12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust



Similar documents
Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security in IEEE WLANs

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 6 CDMA/802.11i

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

CS 356 Lecture 29 Wireless Security. Spring 2013

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

How To Secure Wireless Networks

Wireless security. Any station within range of the RF receives data Two security mechanism

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

The next generation of knowledge and expertise Wireless Security Basics

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Wireless Networks. Welcome to Wireless

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

Analysis of Security Issues and Their Solutions in Wireless LAN 1 Shenam Chugh, 2 Dr.Kamal

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

Recommended Wireless Local Area Network Architecture

Chapter 2 Wireless Networking Basics

Security in Wireless Local Area Network

Computer Networks. Secure Systems

WIRELESS NETWORKING SECURITY

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Wireless Security for Mobile Computers

Wireless Encryption Protection

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Security in Wireless and Mobile Networks

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

Cornerstones of Security

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2002): 15 Wireless LAN Security 1 Dr.-Ing G.

Link Layer and Network Layer Security for Wireless Networks

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)


Wi-Fi Client Device Security and Compliance with PCI DSS

CS549: Cryptography and Network Security

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Your Wireless Network has No Clothes

Wireless LAN Security Mechanisms

Network Access Security. Lesson 10

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

WIRELESS NETWORK SECURITY

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

EXAM questions for the course TTM Information Security May Part 1

Netzwerksicherheit: Anwendungen

Linux Access Point and IPSec Bridge

Chapter 2 Configuring Your Wireless Network and Security Settings

Configuring Security Solutions

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Wireless Technology Seminar

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Authentication in WLAN

Cisco SAFE: Wireless LAN Security in Depth

Particularities of security design for wireless networks in small and medium business (SMB)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

chap18.wireless Network Security

m-trilogix White Paper on Security in Wireless Networks

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Chapter 10. Network Security

Network Security Technology Network Management

Client Server Registration Protocol

Applying of Security Mechanisms to Low Layers of OSI/ISO Network Model

Certified Wireless Security Professional (CWSP) Course Overview

Topics in Network Security

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Distributed Systems Security

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Chapter 7 Transport-Level Security

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Lecture 3. WPA and i

Overview. SSL Cryptography Overview CHAPTER 1

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

Wi-Fi Client Device Security & HIPAA Compliance

Developing Network Security Strategies

Wireless Security. Jason Bonde ABSTRACT. 2. BACKGROUND In this section we will define the key concepts used later in the paper.

Securing Network Print Jobs

Wireless VPN White Paper. WIALAN Technologies, Inc.

Transcription:

Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or a building Infrared limited to a room Traditional wireline networks benefit from physical security Access to the wire is required to gain information Switched networks further reduce exposure Sniffing is easy Mobility Makes it Difficult to Establish Trust A mobile user must connect to a network component (e.g., an access point) that is physically hidden Problem on both home and foreign networks Mobility on foreign networks -- service providers are unknown and, perhaps, not trusted Access points Foreign agents DHCP servers Is this my AP? 1

Lack of Infrastructure Lack of security infrastructure Authentication servers Certificate authorities Unknown nodes providing service Intermediate nodes for ad hoc routing Can intermediate node be trusted? System Design Issues Mobile form factor Desire low power consumption Minimize computation Minimize network communication Constrained by low processing capabilities Constrained by limited link capacity Need cryptographic and other security-related algorithms to be simple Need to minimize communications overhead for security protocols Secure Communications (1) Privacy or confidentiality The intended recipients know what was being sent but unintended parties cannot determine what was sent Requires some form of encryption and decryption Encryption at the sender Decryption at the receiver using a public or private (secret) key to decode the encrypted information Authentication Confirms the identity of the other party in the communication Assures that The claimed sender is the actual sender The claimed receiver is the actual receiver 2

Secure Communications (2) Message integrity and non-repudiation Data integrity data is transmitted from source to destination without undetected alteration Non-repudiation prove that a received message came from a claimed sender Availability and access control Ensures availability of resources for the intended users Controls access to resource Link Versus End-to-End Security End-to-End Security Link Security End-to-end security Provided by network (e.g., IPsec), transport (e.g., SSL), and/or application layer (e.g., application-specific) Link security Provided by link layer (e.g., IEEE 802.11 WEP, WPA, or IEEE 802.11i) Cryptography Plaintext K A Ciphertext K B Plaintext Encryption Decryption Symmetric (private) key cryptography Sender and receiver keys are identical (K A = K B ) Asymmetric (public) key cryptography Sender (encryption) key (K A ) is public Receiver (decryption) key (K B K A ) is private 3

