Wireless Security Chi-Shu Ho, Raymond Chi CS265 Cryptography and Computer Security SJSU November 18, 2003.

Wireless Security

Chi-Shu Ho, Raymond Chi CS265

Cryptography and Computer SecuritySJSU

November 18, 2003

Wireless Networks

According to PC Magazine, 14 million American household equipped with PC based data networks by end of 2003

40% are wireless networks Growing in popularity due to

– Convenience compare to traditional wired networks– price cuts of wireless networking components, full

setup for under $200 Commercial establishments offering wireless

access as ways to attract customers. They are everywhere! Parents have filed

lawsuits against some (elementary) schools for putting up wireless access points!

Standards

IEEE formed 802 working group in 1980s– Researchers, academics, and industrial

professionals working toward the development of an industry standard

Adopted 802 standard as the ground level networking standard in 1990.– 802.3 for Ethernet networking– 802.11 for wireless networking in 1997

Incremental enhancements of 802.11– 802.11a, 802.11b, 802.11.g

802.11 Basics Operating Frequency

US: 2.4000-2.4835Ghz Europe: 2.4000-2.4845Ghz Japan: 2.471-2.497Ghz France: 2.4465-2.4835Ghz Spain: 2.445-2.475Ghz

Transfer Rate: 1.2mbps Mechanism:

Direct Sequence Spread Spectrum (DSSS) http://www.pcwebopedia.com/TERM/D/DSSS.html

Frequency Hopped Spread Spectrum (FHSS) http://www.pcwebopedia.com/TERM/F/FHSS.html

The Big Three 802.11b

– A Great Leap Forward• First major revision of 802.11, approved in

1999– Frequency: 2.4Ghz– Transfer Rate (theoretical): 1, 2, 5.5, 11Mbps– Transfer Rate (throughput): 4Mbps (average)– Mechanism: Direct Sequence Spread

Spectrum (DSSS)– Channels Available: 11 (3 non-overlapping)– Maximum Range: 175ft (average) – Pros: Cost, Range– Cons: 2.4Ghz is unlicensed, overcrowded,

microwave oven, cordless phone, bluetooth device…

The Big Three 802.11a

– Faster and Faster• Approved and ratified by IEEE in in 2001

– Frequency: 5.8Ghz– Transfer Rate (theoretical): up to 54Mbps– Transfer Rate (throughput): 20-30Mbps (average)– Mechanism: Orthogonal Frequency Division

Multiplexing (OFDM)– Channels Available: 12 (all non-overlapping)– Maximum Range: 80ft (average) – Pros: increased data rate, less interference– Cons: short range, lack of backward compatibility

with 802.11b

The Big Three 802.11g

– New Guy on the Block– Frequency: 2.4Ghz– Transfer Rate (theoretical): up to 54Mbps– Transfer Rate (throughput): 20-30Mbps

(average)– Mechanism: Complimentary Code Keying

(CCK), backward compatible with DSSS– Channels Available: 3 (1, 6, 11)– Maximum Range: 175ft (average) – Pros: compatible with 802.11b, speed – Cons: relatively new

802.11 Security Mechanism

Authentication– Between stations and access points

(AP) Data Encryption

– Wired Equivalent Privacy (WEP)

802.11 Authentication Ad-Hoc Mode

– Direct station to station connection Infrastructure Mode

– Connection through Access Point (AP)– Process of finding an access point and

establish connection has the following 3 states• 1: Unauthenticated and unassociated• 2: Authenticated and unassociated• 3: Authenticated and associated

State 1

Unauthenticated and unassociated In this state when a wireless station is

searching for an access point. Finds AP by

– Listen for AP’s beacon management frame– Knowing AP’s Service Set Identifiers (SSID)

• Sending out probe request to locate desired access point

State 2

Authenticated and unassociated After station finds AP, a series of message is

exchanged to authenticate each other’s identity

Open System Authentication– Station sends message, AP determines whether to

grant access or not Shared key Authentication

– Uses WEP to determine if a station has access authentication

– AP and station shares a secret key– AP sends a 128bit generated challenge text– Station encrypts and sends data back to AP– Grant access if AP can decrypt it using the shared key

State 3

Authenticated and associated After both parties have been

authenticated, the station is in state 2. It then sends an association request,

and AP accepts the request. Useful for roaming

Wired Equivalent Privacy Encryption standard defined by the IEEE

802.11 Standard Uses a shared secret key for both

encryption and decryption Distribution of shared secret key to

stations is not standardized. Based on RC4 stream cipher has built-in defense against known

attacks Initialization Vector (24-bit) concatenated

with 40-bit shared secret key to produce different RC4 key for each packet

Integrity Check (IC) field to protect content

WEP Encryption

WEP Frame

IV Data IC802.11 Header

WEP Only Protects DATA

Not

Physical Layer Transmissions

Good Guy vs Bad Guy

How to make your wireless network secure?

