3rd Edition, Chapter 5
Link Layer SECURITYObjective: Understanding a collision
domainLayer 2 protocolShared access to the same mediumLayer 2
addressingLayer 2 General Security IssuesWired L2 Security issues
(802.3)Wireless L2 Security issues (802.11)
5: DataLink Layer5-115: DataLink Layer5-2Link Layer:
IntroductionSome terminology:hosts and routers are
nodescommunication channels that connect adjacent nodes along
communication path are linkswired linkswireless linksLANslayer-2
packet is a frame, encapsulates datagram
data-link layer has responsibility of transferring datagram from
one node to adjacent node over a link
25: DataLink Layer5-3Link layer: contextdatagram transferred by
different link protocols over different links:e.g., Ethernet on
first link, frame relay on intermediate links, 802.11 on last
linkeach link protocol provides different servicese.g., may or may
not provide rdt over linktransportation analogytrip from Princeton
to Lausannelimo: Princeton to JFKplane: JFK to Genevatrain: Geneva
to Lausannetourist = datagramtransport segment = communication
linktransportation mode = link layer protocoltravel agent = routing
algorithm
3Cosa fa il livello 2Framing, accesso al link: incorpora i
datagrammi in frame, aggiunge intestazioni opportune;decide come
accedere al canale se condiviso da pi di due nodisi usano i MAC
address per identificare i nodi sorgente e destinazionesono
DIFFERENTI dagli indirizzi IP! servono per identificarsi allinterno
di un dominio di collisione, non oltreGarantisce affidabilit nel
transito del linkStesse tecniche del livello 4 (ricevute di
ritorno, finestre, checksum)Link senza fili: tassi di errore
esorbitanti a causa delle interferenze.D: A cosa servono le
ricevute di ritorno a livello 2, se le abbiamo a livello 4?5:
DataLink Layer5-44animazione5: DataLink Layer5-5Link Layer
Servicesframing, link access: encapsulate datagram into frame,
adding header, trailerchannel access if shared mediumMAC addresses
used in frame headers to identify source, dest different from IP
address!reliable delivery between adjacent nodeswe learned how to
do this already (chapter 3)!seldom used on low bit-error link
(fiber, some twisted pair)wireless links: high error ratesQ: why
both link-level and end-end reliability?55: DataLink Layer5-6Where
is the link layer implemented?in each and every hostlink layer
implemented in adaptor (aka network interface card NIC)Ethernet
card, PCMCI card, 802.11 cardimplements link, physical
layerattaches into hosts system busescombination of hardware,
software, firmware
controllerphysicaltransmissioncpumemoryhost bus (e.g.,
PCI)network adaptercardhost
schematicapplicationtransportnetworklinklinkphysical
65: DataLink Layer5-7Adaptors Communicatingsending
side:encapsulates datagram in frameadds error checking bits, rdt,
flow control, etc.receiving sidelooks for errors, rdt, flow
control, etcextracts datagram, passes to upper layer at receiving
side
controllercontrollersending hostreceiving
hostdatagramdatagramdatagramframe7LINK TYPESDue
tipi:Point-to-pointPPP, PPPoA, PPPoE broadcast (shared medium:
space, wires)Ethernet802.11 wireless LAN
Broadcast links are evidently a challenge for confidentiality
and integrity
5: DataLink Layer5-8
8animazioneETHERNET FRAME STRUCTUREAddresses: 6 bytesNICs
process incoming frames only if Dst MAC corresponds to the NICs
MAC, or to a broadcast address (ff:ff:ff:ff:ff:ff)Otherwise the NIC
should discard the frameType: code of transported layer 3 protocol
(e.g. IP, IPv6, others were and are possible)CRC: checked by
receiver. Frame should be discarded if CRC not corresponding. It is
NOT cryptographic.
5: DataLink Layer5-9
9MAC AddressesIP addressValid among layer 3 nodesMAC address:
Works only within current link. Does not need
configuration.Hardwired within NICs. Cannot be used for
authenticating stations. Cannot be used for managing Layer 2
ACLs
5: DataLink Layer5-1010ARP: Address Resolution ProtocolEach
station handles an ARP tableARP Table: IP/MAC address triples <
IP address; MAC address; TTL> TTL (Time To Live)5: DataLink
Layer5-11Needed when an host must be reached at layer 2. Conversion
IP -> MAC needed
1A-2F-BB-76-09-AD58-23-D7-FA-20-B00C-C4-11-6F-E3-9871-65-F7-2B-08-53
LAN237.196.7.23237.196.7.78237.196.7.14237.196.7.8811Routing tra
due domini di collisioneA needs to contact B via R Assume A knows
Bs IP address.