Public Key Cryptography Unlike a private key system, one can publish the key for encryption in a public key encryption system K B + Public key Plaintext Ciphertext K B - Private key Plaintext Encryption Decryption m K B + (m) m = K B - (K B + (m)) Authentication with Private Key Cryptography Authentication can be implemented with symmetric (private) key cryptography A B encrypt Claim A R Generate a one-time nonce K(R) decrypt R Authentication with Public Key Cryptography Use of public key avoids shared key problem Vulnerable to man-in-the-middle attack A Claim A R K A - (R) Key Request K A + B K A + : A s public key K A - : A s private key Sender must have used private key of A, so it is A Compute K + A (K - A (R)) = R 4

IEEE 802.11 Security Security was not thoroughly addressed in the original IEEE 802.11 standard Based on Wired Equivalent Privacy (WEP) Objective is to not compromise security when compared to a standard wired LAN (e.g., Ethernet) Evolution Long-term: IEEE 802.11i Short-term: WiFi Protected Access (WPA) IEEE 802.11: Authentication (1) IEEE 802.11 supports two authentication schemes Open system authentication Shared key authentication Authentication management frames used in a transaction to establish authentication Authentication algorithm number Authentication transaction sequence number Status code Deauthentication management frame sent to terminate an association Reason code IEEE 802.11: Authentication (2) Open system authentication is really just a placeholder for systems that do not wish to implement true authentication One station asserts its identity The other station responds with success Shared key authentication Both stations must have a copy of a WEP key Station proves identity by encrypting and returning challenge text 128-bit challenge text based on RC4 stream cipher Shared key authentication only authenticates the station to the AP, not the AP to the station! 5

IEEE 802.11: Shared Key Authentication Uses private key authentication scheme shown earlier STA AP Encrypted using shared WEP key identity assertion identity assertion/ challenge text encrypted text success/failure 128-bit one-time nonce Decrypted using shared WEP key IEEE 802.11: Deauthentication A station can terminate an authentication association with another station by sending that station a deauthentication frame Contains just a reason code, e.g., sending station is leaving the BSS or ESS IEEE 802.11: Privacy Based on Wired Equivalent Privacy (WEP) MAC at sender encrypts frame body of data frames Headers and non-data frames are not encrypted Does not protect against data analysis attacks MAC at receiver decrypts and passes data to higher level protocol Uses RC4 symmetric stream cipher Same key at sender and receiver Can be applied to variable length data Key distribution not addressed in standard 6

WEP Data Encryption Host/AP share 40-bit symmetric key Semi-permanent WEP key May be longer (e.g., 128 bits) Host appends 24-bit initialization vector () for each frame to create a 64-bit key 152-bit key with 128-bit WEP key The 64-bit key is used to generate a stream of keys, k i, using RC4 private key stream cipher algorithm Key k i is used to encrypt byte d i in the frame c i = d i XOR k i (XOR is exclusive-or) Initialization vector () and the encrypted bytes, c i, are sent in the frame WEP Encryption at the Sender K S k 1 k 2 d 1 d 2 c 1 Key Sequence Generator c 2 k N k N+1 d N crc 1 c N c N+1 k N+4 crc 4 c N+4 K S = shared WEP key Supports integrity 802.11 Header WEP-encrypted data and CRC WEP Encryption Vulnerability Initialization vectors are 24 bits in length and a new one is used for each frame, so s are eventually reused s are transmitted in plaintext, so reuse can be detected just by packet sniffing Attack An intruder causes a host to encrypt known plaintext, d 1, d 2, d 3, The intruder sees c i = d i XOR k i The intruder knows c i and d i, so it can compute k i The intruder knows encrypting key sequence k 1, k 2, k 3, k 4, The next time that the same is used, the intruder can decrypt 7

