This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. NETW 05A: APPLIED WIRELESS SECURITY Data-Link Security Solutions By Mohammad Shanehsaz Spring 2005
43
Embed
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
NETW 05A: APPLIED WIRELESS SECURITY
Data-Link Security Solutions
By Mohammad ShanehsazSpring 2005
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
ObjectivesStatic and Dynamic WEP & TKIP Explain the functionality, strengths,
and weaknesses of WEP and TKIP Explain appropriate scenarios and
applications of static and dynamic WEP and TKIP
Install and configure static and dynamic WEP & TKIP
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
802.1x and EAP Explain the functionality of 802.1x & EAP Explain dynamic key generation and
rotation for solution scalability Explain the strengths, weaknesses, and
appropriate applications of 802.1x & EAP Install and configure 802.1x & EAP,
including LEAP, EAP-TLS, EAP-TTLS, EAP-MD5, PEAP,
Manage scalable 802.1x and EAP solutions
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
802.11 MAC BasicsManagement and control frames are sent in clear text and unauthenticatedThis is the basis for many types of attack scenariosFor some types of attacks particular vendors have instituted proprietary solutions Many of these vulnerabilities will be addressed by the 802.11i standards
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Categories of Authentication & Encryption
There are three main categories: Static WEP Dynamic WEP Proprietary protocols
There are variations on each type
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Static WEPSecurity solution based on unchanging shared keys that are preconfigured on all nodes by network administratorProtects the wireless link with simple authentication and data encryptionNot a complete solution, it can be cracked using common tools such as WEPcrack or Airsnort
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Cracking WEPCracking WEP requires three things: Large number of captured packets Long periods of time to capture those
packets Fast machine to process the information
contained in the packets to derive the WEP key
It can takes days to crack it, is it worth it ?
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
TKIPTemporal Key Integrity Protocol is a set of modifications to the existing WEP algorithmIEEE 802.11i task group created TKIPTKIP is a type of dynamic WEP solution where WEP keys are rotated on a changeable interval, but static WEP key is still used as keying material
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
WEP Weaknesses Addressed
TKIP algorithms address the following weaknesses: Forgery Weak-Key attacks Collision attacks Replay attacks
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Forgery TKIP supports per-packet authenticationForgery attacks are performed by capturing encrypted packets, changing some data within them, and then resending the packetsTKIP uses message-integrity check (MIC) called “Michael” to thwart attemptsMICs add significant network overhead
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Weak Key Attacks
WEP construct a per-packet RC4 key by concatenating an RC4 base key and 24 bits IVTKIP uses key-mixing to derive short–lived encryption keysTKIP uses 128 bit temporal key combined with the client’s MAC address and large 48 bit IVs to produce the key for encryption
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Collision and Replay attacks
TKIP uses 48 bit IVs, which increases the possible number of IVs, to prevent collision attacksTKIP prevents replay attacks by using sequencing number for generated packets
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Availability
For those products that are currently Wi-Fi certified, most can be upgraded to support TKIP, assuming the vendor has made a firmware upgrade available-check the web site for upgrades
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
802.1x / EAP802.1x with use of the Extensible Authentication Protocol implements what is generally referred to as dynamic WEPDynamic Key Generation, Distribution, & RotationEAP is a layer 2 authentication protocol replacing PAP and CHAPIt is appropriate for medium to large enterprise environmentBasing authentication on individualized user credentials such as usernames and passwords, certificates, smartcards and other like methods
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
802.1x StandardIEEE standard that provides an authentication framework for 802-based LANsIt was originally used in wired networks and has since been adapted for wireless networksIt provides port-based access control so that before the switch or access point will establish a connection, the user credentials must be verified802.1x standard addresses only access control and authentication framework and does not address data privacy, so that the problems with WEP still exist, EAP eliminates the problems through dynamic key generation
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
802.1x StandardThere are three terms defined by the IEEE standard that describe the devices used in 802.1x Supplicant-a client that is being
authenticated Authenticator-an access layer device such
as AP or bridge that requires supplicants to be authenticated in order to pass traffic through it
Authentication server-( typically a RADIUS ) the device that is doing the authentication of the supplicant
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Maturity & Interoperability
