authenticator
Authentication Server
Operates on client
Operates on devices
at network edge, like
APs and switches
Processes EAP requests
EAP – MD5
WPA




Wi-Fi Protected Access (WPA) is a new security guideline
issued by the Wi-Fi Alliance.
The goal is to strengthen security over the current WEP
standards by including mechanisms from the emerging
802.11i standard for both data encryption and network
access control.
Path: WEP -> WPA -> 802.11i
WPA = TKIP(Temporal Key Integrity Protocol) + IEEE
802.1x
 For encryption, WPA has TKIP, which uses the same
encryption algorithm as WEP, but constructs keys in a
different way.
 For access control, WPA will use the IEEE 802.1x
protocol.
802.11i – Future Wireless Security
Standard



Task group "i" within the IEEE 802.11 is responsible for
developing a new standard for WLAN security to replace
the weak WEP (Wired Equivalent Privacy).
The IEEE 802.11i standard utilizes the authentication
schemes of 802.1x and EAP(Extensible Authentication
Protocol) in addition to a new encryption scheme – AES
(Advanced Encryption Standard) and dynamic key
distribution scheme - TKIP(Temporal Key Integrity
Protocol).
802.11i = TKIP + IEEE 802.1x + AES