IEEE 802.11: Security Weaknesses (1) WEP encryption is flawed, affecting privacy and authentication Static WEP keys leave encryption vulnerable Initialization vectors sent in the clear Generation of s may be weak Not specified in the standard All NICs from a vendor may generate the same sequence of s or the may be a fixed value Exposed (revealing part of key) plus weakness of RC4 make WEP vulnerable to analysis Can be broken for a busy network by a contemporary personal computer about 10 hours for sniffing and a few seconds to guess the key IEEE 802.11: Security Weaknesses (2) Integrity check based on CRC Relatively weak compared to a hash or message authentication scheme Introduces vulnerabilities for certain kinds of attacks Unilateral challenge-response used for authentication vulnerable to man-in-the-middle attack Asymmetric authentication Station cannot authenticate AP Key management is not addressed by the standard Very complex task, especially for a large network IEEE 802.11: Security Weaknesses (3) Out-of-the-box default is usually no security Ease of deployment and ease of operation for users Lots of WLANs with no security configured! 8

Improving IEEE 802.11 Security RSA Security s Fast Packet Rekeying WiFi Alliance s WiFi Protected Access (WPA) IEEE 802.11 Technical Group i (IEEE 802.11i) Fast Packet Rekeying Message Integrity Check function on all WEPencrypted data frames Generates a unique key to encrypt each network packet on the WLAN Hashing technique (known by sender and receiver) used to rapidly generate per packet keys Per-packet key is based on fixed WEP key The IEEE 802.11 group has approved fast packet rekeying as a fix for some WEP security weaknesses WiFi Protected Access WiFi Protected Access (WPA) is intended as a near-term solution to the IEEE 802.11 security problem Software-only updates requires update to AP firmware and NIC driver A subset of the more extensive IEEE 802.11i techniques Based on two main functions 802.1x port-based access control Temporal Key Integrity Protocol (TKIP) 9

IEEE 802.1x Port-Based Access Control Allows use of upper-layer authentication protocols AP and station can authenticate each other Integrates with IETF s Extensible Authentication Protocol (EAP) See RFC 2284 Authentication can be On the AP Use a backend server, e.g., with RADIUS Allows use of session keys 802.1x keys can be changed each session Standard WEP keys are semi-permanent Temporal Key Integrity Protocol Extends the initialization vector () space beyond 24 bits Uses key construction for each packet Improves cryptographic integrity check beyond CRC used in WEP Supports key derivation and distribution IEEE 802.11i IEEE 802.11i also known as Robust Security Network (RSN) Longer-term solution (but should be available very soon) Requires hardware replacements for APs and NICs Superset of WPA includes IEEE 802.1x port-based access control Temporal Key Integrity Protocol (TKIP) Includes support for Advanced Encryption Standard (AES) for confidentiality and integrity 10

Advanced Encryption Standard The Advanced Encryption Standard (AES) is published by NIST as the successor to Data Encryption Standard (DES) Operation 128-byte blocks of data (cleartext) 128-, 192-, or 256-bit symmetric keys NIST estimates that a machine that can break 56-bit DES key in 1 second would take about 149 trillion years to crack a 128-bit AES key (unless someone is very lucky) Mitigating Risk Management countermeasures For example, standardizing AP settings and controlling use of WLANs within an organization Operational countermeasures For example, controlling coverage area of APs Technical countermeasures Access point configuration Firmware and software updates Personal firewalls Intrusion detection systems (IDS) Maximizing WEP key length Security audits Virtual private networks Virtual Private Networks VPN Tunnel Link Security VPN Server Using a VPN (e.g., based on IPsec) above the WLAN provides the security present in the environment of the VPN server 11

Mobile Networks Security vulnerabilities in Mobile IP Rogue Foreign Agents Impersonating a Home Agent Impersonating a Mobile Host to redirect traffic Reducing security to enable Mobile IP router at foreign network Security vulnerabilities in mobile ad hoc networks (MANETs) Generating faulty routing information Snooping on relayed traffic Refusing to route Power-oriented attacks Summary Examined the basic objectives of security and fundamental approaches to cryptography and authentication IEEE 802.11 security features (which are flawed) Authentication Privacy and integrity Solutions to IEEE 802.11 s security problems WiFi Protected Access (WPA) IEEE 802.11i Robust Security Network (RSN) Higher layer security methods can also address WLAN security problems Other security issues in wireless and mobile systems 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information