Wireless Security

Download Report

Transcript Wireless Security

Dr Jerry Gao
By
Latha Boopathy
Wireless Security
•Security Issues in WLAN
•Security Issues in WAP
•Security Issues in Cellular phones
Intro -WLAN
• WLAN users can access shared information without looking for a
place to plug in. A type of network that uses high frequency radio
waves rather than wire to communicate between nodes.
Benefits
Mobility:WLAN systems can provide LAN users with access to real time
information anywhere in an organization
Installation speed and simplicity:Installing a WLAN system can be fast
and easy and can also eliminate the need to pull cable through walls
and ceilings.
Reduced cost of ownership: Overall installation expenses and lifecycle
costs can be significantly lower.
Scalability: Network administrators can configure WLAN system in
various topologies to meet the needs of specific applications and
installations.
IEEE 802.11 Specifications for wireless
LANs
802.11: The original IEEE wireless LAN standard that provides 1 or 2 Mbps
transmission speed in the 2.4 GHz band, using either FHSS or DSSS.
802.11b(Wi-Fi): transmission speed -11Mbps in 2.4 GHz band.Uses only DSSS.
Security:WEP (Wired Equivalent Privacy)
802.11a: An extension to original IEEE 802.11 wireless LAN standard that provides
up to 54Mbps in the 5 GHz band. uses OFDM rather than FHSS or DSSS.
Security:enhanced security features with 152-bit WEP encryption and MAC
address filtering but not as reliable as wi-fi
802.11i: Security enhancement to WEP.Uses TKIP(Temporal Key Integrity Protocol)
802.1x: provide enhanced security for users of 802.11b wireless LANs.It provides
port level authentication for any wired or wireless Ethernet client system.
802.11 protocol architecture
(IEEE 802 protocol layers compared to OSI model)
Physical layer
Functions
• encoding/decoding of the signals
• Preamble generation/removal(for synchronization)
• Bit transmission/reception
Physical Media
•Direct Sequence Spread Spectrum(DSSS)
•Frequency Hopping Spread Spectrum(FHSS)
•Infra red(IR)
Logical Link layer
•Provide an interface to higher layers and perform flow and
error control
•The LLC layer optionally keeps track of which frames have been
successfully received and retransmits unsuccessful frames.
•For WLAN it must support the multi-access, shared-medium
nature of the link.
MAC layer
Reliable Data Delivery-maintains reliable data service using ACK
frame
Access Control -Before transmitting a frame,the MAC
coordination must gain access to the network.
Security - providing authentication and privacy
IEEE 802.11 Architecture
Basic Service Set(BSS)-Consists of number of stations executing the same MAC
protocol competing for access to the same shared wireless medium
Access Point(AP)-Any entity that has station functionality and provides
access to the distribution system through wireless medium for associated
stations
Distribution System(DS)-A system used to interconnect a set of BSS
and integrated LANs to create an ESS
Extended Service Set(ESS)-A set of more interconnected BSSs and integrated LANs
that appear as a single BSS to the LLC layer at any station associated with
one of these BSSs
Portal-To integrate the IEEE802.11 architecture with a traditional wired LAN.
Making Association
Each mobile device client in infrastructure mode sends all of its communications to a
network device called an access point(AP).The AP acts as an ethernet bridge and forwards
the communication to the appropriate network,either the wired local area network or
another wireless network.
Before the client can communicate data,mobile wireless clients and access points must
establish a relationship called association.To establish a connection, the communicating
parties exchange messages called management frames.
1.All access points transmit a beacon management frame at a fixed interval.
2.To associate with an access point and join a BSS, a mobile device client listens for
beacon message to identify the access points within range.
3.The mobile device client selects the BSS to join in a vendor-independent manner.
4.The client may also send a probe request management frame to find an access point
affiliated with a desired service set Identifier(SSID).An SSID is an identification value
programmed into a wireless access point.
5.After identifying an access point,the client and the access point perform a mutual
authentication by exchanging several management frames as a part of the process.
