WLAN 보안

Requirements for Secure Wireless LANs WLAN Security Requirements for Secure Wireless LANs Authentication Access Control Data Privacy Data Integrity Protection Against Replay

WLAN Attack Wardriving 워드라이빙 : Driving around looking for unsecured wireless networks. term coined by Pete Shipley 워드라이빙 : 이동수단을 이용하여, 무인증 무선네트워크를 찾아다니는 행위 해킹 경유지의 순차적 추적 불가능 무선 AP에는 접속 로그 미존재 실시간 추적시에도 무선 AP로부터 접속자 위치 확인 불가능 실시간 이동 공격자에 대한 추적 대책 미흡 (핸드폰 위치추적기술과 같은 방법 개발 필요)

MAC address Authentication Attack Strengths (장점) MAC 주소를 기반으로 AP에 접속하고자 하는 Station들을 제어 Weaknesses (단점) MAC 주소는 쉽게 위조 가능 무선랜 네트워크를 모니터링(sniffing)함으로써 쉽게 MAC 주소를 획득 공격자들은 무선랜 통신을 계속 감시 가능 MAC 주소의 Brute-force 공격이 가능 Man in the middle attack 기술로 네트워크가 공격에 노출 TOOL Windows AiroPeek : Wireless Network Management Tool SMAC : MAC address Changer - Linux Kismet : Wireless Network Sniffing Tool macchanger : MAC address Changer

MAC Address Attack

Rogue AP – Spoofing Attack Station은 항상 가장 신호가 센 AP로 접속 Attacker는 목표 AP와 동일한 SSID를 사용 Attacker는 목표 AP보다 강한 신호를 발생시켜 Victim이 접속하기 가장 용이한 AP로 위장 Victim은 아무런 의심없이 AP에 접속 Attacker는 정상적인 홈페이지를 위장한 가상홈페이지를 열어놓고 ID와 PW 입력 유도

Rogue AP – Spoofing Attack

Attacker Passive Monitoring Access Point Username: dziminski Password:cleartext Station Attacker Passive Monitoring Captures data

802.11 DOS Attack X Access Point Connection is broken Station Attacker spoofs 802.11 Disassociate frame

802.11 Man in the Middle Attack Attacker broadcasts spoofed AP SSID and MAC Address Station unknowingly connects to attacker MIM attacks can always be established But if strong authentication and encryption are used, attacker will be nothing more than a bridge. Station Access Point Station MAC Address Attacker AP MAC Address Station MAC Address AP MAC Address

Authentication and Encryption Standards Credentials Certificate Username/Password TLS PEAP Authentication Protocols EAP 802.1x Encryption Algorithms RC4 RC4 AES Encryption Standards WEP WPA-TKIP 802.11i WEP: Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server

Evolution of WLAN Security WEP: not adequate IEEE formed a Task Group “i” to develop 802.11i standard Objective: to produce a detailed specification to enhance the security features for WLANs IEEE 802 Working group IEEE 802.11 WLAN WG IEEE 802.11i WLAN security RSN TSN Robust Security Network Transitional Security Network

Evolution of WLAN Security Responses from Wi-Fi Alliance The industry cannot wait for the 802.11i standard. It is demanding a more secure wireless environment right now Wi-Fi Alliance, together with IEEE, developed Wi-Fi Protected Access (WPA) to offer a strong interoperable security standard to the market 802.11i contributed TKIP (encryption) and MIC (integrity) algorithms, which were being developed for RSN but applicable to WPA Wi-Fi Alliance IEEE 802.11i WPA TKIP + MIC Temporal Key Integrity Protocol Message Integrity Check Wi-Fi Protected Access

High-level Differences Between RSN and WPA Designed from the start, without regards to existing WEP systems Will require new hardware to support new methods of encryption Supports options for encryption (privacy) TKIP AES WPA Designed with constraints around existing WEP systems Objective: use same hardware and upgrade software only Only supports one encryption standard: TKIP Essentially, the two approaches are very similar and built around the same security architecture

Encrypted with 40 or 104 bit key. RC4 Algorithm. WEP Encryption 24 bit IV clear text integrity check IV Payload CRC-32 Encrypted with 40 or 104 bit key. RC4 Algorithm. WEP has several problems IV is too small. At 10,000 packets per second IV repeats in 0.5 hours. - For 24 bits, an IV will be reused after 16777216 packets if IV value is incremented by 1 each time. For a device sending 10,000 packets per second 24-bit IV takes half an hour to rollover There are several “weak keys”. Those are especially vulnerable. No key update mechanism built in. Message replay attacks. DOS. 15

