Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Transcription

1 Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. [email protected] Computer Engineering Department Kasetsart University, Bangkok, Thailand Security Characteristics W Security Security Threats W security management TCP/IP Protocol Suite ( Model) Security for TCP/IP 5 Applications User service and interface 5 Applications Application layer security protocols Secure Http (Https) Transport Process delivery + Error (TCP/UDP) Reliable end-to-end (whole message) Transport VPN + Secure Socket Layer (SSL), Transport Layer Security (TLS) Network Move packets from source to destination Packet end-to-end (across network) Network IPsec + Layer Tunnel (Changeable fields, e.g. TTL) Data Link Provide frames Node-to-node (same network segment) Data Link Encryption for set of MACs (Not all the frame, e.g. header) Physical Transmission bit streams (mechanical and electrical spec) Physical Encryption all bit streams (Point-to-point, banking) Car Security Story Break/gear/Steering Wheel Lock Avoid cars that have lock Break windows + tools (hammer/screw driver) Alarm system implemented Scan the keychain frequency Cut off the alarm signal Try to bypass/disable, not to break the encryption Agenda Security Characteristics W Security Security Threats W security management 5 6

2 W Security Non-Cryptographic Security Scheme Cryptographic Security Scheme Non-Cryptographic Security Scheme Closed W Omit SSID in the Beacon MMPDU frame Easy to eavesdrop and know MAC Filtering Access list of MAC Spoof MAC Screen out baby or Casual attacker 7 8 Cryptographic Security Scheme User Authentication Message Authentication/Verification Message Encryption User Authentication Prove the user s identity Key for authentication Correct key valid user?? Spoof attacker has the key Need cryptographic 9 0 Message Authentication/Verification Encrypt the message before send A hash function (Integrity Check Value, ICV) Arbitrary input fixed-length output (hash) Cyclic Redundancy Check (CRC) Message Digest 5 (MD-5) Secure Hash Algo. No. (SHA-) [60 bits] SHA-56, 8, 5 [bits] Header frame/data frame/key Verifying that message is not modified Message Encryption Encapsulation Cryptographic encryption algorithm Block-oriented cipher Data Encryption Standard (DES) / Triple DES Advanced Encryption Standard (AES) RC-, RC-5, RC-6, etc. Stream-oriented cipher RC- Key length

3 Message Encapsulation Data Data Encryption Algo. ICV generator ICV Data ICV Built-in W Security Wired Equivalent Privacy (WEP) Provides encryption based on RC- cipher 80.x Provides authentication using Extensible Authentication Protocol (EAP) Wi-Fi Protected Access (WPA) Uses dynamic keys and advanced encryption 80.i Advanced encryption and authentication WEP Wired Equivalent Privacy (WEP) Goal: protecting air traffic as wired traffic Strong enough for casual eavesdropping WEP deploys RC (RSA Security) Provides 6-8 bit encryption Privacy Controlling personal info. not too widely spread out Confidentiality Preventing others to understand our communications Plain Text WEP Block Diagram Initialization Vector (IV) -bit Secret Key (0-bit or 0-bit) Pseudo-Random Number Generator RC- Integrity Algorithm (CRC-) + Integrity Check Value (ICV) Key Sequence Bitwise XOR IV Cipher Text 5 6 WEP Encapsulation WEP Key IV IV Data Data ICV Encryption Algo. ICV generator Data ICV MSDU CRC- of MSDU Based on Exclusive-OR Operation Encryption C = P K Decryption P = C K Interesting Properties P = C K = (P K) K = P (K K) = P Can re-create keystream can decrypt a frame 7 8

4 WEP Issues Weak Point is IV not RC- Static encryption keys must be changed manually Attacker s tools: Airsnort, Yellowjacket, Airfart Encryption keys can be cracked in seconds Default setting is OFF 9 80.x A New Hope Provides secure access using port control Uses EAP (Extensible Authentication Protocol) Supports Kerberos, smart cards, one-time passwords, and so on Components required: Wireless device AP Authentication server, typically Remote Authentication Dial-in User Service (RADIUS) 0 How 80.x Works Wireless Device Access Point Authentication Server (RADIUS) User requests connection AP requests user ID User sends ID AP requests user credentials User sends AP credentials AP confirms credentials AP requests RADIUS connection for user RADIUS asks for credentials AP sends credentials to RADIUS RADIUS confirms credentials If credentials are correct, user is given access to the network through the AP, according to policies enforced by the authentication server 80.x The Downside Only does authentication Encryption is still required If used with WEP, the encryption keys are still static even though the authentication keys change Authenticator and device must use the same authentication method Only supports client-level authentication Wi-Fi Protected Access (WPA) 80.X TKIP and AES WPA Wi-Fi Protected Access (WPA) WPA = 80.X + TKIP WPA requires authentication and encryption 80.X authentication choices include LEAP, PEAP, TLS WPA has strong industry supporters Adds to 80.X and TKIP Widespread adoption of WPA will add robust security and remove the security issue from the W industry WPA will become accepted as the standard