The industry’s choice to use in WLAN because of time-proven use in wired networkSupports of mature protocols such as EAP and RADIUS which are open standards providing max interoperability in centralized identification and key management
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
User-based IdentificationBasing authentication on actual user not a particular wireless device, on a scalable database such as RADIUS or other databases that RADIUS directly supports (Active Directory, NDS, LDAP, SQL)Centralized authentication and management save time and money
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Dynamic Key Management
Per-user per-session keys eliminates attacks based on obtaining the WEP keyAutomated key management systems allow keys to be reissued without an administrator’s intervention
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Flexible AuthenticationThere are several supported authentication solutions to choose fromChanging the authentication mechanism does not require any hardware replacement
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP ProtocolProvides an extensible method for PPP server to authenticate its clientsEAP supports two-and three-factor authentication (passwords, certificates, biometrics, etc)EAP was designed to prevent proprietary authentication solutions from being implemented which would have had a negative effect on the interoperability and compatibility between systemsEAP is within OS of the server or application software on the clientWindows XP natively supports EAP
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP Authentication Types
There are many EAP types : EAP-MD5 EAP-TLS LEAP EAP-TTLS PEAP
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-MD5First Authentication type created by RFC2284 for 802.1xUses the same challenges handshake protocol as PPP-based CHAP, except challenges and responses are sent as EAP messagesIt has three weaknesses: One-way authentication Challenge passwords No per-session WEP keys
Rarely used because of its weaknesses
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-MD5 Weaknessesone-way Authentication
Because only the supplicant gets authenticated, an impersonator could be added as rogue RADIUS server to obtain the login credentials of a legitimate user
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-MD5 WeaknessesChallenge Passwords
Authentication server challenge the supplicant with a random string of textThe supplicant hashes the challenge with its password and send it backThe server validates the response based on its knowledge of the passwordEavesdropper can obtain both the challenge and the hash, which he/she can break it with dictionary attack to obtain user’s password
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-MD5 Weaknessesno per-session WEP keys
After authentication, communication is either not encrypted, or encrypted with a static WEP keyBecause of static WEP vulnerability , it allows eavesdropping on the data
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TLS (EAP-Transport Level Security )
Developed by Microsoft and standardized by Internet Engineering Task ForceIt is based on the secure socket layer protocol used for secure web trafficIt uses both server-side and client-side certificates for user identification (mutual authentication)More appropriate for organizations that have already deployed a PKI (public key infrastructure)Per-session WEP key is set up, and client can be re-authenticated and re-keyed as often as needed without inconveniencing the end user
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
TLS AuthenticationThe TLS process begins with the handshake process:
1. The SSL client connects to a server and makes an authentication request
2. The server sends its digital certificates to the client3. The client verifies the certificate’s validity and digital
signature4. The server requests client-side authentication5. The client sends its digital certificate to the server6. The server verifies the certificate’s validity and digital
signature7. The encryption and message integrity schemes are
negotiated8. Application data is sent over encrypted tunnel via the
record protocol
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TLS Authentication
The EAP-TLS authentication process is as follows:1. The client sends an EAP start message to the
access point2. The access point replies with an EAP Request
Identity message 3. The client sends its network access identifier (NAI),
which is username, to the access point in an EAP Response message
4. The access point forwards the NAI, encapsulated in a RADIUS Access Request message to the RADIUS server
5. The RADIUS server responds to the client with its digital certificate
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TLS Authentication6. The client validates the RADIUS server’s digital
certificate7. The client replies to the RADIUS server with its digital
certificate8. The RADIUS server validates the client’s credentials
against the client digital certificate9. The client and RADIUS server derive encryption keys10. The RADIUS server sends the access point a RADIUS
ACCEPT message, including the client’s WEP key, indicating successful authentication
11. The access point sends the client an EAP Success message
12. The access point sends the broadcast key and key length to the client, encrypted with the client’s WEP key