6.After successful authentication, the client moves into authenticated but unassociated
state.
7.Moving from the second state to the third state, authenticated and associated,
involves the client sending an association request frame and the access point
responding with an association response frame.
8.The mobile device client becomes a peer on the wireless network, and can transmit
data frames on the network.
Wireless Threats
Eavesdropping-Eavesdropping is used to gather information on the network under attack.
Primary goals of the attacker are to understand who uses the network,what is accessible,
what capabilities of the equipment on the network are, and what the coverage area is.
Denial of service Jamming- The entire area including both base station and the clients, is
flooded with interference so that no stations can communicate with each other.This attack
shut down all the communication in the given area.
Most of the wireless networking technologies utilize unlicensed frequencies.Therefore any
device such as cordless phones,baby monitors and microwave ovens may interfere with
wireless networking and effectively jam the wireless communications.
Man-in-the-Middle Attacks -This attack is more sophisticated than most attack and require
significant information about the network.
When the victim initiates a connection,the attacker will intercept the connection and then
complete the connection to the intended resource and proxy all communication to the resource.
Now he can modify, eavesdrop, inject data on a session.
IEEE 802.11b Security related
services
Authentication :Used to establish the identity of stations to each other.IEEE
802.11 requires mutually acceptable ,successful authentication before a station
can establish an association with an AP.
•Open System authentication
•Shared key authentication
Deauthentication: This service is invoked whenever an existing authentication
is to be terminated.
Privacy:Used to prevent the contents of messages from being read by other than
the intended recipient.
•WEP Encryption
Open System authentication
The default authentication service that simply announces the desire to associate with
another station or access point.
One party sends a MAC control frame,known as authentication frame, to the other
party.The frame indicates that it is an open system authentication type.
The other party responds with its own authentication frame and the process is complete
•No security at all.
Mobile station
Access point
Authentication request
“Open system”
Authentication response
“open system”
Shared Key authentication
It requires that the two parties share a secret key not shared by any other party.Access is
denied who does not have an assigned key.
The shared key used to encrypt and decrypt the data frames is also used to authenticate
the station,but this is considered a security risk.
1.A sends a MAC authentication frame with an authentication identification of “shared
key” and with a station identifier that identifies the sending station.
2.B responds with an authentication frame that includes a 128-octet challenge text.The
challenge text is generated using WEP PRNG.The Key and IV is also used to generate
this challenge text.
3.A uses the shared key and initialization vector to encrypt the challenge text, and
generates an integrity check value(ICV).This frame is sent to the AP with the IV and
ICV.
4.B receives the encrypted frame and decrypts it using WEP and the secret key shared
with A.If decryption is successful, then B compares the incoming challenge text with the
challenge text that is sent in the second message.B then sends an authentication message
to A with a status code indicating success or failure
Shared key authentication
Mobile station(A)
Authentication request
“shared key”
Challenge text
“shared key”
Challenge Response
(Encrypted challenge Text)
“shared key”
Authentication result
“shared key”
Access
point(B)
WEP Encryption
Since eavesdropping is a major concern in wireless transmission, IEEE 802.11
incorporates WEP to provide modest level of security.WEP uses encryption
algorithm based on the RC4 encryption algorithm.
WEP encryption
•At the sending station,the WEP encipherment first runs the unencrypted data
located in the MAC frame through an integrity algorithm. This algorithm is simply
32-bit CRC that is appended to the end of the MAC frame.
•For encryption process, 40 bit secret key is shared by the two participants in the
exchange.
•An initialization vector(IV) is concatenated to the secret key.
•The resulting block forms the seed that is input to the pseudorandom number
generator(PRNG)
•The PRNG generates a bit sequence of the same length as the MAC frame plus its
CRC.
•A bit-by-bit exclusive OR between the MAC frame and the PRNG sequence
produces the ciphertext.
•IV is attached to the ciphertext and the resulting block is transmitted. IV is changed
periodically for every transmission
WEP decryption
•At the receiving end,the receiver retrieves the IV from the data block and
concatenates this with the shared secret key to generate the same key sequence used by
the sender.