SSID– Configure AP not to broadcast SSID, station

has to know SSID in advance to connect.

SSID Weakness! SSID is sent across the

wireless network in plaintext!– Not difficult to configure

off the shelf equipment to sniff for wireless traffic

Imposter Access point can easily be set up– How do you know you’ve

connected to the right AP?

SSID Map

Network Stumbler

How to make your wireless network secure?

Access Control Lists– Base on MAC address– Configure AP to only allow connection from

‘trusted’ stations with the right MAC address– Most vendors support this, although not in

the standard

MAC Weakness

MAC address can be sniffed by an attacker because they are again sent in the clear!

MAC addresses can be easily changed via software (no guarantee of uniqueness!)

How to make your wireless network secure?

Use WEP encryption/decryption as authentication mechanism

Use WEP to encrypt data transmitted to guard against eavesdropping

WEP Weakness WAP’s security mechanism not implemented

correctly!!! IC field is to protect data integrity, but CRC-32 is

linear (flipping a bit in the message causes a set number of bits to flip in the IC)!

IV is 24-bit, too short! Easily capture ciphertext with the same IV. Same IV => same encryption key => attacker can obtain multiple key/ciphertext pair for statistical analysis.

Secret Key is too short, 40 bits, shared, cannot be updated frequently!

AirSnort (http://airsnort.shmoo.com/) AirSnort is a wireless LAN (WLAN) tool which

recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.

WEP Conclusion Existing security mechanism of 802.11 is very

weak and can only provide protection against incompetent “script kiddy”

Unless other security mechanism are used, determined hackers will be able to break all the security measures in 802.11.

Example of designing security features without consulting experts!!

Ok for home use, insufficient for company to use

What can you do?– Hide (good/random) SSID, MAC list– Increase secret key length, change frequently– WPA, 802.11i

WPA (Wi-Fi Protected Access) Improved data encryption through the temporal key

integrity protocol (TKIP).– 48-bit initialization vector– Per packet key mixing function, automatically generates a

new unique encryption key periodically for each client – Message integrity check (Michael)

• Calculates an 8-byte MIC, placed between the data portion of 802.11 frame and the IV, encrypted

– Dynamic key encryption Enterprise level User authentication via 802.1x and EAP

– Utilize a central authentication server (such as RADIUS) to authenticate user on the network before they join in

– Mutual authentication, station doesn’t join rogue network that might steal its network credentials.

– For SOHO environment, operates in Pre-Shared Key mode Forward compatible with 802.11i (subset of 802.11i that

are ready for market today), Designed to run on existing hardware as a software upgrade

Interim standard that will be replaced with the IEEE’s 802.11i standard upon its completion (potential DOS attack?)

802.11i

Currently in draft form includes an Enhanced Security Network (ESN) that uses 802.1x to deliver its authentication and key management services

802.11i will also provide key distribution, data origin authentication and replay detection.

All stations and access points in an ESN must contain an 802.1x port entity and an 802.11i authentication agent.

An authentication server that participates in the authentication of all mobile devices and access points. It may authenticate these devices itself or it may provide information that the devices can use to authenticate each other.

References http://www.pcwebopedia.com/TERM/

8/802_11.html– Contains many excellent links to 802.11

Security (problems) of the WEP algorithm (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html)– Group that published the WEP weakness

http://www.weca.net/OpenSection/pdf/Wi-Fi_Protected_Access_Overview.pdf

Schwartz, Ephraim. Researchers Crack New Wireless security Spec. InfoWorld 2002. http://www.infoworld.com/articles/hn/xml/02/02/14/020214hnwifispec.xml

WPA Security Enhancements (http://www.wi-fiplanet.com/tutorials/article.php/2148721)