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-Cisco Wireless (LEAP)Cisco’s proprietary Lightweight Extensible Authentication Protocol was designed to support 802.1x/EAP based authenticationIt was developed to support networks with a variety of OS that may not natively support EAPLEAP supports mutual authentication between a client and a RADIUS serverLEAP provides user-based, centralized authentication as well as per-session WEP keysUsed in Cisco’s Aironet productsIts security level is considered moderate or strong based on the strength of the passwords usedSee figure 11.12 on page 256 for LEAP Process
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TTLS (Tunneled Transport Layer Security )Was co-developed by Funk Software and Certicom, supported in Funk’s Odyssey softwareEAP-TTLS requires only an authentication server certificateTTLS uses TLS channel to exchange “attribute-value pairs” (AVPs)After authentication server is authenticated using its digital certificate, an encrypted tunnel is established between the supplicant and authentication server to pass the supplicant’s authentication credentialsSee figure 11.13 for EAP-TTLS Process
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Key security Features of EAP-TTLSAlmost any kind of supplicant authentication credentials (passwords, tokens, etc ) can be used inside the encrypted tunnelLow overhead since requirement of only server-side certificate Many types of authentication algorithms may be used inside the encrypted tunnel-MS-CHAPv2, MS-CHAP, CHAP, PAP,EAP-MD5Strong protection against eavesdroppers seeking to perform dictionary attackMutual authentication, fast connections while roaming, and automatic re-keying of encryption keys
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Protected EAP ( PEAP )PEAP was developed by Microsoft, Cisco and RSA Security to address deficiencies of EAP (Unprotected user information during the EAP negotiation, No support for fast reconnections when roaming, No support for fragmentation and reassembly)PEAP was designed to protect EAP communication between clients and authenticatorsIt provides support for identity protection by using TLS to create an encrypted tunnel after verifying the identity of authentication server
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Protected EAP (PEAP) continue
After encrypted tunnel is established a second EAP authorization process occurs inside the tunnelThe client is authenticated inside the tunnel using any implemented EAP authorization type (tokens, passwords,etc)It has built-in support for packet fragmentation and reassembly, as well as fast reconnectsSee figure 11.15 on page 263 for PEAP process
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
PEAP Authentication1. The client sends an EAP start message to the access
point2. The access point replies with an EAP Request Identity
message3. The client sends its network access identifier (NAI), which
is its username, to the access point in an EAP Response message
4. The access point forwards the NAI to the RADIUS server encapsulated in a RADIUS Access Request message
5. The RADIUS server responds to the client with its digital certificate
6. The client validates the RADIUS server’s digital certificate
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
PEAP Authentication7. The client and server negotiate and create an
encrypted tunnel8. This tunnel provides a secure data path for client
authentication9. Using the TLS Record protocol, a new EAP
authentication is initiated by the RADIUS server10. The exchange includes the transactions specific
to the EAP type used for client authentication11. The RADIUS server sends the access point a
RADIUS ACCEPT message, including the client’s WEP key, indicating successful authentication
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TTLS vs PEAP
Both were designed to use older authentication methods while maintaining the strong cryptographic foundation of TLS Both have similar structureBoth are two-stage protocols that establish security in stage one and then exchange authentication in stage twoStage one establish a TLS tunnel and authenticates the authentication server to the client with a certificate
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP-TTLS vs PEAPMicrosoft and Cisco both support PEAP Cisco’s Aironet Client Utility (ACU) and Windows XP with service pack1There are two types of PEAP supported by Microsoft: PEAP-EAP-MS-CHAPv2 and PEAP-EAP-TLSPEAP-EAP-TLS, server and client side certificates are requiredPEAP-EAP-MS-CHAPv2, server certificates and client passwords are required
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
EAP Considerations
The factors to include when deciding: Mutual Authentication Dynamic Key Generation, Rotation, and
Distribution Cost and Management Overhead Acceptance, Standardization, and Support Availability and Implementation
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Proprietary ProtocolsThese protocols are used because: Added security through per packet
authentication Added security through use of leading-edge
encryption algorithms not yet supported by standards
Added security due to the entire communications process between client and server being strongly encrypted
Compression to increase throughput over the half-duplex medium
This work is supported by the National Science Foundation under Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Proprietary ProtocolsEnterprise Encryption Gateways use proprietary protocols in order to achieve stronger security and increased throughput, but the main disadvantage here is vendor interoperability