Wireless Security

Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering PSTN Regional Wireline Regional Voice Cell Cable Modem LAN Premises- based WLAN Premises- based Operator- based H.323 Data RAS Analog DSLAM H.323

How can it affect cell phones? r Cabir worm can infect a cell phone m Infect phones running Symbian OS m Started in Philippines at the end of 2004, surfaced in Asia, Latin America, Europe, and later in US m Posing as a security management utility m Once infected, propagate itself to other phones via Bluetooth wireless connections m Symbian officials said security was a high priority of the latest software, Symbian OS Version 9. r With ubiquitous Internet connections, more severe viruses/worms for mobile devices will happen soon …

Outlines r Basics r Security in b: WEP r WPA and WPA2

IEEE Wireless LAN r b m GHz unlicensed radio spectrum m up to 11 Mbps m widely deployed, using base stations r a m 5-6 GHz range m up to 54 Mbps r g m GHz range m up to 54 Mbps r All use CSMA/CA for multiple access r All have base-station and ad-hoc network versions

Base station approch r Wireless host communicates with a base station m base station = access point (AP) r Basic Service Set (BSS) (a.k.a. “cell”) contains: m wireless hosts m access point (AP): base station r BSS’s combined to form distribution system (DS)

Ad Hoc Network approach r No AP (i.e., base station) r wireless hosts communicate with each other m to get packet from wireless host A to B may need to route through wireless hosts X,Y,Z r Applications: m “laptop” meeting in conference room, car m interconnection of “personal” devices m battlefield

Outlines r Basics r Mobile link access: CDMA/CA r Security in b r Example and more attacks r Trend: Wireless MAN

802.11b: Built in Security Features r Service Set Identifier (SSID) r Differentiates one access point from another r SSID is cast in ‘beacon frames’ every few seconds. r Beacon frames are in plain text!

Associating with the AP r Access points have two ways of initiating communication with a client r Shared Key or Open Key authentication r Open key: need to supply the correct SSID m Allow anyone to start a conversation with the AP r Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

How Shared Key Auth. works r Client begins by sending an association request to the AP r AP responds with a challenge text (unencrypted) r Client, using the proper WEP key, encrypts text and sends it back to the AP r If properly encrypted, AP allows communication with the client

Wired Equivalent Protocol (WEP) r Primary built security for protocol r Uses 40bit RC4 encryption r Intended to make wireless as secure as a wired network r Unfortunately, since ratification of the standard, RC4 has been proven insecure, leaving the protocol wide open for attack

Case study of a non-trivial attack r Target Network: a large, very active university based WLAN r Tools used against network: m Laptop running Red Hat Linux v.7.3, m Orinoco chipset based b NIC card m Patched Orinoco drivers m Netstumbler Netstumbler can not only monitor all active networks in the area, but it also integrates with a GPS to map AP’s m Airsnort Passively listen to the traffic r NIC drivers MUST be patched to allow Monitor mode (listen to raw b packets)

Wi-Fi Protected Access (WPA) r Flaws in WEP known since January flaws include weak encryption (keys no longer than 40 bits), static encryption keys, lack of key distribution method. r In April 2003, the Wi-Fi Alliance introduced an interoperable security protocol known as WiFi Protected Access (WPA), AKA the IEEE i. r WPA was designed to be a replacement for WEP networks without requiring hardware replacements. r WPA provides stronger data encryption (weak in WEP) and user authentication (largely missing in WEP).

WPA Security Enhancements r WPA includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms. r The combination of these two mechanisms provides dynamic key encryption and mutual authentication r TKIP adds the following strengths to WEP: m Per-packet key construction and distribution: WPA automatically generates a new unique encryption key periodically for each client. In fact, WPA uses a unique key for each frame. This avoids the same key staying in use for weeks or months as they do with WEP. m Message integrity code: guard against forgery attacks. m 48-bit initialization vectors, use one-way hash function instead of XOR

WPA2 r In July 2004, the IEEE approved the full IEEE i specification, which was quickly followed by a new interoperability testing certification from the WiFi Alliance known as WPA2. r Strong encryption and authentication for infrastructure and ad-hoc networks (WPA1 is limited to infrastructure networks) r Support for the CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) encryption mechanism based on the AES as an alternative to the TKIP protocol m AES is the equivalent of the RC4 algorithm used by WPA. m CCMP is the equivalent of TKIP in WPA. Changing even one bit in a message produces a totally different result.

WPA2 r TKIP was designed as an interim solution for wireless security, with the goal of providing sufficient security for 5 years while organizations transitioned to the full IEEE i security mechanism. r As of March 2006, the WPA2 certification became mandatory for all new equipment certified by the Wi-Fi Alliance, ensuring that any reasonably modern hardware will support both WPA1 and WPA2.

Quiz on Tech Integration r Select technology from the following list to satisfy the PCI compliance requirements m Basically use the Cisco table in the pdf slides.

Project Part III Presentation r Summary of the problem statement and related work r Your technical solution and comparison w/ existing work r Property analysis of your solution m the cost/risk analysis: Both the system purchase and maintenance cost. Compared with existing work. m feasibility analysis: Is it easy to be adopted by the IT and other users of your company/institute? Is it incrementally deployable or require complete tear- down? m business/legal consequence. r Every team will have a time limit of 20 minutes for presentation which will be strictly enforced.

Backup Slides

Assessing the Network r Using Netstumbler, the attacker locates a strong signal on the target WLAN r WLAN has no broadcasted SSID r Multiple access points r Many active users r Open authentication method r WLAN is encrypted with 40bit WEP

Cracking the WEP key r Attacker sets NIC drivers to Monitor Mode r Begins capturing packets with Airsnort r Airsnort quickly determines the SSID r Sessions can be saved in Airsnort, and continued at a later date so you don’t have to stay in one place for hours r A few 1.5 hour sessions yield the encryption key r Once the WEP key is cracked and his NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN

Summary of MAC protocols r What do you do with a shared media? m Channel Partitioning, by time, frequency or code Time Division,Code Division, Frequency Division m Random partitioning (dynamic), ALOHA, CSMA, CSMA/CD carrier sensing: easy in some technologies (wire), hard in others (wireless) CSMA/CD used in Ethernet

Solution