Week 10 Week 10 Short Lecture Short Lecture Lab Lab
Week 10Week 10
Short Lecture Short Lecture
LabLab
POP QuizPOP Quiz
What is the security spec for 802.11?What is the security spec for 802.11? Define TKIP?Define TKIP? How can you locate a rogue AP?How can you locate a rogue AP? Which tool is used to attack ipsec Which tool is used to attack ipsec
deployments? deployments? What is VOID11 used for?What is VOID11 used for? What encryption standard is WEP What encryption standard is WEP
based on?based on?
Wireless Is Wireless Is AddictingAddicting
P lease Mr. IT guy, don't take my Wireless!
Once You Use ItYou Can’t Live without ItYou Can’t Live without It
So what is the “business So what is the “business impact” of security?impact” of security?
According to the Computer Crime and Security Survey According to the Computer Crime and Security Survey 2002, by the Computer Security Institute (CSI) 2002, by the Computer Security Institute (CSI) and the FBI:and the FBI:• 44% of respondents (223 total) were able to quantify financial 44% of respondents (223 total) were able to quantify financial
losses of $455M, or $2.05M per survey respondent losses of $455M, or $2.05M per survey respondent • 90% detected computer security breaches within the last 12 90% detected computer security breaches within the last 12
months. 80% acknowledged financial loss due to breach.months. 80% acknowledged financial loss due to breach.• 85% detected computer viruses85% detected computer viruses• 40% experienced Denial-of-Service attacks40% experienced Denial-of-Service attacks
Security Breaches Have Real CostsSecurity Breaches Have Real Costs
Source: FBI and Computer Security Institute (CSI) Computer Crime and Security Survey 2002Source: FBI and Computer Security Institute (CSI) Computer Crime and Security Survey 2002Link: http://www.gocsi.comLink: http://www.gocsi.com
Baseline TechnologyBaseline TechnologyStandards, Encryption, ProtectionStandards, Encryption, ProtectionProduct security featuresProduct security featuresSecurity tools and productsSecurity tools and products
Planning for SecurityPlanning for SecurityPreventionPreventionDetection Detection ReactionReaction
Technology, Process, PeopleTechnology, Process, People
Dedicated StaffDedicated StaffTrainingTrainingSecurity - a mindset and a prioritySecurity - a mindset and a priority
Internet Authentication Server (IAS)Internet Authentication Server (IAS)• Acts as a RADIUS proxyActs as a RADIUS proxy• Handle authentication requestsHandle authentication requests
Remote Authentication Dial-in User Remote Authentication Dial-in User Server (RADIUS)Server (RADIUS)
Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)
Intro to Wireless NetworksIntro to Wireless Networks Tools and TechnologiesTools and Technologies
Setting up a Wireless NetworkSetting up a Wireless Network Authentication ServicesAuthentication Services
Open SystemOpen System• Does not provide authentication Does not provide authentication • Identification using the wireless adapter's MAC addressIdentification using the wireless adapter's MAC address
Shared KeyShared Key• Verifies that an authenticating wireless client has knowledge of a shared secret keyVerifies that an authenticating wireless client has knowledge of a shared secret key
• Similar to preshared key authentication in Internet Protocol security (IPsec)Similar to preshared key authentication in Internet Protocol security (IPsec)
Setting up a Wireless NetworkSetting up a Wireless Network AuthenticationAuthentication
EAP-TLS EAP-TLS • Does not require any dependencies on the user account passwordDoes not require any dependencies on the user account password• Authentication occurs automatically, with no intervention by the user Authentication occurs automatically, with no intervention by the user • Uses certificates, providing a strong authentication schemeUses certificates, providing a strong authentication scheme
