Wireless Networks Security Tahani Qaisi. Outlines Introduction to wireless security Modes of unauthorized access. Security measures Security risks Implementing.

Wireless NetworksSecurity

Tahani Qaisi

Outlines• Introduction to wireless security• Modes of unauthorized access.• Security measures• Security risks• Implementing a secure network• Conclusion• references

Wireless Security

Security context between two (network) entities should provide• Authentication - to prove identity• Integrity - to detect altered packets• Privacy - to prevent eavesdropping

Wireless Security• Wireless security is the prevention of unauthorized access or damage to

computers using wireless networks.• The mobility advantage:

• Crackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired networks.

• Wireless Intrusion Prevention Systems (WIPS)• Great number of security risks associated with the current wireless

protocols and encryption methods, as carelessness and ignorance exists at the user and corporate IT level.

• Cracking methods have become much more sophisticated and innovative with wireless.

Unauthorized AccessThere are four modes for unauthorized access: Accidental Associations:

When a user turns on a computer and it latches on to a wireless access point from a neighboring company’s overlapping network.

Non-traditional Networks: Such as personal network Bluetooth devices are not safe from cracking and should be regarded as a security risk.

Unauthorized Access Malicious Associations:• When the attackers use their wireless devices to connect

to a company network through their cracking laptop instead of a company access point (AP).

• These laptops are known as “soft APs” and are created when a cracker runs some software that makes his wireless network card look s like a legitimate access point.

Unauthorized Access Ad hoc Networks:• The security hole provided by Ad hoc networking is not the

Ad hoc network itself but the bridge it provides into other networks.

• Bridging is in two forms:• Direct: when the user actually configure the bridge

between the two connections.• Indirect: which is the shared resources on the user

computer, the critical data will be exposed to discovery, and will provide a route to the secured network.

Wireless intrusion prevention system

• (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).

• A wireless intrusion detection system (WIDS) monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

• A WIPS also includes features that prevent against the threat automatically.

Security Measures

• Default 802.11b Authentication Schemes • Service Set Identifier (SSID)• MAC ID filtering• Static IP addressing• Open Authentication (null)• Shared-Key Authentication

• Wired Equivalent Privacy (WEP)

• Temporal Key Integrity Protocol – TKIP• Remote Authentication Dial-In Service (RADIUS)• WPA (Wi-Fi Protected Access)• 802.11i security• WPAv2

Security Measures• SSID hiding:

A simple but ineffective method to attempt to secure a wireless network is to hide the SSID (Service Set Identifier).

• MAC ID filtering:One of the simplest techniques is to only allow access from known, pre-approved MAC addresses. Most wireless access points contain some type of MAC ID filtering.

• Static IP addressingTypical wireless access points provide IP addresses to clients via DHCP. Requiring clients to set their own addresses makes it more difficult for a casual or unsophisticated intruder to log onto the network, but provides little protection against a sophisticated attacker.

Security Measures • Open System Authentication

Any client can associate with AP• Null authentication algorithm• Consists of two messages

Authentication Request Authentication Response

Security Measures• Shared-Key Authentication

A shared secret (!) key to authenticate the client to the AP• Uses a challenge response protocol

– A random number as a challenge A simple Attack

• Record one challenge/response by a sniffer• Use the challenge to decrypt the response and recover the

key stream• Use the recovered key stream to encrypt any subsequent

challenge

STA

AP

Wired Equivalent Privacy (WEP)• Introduced in 1997 to provide “privacy of wire”

• Uses RC4 for encryption WEP Key + initialization vector (IV) are fed into a pseudorandom

number generator 40 bits or 128 bits (104 + 24 IV)

• The IV, Encrypted Message, and checksum are sent in the 802.11 packet

• IV is changed periodically Reuse of key streams

• No Key Management Protocol• Uses pre-shared static keys (PSK)

Manually distributed keys

802.11 WEP FrameIV

KEY ID802.11header

PayloadICV

(FCS)

Encrypted

UnencryptedICV is a CRC-32 checksum over the Payload (802 Header and the Data)

Security in WEP

Caffe Latte attack• The Caffe Latte attack is a way to defeat WEP. It is not

necessary for the attacker to be in the area of the network using this exploit, it is possible to obtain the WEP key from a remote client.