•The key sequence is then XOR it with the incoming block to recover the plain text.
A+B+B=A
•Finally the receiver compares the incoming CRC with the CRC calculated at the
receiver to validate integrity.
802.11 vulnerabilities
Service Set Identifier Problem : SSID is an identification value programmed in the
access point or group of access points to identify the local wireless subnet.
If the mobile station does not know the value of SSID,access is denied to the associated
access point.
The SSID is advertised in plain-text in the access point beacon messages.Although
beacon messages are transparent to users, an eavesdropper can easily determine the
SSID with the use of an 802.11 wireless LAN packet analyzer and gain access to the
network.
Eavesdropping:Wireless technology is vulnerable to eavesdropping,especially because
intruders do not have to physically tap into a network.The intruder with a WLAN card
can passively sniff the network traffic without gaining physical access.
Though 802.11b standards specify that the broadcast range is only 150 to 300 feet,in
reality the signal travels much farther.Intrusive parties can eavesdrop on network traffic
from wherever they can set up a laptop to intercept the signals.
Eavesdropping is very easy in the radio environment. 802.11 uses FHSS or DSSS or infra
red transmission types.Anyone with the suitable transceiver in the range of transmission
can listen in.Further 802.11 protocol leaves the physical layer header unencrypted,
providing critical information to the attacker.
Vulnerability of Shared Key Authentication
•Shared key authentication requires the client use a preshared WEP key to encrypt
challenge text sent from the access point. The access point authenticates the client by
decrypting the shared key response and validating that the challenge text is the same.
•The process of exchanging the challenge text occurs over the wireless link and is
vulnerable to a man-in-the-middle attack.
•An eavesdropper can capture both the plain-text challenge text and the cipher-text
response.
•WEP encryption is done by performing an exclusive OR (XOR) function on the plaintext with the key stream to produce the cipher-text. It is important to note that if the
XOR function is performed on the plain-text and cipher-text are XORed, the result is
the key stream. Therefore, an eavesdropper can easily derive the key stream just by
sniffing the shared key authentication process with a protocol analyzer.
Published WEP vulnerabilities
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
-Berkley
http://www.cs.umd.edu/~waa/wireless.pdf
-Maryland
http://www.cs.rice.edu/~astubble/wep/
-AT&T labs
Weak IV attack
When a Secret key is used to encrypt and decrypt transmitted data, each packet
includes an initialization vector(IV), which ia a 24-bit field that changes with each packet.
The RC4 key scheduling Algorithm creates the IV from the secret key. A flaw in the WEP
implementation of RC4 allows the creation of “weak” Ivs that give insight into the secret key.
TKIP
It has key hashing or per-packet keying.
When key hashing algorithm is implemented on both the AP and all associated client devices,
the transmitter of data hashes the base key with the IV to create a new key for each packet.
This key hashing removes the predictability that an intruder relies on to determine the WEP
key by exploiting IVs
Dynamic WEP Keys
The secret key resides in each station’s management information database. IEEE 802.11
does not specify how to distribute the keys to each station.
Having a separate key for each user helps reduce the chance of cryptographic attacks,
but enforcing a reasonable key period remains a problem,because the keys can only be
changed manually and distributing the keys becomes more difficult as the number of
stations increases.
Cisco Aironet (LEAP) solution creates per-user ,per-session dynamic WEP keys tied to
the network logon, thereby addressing the limitations of shared key system.
Mac address Filtering
•Some 802.11 access point devices have the capability to restrict access to only those devices
that are aware of a specific identification value, such as MAC address.
•Some access point devices also contain a table of permitted and denied MAC addresses,which
enables a device administrator to specify the exact remote devices that are authorized to make
use of the wireless service.
•If the client’s MAC address is not on this list,the network does not let the client associate
with the access point.
Problem:
It’s time consuming because the list of client MAC address must be entered manually
into each access point.So best suits for smaller network.
