Scurit de l'information

1
WIRELESS LAN SECURITY
Clément Dupuis,CDCISSP, GCFW, GCIA, CCSA (NG),
CCSE (NG),ACEGroupe CGI, Montreal, Canada /
CCCure.Org
2
Overview of Presentation

• Introduction
• The Jargon
• The 802.11 family of standards
• Security
• Defend yourself
• Deployment
• Counter Measures
• Conclusion

3
Introduction

• Roller Coaster Ride
• What or Who to believe?
• Most talk about technology
• Most hyped technology (Reminds me of bluetooth)
• Most controversial LAN technology right now
• A challenge to secure
• Different standards and access control methods
• Does not respect the typical security defences
• It is being deployed in large numbers right now
• Now, lets take a look at some number

4
Introduction - WLAN Penetration
Statistics provided by WECA
5
Introduction - WLAN Depth of Penetration
Statistics provided by WECA
6
Introduction - WLAN Top Drivers
Statistics provided by WECA
7
Introduction - WLAN Top Barriers
Authentication/Security Concerns Budget Resour
ces forDeployment and Support Speed
Statistics provided by WECA
8
Overview of Presentation

• Introduction
• The Jargon
• The 802.11 family of standards
• Security
• The Threats
• Defend yourself
• Deployment
• Counter Measures
• Conclusion

9
The Jargon - WarXing

• A new series of words have come into play as the
  world Wireless LAN and methods of attacks have
  evolved.
• They are derived from the term WarDialing that
  was used to described someone attempting all
  phone number in series to find modems or other
  devices.
• WarDriving
• WarFlying
• WarBoating
• WarCycling
• WarWalking
• WarChalking
• WarPlugging (ie Tell Joes Pizza and get 10
  Off)

Plug (noun)a piece of favorable publicity or a
favorable mention usually incorporated in general
matter -  Merriam-Webster
10
The Jargon - WarChalking

• A marking method is only as good as the number of
  people that knows it. There is a common standard
  being developed amongst warchalkers to offer a
  common marking scheme.

Bumper Sticker
www.warchalking.org
11
The Jargon - Acronyms

• IEEE Institute of Electrical and Electronics
  Engineers
• 802.11 Specifications for Wireless Standards
• Wi-Fi Wireless Fidelity, often used in lieu of
  802.11b
• WECA Wireless Ethernet Compatibility Alliance
• WLAN Wireless Local Area Network
• AP Access Point
• FHSS Frequency Hoping Spread Spectrum
• DSS Direct Sequence Spread Spectrum
• OFDM Orthogonal Frequency Division Multiplexing
• WEP Wired Equivalent Privacy
• EAP Extensible Authentication Protocol
• CRC Cyclic Redundancy Check
• HotSpot Area where wireless access is offered

12
The Jargon - Hotspots

• Some airport are not offering HotSpots but there
  is also businesses that have taken opportunities
  of this by offering Internet Access while people
  grab lunch.

)))
)))

In Austin, Texax, 11 stores with HotSpots
13
Overview of Presentation

• Introduction
• The Jargon
• The 802.11 family of standards
• Security
• Defend yourself
• Deployment
• Counter Measures
• Conclusion

14
802.11 Standard and its annexes

• 802.11 represents Wireless LAN standards and
  annexes
• The original standard was 802.11, which was a
  standard which defined wireless LAN using
  Infrared
• First annex was 802.11b
• Second annex was 802.11a
• Then a series of 802.11x followed
• It is a shared medium
• It makes use of CSMA-CA
• 802.11a and 802.11b are radio systems

15
802.11Whatever What does it mean
16
What is a WLAN
Picture from www.smarthomeforum.com
17
Hardware WLAN Hardware

• WLAN Network Adaptor Chipsets
• Cisco Aironet Based Series (Hermes Chipset)
• Lucent Orinoco (Agere) Series
• Prism II Chipset (Linksys, Compaq, Dlink)
• Format
• USB External Card
• PCI Card
• PCI Adaptor with PCMCIA Card
• PCMCIA Card
• Antennas
• After all we are talking Radio Frequency and
  Signal here
• Some have connector for external antenna and some
  dont

18
What does it looks like in real life!
19
What does it looks like in real life!
Pictures from www.hdcom.com
20
Overview of Presentation

• Introduction
• The Jargon
• The 802.11 family of standards
• Security
• Defend yourself
• Deployment
• Counter Measures
• Conclusion

21
Security A few more terms

• A few more terms
• Station Describe any device on a wireless
  network, either a client or an access point
• Ad Hoc Refers to a network between two clients
• Access Used by client to communicate with other
  Point clients, either wireless or wired
  clients. This is also referred to as
  Infrastructure Networks
• BSS Basic Service Set An access point with
  all its clients that form a network
• SSID Service Set Identifier The name given to
  a BSS network, also called Network Name

22
Security - WEP

• From ANSI/IEEE Std. 802.11
• 3.49 wired equivalent privacy (WEP)
• The optional cryptographic confidentiality
  algorithm specified by IEEE 802.11 used to
  provide data confidentiality that is subjectively
  equivalent to the confidentiality of a wired
  local area network (LAN) medium that does not
  employ cryptographic techniques to enhance
  privacy.

