Wireless Networks. Welcome to Wireless



Similar documents
Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

WLAN and IEEE Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security in IEEE WLANs

WIRELESS NETWORKING SECURITY

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Wireless Security: Secure and Public Networks Kory Kirk

Security Awareness. Wireless Network Security

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Chapter 6 CDMA/802.11i

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Protocol Security Where?

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Wireless security. Any station within range of the RF receives data Two security mechanism

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

SSI. Commons Wireless Protocols WEP and WPA2. Bertil Maria Pires Marques. Dez Dez

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Topics in Network Security

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Distributed Systems Security

chap18.wireless Network Security

WiFi Security Assessments

9 Simple steps to secure your Wi-Fi Network.

Your Wireless Network has No Clothes

PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure

CS 356 Lecture 29 Wireless Security. Spring 2013

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

United States Trustee Program s Wireless LAN Security Checklist

Computer Networks. Secure Systems

The following chart provides the breakdown of exam as to the weight of each section of the exam.

CS549: Cryptography and Network Security

The Importance of Wireless Security

Wireless LAN Security: Securing Your Access Point

Wireless Security: Token, WEP, Cellular

Wireless LAN Security I: WEP Overview and Tools

CSC574: Computer and Network Security

The next generation of knowledge and expertise Wireless Security Basics

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

hacking protocol insecurities

Security in Wireless Local Area Network

Authentication in WLAN

Configuring Security Solutions

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

Network Access Security. Lesson 10

Chapter 2 Configuring Your Wireless Network and Security Settings

Configuring Wireless Security on ProSafe wireless routers (WEP/WPA/Access list)

Link Layer and Network Layer Security for Wireless Networks

Wireless VPN White Paper. WIALAN Technologies, Inc.

Link Layer and Network Layer Security for Wireless Networks

Virtual Private Networks

WPA Migration Mode: WEP is back to haunt you...

SSL A discussion of the Secure Socket Layer

Wireless LAN Security Mechanisms

Securing end devices

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

IEEE Wireless LAN Security Overview

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

How To Secure Wireless Networks

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

WLAN Information Security Best Practice Document


Top 10 Security Checklist for SOHO Wireless LANs

Wireless Security for Mobile Computers

Chapter 2 Wireless Networking Basics

Security in Wireless and Mobile Networks

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Recommended Wireless Local Area Network Architecture

Chapter 17. Transport-Level Security

Nokia E90 Communicator Using WLAN

Ensuring HIPAA Compliance in Healthcare

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Certified Wireless Security Professional (CWSP) Course Overview

Linux Access Point and IPSec Bridge

Chapter 7 Transport-Level Security

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

Chapter 3 Safeguarding Your Network

1 Introduction. 2 Cafe Crack. 1.1 Rogue AP Attack. 1.2 Airsnarf. 1.3 Detecting Rogue APs. References Acronyms

A Division of Cisco Systems, Inc. GHz g. Wireless-G. PCI Adapter with RangeBooster. User Guide WIRELESS WMP54GR. Model No.

Industrial Communication. Securing Industrial Wireless

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Transcription:

Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN) Metropolitan Area Network (MAN) Security concerns Radio signals leaking outside buildings Detection of unauthorized devices Intercepting wireless communications Man-in-the-middle attacks Verification of users Restricting access 11/1/2010 Wireless Networks 2

Types of Wireless Networks Infrastructure Client machines establish a radio connection to a special network Client device, called access point Access points connected to a wired network, which provides a gateway to the internet Most common type of wireless network Peer-to-peer Peer Multiple peer machines connect to each other Typically used in ad-hoc networks and internet connection sharing Peer Client Access Point Wired LAN Peer Peer Client 11/1/2010 Wireless Networks 3 SSID Multiple wireless networks can coexist Each network is identified by a 32-character service set ID (SSID) Typical default SSID of access point is manufacturer s name SSIDs often broadcasted to enable discovery of the network by prospective clients SSIDs are not signed, thus enabling a simple spoofing attack Place a rogue access point in a public location (e.g., cafe, airport) Use the SSID of an ISP Set up a login page similar to the one of the ISP Wait for clients to connect to rogue access point and authenticate Possibly forward session to ISP network Facilitated by automatic connection defaults 11/1/2010 Wireless Networks 4

