Class10

Week 10Week 10

Short Lecture Short Lecture

LabLab

POP QuizPOP Quiz

What is the security spec for 802.11?What is the security spec for 802.11? Define TKIP?Define TKIP? How can you locate a rogue AP?How can you locate a rogue AP? Which tool is used to attack ipsec Which tool is used to attack ipsec

deployments? deployments? What is VOID11 used for?What is VOID11 used for? What encryption standard is WEP What encryption standard is WEP

based on?based on?

Wireless Is Wireless Is AddictingAddicting

P lease Mr. IT guy, don't take my Wireless!

Once You Use ItYou Can’t Live without ItYou Can’t Live without It

So what is the “business So what is the “business impact” of security?impact” of security?

According to the Computer Crime and Security Survey According to the Computer Crime and Security Survey 2002, by the Computer Security Institute (CSI) 2002, by the Computer Security Institute (CSI) and the FBI:and the FBI:• 44% of respondents (223 total) were able to quantify financial 44% of respondents (223 total) were able to quantify financial

losses of $455M, or $2.05M per survey respondent losses of $455M, or $2.05M per survey respondent • 90% detected computer security breaches within the last 12 90% detected computer security breaches within the last 12

months. 80% acknowledged financial loss due to breach.months. 80% acknowledged financial loss due to breach.• 85% detected computer viruses85% detected computer viruses• 40% experienced Denial-of-Service attacks40% experienced Denial-of-Service attacks

Security Breaches Have Real CostsSecurity Breaches Have Real Costs

Source: FBI and Computer Security Institute (CSI) Computer Crime and Security Survey 2002Source: FBI and Computer Security Institute (CSI) Computer Crime and Security Survey 2002Link: http://www.gocsi.comLink: http://www.gocsi.com

Baseline TechnologyBaseline TechnologyStandards, Encryption, ProtectionStandards, Encryption, ProtectionProduct security featuresProduct security featuresSecurity tools and productsSecurity tools and products

Planning for SecurityPlanning for SecurityPreventionPreventionDetection Detection ReactionReaction

Technology, Process, PeopleTechnology, Process, People

Dedicated StaffDedicated StaffTrainingTrainingSecurity - a mindset and a prioritySecurity - a mindset and a priority

Internet Authentication Server (IAS)Internet Authentication Server (IAS)• Acts as a RADIUS proxyActs as a RADIUS proxy• Handle authentication requestsHandle authentication requests

Remote Authentication Dial-in User Remote Authentication Dial-in User Server (RADIUS)Server (RADIUS)

Extensible Authentication Protocol (EAP)Extensible Authentication Protocol (EAP)

Intro to Wireless NetworksIntro to Wireless Networks Tools and TechnologiesTools and Technologies

Setting up a Wireless NetworkSetting up a Wireless Network Authentication ServicesAuthentication Services

Open SystemOpen System• Does not provide authentication Does not provide authentication • Identification using the wireless adapter's MAC addressIdentification using the wireless adapter's MAC address

Shared KeyShared Key• Verifies that an authenticating wireless client has knowledge of a shared secret keyVerifies that an authenticating wireless client has knowledge of a shared secret key

• Similar to preshared key authentication in Internet Protocol security (IPsec)Similar to preshared key authentication in Internet Protocol security (IPsec)

Setting up a Wireless NetworkSetting up a Wireless Network AuthenticationAuthentication

EAP-TLS EAP-TLS • Does not require any dependencies on the user account passwordDoes not require any dependencies on the user account password• Authentication occurs automatically, with no intervention by the user Authentication occurs automatically, with no intervention by the user • Uses certificates, providing a strong authentication schemeUses certificates, providing a strong authentication scheme

IAS as a RADIUS proxy security IAS as a RADIUS proxy security considerations considerations • Shared secrets Shared secrets • Firewall configurationFirewall configuration• Message Authenticator attributeMessage Authenticator attribute• Using IPSec filters to lock down IAS proxy Using IPSec filters to lock down IAS proxy

servers servers • Password Authentication Protocol (PAP) Password Authentication Protocol (PAP)

