Wireless LAN Security In a Campus Environment

Transcription

1 Wireless LAN Security In a Campus Environment Clark Gaylord and Steven Lee Virginia Tech Introduction With the September 1999 ratification of the b standard by the Institute of Electrical and Electronic Engineers (IEEE), many of the significant operational and interoperability issues with wireless LANs were addressed. Following this, numerous computer and network vendors produced supported hardware to this standard, and, subsequently, wireless LANs have enjoyed considerable popularity. This recent prevalence of wireless LANs has required many organizations to reassess their views regarding computer network security policies. Whereas a wired infrastructure gives some obvious physical access limitations to a network and some degree of privacy, the shared medium of radio creates equally obvious questions regarding how to limit access to this network. This report provides a synopsis of the security mechanisms available for b wireless networks, and how these relate to academic institutions. In particular, we describe and assess some standard methods for implementing access control and privacy in the wireless LAN arena. This report focuses on the LAN aspects of wireless technology, though some of the points here raised may be applicable to fixed wireless installations. Deployment Scenarios The untethered nature of wireless LANs makes them very effective at meeting the needs for an increasingly portable, and somewhat mobile, community of Internet users. Wireless LANs have been shown to be useful in a variety of situations: A small number of peer computers forming an ad hoc network between them, Residential and small offices where one access point typically serves a small number of devices, Enterprise deployments spanning multiple buildings where end-stations are somewhat controlled by the network operator

2 Service providers with numerous access points serving a broad spectrum of customers. These customers typically subscribe to the wireless LAN service in some way and the service provider has very little operational influence over the end-stations beyond basic operating terms of the service. Every wireless LAN has its own set of security policy issues, with these scenarios identifying some commonality between them. In most academic campus environments, the scenario is some mix of enterprise and service provider. A campus is similar to many enterprises in that the institution tends to be the sole provider for a given campus, and most potential users on this campus can be assumed to be associated with the institution. On the other hand, academic institutions tend to have limited influence over the configuration of the endstations and the user base tends to be very heterogeneous, making this environment more similar to a service provider. This blending of enterprise and service provider lends a distinctive character to the management and security of wireless LANs at the academic institution. The typical campus deployment of wireless LAN is to have numerous access points throughout selected campus buildings operated by some telecommunications organization within the institution. The controlling organization may be a central information systems department or a subset of another department or several departments, but there is often some form of planning and coordination, at least throughout selected parts of a campus system. Access Control Access control is concerned with the questions of authentication and authorization. Authentication is the process of determining the identity of the entity attempting access. Authorization is the process of determining that this known entity is allowed such access. In several systems, these principles are trivially identified, but there are approaches to access control that distinguish these principles. Shared key methods Shared key methods are simplistic approaches that consider the authentication and authorization as being equivalent. By knowing the shared key, hosts identify themselves as being in the class of authorized entities. There is nothing unique to the host in the authentication step.

3 The standard defined two types of access control: Open System Authentication and Shared Key Authentication. Open System Authentication is the most trivial of both authentication and authorization; it provides no authentication, and, hence, can distinguish between none of the potential hosts. Using Open System Authentication, any standards compliant device is authorized to associate with the wireless access point. The notable advantage of the Open System approach is its simplicity. Shared Key Authentication is a mechanism whereby any station that knows the shared secret key for the network is authenticated. This method also uses Wired Equivalent Privacy (WEP), an encryption algorithm that will be discussed later in this paper. The secret shared key resides on each station and on the Access Point (AP). A challenge/response handshake occurs between the AP and the station to compare these keys, and the station is authorized to use the network if it proves that it knows the secret key. Lucent Technologies developed an extended access control feature that has been adopted by many b vendors. This mechanism is based on an unencrypted shared secret key, referred to as the network name or Extended Service Set Identifier (SSID) of the wireless network. This method provides a compromise between the Open System and Shared Key methods. While admission to the network still requires a key, no attempt is made to obscure this key from observers of the medium. Even when this method is combined with WEP to include encryption, management frames usually contain the SSID. AP s and clients broadcast these frames unencrypted; hence the network name is readily available to users with readily available wireless network analysis software. Regardless of the details of the shared key system, they share a common flaw in limiting access to the network, viz., that all users possess the same key with which to authenticate themselves. In a campus deployment model, where most potential users are members of a well-identified and open community, any such shared key must be common knowledge to the entire potential community. Indeed, easy access to this key is essential to cost-effective user support. There is nothing secret about such a key, and, as such, there is no real barrier to being admitted to the network. This is acceptable in certain contexts, but in most of these there is no reason not to make the system open instead. The one case where these shared key systems are useful is where there are multiple wireless networks in the same physical space, and it is important that