Eavesdropping and Spoofing All wireless network traffic can be eavesdropped MAC-based authentication typically used to identify approved machines in corporate network MAC spoofing attacks possible, as in wired networks Sessions kept active after brief disconnects If ISP client does not explicitly end a session, MAC spoofing allows to take over that session 11/1/2010 Wireless Networks 5 Captive Portal Protocol DHCP provides IP address Name server maps everything to authentication server Firewall blocks all other traffic Any URL is redirected to authentication page After authentication, regular network services reinstated Client identified by MAC address Used by wireless ISPs Security issues A MAC spoofing and session stealing attack may be performed if client does not actively disconnect A tunneling attack can bypass captive portal if DNS traffic beyond firewall is not blocked before authentication 11/1/2010 Wireless Networks 6

Wardriving and Warchalking Driving around looking for wireless local area networks Some use GPS devices to log locations, post online Software such as NetStumbler for Windows, KisMac for Macs and Kismet for Linux are easily available online Use antennas to increase range Legality is unclear when no information is transmitted, and no network services are used Warchalking involves leaving chalk marks (derived from hobo symbols) on the side walk marking wireless networks and associated information 11/1/2010 Wireless Networks 7 Goals Wired Equivalent Privacy Confidentiality: eavesdropping is prevented Data integrity: packets cannot be tampered with Access control: only properly encrypted packets are routed Design constraints Inexpensive hardware implementation with 90 s technology Compliance with early U.S. export control regulations on encryption devices (40-bit keys) Implementation and limitations Encrypts the body of each frame at the data-link level Legacy IEEE 802.11 standard to be avoided 11/1/2010 Wireless Networks 8

Setup Access point and client share 40-bit key K The key never changes during a WEP session Encryption WEP Protocol Compute CRC-32 checksum of message M (payload of frame) Pick 24-bit initialization vector V Using the RC4 stream cipher, generate key stream S(K,V) Create ciphertext C = (M crc(m)) S(K,V) Client authentication Access point sends unencrypted random challenge to client Client responds with encrypted challenge Transmission Send V C Message Key Stream CRC 11/1/2010 Wireless Networks 9 Message Modification Attack Message modification Given an arbitrary string, we want to replace message M with M M Man-in-the middle replaces ciphertext C with C C ( crc( )) Targeted text replacement Possible if we know position of text in message E.g., change date in email Reason of vulnerability CRC checksum distributes over XOR Not a cryptographic hash function 11/1/2010 Wireless Networks 10

IP Redirection Attack Attacker convinces access point to decrypt packet Method Eavesdrop inbound IP packet Resend packet to external machine controlled by attacker Receive packet decrypted by access point Repeat with outbound packets Guess destination address Within LAN subnet Change destination address Modify original destination D to external machine D controlled by attacker Use above message modification method Change packet checksum Difference between new checksum and old known x x (D H + D L ) (D H + D L ) Guess x x Success after few attempts 11/1/2010 Wireless Networks 11 Reused Initialization Vectors Repeated IV implies reused key stream Attacker obtains XOR of two messages Attacker can recover both message and key stream Recovered key stream can be used by attacker to inject traffic Default IV Several flawed implementations of IV generation E.g., start at zero when device turned on and then repeatedly increment by one Random IV Small length (24 bits) leads to repetition in a short amount of time even randomly generated E.g., collision expected with high probability after 2 12 4,000 transmissions 11/1/2010 Wireless Networks 12