Setting up a Wireless NetworkSetting up a Wireless NetworkActive DirectoryActive Directory

Setting up a Wireless NetworkSetting up a Wireless Network Security Issues With 802.11Security Issues With 802.11

No per-packet authenticationNo per-packet authentication Vulnerability to disassociation attacksVulnerability to disassociation attacks No user identification and authenticationNo user identification and authentication No central authentication, authorization, and accounting supportNo central authentication, authorization, and accounting support RC4 stream cipher is vulnerable to known plain text attacksRC4 stream cipher is vulnerable to known plain text attacks Some implementations derive WEP keys from passwordsSome implementations derive WEP keys from passwords No support for extended authenticationNo support for extended authentication

Traffic

Traffic

Traffic

Security in a Wireless Security in a Wireless WorldWorld

Basic Steps to AuthenticationBasic Steps to Authentication

STA

CHALLENGE

ID

STA

RADIUS

ID

REQUEST

CREDENTIALS

SUCCESS

KEY

Security in a Wireless Security in a Wireless WorldWorld

Basic Steps to AuthenticationBasic Steps to Authentication

Dynamic WEP Key Dynamic WEP Key ManagementManagement

EAPOL-StartEAPOL-Start

EAP-Response/IdentityEAP-Response/Identity

EAP-RequestEAP-Request

Radius-Access-RequestRadius-Access-Request

Radius-Access-ChallengeRadius-Access-Challenge

EAP-Response (Credential)EAP-Response (Credential) Radius-Access-RequestRadius-Access-Request

EAP-SuccessEAP-Success

Access BlockedAccess Blocked

Radius-Access-AcceptRadius-Access-Accept

RADIUSRADIUSEAPOWEAPOW

802.11802.11802.11 Associate802.11 Associate

Access AllowedAccess Allowed

EAPW-Key (WEP)EAPW-Key (WEP)

Laptop computer

RADIUSFast Ethernet

EAP-Request/IdentityEAP-Request/Identity

Security in a Wireless WorldSecurity in a Wireless World RADIUS RADIUS Best PracticesBest Practices

DeploymentDeployment• Implement EAP and EAP types that use Implement EAP and EAP types that use

strong authentication methods strong authentication methods • Implement authentication methods that Implement authentication methods that

use mutual authentication use mutual authentication • If you implement PAP authentication, If you implement PAP authentication,

disable its use by default disable its use by default • If you implement CHAP authentication, use If you implement CHAP authentication, use

a strong CHAP challenge a strong CHAP challenge

Security in a Wireless WorldSecurity in a Wireless World RADIUS RADIUS Best PracticesBest Practices

ImplementationImplementation• Strong shared secrets Strong shared secrets • Use a different shared secret Use a different shared secret • Require Message-Authenticator attribute Require Message-Authenticator attribute • Disable the use of LAN Manager encoding Disable the use of LAN Manager encoding • A strong EAP and an EAP type A strong EAP and an EAP type

ProsPros & & ConsCons of Wireless of Wireless SecuritySecurity

MAC TKIP Non- Standard

WEP

Pros Media Access Control Easy to configure Access Points to permit only particular MAC addresses

Temporal Key Integrity Protocol “Interim Standard”

“Key-hopping” Change encryption keys every few seconds. Hard to extract different keys

64 and 128-bit encryption Easy to configure Built into 802.11 cards.

Cons Source: Network World 5/20/02

MAC addresses easy to fake

No intensive testing done on this “Standard”

Effective Solutions but no standards

Easy to break keys Keys are widely known No end-system and user authentication

ProsPros & & ConsCons of Wireless of Wireless SecuritySecurity

Browser IPSec 802.1X

Pros Greatest compatibility with wireless devices. Ease of use

Uses Digital Certificates and two-factor authentication. Existing VPN support.