IAS as a RADIUS proxy security IAS as a RADIUS proxy security considerations considerations • Shared secrets Shared secrets • Firewall configurationFirewall configuration• Message Authenticator attributeMessage Authenticator attribute• Using IPSec filters to lock down IAS proxy Using IPSec filters to lock down IAS proxy
servers servers • Password Authentication Protocol (PAP) Password Authentication Protocol (PAP)
Setting up a Wireless NetworkSetting up a Wireless NetworkActive DirectoryActive Directory
Setting up a Wireless NetworkSetting up a Wireless Network Security Issues With 802.11Security Issues With 802.11
No per-packet authenticationNo per-packet authentication Vulnerability to disassociation attacksVulnerability to disassociation attacks No user identification and authenticationNo user identification and authentication No central authentication, authorization, and accounting supportNo central authentication, authorization, and accounting support RC4 stream cipher is vulnerable to known plain text attacksRC4 stream cipher is vulnerable to known plain text attacks Some implementations derive WEP keys from passwordsSome implementations derive WEP keys from passwords No support for extended authenticationNo support for extended authentication
Traffic
Traffic
Traffic
Security in a Wireless Security in a Wireless WorldWorld
Basic Steps to AuthenticationBasic Steps to Authentication
STA
CHALLENGE
ID
STA
RADIUS
ID
REQUEST
CREDENTIALS
SUCCESS
KEY
Security in a Wireless Security in a Wireless WorldWorld
Basic Steps to AuthenticationBasic Steps to Authentication
Dynamic WEP Key Dynamic WEP Key ManagementManagement
EAPOL-StartEAPOL-Start
EAP-Response/IdentityEAP-Response/Identity
EAP-RequestEAP-Request
Radius-Access-RequestRadius-Access-Request
Radius-Access-ChallengeRadius-Access-Challenge
EAP-Response (Credential)EAP-Response (Credential) Radius-Access-RequestRadius-Access-Request
EAP-SuccessEAP-Success
Access BlockedAccess Blocked
Radius-Access-AcceptRadius-Access-Accept
RADIUSRADIUSEAPOWEAPOW
802.11802.11802.11 Associate802.11 Associate
Access AllowedAccess Allowed
EAPW-Key (WEP)EAPW-Key (WEP)
Laptop computer
RADIUSFast Ethernet
EAP-Request/IdentityEAP-Request/Identity
Security in a Wireless WorldSecurity in a Wireless World RADIUS RADIUS Best PracticesBest Practices
DeploymentDeployment• Implement EAP and EAP types that use Implement EAP and EAP types that use
strong authentication methods strong authentication methods • Implement authentication methods that Implement authentication methods that
use mutual authentication use mutual authentication • If you implement PAP authentication, If you implement PAP authentication,
disable its use by default disable its use by default • If you implement CHAP authentication, use If you implement CHAP authentication, use
a strong CHAP challenge a strong CHAP challenge
Security in a Wireless WorldSecurity in a Wireless World RADIUS RADIUS Best PracticesBest Practices
ImplementationImplementation• Strong shared secrets Strong shared secrets • Use a different shared secret Use a different shared secret • Require Message-Authenticator attribute Require Message-Authenticator attribute • Disable the use of LAN Manager encoding Disable the use of LAN Manager encoding • A strong EAP and an EAP type A strong EAP and an EAP type
ProsPros & & ConsCons of Wireless of Wireless SecuritySecurity
MAC TKIP Non- Standard
WEP
Pros Media Access Control Easy to configure Access Points to permit only particular MAC addresses
Temporal Key Integrity Protocol “Interim Standard”
“Key-hopping” Change encryption keys every few seconds. Hard to extract different keys
64 and 128-bit encryption Easy to configure Built into 802.11 cards.
Cons Source: Network World 5/20/02
MAC addresses easy to fake
No intensive testing done on this “Standard”
Effective Solutions but no standards
Easy to break keys Keys are widely known No end-system and user authentication
ProsPros & & ConsCons of Wireless of Wireless SecuritySecurity
Browser IPSec 802.1X
Pros Greatest compatibility with wireless devices. Ease of use
Uses Digital Certificates and two-factor authentication. Existing VPN support.
