CS5490/6490: Network Security- Lecture Notes - November 9 th 2015 Wireless LAN security (Reference - Security & Cooperation in Wireless Networks by Buttyan & Hubaux, Cambridge Univ. Press, 2007, Chapter 1. This chapter also contains a good description of cellular network security.) Issues: - Concerned with security at the link layer. - Easier eavesdropping someone can set up an antenna at the right location and listen to the wireless communication - Easier impersonation untethered access (unlike wired networks) - Protect spectrum/network from unauthorized use The diagram below shows the WEP method that was widely used in the early 2000. In this diagram a link layer frame (containing data and cyclic redundancy check) is encrypted and sent over the wireless link from a mobile station (STA) to an access point (AP).
A property of CRC (Cyclic Redundancy Check): crc(x xor y) = crc(x) xor crc(y) Consider transmitting message M after encrypting it with the key bytes from the RC4 random number generator. A network header has a checksum field so that if the checksum is correct then it means that the header as well as the payload hasn t been corrupted. If the checksum is wrong, then some bits have been changed. Cyclic redundancy check (CRC) is a better checksum method than a simple parity check. Consider an attacker than wishes to change the integrity of the message. The attacker needs to xor [dm crc(dm)] to the original message [M crc(m)] to change the encrypted message M, to (M xor dm) with the correct crc. This is shown as follows: [M crc(m)] xor K xor [dm crc(dm)] can be written as [M crc(m)] xor K xor [dm crc(dm)] The above can be written as: (this is just a reordering of the terms) (M xor dm) [crc(m) xor crc(dm)] xor K Now, using the property crc(x xor y) = crc(x) xor crc(y), crc(m) xor crc(dm) = crc(m xor dm), which is (M xor dm) crc(m xor dm) K Thus someone can change the message, and the CRC is still correct. Another problem: IV is only 24 bits long. This means that you expect the IV to repeat after 2^24 (16 million) possible numbers (worst case). Every encrypted WIFI message uses a new IV. If there is a known m_i, and known c_i, then you know k_i = m_i xor c_i. Now that you know k_i, and the next time that the same IV is used, you can reuse this k_i and figure out the message. Numerical example: 54 Mbps channel, 1 kb packet that you want to encrypt, 16 million possible IV how much time before there is a repeated IV in the worst case? - about 2400 seconds Authentication:
There is a serious problem with this If you snoop R, then you can figure out K by xoring R and c. Summary: Three problems - Poor authentication, IV repeats, and you can change the message and have it integrity protected. IEEE 802.11i - to fix the flaws of WEP -called Robust Security Network (RSN) -use AES instead of RC4 -change the authentication mechanism Problem with transition, there was hardware that was specific to RC4, so it would be difficult to move quickly from one type of hardware to another. What they did was to keep RC4 for a while, and go ahead with changing the authentication mechanism. Optional protocol called Temporal Key Integrity Protocol (TKIP) - immediately adopted by manufactures - this is called WiFi Protected Access (WPA) - temporary standard The final standard is WPA2, which is the same as RSN. The difference between WPA and WPA2 is that RC4 was replaced with AES. The authentication mechanism of WPA2 is based on the IEEE 802.1X standard (which was designed for security in wired LANs). The STA and the Authentication server (AS) mutually authenticate each other using TLS-like protocol. The STA and the AS derive a PMK (pair-wise master key). The AS sends the PMK to the AP using a long-term secret between the AP and the AS. The AP and the STA then ensure that they have the PMK and use the PMK to derive session keys. Public WiFi: Access points route every packet to a special gateway called hotspot controller. The hotspot controller allows only http request to a special page. If the username & password are entered successfully (after possibly paying using a credit card and setting up an account), the IP address is inserted in a white list and packets from this IP address are allowed by the hotspot controller. DoS (Denial-of-service) attacks Reference book: Internet Denial of Service, Attack and Defense Mechanisms, by Jelena Mirkovich et al. Prentice Hall. DoS attack: Ø The goal isn t access or theft of information or services. Ø The goal is to stop the service from operating
To deny service to legitimate users Usually a temporary phenomenon Simple DoS attack Ø One machine overloads another Ø Attack machine must be more powerful Ø Sometimes generating a request is much cheaper than formulating a response (a weaker machine can become relatively powerful ). DDoS (distributed denial-of-service attack): More Complex than DoS and harder to solve see figure below: First recruit, exploit, infect nodes Send attack commands Generate attack traffics Who is vulnerable? Ø Everyone connected to the Internet Challenges: Ø Securing one s own machine is not enough. It is not necessarily your vulnerabilities but that of everyone else. Ø A firewall cannot help much because (i) it can be penetrated or itself be attacked. Ø The use of a VPN can actually make things worse (decryption will consume even more resources). Ø There is no limit to attackers resources so over- provisioning might not help. Attacker Master Agent Why do we have DoS attacks? natural consequence of the way the Internet is designed
o routers forward packets based on destination addresses, do not maintain any state o routers enforce no security, authentication etc. send lots of traffic to lots of places o DoS: send lots of traffic to one place no attempt to correlate traffic or perform sophisticated analysis, every packet treated individually and looks proper in the Internet first come first serve attacker gets there first and uses the resources TCP backoff Why don t people prevent their machines from becoming agents? DDoS attacks, typically, do not harm attack agents even if they do, people don t care or don t know altruism has not proven to be compelling argument for network security No accountability no method for assigning proper responsibility for bad packets or packet streams, no easy way to determine who corrupted a machine. There is poor cooperation across different entities. Deploying defensive systems close to a potential victim is not very effective. There is no incentive for those close to the sources for deploying defensive systems. What are the requirements of DOS prevention solution? The solution should be effective (solve the problem not just push it somewhere else), accurate (should aim to prevent collateral damage), low in cost (especially when no attacks are taking place), and deployable. There are two approaches towards finding solutions for DoS prevention. The first approach is to find solutions that do not require any drastic changes in the Internet and its protocols. The second approach is to look for a clean slate design of the Internet that enhances security (including security against DoS attacks).