Wireless LANs and Privacy. Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And



Similar documents
Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Wireless LAN Security Mechanisms

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Security in IEEE WLANs

Wireless security. Any station within range of the RF receives data Two security mechanism

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Your Wireless Network has No Clothes

The next generation of knowledge and expertise Wireless Security Basics

Chapter 6 CDMA/802.11i

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

IEEE 802.1X For Wireless LANs

IEEE 802.1X Overview. Port Based Network Access Control

Tutorial 3. June 8, 2015

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Distributed Systems Security

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

Wireless security (WEP) b Overview

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

HIPAA Security Considerations for Broadband Fixed Wireless Access Systems White Paper

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003

Authentication in WLAN

Chapter 2 Wireless Networking Basics

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

CSC574: Computer and Network Security

Security in wireless networks:

WIRELESS NETWORK SECURITY

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

Wireless Networks. Welcome to Wireless

The Importance of Wireless Security

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Linux Access Point and IPSec Bridge

WLAN and IEEE Security

WIRELESS NETWORKING SECURITY

A Comprehensive Review of Wireless LAN Security and the Cisco Wireless Security Suite

WIRELESS SECURITY IN (WI-FI ) NETWORKS

CS 356 Lecture 29 Wireless Security. Spring 2013

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

How To Protect A Wireless Lan From A Rogue Access Point

m-trilogix White Paper on Security in Wireless Networks

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

CS549: Cryptography and Network Security

Wireless Network Standard and Guidelines

Wireless Security: Token, WEP, Cellular

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Wireless LAN Security I: WEP Overview and Tools

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Netzwerksicherheit: Anwendungen

Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures

WHITE PAPER. WEP Cloaking TM Maximizing ROI from Legacy Wireless LAN

A Security Analysis of the Wireless Networks (IEEE )

Basic Security. Security Service. Authentication. Privacy. Authentication. Data privacy & Data integrity

Advanced Security Issues in Wireless Networks

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

HANDBOOK 8 NETWORK SECURITY Version 1.0

802.11b Wireless LAN Authentication, Encryption, and Security

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

Security in Wireless Local Area Networks

Wi-Fi in Healthcare:

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Security design for a new local area Network AULWLAN

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Chapter 10 Security Protocols of the Data Link Layer

Security in Wireless Local Area Network

NAVAL POSTGRADUATE SCHOOL THESIS

WLAN standards and Wireless networking security

Wireless LAN Security In a Campus Environment

Key Management (Distribution and Certification) (1)

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Secure Wireless Access to a Campus Network

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

The Misuse of RC4 in Microsoft Word and Excel

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Wireless Security with Cyberoam

Keywords: WLAN, IEEE g, VPN, OpenVPV, Security.

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Industrial Communication. Securing Industrial Wireless

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

Wireless Encryption Protection

SecureAge SecureDs Data Breach Prevention Solution

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

2. WLAN SECURITY MECHANISMS AND PROTOCOLS 1. INTRODUCTION

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

ACC , Cisco Systems, Inc. All rights reserved.

Wireless Security. Jason Bonde ABSTRACT. 2. BACKGROUND In this section we will define the key concepts used later in the paper.

WIRELESS LAN SECURITY AND LABORATORY DESIGNS *

Transcription:

Wireless LANs and Privacy Ido Dubrawsky Network Security Engineer Cisco Secure Consulting Services Cisco Systems, Inc. And Lance Hayden Business Development Manager Cisco Secure Consulting Services Cisco Systems, Inc. Abstract Wireless networks are a relatively new technology in the LAN market. Defined in the IEEE 802.11b standard, wireless LANs present a challenge to enterprise networks because of the poorly designed security set forth in the 802.11b standard. In the past year and a half several groups have identified significant weaknesses in the 802.11b security model. From replay attack susceptibility to outright access the Wired Equivalent Privacy (WEP) defined in 802.11b creates significant problems for wireless LANs. With the weak encryption and security defined in the IEEE standard, wireless LANs, when improperly deployed or administered, can provide a significant risk to those economic sectors which are particularly sensitive to privacy information leaking out of the network. These sectors include health-care, government, and banking in particular. Another area of concern stems from the fact that wireless networks are not governed by the same physical constraints as wired networks and the status of private information leaked into a public area has yet to be determined. Background Wireless LANs are defined by the 1997 IEEE 802.11b standard. This standard provides for an 11Mbps network in the unregulated 2.4GHz frequency ISM band (Industrial, Scientific, and Medical) band. Wireless networks provide customers the ability to network users without the network cabling. This allows users to roam about a building while remaining constantly connected to the network a significant convenience. Service providers have begun implementation of wireless networks in public places such as airports, hotel chains, and even the ubiquitous Starbucks coffee house. Similar to their wired counterparts, wireless networks use a collision avoidance technique to prevent two wireless devices to transmit at the same time. In order to provide a measure of security and privacy in wireless networks the IEEE 802.11b specification provides for an encryption scheme to prevent casual eavesdropping. This specification is termed the Wired Equivalent Privacy (WEP) and utilizes the RC4 encryption algorithm.