4 hosts identify with the correct set of access points regardless of their physical proximity to competing systems. In this case, the key is more to identify the network to the host than the other way around. This is applicable in the academic environment where there may be bona fide research or nonproduction reasons to operate access points outside the campus service, but in these cases the campus service itself would still be an open system. Similarly, this approach may be useful in metropolitan areas where users want to ensure that they associate with the correct wireless network. Host-specific Access Control In contrast to the various shared-key approaches, we now address methods for access control that distinguish between the issues of authentication and authorization. It is worth noting that none of these approaches is addressed in the original b specification. With these methods, the host attempting to gain access to the network is individually identified, often by MAC address or user name, and this identity is then used to determine the authorization rights of the host. By separating these issues, the question of how authentic the credential is can also be addressed. MAC Addresses Authentication Access to a wireless LAN entails at some level access to the LAN infrastructure to which it connects. While most wired LANs have ignored the question of access control, some mechanisms have existed to provide this access control. Most of these methods rely on the host s physical, or MAC, address. The two most common approaches perform this access control at, respectively, layer two and layer three of the OSI model. At layer two, bridges, which include wireless access points, have long had the ability to restrict forwarding based on the source MAC address of the Ethernet frame. At layer three, nodes that wish to operate meaningfully on any LAN normally need to have a network-layer address. DHCP servers commonly have the feature to restrict the service of IP addresses based on MAC addresses being known by the DHCP server. A DHCP server can be used to control access to the wireless network. This is accomplished by creating a client pool of the MAC addresses of registered users and only serving the correct IP configurations to these users. The disadvantage of this approach is that unregistered users can easily determine the network information by sniffing the radio transmissions and then configuring their device with an address within the valid subnet. Coordinating

5 DHCP leases with network access control lists addresses this, but this approach is more difficult to manage. Since wireless access points operate as Ethernet bridges, they can often be configured with a list of allowed MAC addresses on a particular interface, viz., the air interface. This approach is very straightforward to implement and readily supported by all wireless LAN clients, but it suffers from the unauthentic nature of MAC addresses. Although each host has a unique assigned MAC address, this need not be the MAC address actually used on the network. By configuring the driver software with a known authorized MAC address, an otherwise unauthorized user can obtain spurious access to a wireless LAN. Still, most network operators have found this exposure to have minimal impact on unauthorized use of the wireless LAN, so it is often found to be a reasonably effective means of having some access control. This method is also limited in that an AP can only store a given number of MAC addresses and every AP must be configured with these addresses, making a large-scale deployment problematic. An improvement to the list of MAC addresses on the access point is to have a manageable source for the authorized MAC addresses available to the access points. Some vendors have implemented this as a RADIUS client on the access point, though other implementations are also possible. In addition to making the list of authorized MAC addresses manageable, it avoids the problem of the limited size of this list per access point. This maintains the ubiquity and simplicity of the MAC-based access control while making the approach scalable to many access points. These MAC-based options all base the authorization upon the physical address of the client s WLAN hardware and not on the individuals themselves. This may not be considered optimal for many cases, but it is readily supportable for all client systems. User-specific Authentication Disadvantages of MAC-based authentication include its identification with the host rather than the user and the difficulty of authenticating the MAC address to the user in question. On the other hand, authentication credentials which identify the user specifically often have a much stronger nature, using one-time passwords, challenge/response methods, etc, that make unauthentic use more difficult than the MAC-based methods. There are a number of methods that