R ha due tabelle ARP, una per dominio di collisione
In routing table at source Host, find router 111.111.111.110In
ARP table at source, find MAC address E6-E9-00-17-BB-4B, etc
5: DataLink Layer5-12
ARB12A originates datagram D, A -> BIs B in the same LAN? NO.
Routing is needed via R.Rs MAC address is needed. ARP is the
recipe!D is embedded in a frame F. Note that F goes from MAC A->
MAC R, but D refers IP A -> IP BR received F, extracts D, sees B
IP, and understands that B is within LAN2R uses ARP for having the
MAC address of BR creates a frame F2, and sends it to B. F2
contains D (unchanged) but at layer 2 the conversation if between R
and B.5: DataLink Layer5-13
BAR
13appare datagramma (nel datagramma deve apparire indirizzo
mittente e destinatario)3. appare frame ARP (destinato a tutti).
deve comparire mac address mittente: 74-29-ecc-ecc- , destinatario:
ff-ff-ff-ff-ff-ff-ff4. ARP Poisoning in LAN
14ARP poisoning in LAN
15Half mitm
16CountermeasuresARP WatchingStatic ARP tablesARP JammingVPN
technologies IP Sec, Tunnels, SSHSSL (but works only on a per app
basis)17HubsAn hub repeats frames on each ports (expect the
incoming one)5: DataLink Layer5-18
doppino intrecciato in ramehub18pallino che parte da uno e va
verso tutti gli altriTypical Switch workflowWhen a new frame F
enters some interface:
Lookup in the switch table for Dst MACif Dst MAC is in switch
tablethen{ if MAC dst.intf = MAC src.intf then ignores this frame
else send F over MAC dst.intf ONLY } else broadcast F on all ports
(except the incoming one) 5-1919ExampleC sends frame F to D5:
DataLink Layer5-20Switch receives F from CC is discovered to
operate from intf 1. This is recorded.It is not known where D
operates fromF is sent to intf 2 and 3D receives F
hubhubhubswitchABCDEFGHIaddressinterfaceABEG
112312320animazione.Switch exampleWhen D answers to C:
5: DataLink Layer5-21D answers with F2D is discovered to be
operating from intf 2. This is recordedC is known to work on intf
1, only this interface receives F2
hubhubhubswitchABCDEFGHIaddressinterfaceABEGC11231D
221animazionePort Stealing: exampleC send a frame to R. G is an
intruder5: DataLink Layer5-22G sends frames using R as source MAC.
This forces wrong updating of the switch tableG can then capture
frames to R, can record, filter and alter them. Then, for avoiding
disruption of communication, it sends frames to the real R,
stimulating re-update of the switch
tablehubhubhubswitchABCRGHIaddressinterfaceABRG
1123123
22animazione.MAC Spoofing / FloodingFlooding. Idea: the switch
table needs memory.This memory can be saturated producing a huge
number of frames with random MAC sources. When this happens, a
switch starts behaving like an hub.
Countermeasures: port locking.
