Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research Vanderbilt University

Security concerns Eavesdropping a major concern Eavesdropping a major concern Unprotected wireless access points are an easy of entry for mobile hackers Unprotected wireless access points are an easy of entry for mobile hackers Many rogue Wireless LANS were put up in corporate networks without IT support or adequate security Many rogue Wireless LANS were put up in corporate networks without IT support or adequate security War Driving / War Chalking War Driving / War Chalking Some war driving / freeloading happens in residential settings Some war driving / freeloading happens in residential settings

Positioning your wireless network Libraries should already have a network security architecture that separates public access computing from the business network Libraries should already have a network security architecture that separates public access computing from the business network Adding a wireless LAN is easy when the library already has a solid security environment in place Adding a wireless LAN is easy when the library already has a solid security environment in place

Encryption necessary to ensure security Sensitive data must be encrypted when transmitted across any untrusted network Sensitive data must be encrypted when transmitted across any untrusted network Most Encryption algorithms uses a secure key to encode the data and decode it after transmission Most Encryption algorithms uses a secure key to encode the data and decode it after transmission The longer the key, the more difficult it is to use brute force to decrypt the message The longer the key, the more difficult it is to use brute force to decrypt the message WEP uses 40, 64, or 128 (WEP2) bit keys WEP uses 40, 64, or 128 (WEP2) bit keys

Wired Equivalency Privacy Optional Encryption scheme part of the b specification Optional Encryption scheme part of the b specification RC4 encryption RC4 encryption Single key encrypts all traffic Single key encrypts all traffic No system for key management No system for key management Hackers can easily recover the key Hackers can easily recover the key WEP often not enabled WEP often not enabled WEP can be defeated by sophisticated hackers WEP can be defeated by sophisticated hackers Provides a barrier to most potential intruders Provides a barrier to most potential intruders

Wireless Hacking tools At least two open source tools are available for recovering WEP keys: At least two open source tools are available for recovering WEP keys: WEPCrack WEPCrackhttp://wepcrack.sourceforge.net/ AirSnort AirSnort

802.11i Security Standard for the arena Security Standard for the arena Includes WPA and RSN (Robust Security Network) Includes WPA and RSN (Robust Security Network) Relies on 802.1x specification for port- based user and device authentication Relies on 802.1x specification for port- based user and device authentication Ratified June 2004 Ratified June 2004 Marketed as WPA2 Marketed as WPA2

WPA Wi-Fi Protected Access Wi-Fi Protected Access Enhanced security over WEP Enhanced security over WEP TKIP TKIP Available now Available now Backwardly compatible with WEP – requires only a firmware upgrade. Backwardly compatible with WEP – requires only a firmware upgrade.

Temporal Key Integrity Protocol (TKIP) 128 bit encryption keys 128 bit encryption keys Each packet encrypted with a different key based on a 48-bit serial number, incremented with each use. Each packet encrypted with a different key based on a 48-bit serial number, incremented with each use. Avoids replay attacks Avoids replay attacks Relies on a base key with is generated when a device associates with the base station Relies on a base key with is generated when a device associates with the base station Ideally unique base keys transmitted during 802.1x authentication Ideally unique base keys transmitted during 802.1x authentication Pre-shared keys used otherwise Pre-shared keys used otherwise

WPA2 WPA + AES = WPA2 WPA + AES = WPA2 Advanced Encryption Standard instead of TKIP Advanced Encryption Standard instead of TKIP Stronger encryption algorithm Stronger encryption algorithm Not guaranteed to be backwardly compatible with existing WEP equipment Not guaranteed to be backwardly compatible with existing WEP equipment Personal version uses pre-shared key Personal version uses pre-shared key Enterprise version uses 802.1X authentication through RADIUS server. Enterprise version uses 802.1X authentication through RADIUS server.

WPA/802.1x Diagram See: See: img/20FEwifi_in-x.gif img/20FEwifi_in-x.gif

Wi-Fi Security Services SecureMyWiFi ( SecureMyWiFi ( RADIUS authentication and security key distribution service RADIUS authentication and security key distribution service Operates with AP’s that support WPA- Enterprise or WPA2-Enterprise Operates with AP’s that support WPA- Enterprise or WPA2-Enterprise $29 annual fee $29 annual fee

Virtual Private Networks (VPN) A technology that offers strong security A technology that offers strong security Common approach for remote users that rely on accessing organizational resources through the Internet Common approach for remote users that rely on accessing organizational resources through the Internet Applicable to wireless users on premises Applicable to wireless users on premises Enhances security / adds inconvenience. Enhances security / adds inconvenience.

WEP Security

VPN Security

Conclusions Solutions are available that provide solid security for wireless networks Solutions are available that provide solid security for wireless networks Trade-off between convenience and security. Trade-off between convenience and security. Open wireless networks can be operated without jeopardizing the library’s business network Open wireless networks can be operated without jeopardizing the library’s business network