WPA Key features to address WEP vulnerabilities Access Control and Authentication: Implements 802.1X EAP based authentication to enforce mutual authentication Encryption Applies Temporal Key Integrity Protocol (TKIP) on existing WEP to impose strong data encryption Integrity Uses Message Integrity Check (MIC) rather than CRC-32 for message integrity WPA also presents some potential security issues There are still potential encryption weaknesses in TKIP. Fortunately, the successful crack is expected to be heavy and expensive. Performance may be sacrificed potentially due to a more complex and computation intensive authentication and encryption protocols. Note: The ultimate wireless security solution is still 802.11i RSN. All products are supposed to comply with RSN standard since it is released, often under the name WPA2.

Wi-Fi Protected Access (WPA) TKIP-Encryption Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers). WPA-TKIP fixes problems with WEP. IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec Use IV as a replay counter Message integrity Per-packet keying Supported on many wireless card and on Windows XP (after applying 2 hot fixes). Uses 802.1x for key distribution. Can also use static keys. 17

Key features to address WEP vulnerabilities 802.11i RSN Key features to address WEP vulnerabilities Access Control and Authentication Implements 802.1X EAP based authentication to enforce mutual authentication (same as WPA) WRAP: RSN includes a Wireless Robust Authentication Protocol. Uses AES in offset codebook mode (OCB) for encryption and integrity. Encryption TKIP: In order to support legacy device, the 802.11i chooses TKIP as one of the encryption options AES: Stands for Advanced Encryption Standard, which is a much stronger encryption algorithm. AES requires a hardware coprocessor to operate Integrity Uses Michael Message Integrity Check (MIC) for message integrity Other security features: Secure IBSS (Ad Hoc mode), secure fast handoff, secure de-authentication and disassociation. Supports Roaming Is referred to as WPA2 by the Wi-Fi Alliance IBSS: Independent Basic Service Set

802.11i AES-encryption Ratified by the IETF in June of 04. Uses the AES algorithm for encryption and 802.1x for key distribution. Backwards compatible with TKIP to support WPA clients. 802.11i not in many products yet. 19

Access Control and Authentication – 802.1X / EAP Initially designed for wired networks but is now applicable to WLANs. Provides port-based access control and mutual authentication between client and APs via an authentication server. 802.1X standard is comprised of three elements A supplicant: the client (laptop, PDA,…) who wants to be authenticated An authenticator: the AP, which acts as an intermediary between a supplicant and an authentication server. An authentication server: such as a RADIUS (Remote Access Dial-In User Service) server. Access Point Authenticator Station Supplicant RADIUS Server Authorizer

Access Control and Authentication – 802.1X / EAP EAP (Extensible Authentication Protocol): protocol that 802.1X uses to manage mutual authentication. Initially developed for use with PPP (RFC2284) Several EAP types depending on the authentication method (passwords, PKI certificates,…) EAP-MD5 EAP-TLS EAP-TTLS PEAP LEAP EAP-SIM The authenticator does not need to understand the details about authentication methods. It simply package and repackage EAP packets, usually between Supplicant and RADIUS

802.1x EAP-TLS Authentication Client digital cert From XYZ CA Access Point Authenticator Station Supplicant RADIUS Server Authorizer Server Digital cert From XYZ CA

802.1x PEAP authentication Phase 1: Authenticate AP. Secure tunnel to AP using TLS Digital cert From XYZ CA Access Point Authenticator Station Supplicant RADIUS Server Authorizer Username Dan Password: encrypted Phase 2: Password authentication with directory server Success/Fail Directory Server

LEAP (Lightweight Extensible Authentication Protocol) LEAP Characteristics Primarily developed by Cisco for Aironet WLAN deployments. Cisco is now licensing the software, other vendors are now beginning to support LEAP in their wireless LAN adapters. Encrypts data transmissions using dynamically generated WEP keys and supports mutual authentication. No certificates are required Uses bi-directional challenge-response with user password as shared secret Transaction sent in clear text (dictionary attacks !)

EAP Authentication Types Comparison Chart 802.1x EAP Types Feature / Benefit MD5 TLS TTLS PEAP LEAP Client side certificate required no yes Server side certificate required WEP key management Rogue AP detection Developer Authentication Attributes One way Mutual Deployment Easy Difficult Moderate Wireless Security Poorest Highest High