IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

Similar documents
White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Wireless security. Any station within range of the RF receives data Two security mechanism

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

CS 356 Lecture 29 Wireless Security. Spring 2013

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

WIRELESS NETWORK SECURITY

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

The Importance of Wireless Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE i (WPA2)

Security in IEEE WLANs

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

WiFi Security: WEP, WPA, and WPA2

How To Secure Your Network With 802.1X (Ipo) On A Pc Or Mac Or Macbook Or Ipo On A Microsoft Mac Or Ipow On A Network With A Password Protected By A Keyed Key (Ipow)

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

WIRELESS SECURITY IN (WI-FI ) NETWORKS

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

WLAN Security. Giwhan Cho Distributed/Mobile Computing System Lab. Chonbuk National University

ACC , Cisco Systems, Inc. All rights reserved.

CS 336/536 Computer Network Security. Summer Term Wi-Fi Protected Access (WPA) compiled by Anthony Barnard

Advanced Security Issues in Wireless Networks

Wireless Local Area Network Security Obscurity Through Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Chapter 2 Wireless Networking Basics

Chapter 6 CDMA/802.11i

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Wireless Robust Security Networks: Keeping the Bad Guys Out with i (WPA2)

WLAN Access Security Technical White Paper. Issue 02. Date HUAWEI TECHNOLOGIES CO., LTD.

chap18.wireless Network Security

Wireless Pre-Shared Key Cracking (WPA, WPA2)

Authentication in WLAN

Understanding Wireless Security on Your Polycom SpectraLink 8400 Series Wireless Phones

Implementing Security for Wireless Networks

How To Secure A Wireless Network With A Wireless Device (Mb8000)

Key Hopping A Security Enhancement Scheme for IEEE WEP Standards

IEEE Wireless LAN Security Overview

Extensible Authentication Protocol (EAP) Security Issues

UNIK4250 Security in Distributed Systems University of Oslo Spring Part 7 Wireless Network Security

Certified Wireless Security Professional (CWSP) Course Overview

Particularities of security design for wireless networks in small and medium business (SMB)

Wireless Technology Seminar

A DISCUSSION OF WIRELESS SECURITY TECHNOLOGIES

Lecture 2 Secure Wireless LAN

Network security, TKK, Nov

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland

The next generation of knowledge and expertise Wireless Security Basics

Journal of Mobile, Embedded and Distributed Systems, vol. I, no. 1, 2009 ISSN

Vulnerabilities of Wireless Security protocols (WEP and WPA2)

Wireless security (WEP) b Overview

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

Wireless Security for Mobile Computers

WLAN Authentication and Data Privacy

Cisco SAFE: Wireless LAN Security in Depth

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Wi-Fi in Healthcare:

Wireless Networking Basics. NETGEAR, Inc Great America Parkway Santa Clara, CA USA

Network Security: WLAN Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Chapter 10: Designing and Implementing Security for Wireless LANs Overview

CS549: Cryptography and Network Security

WLAN w Technology

Lecture 3. WPA and i

Optimizing Converged Cisco Networks (ONT)

How To Protect A Wireless Lan From A Rogue Access Point

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Huawei WLAN Authentication and Encryption

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

A Comprehensive Review of Wireless LAN Security and the Cisco Wireless Security Suite

ProCurve Wireless LAN Security

CSC574: Computer and Network Security


How To Secure Wireless Networks

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

Cipher Suites and WEP

Wireless LAN Access Control and Authentication

Security in Wireless Local Area Network (WLAN)

Network Security. Security of Wireless Local Area Networks. Chapter 15. Network Security (WS 2003): 15 Wireless LAN Security 1. Dr.-Ing G.