Best Match of Security and Wireless * U. of Maryland found flaws in client-side

Cons Source: Network World 9/9/02

No Embedded device support. No encryption Easy to Spoof

IPSec software complex to set-up and support. Reduces LAN speeds. Supports only IP networks

Requires Windows - XP support EAP RADIUS server required AES will require hardware

Challenge MessageChallenge Message

Radius server sends challenge to client via access Radius server sends challenge to client via access pointpoint

This challenge packet will vary for each authentication This challenge packet will vary for each authentication attemptattempt

The challenge is pulled from information contained a The challenge is pulled from information contained a table of known secretstable of known secrets

New challenge can be sent at intervals based on New challenge can be sent at intervals based on Radius server settings, or upon client roamingRadius server settings, or upon client roaming

Calculated HASHCalculated HASH

Client responds with a Client responds with a calculatedcalculated value value using a “one way hash” functionusing a “one way hash” function

This value is This value is derivedderived from a known from a known secrets listsecrets list

Start

Authentication Granted/DeniedAuthentication Granted/Denied

Radius server checks response against Radius server checks response against it own it own calculatedcalculated hash hash

If it matches, then authentication is If it matches, then authentication is acknowledged to AP and clientacknowledged to AP and client

If authentication is not achieved, If authentication is not achieved, the AP will not permit any traffic for the AP will not permit any traffic for that client to passthat client to pass

Why LEAP ?Why LEAP ? Cisco Lightweight EAP (LEAP) Authentication typeCisco Lightweight EAP (LEAP) Authentication type

• No native EAP support currently available on legacy No native EAP support currently available on legacy operating systemsoperating systems

• EAP-MD5 does not do mutual authenticationEAP-MD5 does not do mutual authentication• EAP-TLS (certificates/PKI) too intense for security baseline EAP-TLS (certificates/PKI) too intense for security baseline

feature-setfeature-set• Quick support on multitude of host systemsQuick support on multitude of host systems• Lightweight implementation reduces support requirements Lightweight implementation reduces support requirements

on host systemson host systems• Need support in backend for delivery of session key to Need support in backend for delivery of session key to

access points to speak WEP with clientaccess points to speak WEP with client

AT&T Labs Technical Report TD-AT&T Labs Technical Report TD-4ZCPZZ.4ZCPZZ.

•Using the Fluhrer, Mantin, and Shamir paper a Using the Fluhrer, Mantin, and Shamir paper a practical test was conducted by AT&T Labs. In this practical test was conducted by AT&T Labs. In this document the statement is made:document the statement is made:

•There do exist proprietary solutions that allow each There do exist proprietary solutions that allow each mobile node to use a distinct WEP key, most notably mobile node to use a distinct WEP key, most notably Cisco’s LEAP Cisco’s LEAP protocol. LEAP sets up a per-user, per-protocol. LEAP sets up a per-user, per-session WEP key when a user first authenticates to the session WEP key when a user first authenticates to the network. This complicates the attack, but does not network. This complicates the attack, but does not prevent it so long as a user’s ”session” lasts sufficiently prevent it so long as a user’s ”session” lasts sufficiently long. long.

Cisco LEAP DeploymentCisco LEAP Deployment

Radius • Cisco Secure ACS 2.6

• Authentication database

• Can use Windows user database

Radius DLL• LEAP Authentication support

• MS-MPPE-Send-key support

• EAP extensions for Radius

EAP Authenticator• EAP-LEAP today• EAP-TLS today• …

Client/Supplicant Authenticator Backend/Radius server

LEAPRadius ServerLaptop Computer

with LEAP Supplicant

WirelessEAP

Access Point

Backbone

Network Logon• Win 95/98• Win NT• Win 2K• Win CE• MacOS• Linux

Driver for OS x• LEAP Authentication support

• Dynamic WEP key support

• Capable of speaking EAP

Ethernet

Security EvolutionSecurity Evolution

Static keyingStatic keying• WEP (Wired Equivalent Privacy)WEP (Wired Equivalent Privacy)• TKIP (Temporal Key Integrity Protocol)TKIP (Temporal Key Integrity Protocol)• AES (Advanced Encryption Standard)AES (Advanced Encryption Standard)

IEEE 802.1x dynamic keying (EAP-TLS, IEEE 802.1x dynamic keying (EAP-TLS, EAP-TTLS, PEAP)EAP-TTLS, PEAP)• IEEE 802.1x dynamic WEP keyingIEEE 802.1x dynamic WEP keying• IEEE 802.1x dynamic TKIP keyingIEEE 802.1x dynamic TKIP keying• IEEE 802.1x dynamic AES keyingIEEE 802.1x dynamic AES keying

VPN (Virtual Private Network) over WLANVPN (Virtual Private Network) over WLAN

TKIPTKIP

Unique dynamic TKIP key by mixing Unique dynamic TKIP key by mixing WEP keys with MAC address.WEP keys with MAC address.