23DHCP SpoofingAllows to capture client trafficNeeds installing
a rogue DHCP server competing with the real DHCPMuch more stable
than ARP poisoning
Countermeasures:Detect multiple DHCP leases;Utilities for
detecting rogue DHCP exist
24Broadcast attacksExample:Fake victims IPGenerate broadcast
traffic using the fake IP.Answers flood the victim.Depending on the
type of attack, particular conditions are required
Network Layer4-25
AttackerIP falso: 192.168.0.1ReteVictimIP: 192.168.0.1Subnet
hosts. Passive attackers 25COUNTERMEASUrESLimiting ICMP and other
types of broadcast on LANsConfigure firewallsIP spoofing is
severely limited from LAN to LAN, but are still possible.26Wireless
L2 Security5: DataLink Layer5-2727802.11 frame: Addressing5:
DataLink
Layer5-28framecontroldurationaddress1address2address4address3payloadCRC22666260
- 23124seqcontrolAddress 2: src MAC addressAddress 1: dst MAC
addressAddress 3: MAC addressBSSIDAddress 3: Used in WDS285:
DataLink Layer5-29InternetrouterAP
H1R1AP MAC addr H1 MAC addr R1 MAC addraddress 1address 2address
3802.11 frameR1 MAC addr H1 MAC addr dest. address source address
802.3 frame802.11 frame: bridging295: DataLink
Layer5-30framecontroldurationaddress1address2address4address3payloadCRC22666260
- 23124seqcontrolTypeFromDSSubtypeToDSMore
fragWEPMoredataPowermgtRetryRsvdProtocolversion22411111111802.11
frame: moreduration of reserved transmission time (RTS/CTS)frame
seq #(for reliable ARQ)frame type(RTS, CTS, ACK, data)30802.11: BSS
& ESSESSID = string denoting an AP group. Members of the group
should be coordinated. Not necessarily configured in a WDS.BSSID =
single AP MAC address. Should be unique.
Association: process of entering a virtual collision
domainBeacon framesProbe framesAssociation requestsAssociation
responsesAuth requestsAuth responses5: DataLink Layer5-3131Channel
allocation
5: DataLink Layer5-32802.11n APs take two 22Mhz Channel
together32WLAN openVirtually equivalent to an hubbed LANSniffing is
possible, but also ESSID & BSSID spoofing its very
easyDe-authentication attack can block traffic
Primitive solution: WEP
33Wep Frame Format
34WLAN WEPVery simple cryptography with pre-shared key Each
frame is encoded in terms ofRC4( Key + IV )IV is transmitted in
plain text, and is only 24 bit long: repetitions are possible, thus
allowing analysisOnce knowing the key, it is allowed Hub equivalent
sniffing in promiscous modeFrames can be altered without knowing
the key ICV = CRC-32 lot of predictable collisions
35WEP Authentication (open)
36WEP Shared key authentication
37WEP weaknessesIV space is 24 bit = 16MAny IV can be reused at
any timeAllows replay attacks: can collect lot of data encrypted
with the IV of choiceCan decode RC4 sequence without knowledge of
the keyCan find packets with same ICV38WPA: TKIP encryption
scheme
39WPA PersonalPre-shared key with improvementsTKIP: keeps RC4
with longer IVs: cant be reused. The new MIC (Message integrity
check) is more cryptographically robustWPA2 -> AES & Cipher
suiteSession PTK & GTK are exchanged during authentication.
PTKs are Peer to peer (WPA and WPA2)Even if you know the pre-shared
key, you cant decode everybody else trafficPTK & GTKs are
periodically re-generated
40Key hierarchy
41WPA EnterpriseAn authenticated server comes into playPersonal
account are now possible. There is no MASTER PMK
42802.1x Authentication steps
43Step 1: pre-auth
44Step 2: Authentication
45WPA-PersonalStep 2 is not present in WPA1/2-PersonalMK is
obtained directly from PMKPMK (256 bit) is obtained from
passphrases according to a fixed algorithm
PBKDF2 (P, S, c, dkLen) = PMK (see RfC 2898)
where: PBKDF2 is a HMAC-SHA1 repeated c times over P and SP =
passphrase, S = SSID, c = 4096 (!)Output: PMK, (dkLen =256 bit
long)
Possibility of rainbow table attack over common SSID
Rainbow tables:
http://www.renderlab.net/projects/WPA-tables/Most common SSIDs:
http://www.wigle.net/gps/gps//Stat
Commond SSID should be avoided as well as common passwords, but
this is another story.46Step 3: WPA Authorization process
PTKPRF-X: RfC 434647Other Things to knowWPA-Personal does not
ensure PFS (Perfect forward secrecy)De-Authentication DoSRogue
APsLocalization?WPA2-Enterprise can sometimes be worse than
WPA2-Personal WPS: quick association, but known to be WEAKWhy ARP
Spoofing is still possible?48Summary: Wired & WirelessMITM
attacksMAC Spoofing, port stealing (Wired, and sometimes Wireless
open+wep)ARP IP Spoofing (All)DHCP Spoofing (All)Broadcast attacks
(All)
WirelessOpen WLANs, WEP WLANs : virtually an Ethernet domain
with an hubWPA & WPA2 WLANs: private unicast, possibility of
user isolation
49