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

Wireless Network Security Challenges

Developing Network Security Strategies

WiFi Security Assessments

How To Understand The Latest Wireless Networking Technology

Wired Equivalent Privacy (WEP) versus Wi-Fi Protected Access (WPA)

Network Security Protocols

IEEE 802.1X For Wireless LANs

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

VIDEO Intypedia012en LESSON 12: WI FI NETWORKS SECURITY. AUTHOR: Raúl Siles. Founder and Security Analyst at Taddong

Wireless Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Your Wireless Network has No Clothes

Securing your Linksys WRT54G

Distributed Systems Security

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

Transcription:

IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier (SSID) Differentiates one access point from another SSID is cast in beacon frames every few seconds. Beacon frames are in plain text! First layer of security Stealth Mode probe request 4

Do s and Don'ts for SSID s! Default SSID s are well known (Linksys AP s default to linksys, CISCO defaults to tsunami, etc) so change them immediately! Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame! Why? 5 Hiding the SSID! As stated earlier, the SSID is by default broadcast every few seconds.! Turning it off makes it harder to figure out a wireless connection is there! Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text! Increases deployment difficulty! Windows tends to get confused 6

MAC address filtering! MAC address filtering works by only allowing specific hardware to connect to the AP! Management on large networks unfeasible! Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted! May be good for small networks that need to protect against accidental misuse only 7 Associating with the AP! Access points have two ways of initiating communication with a client! Shared Key or Open Key authentication! Open key allows anyone to start a conversation with the AP! Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates 8

How Shared Key AuthN works! Client begins by sending an association request to the AP! AP responds with a challenge text (unencrypted)! Client, using the proper WEP key, encrypts text and sends it back to the AP! If properly encrypted, AP allows communication with the client 9 Is Open or Shared Key more secure?! Ironically enough, Open key is the answer in short! Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text! Can be prompted by disassociation attack 10

Wired Equivalent Protocol (WEP)! Primary built security for 802.11 protocol! Intended to make wireless as secure as a wired network! Provides Confidentiality, Integrity, and Authentication! Uses 40 bit RC4 encryption! Unfortunately, since ratification of the 802.11 standard, this use of RC4 has been proven insecure, leaving the 802.11 protocol wide open for attack 11 WEP Encryption 12

Problems with WEP! 1 static key! No encryption is strong if one key is used forever! Key length is short (40bits)! Brute forcing is possible! Using CRC32 in ICV! Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta)! bits cannot set or cleared, but could be flipped! No specification on key distribution! Lacks scalability! No protection against replay attack! Improper use of RC4! Protocol doesn t actually specify IV use! 2 existing attacks 13 Numerical Limitation Attack! IVs are only 24bit, and thus there are only 16,777,216 possible IVs! A busy network will repeat IVs often! By listening to the encrypted traffic and picking out the duplicate IVs, it is possible to obtain the clear text 14

FMS Attack -- weak IV attack --! Some IVs do not work well with RC4! Using a formula, one can take these weak IV and infer parts of the WEP key! 5 % chance of guessing correctly! Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IVs to figure out the WEP key! 4M ~ 6M packets to decrypt 40bit WEP key! The time needed to deploy the attack is linearly proportional to the key length! 104bit key is only 2.6 times more secure than 40bits key! [Fluhrer, Mantin, Shamir 2001] 15 Conclusion: WEP! Confidentiality! FMS attack! Integrity! Bit-flipping attack! Authentication! Not really! WEP is flawed, and there is no simple solution to fix it! Attacks against WEP are passive and extremely difficult to detect NO MORE WEP 16

Virtual Private Networking (VPN)! Deploying a secure VPN over a wireless network can greatly increase the security of your data! Idea behind this is to treat the wireless network the same as an insecure wired network (the Internet)! Docking network goes nowhere but to the VPN gateways 17 Perceived problems of VPN approach! Deployment Overhead! Performance does not scale with number of APs deployed! PC crypto speeds around 500 Mbit/s, highly parallelizable! Susceptible to denial of service (DOS) attacks! E.g., against DHCP/DNS in the docking network! PCs are vulnerable in the docking network! Susceptible to any attack against the specific VPN! Will be repaired quickly (VPNs do interface to the Internet!), if any! (PPTP with MSCHAPv2 is quite weak against dictionary attacks, though) 18