5 Temporal Key Integrity Protocol (TKIP) TKIP Based on RC Effective patch for WEP Dynamic key management (based on 80.x) Initialization vector sequencing Rapid re-keying Per-packet key hashing Feature Comparison 80.i Mutual authentication Dynamic session key Message Integrity Check (MIC) Temporal Key Integrity Protocol (TKIP) Future Stronger encryption schemes, such as AES i and WPA Uses 80.x authentication Uses Temporal Key Integrity Protocol (TKIP) to dynamically change encryption keys after 0,000 packets are transferred Uses Advanced Encryption Standard (AES) encryption, which is much better than WEP A subset of 80.i, Wi-Fi Protected Access (WPA) is available as a firmware upgrade today 9 80.i and WPA Pitfalls Keys can be cracked using much less than 0,000 packets Michael feature shuts down AP if it receives two login attempts within one second. Hackers can use this to perpetrate a DoS attack. 80.i is yet to be released 0 5

6 Agenda Security Characteristics W Security Security Threats W security management Typical W Topology Sniffing Eavesdrop network traffic SSID broadcast is full text Spoofing Impersonate legitimate device credentials, like MAC address Jamming Introduction of radio signals that prevent W operations Session Hijacking Hacker disconnects the legitimate user but makes AP think that user is still connected 5 6 6

7 DoS Flood the network with useless traffic (e.g.repeated login requests) and eventually shut it down Man in the Middle All W traffic from devices is passed through the rogue device Lack of strong AP level authentication 7 8 War Driving in Southern Cal. WarDriving Driving around town looking for unprotected W connections to get access Agenda Security Characteristics W Security Security Threats W security management Wireless Security Concerns Management of device security Corruption of data sent to wireless devices Malicious code (viruses, Trojans, worms) Unauthorized users Confidentiality of data sent wirelessly Security of data stored on a handheld device 7

8 W security management Open Access No WEP Broadcast Mode Basic Security 0-bit, 8-bit, 56-bit Static Encryption Key Enhanced Security Dynamic Encryption Key / Scalable Key Management Mutual 80.x/EAP Authentication TKIP/WPA Traveling Security Wireless Policy Issues Policy needs to dictate permitted services and usage Needs a means of identifying and enforcing wireless policies Existing organization security policies need to be updated to cater to wireless security issues Policy needs to indicate how access will be controlled, for instance, time of day Virtual Private Network (VPN) Wireless Policy Issues All access needs to be logged User compliance and standards enforcement Centralized control of security policies Wireless intrusion alert issues Process to update client software levels Intrusion detection policies Knows Your Organization Process Management and Standards Weakness Audits and Controls, and IDS Application Security Weakness User Involvement, Awareness and Roles Client Security Key Password Quality User and Key Administration Weakness Environment Integrity and Robustness Strength Network Security and Technology Issues 5 6 More Secure W Topology Client Differentiation 80.Q wired network with Vs Channel: SSID: Laptop V: Channel: 6 SSID: PDA V: Channel: SSID: Phone V: RADIUS 7 8 8

9 Client Differentiation Conclusions 80.Q wired network with Vs SSID: Laptop V: SSID: PDA V: SSID: Phone V: 9 Wireless technology is becoming embedded Notebooks, PDAs, cell phones, etc. W is currently unsecure 80. WEP security is insufficient for the enterprise 80.i and WPA offer great improvements People, processes, policies and architecture are required to deploy W securely 50 References Who s Watching Your Wireless Network? by Ian Hameroff, Computer Associates, etrust Security solutions, CA World 00 Wireless Configuration and Security Issues by Greg Gabet, IBMGS, CA world 00 Addressing the Challenges of Adopting Secured Mobility in the Enterprise by Hans-Georg Büttner, Ernst & Young IT-Security GmbH, Germany, CA World 00 Wireless Local Area Network Security by Robert Simkins, University of Derby, UK References A Field Guide to Wireless s for Administrators and Power Users by Thomas Maufer, Prentice Hall, 00 Security Flaws in IEEE 80. Data Link Protocols, By Nancy Cam-Winget, Russ Housley,David Wagner, and Jesse Walker, COMMUNICATIONS OF THE ACM May 00/Vol. 6, No. 5, pp 5-9 (