6 use user-based authentication to control network access. The most common approach is the authenticating firewall. There are numerous implementations of these firewalls, but they share some way for the user to present authentication credentials, usually a username/password pair, prior to being authorized for some level of network access. The variety of these strategies reflects numerous details regarding how the credential is entered (e.g., web browser vs. proprietary interface) and how network access is controlled (e.g., Ethernet port vs. router access control). There are a similar variety of standards vs. proprietary solutions in this approach. A developing standard for controlling access to a local network infrastructure that applies to wired or wireless Ethernet is 802.1x port-based access control. While the availability of Ethernet devices and client operating systems that support 802.1x is scarce, this is an area of active development and considerable promise. The 802.1x standard defines a method for Ethernet switches to compare authentication credentials provided by supported end-stations to a RADIUS server. This standard stands to fill the need for user-level authentication for wireless networks as well as switched Ethernet networks, but will not be useful in campus environments until the wider availability of 802.1x clients and network devices. In environments where a particular vendor s equipment and end-station operating systems can be specified by a controlling organization, certain limited solutions (e.g., Cisco s LEAP) can be used. More suitable at the current time is web-based authentication to a firewall. In this scenario, the user is admitted to the wireless network and receives an IP address, but their traffic is blocked by a firewall until they have established authentic authorization for access. There are numerous products to provide this service, or the reasonably savvy network operator can readily build such a solution. Some firewall-based approaches also require client software on the end-station. These proprietary software clients are common for VPN solutions, with corresponding operating system restrictions, making them problematical for any service-provider model of operation. The common disadvantage to user-based authentication is that usually the user is impeded from using the network each time they wish to join it. In MACbased solutions, the user automatically has access once they have subscribed to the service. On the other hand, user-based solutions require that the user login to the network each time, which many users find cumbersome. Still, many environments find this approach acceptable.

7 Encryption and Privacy Just as the question of access control becomes more obviously relevant for wireless LANs than wired, so too the question of the obscurity of the data transmitted on the network becomes more obvious. Traditional wired LANs generally have the benefit of being somewhat secured within a building. Wireless LANs do not have this advantage since their transmissions can penetrate walls. The approaches to encryption in the wireless environment mirror those approached already discussed for access control. Some rely upon shared keys, while others use user-specific keys, with similar advantages and disadvantages to these approaches in the wired environment. Wired Equivalent Privacy Another shared key In order to appreciate the applicability of the IEEE Wired Equivalent Privacy, one must recognize what wire it is that the system is being made equivalent to. The original Ethernet specification was for strands of coaxial cable where electrical signals of modulated Ethernet data propagate to all stations on the cable. Stations not attached to this coaxial cable cannot see the transmissions of stations on the wire, and all stations on the cable can see all transmissions by all other stations. It is this shared, broadcast medium that WEP is attempting to replicate in the wireless arena. With switched Ethernet, on the other hand, the only stations that share the actual electrical signals are the end-station and the Ethernet switch. While the one-dimensional propagation along coaxial cable is considerably more restricted than the three-dimensional propagation of radio signals, it is still much broader than switched Ethernet. To accomplish this coaxial cable equivalence, operators of wireless LANs distribute a single key to all stations. This key may be either 40-bit or 128-bit, depending on implementation. Those stations with the key can see all traffic by others with the key that are within radio range, but any stations operating in the area without the key cannot readily determine the content of the data in the Ethernet frames. This shared-key method for encrypting data on the wireless medium creates a systematic problem for operators and users concerned with data privacy. In a campus deployment, all would-be snooping parties are likely to be members of the community with the WEP key, making the data readily available to collection methods.