Growing Privacy Concerns The concept of privacy is an issue that is growing in the network and security fields, and represents an evolution of traditional data protection into a more contextual framework. Personal Information (PI) regarding individuals and groups predates electronic information systems, but with the advent of networking technologies, PI has come to be more widespread and more accessible for a variety of purposes. The Personal Information Record (PIR) represents the sum total of PI available for any particular individual or group, whether that information exists on an individual server, a corporate database, or locally within a personal computer, personal digital assistant, or cell phone. Protecting PI and individual PIR information from abuse and exploitation has become the focus of government and industry action. Several pieces of legislation, including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the European Union Privacy Directive have sought to put controls around the collection, transmission, and dissemination of defined PI and PIR elements. In addition to formal legislation and regulation, industry best practices to prevent identity theft and unauthorized disclosure of PI have been developed and explored as a way to boost consumer confidence and create market differentiators in e-commerce transactions. The nature of wireless networking holds the potential of opening traditional closed network infrastructures for purposes of convenience and availability. However, in opening such network access, maintaining the privacy of information stored and transmitted over these networks represents a strong challenge to vendors, implementers, and governmental oversight agencies. Privacy today represents a fundamental due diligence issue for organizations. Existing legislation, regulation, and industry best practices do not recommend specific technologies at a granular level, nor are any particular technologies identified as being unsuitable for the protection of PI or PIR data within a networked infrastructure. However, it becomes incumbent upon the organization to identify, implement, and document their reasonable efforts to secure and protect all information entrusted to their care, including PI. WEP Overview A plaintext message is input into the WEP process and has a CRC-32 Integrity Check Value (ICV) over the message. This value is then concatenated to the end of the plaintext message. A 40-bit secret key, distributed through an out-of-band method, along with a 24-bit Initialization Vector (IV) is used as input to the Key Scheduling Algorithm of the RC4 algorithm. The output from the KSA is then input in to the Pseudo Random Number Generator (PRNG) of RC4 and a keystream is then output. This keystream is XOR ed with the plaintext message/icv combination to derive the ciphertext message. This message is then prepended with the IV used to derive the keystream and encapsulated within a data frame and transmitted. By prepending the IV to the ciphertext

message WEP is self-synchronizing. The recipient station (whether it is a wireless client or an access point) takes the IV from the data frame, appends the shared secret key to the IV and uses it as input into the RC4 Key Scheduling Algorithm (KSA). The output of the KSA is then input into the PRNG to recreate the keystream used to encrypt the message. This keystream is then XOR ed with the ciphertext message to recover the plaintext message/icv combination. At this point a new CRC-32 ICV is calculated over the plaintext message alone and compared to the ICV sent. If the two match then the data has been successfully decrypted and the packet is forwarded on to the final terminus. Figure 1-3 show the WEP encryption process, decryption process, and packet format respectively. Initialization Vector (IV) Secret Key Seed PRNG Key Sequence IV Ciphertext Plaintext Integrity Algorithm (CRC-32) Plaintext/ICV Figure 1 WEP Encryption Process (source: 1997 IEEE 802.11b standard) Plaintext/ICV Initialization Vector (IV) Seed PRNG Key Sequence Plaintext Secret Key IV Ciphertext ICV Integrity Algorithm (CRC-32) Plaintext Figure 2 WEP Decryption Process