Authentication Spoofing Attacker wants to spoof a legitimate client Does not know the secret key K Can eavesdrop authentication messages Attack Obtain challenge R and encrypted challenge C = (R crc(r)) S(K,V) Compute key stream S(K,V) = (R crc(r)) C Reuse key stream S(K,V) when challenged from access point 11/1/2010 Wireless Networks 13 DEMO: WARDRIVING AND WEP CRACKING 11/1/2010 Wireless Networks 14

Wardriving Tools Netstumbler wifi scanner Antenna for db gain Wireless card with plug and monitor mode GPS (optional) 11/1/2010 Wireless Networks 15 Wardriving Setup The access point and client are using WEP encryption The hacker is sniffing using wardriving tools Hacker WEP-protected WLAN 11/1/20100 Wireless Networks 16

Slow Attack: WEP Sniffing To crack a 64-bit WEP key you can capture: 50,000 to 200,000 packets containing Initialization Vectors (IVs) Only about ¼ of the packets contain IVs So you need 200,000 to 800,000 packets It can take a long time (typically several hours or even days) to capture that many packets 11/1/2010 Wireless Networks 17 Fast Attack: Packet Injection The hacker injects packets to create a more interesting packet Special wireless card driver is necessary to perform injection WEP-protected WLAN Hacker 11/1/2010 Wireless Networks 18

Initialization vector (IV) One for each packet, a 24-bit value Sent in the cleartext part of the message! Small space of initialization vectors guarantees reuse of the same key stream IV Collision: Attack the XOR of the two plaintext messages IV is often very predictable and introduces a lot of redundancy 11/1/2010 Wireless Networks 19 Injection Method Suppose attacker knows one plaintext for one encrypted message, X RC4(X) X Y = RC4(Y) constructing a new message calculating the CRC32 Even without a complete knowledge of the packet, it is possible to flip selected bits in a message and successfully adjust the encrypted CRC We know ARP, reinject it: ARP will normally rebroadcast and generate IVs 11/1/2010 Wireless Networks 20

Reference Nikita Borisov, Ian Goldberg, David Wagner, Intercepting Mobile Communications: The Insecurity of 802.11. MOBICOM, 2001. 11/1/2010 Wireless Networks 21 Wi-Fi Protected Access (WPA) WEP became widely known as insecure In 2005, FBI publically cracked a WEP key in only 3 minutes! Wi-Fi Protected Access (WPA) proposed in 2003 Improves on WEP in several ways: Larger secret key (128 bits) and initialization data (48 bits) Supports various types of authentication besides a shared secret, such as username/password Dynamically changes keys as session continues Cryptographic method to check integrity Frame counter to prevent replay attacks 11/1/2010 Wireless Networks 22

WPA2 WPA was an intermediate stepping-stone Final version: IEEE 802.11i, aka WPA2 Improvements over WPA are incremental rather than changes in philosophy: Uses AES instead of RC4 Handles encryption, key management, and integrity MAC provided by Counter Mode with Cipher Block Chaining (CCMP) used in conjunction with AES WPA2 needs recent hardware to operate properly, but this will get better over time 11/1/2010 Wireless Networks 23 WPA2 Encryption Counter Mode with Cipher Block Chaining Message Authentication Code Protocol Compute a 64-bit message integrity code (MIC) on the plaintext header and the payload using the Michael algorithm Encrypt the payload and MIC Michael is not a strong cryptographic hash function Header Payload MIC Authenticated Encrypted 11/1/2010 Wireless Networks 24

Alternatives and Add-Ons WEP, WPA, and WPA2 all protect your traffic only up to the access point No security provided beyond access point Other methods can encrypt end-to-end: SSL, SSH, VPN, PGP, and so on End-to-end encryption is often simpler than setting up network-level encryption Brown wireless network is unencrypted, but disallows most clear text protocols. (Allows only HTTP, HTTPS, SSH, VPN, IMAPS, POPS.) Brown also provides a WPA network in the CIT Most of these solutions require per-application configuration 11/1/2010 Wireless Networks 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information