Best Match of Security and Wireless * U. of Maryland found flaws in client-side
Cons Source: Network World 9/9/02
No Embedded device support. No encryption Easy to Spoof
IPSec software complex to set-up and support. Reduces LAN speeds. Supports only IP networks
Requires Windows - XP support EAP RADIUS server required AES will require hardware
Challenge MessageChallenge Message
Radius server sends challenge to client via access Radius server sends challenge to client via access pointpoint
This challenge packet will vary for each authentication This challenge packet will vary for each authentication attemptattempt
The challenge is pulled from information contained a The challenge is pulled from information contained a table of known secretstable of known secrets
New challenge can be sent at intervals based on New challenge can be sent at intervals based on Radius server settings, or upon client roamingRadius server settings, or upon client roaming
Calculated HASHCalculated HASH
Client responds with a Client responds with a calculatedcalculated value value using a “one way hash” functionusing a “one way hash” function
This value is This value is derivedderived from a known from a known secrets listsecrets list
Start
Authentication Granted/DeniedAuthentication Granted/Denied
Radius server checks response against Radius server checks response against it own it own calculatedcalculated hash hash
If it matches, then authentication is If it matches, then authentication is acknowledged to AP and clientacknowledged to AP and client
If authentication is not achieved, If authentication is not achieved, the AP will not permit any traffic for the AP will not permit any traffic for that client to passthat client to pass
Why LEAP ?Why LEAP ? Cisco Lightweight EAP (LEAP) Authentication typeCisco Lightweight EAP (LEAP) Authentication type
• No native EAP support currently available on legacy No native EAP support currently available on legacy operating systemsoperating systems
• EAP-MD5 does not do mutual authenticationEAP-MD5 does not do mutual authentication• EAP-TLS (certificates/PKI) too intense for security baseline EAP-TLS (certificates/PKI) too intense for security baseline
feature-setfeature-set• Quick support on multitude of host systemsQuick support on multitude of host systems• Lightweight implementation reduces support requirements Lightweight implementation reduces support requirements
on host systemson host systems• Need support in backend for delivery of session key to Need support in backend for delivery of session key to
access points to speak WEP with clientaccess points to speak WEP with client
AT&T Labs Technical Report TD-AT&T Labs Technical Report TD-4ZCPZZ.4ZCPZZ.
•Using the Fluhrer, Mantin, and Shamir paper a Using the Fluhrer, Mantin, and Shamir paper a practical test was conducted by AT&T Labs. In this practical test was conducted by AT&T Labs. In this document the statement is made:document the statement is made:
•There do exist proprietary solutions that allow each There do exist proprietary solutions that allow each mobile node to use a distinct WEP key, most notably mobile node to use a distinct WEP key, most notably Cisco’s LEAP Cisco’s LEAP protocol. LEAP sets up a per-user, per-protocol. LEAP sets up a per-user, per-session WEP key when a user first authenticates to the session WEP key when a user first authenticates to the network. This complicates the attack, but does not network. This complicates the attack, but does not prevent it so long as a user’s ”session” lasts sufficiently prevent it so long as a user’s ”session” lasts sufficiently long. long.
Cisco LEAP DeploymentCisco LEAP Deployment
Radius • Cisco Secure ACS 2.6
• Authentication database
• Can use Windows user database
Radius DLL• LEAP Authentication support
• MS-MPPE-Send-key support
• EAP extensions for Radius
EAP Authenticator• EAP-LEAP today• EAP-TLS today• …
Client/Supplicant Authenticator Backend/Radius server
LEAPRadius ServerLaptop Computer
with LEAP Supplicant
WirelessEAP
Access Point
Backbone
Network Logon• Win 95/98• Win NT• Win 2K• Win CE• MacOS• Linux
Driver for OS x• LEAP Authentication support
• Dynamic WEP key support
• Capable of speaking EAP
Ethernet
Security EvolutionSecurity Evolution
Static keyingStatic keying• WEP (Wired Equivalent Privacy)WEP (Wired Equivalent Privacy)• TKIP (Temporal Key Integrity Protocol)TKIP (Temporal Key Integrity Protocol)• AES (Advanced Encryption Standard)AES (Advanced Encryption Standard)
IEEE 802.1x dynamic keying (EAP-TLS, IEEE 802.1x dynamic keying (EAP-TLS, EAP-TTLS, PEAP)EAP-TTLS, PEAP)• IEEE 802.1x dynamic WEP keyingIEEE 802.1x dynamic WEP keying• IEEE 802.1x dynamic TKIP keyingIEEE 802.1x dynamic TKIP keying• IEEE 802.1x dynamic AES keyingIEEE 802.1x dynamic AES keying
VPN (Virtual Private Network) over WLANVPN (Virtual Private Network) over WLAN
TKIPTKIP
Unique dynamic TKIP key by mixing Unique dynamic TKIP key by mixing WEP keys with MAC address.WEP keys with MAC address.