Back to L2 (network boundary) solutions! 802.1x! per-user authentication! Key distribution mechanism! WPA! Subset of 802.11i! 2 forms! 802.1x with EAP + TKIP (including MIC)! Pre-shared Key + TKIP (including MIC)! 802.11i RSN (Robust Security Network)! 802.1x with EAP + AES + CCM 19 802.1X authentication! 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks.! Not limited or specific to 802.11 networks! Uses EAP for implementation! 802.1X is not an alternative to WEP, it works along with the 802.11 protocol to manage authentication for WLAN clients! It also generates the short-term ( temporal ) keys for encryption and data protection 20

How authentication takes place! A client requests access to the AP! The AP asks for a set of credentials! The client sends the credentials to the AP which forwards them to authenticating server! The exact method for supplying credentials is not defined in 802.1X itself! Uses EAP over LAN (EAPOL) 21 802.1x authentication 22

Extensible Authentication Protocol (EAP)! 802.1X utilizes EAP for its authentication framework! flexible: one time passwords, certificates, smartcards, own eap protocol, etc! zero per packet overhead! cost efficient! 802.1X integrates well with other open standards such as RADIUS! RADIUS is the de-facto standard backend protocol for Network Access Server authentication 23 more benefits of choosing 802.1X! Software upgrade! Access points only need a firmware upgrade to enable 802.1X! On the client side, 802.1X can be enabled with an OS upgrade (or just an updated driver for the NIC)! Depending on the EAP you choose, you can have a very secure authentication scheme!! Proprietary versions of dynamic key management available 24

EAP-MD5! EAP-MD5 is a simple EAP protocol similar to CHAP! Uses an MD5 hash of a username, a server challenge and password that is sent to the RADIUS server! Vulnerable to dictionary attacks! Authenticates only one way! Man in the middle attack! No key generation 25 LEAP (Cisco Wireless)! Like MD5, it uses a Login/Password scheme that it sends to the RADIUS server! Each user gets a dynamically generated one time key upon login! Authenticates client to AP and vice versa! Can be used along with RADIUS session time out feature, to dynamically generate keys at set intervals! Only guaranteed to work with Cisco wireless clients! Broken ASLEAP by Joshua Wright! Dictionary attacks too easy 26

EAP-TLS! Instead of a username/password scheme, EAP-TLS uses certificate based authentication! Has dynamic one time key generation! Two way authentication! Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server! Compatible with many OS s! Harder to implement and deploy because keys/certificates for clients need to be generated 27 EAP-TTLS (Bob Funk) PEAP by Microsoft and Cisco! Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate! In phase 1, a bogus identity can be used by the client (must be good enough to find the authentication server, though); only the server authenticates in this phase! In phase 2, the TLS protected channel can be used for a simple login/password based scheme (e.g., using MSCHAPv2)! Much easier to setup, does not necessarily require a PKI! PEAPv0 currently works natively with Windows XP SP1, but other platforms are starting to support it; EAP-TTLS is supported by much open source software 28

EAP Types MD5 Open / Proprietary Open Mutual Auth NO AuthN Client User/pass AuthN Server None Username in clear txt Yes TLS Open YES Certificate Certificate Yes TTLS Open YES User/pass Certificate No PEAP Open YES User/pass Certificate No LEAP Proprietary YES User/pass None Yes 29 WPA (Wi-Fi Protected Access)! Subset of 802.11i! Confidentiality! Fix flawed encryption mechanism! TKIP: Per-packet dynamic key mechanism! Authentication! 2 forms: Per-user based and Pre-shared key! Integrity! Upgradeability! Software / Firmware Upgrade 30

WPA Steps! Confirmation of association capability! 802.1x authentication and PMK creation! 4way handshake and PTK installation! Group key (GTK) installation! Encryption using TKIP 31 802.1x Authentication + PMK Pairwise master key:! Authentication process uses secure channel! PMK generation can be piggy-backed on that! PMK is a seed for temporal WEP key generation in the next phase! PMK is generated based on the user authentication result 32

802.1x Authentication + PMK 33 4 Way Handshake and PTK! Do not directly use PMK for crypto! Generate pairwise transient key PTK (512 bits) from PMK and nonces! splits in 4 ways, 128 bits each:! Data encryption, data integrity, EAPOL-Key encryption, EAPOL-Key integrity! Part of PTK is used to generate the encryption key (WEP equivalent) in the next phase 34

Situation after EAP success! Supplicant (station) and authentication server are happy about each other, share PMK! Authentication server sends authenticator (AP) the PMK! Now, supplicant and authenticator have to prove to each other they do know the PMK! This handshake also generates the PTK: Anonce (authenticator nonce) and Snonce (supplicant nonce) add freshness to the PTK 35 4 Way Handshake and PTK 36

4 Way Handshake and PTK 37 Group Key! Problem: Broadcasts (AP to Stations) cannot use pairwise keys! Broadcast packets from Stations are actually unicast to APs first -- can use PTK for this leg! Separate group transient key (GTK)! Sent after pairwise secure connection is established! Needs to be re-keyed after each disassociation!! WEP Key-ID field recycled to allow seamless transition 38

TKIP (Temporal Key Integrity Protocol)! Problem: old hardware may not be powerful enough for AES-CCMP; need to continue using RC4 TKIP:! Expands IV space (24 " 48bits)! IV sequence is specified! TSC (TKIP sequence counter) protects against replay! Per-packet Mixing Function creates the 40-bit (104-bit) part! Allows working with legacy hardware expecting 24+40 structure! Mix in MAC address to minimize IV reuse between systems! MIC: Michael! Very cheap integrity checker for MAC addresses and data 39 The MIC tradeoff! Most good message integrity checks are too expensive! Michael is fast and cheap! But only limited resilience! Adds to WEP ICV (CRC), which is still applied at MPDU level! Michael is done at the MSDU level! Attacks would require millions of packets! Countermeasures (60-second blackout) once an attack is detected! Creates age-old DoS problem! There are easier ways to do wireless DoS, though 40

WPA-PSK! For home / SOHO use! Removes 802.1X authentication! Pre-shared Key ( PSK ) is computed from pass phrase via password-based key derivation function PBKDF2 (RFC2898)! Use this as the PMK! WPA-PSK = Pre-shared Key + TKIP! Weak against passive dictionary attack! Choose long, complex PSKs! Still much better than WEP 41 802.11i! The long-awaited security standard for wireless, ratified in June 2004! Better encryption: AES-CCMP! Key-caching! Pre-authentication! Hardware manufactured before 2002 is likely to be unsupported: too weak 42

Key-Caching! Skips re-entering of the user credential by storing the host information on the network Pre-authentication! Allows client to become authenticated with an AP before moving to it! Useful in encrypted VoIP over Wi-Fi " Fast Roaming 43 Things to keep in mind while deploying WLAN! Hide SSID! Do NOT use WEP! Use WPA with 802.1x if possible! Or at least use WPA with a very complex pre-shared key! Or use VPNs 44

Take-away messages! If you compromise on security, your security will be compromised! Do get a security review early in the process! Distributing security critical functions into zillions of nonupgradeable hardware devices will create a problem! With sufficient thrust, pigs fly just fine! However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. [RFC 1925: Fundamental truths of networking, 1 April 1996] 45 Nächste Termine Mo, 27.06.2005 10 12 Uhr: Übung Do, 30.06.2005 08 10 Uhr: Sicherheitsmanagement Übungsblatt 10 bald auf Stud.IP, s.: https://elearning.uni-bremen.de 46

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information