8 To make matters worse for the WEP approach, researchers at the University of California, Berkeley (2) and at the University of Maryland (3) separately proved that the keys could be compromised in a matter of hours. However, this result has little relevance for the campus deployment, because the shared-key approach is inappropriate for providing any real privacy. In cases where the shared-key approach is more appropriate, such as home or small-business offices, this is an important matter to bear in mind; in no case does WEP provide strong encryption of the data on the network. A proposed extension to WEP allows for Fast Packet Keying, where the actual key changes over time. This proposal will make WEP more useful in contexts where it is applicable, but it does not alter the (lack of) applicability of WEP to campus deployments. Another disadvantage of WEP is that network performance is degraded by up to 30%. These two facts discourage the implementation of WEP in a University environment. User-specific Keys Since it is the shared-key nature of WEP that makes it unsuitable for campus deployments, it is reasonable to consider whether user-specific encryption keys might address concerns of open data being transmitted on the wireless medium. Such an approach is considered with the Extensible Authentication Protocol (EAP) entailed with 802.1x and is implemented in Cisco s pre-802.1x LEAP approach. VPN approaches Whether based on a shared key or user-specific keys, the above privacy approaches share that they are only concerned with encrypting the wireless medium, leaving the traffic unencrypted on the wired LAN. The Virtual Private Network approach takes this one step farther by encrypting the traffic further into the wired LAN. A Virtual Private Network establishes an encrypted tunnel between the end-station and some other point on the globally routed Internet. The efficacy of this approach depends upon the trustability of the communications channel between the terminus of the VPN and the ultimate destination of the traffic. When the VPN terminus is far from the traffic destination, this efficacy is probably low, but communication with destinations near the tunnel terminus may have reasonably good privacy. Unfortunately,

9 most VPN products available today are proprietary and generally have poor interoperability. End-to-end Encryption The problem with the efficacy of VPNs in providing privacy for data communications is that the intended destination of the traffic may be far from the VPN terminus. The only way to ensure that encryption is maintained to a point close to the desired destination, for all such possible destinations, is to use applications that encrypt traffic end-to-end. Given that end-to-end encryption is the only means to ensure privacy, this begs the question of the usefulness of any of the other approaches for privacy. In spite of any vulnerability that may exist in WEP, for example, if the data being transmitted within the Ethernet frame is itself encrypted, the would-be WEP cracker gets no information. Is there any reason not to use whatever encryption exists at all points, recognizing that end-to-end encryption is the only approach that actually provides reasonably assured privacy? Why not use WEP and VPN and end-to-end methods? Firstly, each of the privacy methods has significant support costs. Arguably, WEP and VPN are considerably more involved to support, for example, than SSH or SSL. Second, the fact that users are aware of WEP and/or VPN attempts for privacy may make them more lax in ensuring that applications they use have appropriate encryption. Finally, the cost in bandwidth for this approach is substantial. A modest cost for encryption is 20% of bandwidth, resulting in only 83% of the capacity being unencrypted payload. Using thrice encryption at this cost results in the unencrypted payload being less than 58% of the total transmission bandwidth. Authenticating the Network Much emphasis has been placed upon the ability of end-stations to be authenticated to a wireless network. An aspect of wireless network access control that is often over-looked is the ability for the network to authenticate itself to the end-station. The only means to do this with most systems is with the shared-key SSID method, as mentioned above. While this is at least some credential, it suffers from being readily available to the would-be malicious access point operator. This issue has potentially serious security implications, as users will send all traffic to the access point. While there are seldom good solutions to defeating a dedicated malicious user, this example highlights that fact.

10 Conclusion We have discussed how different approaches to wireless network security are applicable in different contexts, but that certain commonalities exist for many campus environments. Notable points we express are: 1. Most of the issues commonly express with wireless networking are not germane to the wireless context but exist in all LANs. 2. Controlling access to the network is more relevant to wireless networking than attempting to ensure privacy. 3. MAC-based methods for access control are easy to implement and support, yet provide a reasonable level of control. 4. The best method for privacy assurance is end-to-end; the network cannot provide effective privacy. 5. WEP has little applicability for campus deployments. The cracking of WEP is irrelevant. 6. The only reasonably secured host is one that is kept turned unplugged in a bank vault.

11 References 1. Link to standard 2. Link to UC Berkeley WEP crack paper 3. Link to MD WEP crack paper Tgi x ( 17.txt) 7. Wireless VPN Performance Tests