MIC (Message Integrity Code) MIC (Message Integrity Code) prevents hackers from forging prevents hackers from forging packets in the air.packets in the air.

IEEE 802.11iIEEE 802.11i

IEEE802.1x (EAP-TLS, EAP-TTLS, IEEE802.1x (EAP-TLS, EAP-TTLS, PEAP)PEAP)

TKIPTKIP AES-CCMPAES-CCMP

• Needs new hardware.Needs new hardware. Secure IBSS (Ad-hoc)Secure IBSS (Ad-hoc) Secure handoffSecure handoff

IEEE 802.1x in Action (EAP-IEEE 802.1x in Action (EAP-MD5)MD5)

EAP-Response/Identity (I am Bernard)Radius-Access-Request

(A guy called Bernard wants to come into the network)

EAP-Response[credentials] (My password is XXXXX)

EAP-Request (Tell me your password)

EAP-Success (Welcome!)

Radius-Access-Challenge (Tell me his password)

EAPOL-Start (I would like to connect to the network!)

Radius-Access-Request (His password is XXXXX) Radius-Access-Accept (Ok! Let him in)

EAP-Request/Identity (Who are you?)

Notebook Access Point RADIUS Server

Community Hacking EffortsCommunity Hacking Efforts

WarchalkingWarchalking: : Leaving cryptic Leaving cryptic symbols to symbols to inform others inform others about “free” about “free” WLAN WLAN connectionsconnections

More hype than More hype than hothot

Wired Equivalent Privacy (WEP)Wired Equivalent Privacy (WEP)• Provides encryption based on RC-4 cipherProvides encryption based on RC-4 cipher

Wireless Protected Access (WAP)Wireless Protected Access (WAP)• Uses dynamic keys and advanced encryptionUses dynamic keys and advanced encryption

802.1x802.1x• Provides authentication using Extensible Provides authentication using Extensible

Authentication Protocol (EAP)Authentication Protocol (EAP) 802.11i802.11i

• Advanced encryption and authenticationAdvanced encryption and authentication

Built-in WLAN SecurityBuilt-in WLAN Security

WLAN Firmware Security Will Not Be

Enough to Secure Wireless

802.11i and WPA802.11i and WPA

Uses 802.1x authenticationUses 802.1x authentication Uses Temporal Key Integrity Protocol Uses Temporal Key Integrity Protocol

(TKIP) to dynamically change encryption (TKIP) to dynamically change encryption keys after 10,000 packets are transferredkeys after 10,000 packets are transferred

Uses Advanced Encryption Standard (AES) Uses Advanced Encryption Standard (AES) encryption, which is much better than encryption, which is much better than WEPWEP

A subset of 802.11i, Wi-Fi Protected A subset of 802.11i, Wi-Fi Protected Access (WAP) is available as a firmware Access (WAP) is available as a firmware upgrade todayupgrade today

802.11i and WPA Pitfalls802.11i and WPA Pitfalls

Keys can be cracked using much less Keys can be cracked using much less than 10,000 packetsthan 10,000 packets

Michael feature Michael feature —— shuts down AP if it shuts down AP if it receives two login attempts within receives two login attempts within one second. Hackers can use this to one second. Hackers can use this to perpetrate a DoS attack.perpetrate a DoS attack.

802.11i is yet to be released 802.11i is yet to be released (Sometime in 2003?)(Sometime in 2003?)

QuizQuiz

HomeworkHomework

Describe Radius authentication in Describe Radius authentication in your own words.your own words.