• By sending a flood of encrypted ARP requests, the assailant takes advantage of the shared key authentication and the message modification flaws in 802.11 WEP.

• The attacker uses the ARP responses to obtain the WEP key in less than 6 minutes.

Security Measures• Temporal Key Integrity Protocol – TKIP– Defined in IEEE 802.11i specs for WiFi networks to replace

WEP– Short-term solution to WEP

• Deployed on existing H/W– Uses a key scheme based on RC4 like WEP, but encrypts every data

packet with its own unique encryption key• Hashes IVs

– Encrypted IVs, not easy to sniff– IV sent as plaintext in weak WEP

• Message Integrity Check (MIC)– Provides per-packet key-mixing

TKIP cont..• MIC – Message Integrity Check

– Prevent Insertion Attack• Hacker can determine the encrypted value & the plaintext

– When results are XORed the PRGA streaming key is revealed

• Disable extracting the streaming key from the message

Security Measures• Remote Authentication Dial-In Server (RADIUS)– Authentication, Authorization, Accounting (AAA)– Originally developed for remote modem users by

Livingston Enterprises, 1997– Responsible for authenticating remote connections – Provide authorization to network resources– Logging for accountability purposes– Controls various aspects of authorization

• Time-limits• Re-keying

– Many RADIUS servers use EAP

EAP• The Extensible Authentication Protocol (EAP), defined in RFC

2284.• EAP provides support of multiple authentication methods by

using anything from smartcards to digital certificates to authenticate a user, instead of using a username and password.

• Originally created for use with PPP• Inherent weaknesses:– Lack of protection of the user identity or EAP negotiation– No standardized mechanism for key exchange– No built-in support for fragmentation and reassembly– Lack of support for fast reconnect

Some Authentication Protocols• EAP-TLS (Transport Level Security)

– a TLS handshake is used to mutually authenticate a client and server• EAP-TTLS extends this (Tunneled TLS)

– Uses the secure connection established by the TLS handshake to perform additional authentication, such as another EAP or another authentication protocol such as CHAP

– Establish keying material • PEAP (Protected EAP)

– Similar to EAP-TTLS but only allows EAP for authentication– Also has key exchange, session resumption, fragmentation and

reassembly

WTLS’s Security Problems Security GAP

• reason: WTLS session exists only between the WAP device and the Gateway.

Solutions:• Place Gateway and the back-end system within a secure

environment.• Provide integrity protection on information(digital signatures).

Challenge Message

• Authentication depends on a secret key known only to authenticator and client

• Radius server sends challenge to client via access point• This challenge packet will vary for each authentication attempt• The challenge is pulled from information contained a table of known

secrets• New challenge can be sent at intervals based on Radius server

settings, or upon client roaming

Calculated Hash

• Client responds with a calculated value using a “one way hash” function

• This value is derived from a known secrets list

Start

Authentication Granted/Denied

• Radius server checks response against it own calculated hash

• If it matches, then authentication is acknowledged to AP and client

• If authentication is not achieved, the AP will not permit any traffic for that client to pass

Access AllowedAccess Allowed

Radius Server

AssociationLaptop

Computer

Wireless

Access BlockedAccess Blocked

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request

Radius-Access-Request

Radius-Access-Challenge

EAP-Response (Cred) Radius-Access-Request

EAP-Success Radius-Access-Accept

RadiusEAPOW

802.11802.11 Associate

EAPOW-Key (WEP)

Access Point

Ethernet

Wi-Fi Protected Access (WPA)• Wi-Fi Protected Access

– Works with 802.11b, a and g• “Fixes” WEP’s problems• Existing hardware can be used• 802.1x user-level authentication• TKIP

– RC4 session-based dynamic encryption keys– Per-packet key derivation– Unicast and broadcast key management– New 48 bit IV with new sequencing method– Michael 8 byte message integrity code (MIC)

• Optional AES support to replace RC4

WPA• Created by Wi-Fi Alliance• Used basic outline of 802.11i (partly implemented of 802.11i)• 802.11i requires more powerful H/W for AES• Instead, employ a software/firmware upgrade• Michael Algorithm