MIC (Message Integrity Code) MIC (Message Integrity Code) prevents hackers from forging prevents hackers from forging packets in the air.packets in the air.
IEEE 802.11iIEEE 802.11i
IEEE802.1x (EAP-TLS, EAP-TTLS, IEEE802.1x (EAP-TLS, EAP-TTLS, PEAP)PEAP)
TKIPTKIP AES-CCMPAES-CCMP
• Needs new hardware.Needs new hardware. Secure IBSS (Ad-hoc)Secure IBSS (Ad-hoc) Secure handoffSecure handoff
IEEE 802.1x in Action (EAP-IEEE 802.1x in Action (EAP-MD5)MD5)
EAP-Response/Identity (I am Bernard)Radius-Access-Request
(A guy called Bernard wants to come into the network)
EAP-Response[credentials] (My password is XXXXX)
EAP-Request (Tell me your password)
EAP-Success (Welcome!)
Radius-Access-Challenge (Tell me his password)
EAPOL-Start (I would like to connect to the network!)
Radius-Access-Request (His password is XXXXX) Radius-Access-Accept (Ok! Let him in)
EAP-Request/Identity (Who are you?)
Notebook Access Point RADIUS Server
Community Hacking EffortsCommunity Hacking Efforts
WarchalkingWarchalking: : Leaving cryptic Leaving cryptic symbols to symbols to inform others inform others about “free” about “free” WLAN WLAN connectionsconnections
More hype than More hype than hothot
Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)• Provides encryption based on RC-4 cipherProvides encryption based on RC-4 cipher
Wireless Protected Access (WAP)Wireless Protected Access (WAP)• Uses dynamic keys and advanced encryptionUses dynamic keys and advanced encryption
802.1x802.1x• Provides authentication using Extensible Provides authentication using Extensible
Authentication Protocol (EAP)Authentication Protocol (EAP) 802.11i802.11i
• Advanced encryption and authenticationAdvanced encryption and authentication
Built-in WLAN SecurityBuilt-in WLAN Security
WLAN Firmware Security Will Not Be
Enough to Secure Wireless
802.11i and WPA802.11i and WPA
Uses 802.1x authenticationUses 802.1x authentication Uses Temporal Key Integrity Protocol Uses Temporal Key Integrity Protocol
(TKIP) to dynamically change encryption (TKIP) to dynamically change encryption keys after 10,000 packets are transferredkeys after 10,000 packets are transferred
Uses Advanced Encryption Standard (AES) Uses Advanced Encryption Standard (AES) encryption, which is much better than encryption, which is much better than WEPWEP
A subset of 802.11i, Wi-Fi Protected A subset of 802.11i, Wi-Fi Protected Access (WAP) is available as a firmware Access (WAP) is available as a firmware upgrade todayupgrade today
802.11i and WPA Pitfalls802.11i and WPA Pitfalls
Keys can be cracked using much less Keys can be cracked using much less than 10,000 packetsthan 10,000 packets
Michael feature Michael feature —— shuts down AP if it shuts down AP if it receives two login attempts within receives two login attempts within one second. Hackers can use this to one second. Hackers can use this to perpetrate a DoS attack.perpetrate a DoS attack.
802.11i is yet to be released 802.11i is yet to be released (Sometime in 2003?)(Sometime in 2003?)
QuizQuiz
HomeworkHomework
Describe Radius authentication in Describe Radius authentication in your own words.your own words.