Figure 3 WEP Data Format WEP Shortcomings In 2000 and 2001 several research groups began publishing work detailing significant problems with the WEP specification as defined in the 802.11b standard. Among one of the first things noted by various groups was that the original specification of a 64-bit encryption key (40-bits for the shared secret, 24-bits for the IV) was insufficient. The standard was amended in 2000 to allow the use of 128-bit keys (104-bits reserved for the shared secret, 24-bits for the IV). One of the first researchers to publish his work was Jesse Walker of Intel. In his October 2000 paper submitted to the IEEE he noted that WEP was flawed regardless of the key size used. He pointed out that even with the larger keys proposed in the amendment to 802.11b an attacker would still be able to gain access to a network by extracting out the keystream used to encrypt traffic and use that keystream to encrypt his own traffic which would be accepted by the network.[walk00] In January of 2001 the Internet Security, Applications, Authentication, and Cryptography (ISAAC) group of the Computer Science department at the University of California at Berkeley released their findings detailing several problems with WEP s design as well as possible attacks that could be used against a wireless network. They noted that an attacker could also gain significant information about the wireless network through various attacks including one in which the attacker builds a dictionary of IV-RC4 keystream combinations and then uses IV-keystream combinations to decrypt data in real-time. However, perhaps the greatest problems with WEP originated with the work of Scott Fluhrer of Cisco Systems, Inc., Adi Shamir and Itsik Mantin of the Weizmann Institute in Israel. Their work uncovered two problems with the RC4 encryption algorithm: the first problem with RC4 was the discovery of large classes of weak keys in where a small part of the secret key determines a large number of bits in the Key Scheduling Algorithm output. The Key Scheduling Algorithm (KSA) of RC4 is responsible for taking as input the IV-secret key combination and outputting a seed to be used by the Pseudo Random Number Generator (PRNG) for generating the keystream to be used. The second

Ω Sun E N TE R PR IS E 1 5 0 S D Su n - + - + weakness discovered is related to the first and also involves the KSA. Here Fluhrer, Mantin, and Shamir discovered that when the same secret key is used with numerous different exposed values, an attacker can re-derive the secret part by analyzing the initial word of the keystreams.[fms01] They noted that the concatenation of a secret key with an exposed part as input to the KSA is a common mode of operation of RC4 and is precisely how WEP uses RC4. Using this work another group consisting of John Ioannidis and Avi Rubin of AT&T Research Labs and Adam Stubblefield of Rice University developed a tool to implement just such an attack. At the time of the publication of their work they noted that the same type tool had been independently produced and released as AirSnort. Given these problems vendors began to look for some way to some way to fix WEP in the short term until the IEEE 802.11 Task Group i (TGi) could provide a long-term, permanent solution. Many vendors settled on incorporating the Extensible Authentication Protocol (EAP) from the IEEE 802.lx standard. Using EAP, vendors could eliminate static secret keys and require that user authentication and not knowledge of a static key would drive access to the wireless LAN. Cisco Systems, Inc. incorporated EAP into their solution, but with a slight twist and called it LEAP (Lightweight Extensible Authentication Protocol). Using EAP/LEAP, a wireless user must first authenticate to a RADIUS server over an uncontrolled connection. This connection only allows authentication to occur, all other traffic is blocked. Once the user is authenticated the user is provided a dynamic WEP key and communication with the network then continues over a controlled connection. EAP/LEAP authentication is shown in Figure 4. Access Point supplicant EAPoL Start EAPoL EAP-Request/Identity Ethernet Access Blocked RADIUS-Access-Request RADIUS server RADIUS EAP-Response/Identity RADIUS-Access-Challenge EAP-Request EAP-Response (credentials) RADIUS-Access-Request EAP-Success RADIUS-Access-Accept Access Allowed Figure 4: EAP over LAN (EAPoL) Authentication Process

While the technical challenges of WEP are one problem with Wireless LANs other problems stem from the deployment of the wireless access points. As mentioned earlier, WLANs do not obey many of the same physical restrictions as their wired counterparts. Wireless networks can easily go well beyond the physical parameters of the buildings they are located in and because of that they provide many different enterprise customers with significant challenges. Because wireless traffic is predominantly limited by line-ofsight issues attackers need not be physically within the building much less near the target network in order to monitor traffic in the network. This poses significant problems to industries such as health-care and banking are looking for ways to deploy lower cost networks like wireless networks in their facilities. Privacy Threats Vulnerabilities and attacks such as those outlined above can represent a fundamental threat of disclosure for protected PI within a network. A privacy breach is defined as a disclosure of defined PI in violation of established restrictions on such disclosure. These restrictions may include governmental restrictions based upon legislation and regulation, self-imposed restrictions based upon an organization s established privacy and security policies, and de facto restrictions resulting from market perception of privacy and reasonable expectations of due diligence on the part of an organization entrusted with PI. To cite a specific example, proposed security regulations developed by the US Department of Health and Human Services under HIPAA require that any PI defined by HIPAA be encrypted for transmission across public or private networks. In the case of a health care organization implementing a wireless network infrastructure, care must be given to ensure that any personally identifiable health information accessible over the wireless network be protected with appropriate cryptographic controls. Similarly, the proposed regulations stipulate that authentication, access control, and logging mechanisms be in place around healthcare PI as well. The threat of interception or eavesdropping on a wireless implementation, or the use of a wireless network to compromise and gain access to other physical networks within an organization add a new dimension to securing these infrastructures. The repercussions of a privacy breach can quickly outpace repercussions for a security incident, and in fact a security incident in which PI is compromised can escalate into a privacy breach should that information be disclosed in violation of established restrictions. Regulatory penalties, as well as the very real threat of litigation on behalf of victims of privacy disclosures, can add a highly undesirable force multiplier effect should a system be compromised. Privacy Recommendations for Wireless Deployments Building privacy into a wireless deployment does not significantly differ from incorporating privacy into traditional network environments. Organizations with privacy

restrictions in place (governmental, self-imposed, or de facto) should review their privacy posture in relation to these restrictions and their business and risk models. Every networking technology carries with it security risks, and the contextual extension of these risks can develop into privacy vulnerabilities. However, a robust underlying security architecture is necessary for the real-world implementation of higher level privacy infrastructures. Wireless deployments should be incorporated into these security architectures and subject to the same controls and protections. Where specific regulations are involved, such as HIPAA, the organization should take care to ensure that all necessary or required controls exist to protect access to and dissemination of PI over the wireless network. In order to meet the necessary privacy requirements set out by governmental regulations or industry standards enterprises wishing to implement wireless technologies should ensure end-to-end encryption of traffic. Given the fact that the IEEE 802.11b implementation of privacy through WEP is insufficient the question remains as to how to address this deficiency. VPN solutions come to the forefront of potential solutions fairly quickly. By utilizing a VPN in all end-to-end communications between stations on the wireless network enterprises can, in fact, deploy wireless networks within their organizations. The implementation should meet the following three requirements: No communication between stations on a wireless network that does not traverse the VPN tunnel All devices on the wireless network should be hardened to prevent an attacker from breaking in to the device Strong authentication for all wireless clients using one-time passwords, token cards, or a public-key infrastructure By encrypting traffic within IPSec VPN tunnels, an attacker can compromise the WEP encryption and still not gain any benefit or cause any compromise of PI or any PIRs. Similarly, if the wireless clients are hardened against an attack the likelihood of a successful compromise of a host and subsequent compromise of any PI decreases. Wireless technologies can face inherent technical vulnerabilities when improperly deployed or administered. However, these technologies do not represent a specific threat to privacy any more than other technologies, and have not as yet been specifically addressed in existing legislation and regulation. Privacy represents a higher level, information flow discipline that extends to roles, definitions, collection, and disclosure of specifically defined, often industry specific, personal information. Wireless networks will simply serve as another avenue of access to this information. Understanding information flow across these infrastructures, combined with established restrictions on PI access, transmission, and dissemination, should drive any potential deployments of these new technologies.

[FLUH01] Scott Fluhrer, Itsik Mantin, and Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4, Eighth Annual Workshop on Selected Areas in Cryptography, August 2001. [WALK00] Jesse Walker, Unsafe at any key size; An analysis of the WEP encapsulation, IEEE Document: 802.11-00/362, October 2000.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information