802.11i• WPA2 Robust Security Network extends WPA– Counter Mode with Cipher Block Chaining Message

Authentication Code Protocol (CCMP)– Based on a mode of AES, with 128 bits keys and 48 bit IV.– Also adds dynamic negotiation of authentication and

encryption algorithms– Allows for future change

• Does require new hardware• Not backward compatible with WEP

WEP vs. WPA• Poor encryption

• 40 bit keys• Keys are static and shared• Manual key distribution• WEP key is used for

authentication and encryption

• No known flaws in encryption• 128-bit keys• Session keys are dynamic• Automatic key distribution• 802.1x/EAP user authentication

WPA and 802.1x• 802.1x is a general purpose network access control mechanism

– Port based network access• Provides Authentication to devices attached to a LAN port

– Establishes point-to-point connection– Based on EAP

• WPA has two modes– Pre-shared mode, uses pre-shared keys– Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS

server making the authentication decision– EAP is a transport for authentication, not authentication itself– EAP allows arbitrary authentication methods

Practical WAP Attacks• Dictionary attack on pre-shared key mode• Denial of service attack– If WPA equipment sees two packets with invalid MICs in 1

second• All clients are disassociated• All activity stopped for one minute• Two malicious packets a minute enough to stop a

wireless network

Typical WLAN Attacks• WEP Cracking• MAC Attack• Man-in-the-Middle Attack (Rogue AP)• Dictionary Attack• Session Hijacking• Denial-of-Service (DoS)

WEP Cracking• Static Encryption Keys– Periodical & manual change on all devices

• Manually Distributed Keys• Key stream Reuse• RC4 Key Scheduling Algorithm• Message Authentication

• Solutions: – Authentication mechanisms using VPN– AES like advanced encryption methods

MAC Attack• Same as WEP cracking• Address spoofing• MAC Filtering won’t work

• Solution: authentication mechanisms such as 802.1x or VPN

Man-in-the-Middle Attack• Rogue AP• Capture Necessary Info– Network’s SSID– IP addresses– Wireless NIC’s association ID– Re-associate user’s NIC with bogus AP– Access to all data b/w them, including login info

• Solution: VPN and authentication mechanisms

Dictionary Attack• Relies on conventional names & words being used as

login name & password• Gathers a challenge & response exchange from a

password-based protocol.• Use of open source tools to decrypt login information

• Solutions: – Use a combination of letters and numbers– Use authentication mechanisms as 802.1x or VPN

Session Hijacking• Insertion attacks• Redirect the session from a legitimate end point• Set up an access point• WLAN clients try to connect by sending their authentication

information

• Solution: Authentication mechanisms 802.1X and VPN

Denial-of-Service (DoS) Attack

• Flooding APs with illegitimate traffic• Overwhelm available bandwidth• Slow or Stop legitimate users from accessing the network

• Solution: MAC filtering

Secure Implementation1. Implement Strong Physical Security Controls 2. Avoid Excessive Coverage of Wireless Networks 3. Secure Access Points 4. Use Non-suggestive Service Set Identifier (SSID) Naming

Conventions 5. Disable Direct Client-to-Client “Ad-Hoc Mode” Transmissions 6. Keep Security Patches Up-to-date 7. Employ MAC Address Filtering on Access Points 8. Deploy Wireless Intrusion Detection Systems

Conclusion• 802.11 is insecure:

– 802.11 encryption is readily breakable, and 50-70% of networks never even turn on encryption.

– Hackers are exploiting these weaknesses in the field.• Today wireless networks are helping and definitely providing the

opportunity to cut costs, to increase the productivity and mobility.• The key to keep up and creating a security wireless network is take in

consideration the security measures.

References

• www.en.wikipedia.org/wiki/Wireless_security• Frankel, Sheila, et al. "Establishing wireless robust

security networks: a guide to IEEE 802.11 i." National Institute of Standards and Technology (2007).

• http://www.metageek.net/blog/2012/12/wireless-security-basics/

• Karygiannis, Tom, and Les Owens. "Wireless network security." NIST special publication 800 (2002): 48.

• http://en.wikipedia.org/wiki/IEEE_802.1X• http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy