UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security

IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop a protocol & transmission specifications for wireless LANs (WLANs) since then demand for WLANs, at different frequencies and data rates, has exploded hence seen ever-expanding list of standards issued 2

IEEE 802 Terminology A c c e ss p o in t ( AP ) B a s i c s e r vi c e se t ( B S S ) C o o r di n a t io n f un c t i on D i s t ri b u t io n s ys t e m ( D S ) E x t e nd e d se r v i ce s e t ( E S S ) M A C pr o t o co l d at a u n i t ( M P D U) M A C se r v i ce d a ta u n it ( M S D U) S t a t io n A n y en t i t y t h a t h a s s t a t io n f u n c ti o n a li t y an d p ro v i d es a c c e ss t o t h e di s t r ib u t i on sy s t e m v i a t h e wi r e l es s m e d i um f o r a s s oc i a t ed s t at i on s A s e t o f st a t i on s c on t r o ll e d b y a s i n gl e c oo r d i na t i o n f u n c ti o n T h e lo g i c al f u nc t i o n t h a t d et e r m in e s wh e n a s t a ti o n o p e r at i n g w i t h in a BS S i s p er m i t te d t o t r a ns m i t a n d m a y be a b le t o r e c e iv e P DU s A s y st e m us e d to i n te r c o nn e ct a se t o f B S S s a n d i n t e gr a t e d L A N s t o cr e a t e a n E S S A s e t o f on e o r m o r e i n t er c on n e c te d B SS s a nd i n t e gr a t e d L A N s t h a t a p p ea r a s a s i n g le B S S t o th e L LC l a y e r a t an y s ta t i o n a s s oc i at e d wi t h on e o f t h e se B S Ss T h e un i t of d a ta e x ch a n g ed be t w e en t w o p e e r M A C e n t i te s u si n g th e s er v i c es of t h e p h y si c a l l a y e r I n f o rm a t i on t h at i s d e l i ve r ed a s a u n it b e tw e e n M A C u s e r s A n y de v i c e t h a t c o n ta i n s a n I E E E 8 0 2. 11 c o nf o r m an t M AC a n d ph y s i ca l l ay e r 3

Wi-Fi Alliance 802.11b first broadly accepted standard Wireless Ethernet Compatibility Alliance (WECA) industry consortium formed 1999 to assist interoperability of products renamed Wi-Fi (Wireless Fidelity) Alliance created a test suite to certify interoperability initially for 802.11b, later extended to 802.11g concerned with a range of WLANs markets, including enterprise, home, and hot spots 4

IEEE 802 Protocol Architecture 5

Network Components & Architecture 6

IEEE 802.11 Services 7

802.11 Wireless LAN Security wireless traffic can be monitored by any radio in range, not physically connected original 802.11 spec had security features Wired Equivalent Privacy (WEP) algorithm but found this contained major weaknesses 802.11i task group developed capabilities to address WLAN security issues Wi-Fi Alliance Wi-Fi Protected Access (WPA) final 802.11i Robust Security Network (RSN) RSN is commonly called WPA2 8

RNS Glossary EAP: Extensible Authentication Protocol A collection of many different alternative authentication protocols TKIP: Temporal Key Integrity Protocol CCMP: Counter Mode with CBC MAC Protocol CBC: Cipher Block Chaining MAC: Message Authentication Code MIC: Message Integrity Code (same as MAC) AS: Authentication Server PSK: Pre-shared key MSK: Master Session Key PMK: Pair-wise Master Key PTK: Pair-wise Transient Key KCK: Key Confirmation Key KEK: Key Encryption Key TK: Temporal Key GMK: Group Master Key GTK: Group Temporal Key 9

802.11i RSN Services and Protocols 10

802.11i RSN Cryptographic Algorithms 11

802.11i Phases of Operation 12

802.11i Discovery and Authentication Phases 13

IEEE 802.1X Access Control Approach 14

802.11i Key Hierarchy 15

Robust Security Network via 802.1X PTK (Pairwise Transient Key 64 bytes) 16 bytes of EAPOL-Key Confirmation Key (KCK) Used to compute MIC on WPA EAPOL Key message 16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the 'Key Data' field) to the client (for example, the RSN IE or the GTK) 16 bytes of Temporal Key (TK) Used to encrypt/decrypt Unicast data packets 8 bytes of Michael MIC Authenticator Tx Key Used to compute MIC on unicast data packets transmitted by the AP 8 bytes of Michael MIC Authenticator Rx Key Used to compute MIC on unicast data packets transmitted by the station Last two only used when TKIP is used.

802.11i Key Management Phase 4-way handshake 17

802.11i Protected Data Transfer Phase have two schemes for protecting data Temporal Key Integrity Protocol (TKIP) s/w changes only to older WEP adds 64-bit Michael message integrity code (MIC) encrypts MPDU plus MIC value using RC4 Counter Mode-CBC MAC Protocol (CCMP) uses the cipher block chaining message authentication code (CBC-MAC) for integrity uses the CTR block cipher mode of operation 18

IEEE 802.11i Pseudorandom Function 19

WPA2-PSK Pre-Shared Key Mode Network traffic encrypted using a 256 bit PMK User enters key (Pairwise Master Key) 64 hex digits 8-63 Printable ASCII characters Takes the passphrase, salts it with SSID of AP, then runs it through 4096 iterations of HMAC-SHA-1 Authentication, Connection, Establishment of PTK and GTK. Similar process as when an AS is present except the PSK is used as the PMK. Creation of PTK and GTK is the same as in Enterprise mode.

Summary have considered: IEEE 802.11 Wireless LANs protocol overview and security Wireless Application Protocol (WAP) protocol overview Wireless Transport Layer Security (WTLS) 21