MAC spoofing: MAC address filtering is also not a reliable method because MAC address can
be easily captured by the attacker using packet sniffer. After capturing an authorized MAC
address, an intruder could easily program her own network card to have the same MAC address
and gain access to the WLAN
Network solutions
802.1x
•The 802.1x standard provides enhanced security for users of 802.11 WLAN with
strong, mutual authentication between a client and an authentication server.
•802.1x uses extensible Authentication protocol(EAP) for communication between
a client and an AP.
•EAP authentication packets are send to the access point with user login information
(username and password).The access point can authenticate the user through Remote
Authentication Dial-in User Service (RADIUS) server.
•The RADIUS server and client then derive a client-specific WEP secret key to be
used by the client for the current logon session. User passwords and session keys are
never transmitted in the clear, over the wireless link
•Cisco has developed an 802.1x authentication type called EAP Cisco Wireless or
Cisco LEAP.
LEAP authentication process
When these features are implemented, a wireless client that associates with an AP
cannot gain access to the network until the user performs a network logon. When
the user enters a username and password into a network logon dialog box or its
equivalent, the client and a RADIUS server perform a mutual authentication, with
the client authenticated by the supplied username and password. The RADIUS
server and client then derive a client-specific WEP key to be used by the client for
the current logon session. User passwords and session keys are never transmitted
in the clear, over the wireless link
•A wireless client associates with an access point
•The access point blocks all attempts by the client to gain access to network resources until the client
logs on to the network.
•The user on the client supplies a username and password in a network logon dialog box or its
equivalent.
•Using 802.1X and EAP, the wireless client and a RADIUS server on the wired LAN perform a
mutual authentication through the access point. One of several authentication methods or types can
be used. With the Cisco authentication type LEAP, the RADIUS server sends an authentication
challenge to the client. The client uses a one-way hash of the user-supplied password to fashion a
response to the challenge and sends that response to the RADIUS server. Using information from its
user database, the RADIUS server creates its own response and compares that to the response from
the client. When the RADIUS server authenticates the client, the process repeats in reverse, enabling
the client to authenticate the RADIUS server.
•When mutual authentication is successfully completed, the RADIUS server and the client determine
a WEP key that is distinct to the client. The client loads this key and prepares to use it for the logon
session.
•The RADIUS server sends the WEP key, called a session key, over the wired LAN to the access
point.
•The access point encrypts its broadcast key with the session key and sends the encrypted key to the
client, which uses the session key to decrypt it.
•The client and access point activate WEP and use the session and broadcast WEP keys for all
communications during the remainder of the session.
•Both the session key and broadcast key are changed at regular intervals as configured in the
RADIUS server
VPN solution
VPN provides a secure and dedicated channel over an untrusted network,such as the
Internet, and wireless networks.
IPSec -It is a frame work of open standards for ensuring secure private communications
over IP networks.
IPSec client is placed on every PC connected to the wireless network and the user is
required to establish an IPSec tunnel to route any traffic to the wired network.
RADIUS-is a distributed client/server system wherein client send authentication
requests to the central RADIUS server that contains all the user authentication and
network service access information.
It’s commonly recommended that access point be placed on their own segment or
virtual LAN(VLAN)with a stateful IP filtering firewall separating the restricting
wireless LAN and unrestricted wired LAN.By configuring the firewall to pass VPN
traffic,all other network activity can be stopped, thus preventing unauthorized clients
from gaining access to the main network.
References
http://www.cisco.com/warp/public/779/smbiz/wireless/wlan_security.shtml
http://www.certicom.com/about/pr/wireless_basics.html#8
http://www.80211-planet.com/columns/article/0,4000,1781_928471,00.html
http://www.cs.umd.edu/~waa/wireless.html(3,4,8)
http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1680_pp.htm
Books
Wireless communication and networks-William stallings
Wireless Security- Merrit Maxim, David Pollino
Wireless Security: Models, Threats, and Solutions
Randall K. Nichols