23
Security WEP Basic Security functions

• Network name (SSID), used as a network password,
  or key, or in some cases keys are derived from
  the SSID on AP (Authentication)
• Must have same SSID to communicate
• Use the same SSID on all devices
• Protect from devices without the SSID
• Authentication (Access Control)
• Based on MAC Filtering
• Encryption (Confidentiality)
• Through the use of WEP
• 40 Bits
• 128 bits
• CRC checksum (Integrity)

24
Security WEP Weaknesses

• Key Management
• Not define or included
• Tend to provide long term or poor quality keys
• Keys are manually keyed
• Due to the manual labour involved, keys do not
  change often
• Key Size
• 40 bits defined in standard
• Most have deployed 128 bits, which in fact is 104
  bits 24 Bits IV
• WEP IV Size is too small
• Provides for 16,777,216 different cipher stream
• IV are being reused
• WEP does not specify how IV are chosen or how
  often they rotate

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
25
Security WEP ICV Weaknesses

• The Integrity Check Value (ICV) Algorithm
• Based on CRC-32
• Good for detecting errors in data transmission
  but not for hashes
• MD5 or SHA1 would be a better choice
• Message can be tampered and still produce same
  ICV
• Allow M-I-M type of attacks, Simply capture an
  encrypted packet stream, modify the destination
  address of each packet to be the attacker's wired
  IP address, fix up the CRC-32, and retransmit the
  packets over the air to the access point
• Key size does not matter with ICV and IV based
  attack, the attacks all take the same amount of
  effort regardless if it is 40 bits or 128 bits

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
26
Security WEP usage of RC4

• RC4 in its implementation in WEP has weak keys
• Too much correlation between the key and the
  output
• First three bytes of the key are taken from the
  IV
• They are sent unencrypted in each packet
• It is easy to exploit as it is a passive attack
• All that is needed is to collect enough data to
  derive the key
• About 100 megs of data is necessary
• Once 100 megs is collected, encryption can be
  broken in seconds

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
27
Security WEP Authentication

• Two forms of authentication
• Open System No authentication
• Shared Key Authentication
• Shared key is in fact weaker
• Knowledge of a shared key is demonstrated by
  encrypting a challenge
• Challenge and Response can be monitored by
  attacker
• From this, the attacker can derive the RC4 steam
  that was used
• The attacker can then use this RC4 stream to
  reply to any challenge that he receives in the
  future
• Advantage of Shared Key
• Reduce the ability of an attacker to launch a Dos
  Attack by sending bogus packet encrypted with the
  wrong key on the network
• Shared key should be turned off and 802.1x used
  instead

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
28
Security 802.1x

• Based on EAP As per RFC 2284
• Allow the use of Radius, Active Directory,
  SecurID, Certificates

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
29
Security WEP XOR Operations

• XOR (?) operation
• Given two bits, if exactly one of them is a one,
  the result is one.
• Otherwise, it is zero.
• Sample XOR (?) Operation
• Value A 1 1 0 0Value B 0 1 1 0A ? B 1 0 1
  0
• XOR (?) has the properties such that
• If A ? B C,
• then C ? B A,
• and C ? A B

A special mention to Ted Ipsen for sharing with
the community his WEP research on which the info
on XOR operations is based
30
Security WEP XOR Operation

• XOR as a symmetric cipherMessage
  10011011101
• Key ? 01101010110
• Ciphertext 11110001011
• Key ? 01101010110
• Message 10011011101

31
Security WEP Operation

• The CRC-32 ICVA 4 byte CRC-32 Integrity Check
  Value (ICV) is computed for the data payload of
  the packet and appended to it.The UNIQUE
  seed
• The shared secret key (k) is static, a 24-bit
  Initialization Vector (IV) is concatenated with
  the key (k), to form a unique seed.

Plaintext Message (M)
ICV s(M)
Shared Key (k)
IV
32
Security WEP Operation

• THE KEYSTREAM
• This seed is input into the stream cipher RC4,
  which outputs a keystream of arbitrary length.

33
Security WEP Operation

• The plaintext data, and the appended CRC-32 value
  are XORed against an equal number of bits from
  the keystream to create ciphertext.

Plaintext Message (M)
ICV s(M)
34
Security WEP Operation

• The IV is put into the WEP Header in PLAINTEXT,
  and the encrypted packet sent to the receiver.
• The receiver uses the IV in the Header along
  with the shared key, k to reproduce the RC4
  keystream.

Ciphertext (C)
Shared Key (k)
35
Security WEP Operation

• The ciphertext is XORed against the RC4
  keystream, and the plaintext recovered.

Ciphertext (C)
36
Security WEP Operation

• The CRC-32 Integrity Check Value (ICV) is
  computed to verify the integrity of the data.

Plaintext Message (M)
ICV s(M)
37
Security WEP CONFIDENTIALITY

• Confidentiality is provided by the XOR operation
• To be secure, the keystream must NEVER be
  reused.
• In WEP you are guaranteed to reuse these inputs,
  and thus, the keystream!
• The shared secret key k, whether 40 or 104 bits
  long, is essentially fixed.
• Therefore, the only input into the RC4 stream
  that changes is the 24 bit IV (224
  16,777,216)
• So, about every 16 million packets, you get an
  IV collision.
• This doesnt take very long on a moderately busy
  network.

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
38
Security WEP CONFIDENTIALITY

• SCENARIO 1
• Send some known plaintext (like spam e-mail), and
  capture the encrypted packet with the cleartext
  IV.
• XOR the plaintext against the ciphertext and
  recover the keystream.
• SCENARIO 2
• Consider the authentication scheme from the
  standpoint of an attacker.
• You sniff the WLAN and capture the Challenge
  Message from the Access Point as it is sent in
  cleartext to the requesting station.
• You then capture the encrypted reply that is
  sent back to the AP

Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
39
Security WEP CONFIDENTIALITY

• SCENARIO 2 (Continued)
• Compute the CRC-32 ICV for the Challenge, and
  append it.
• XOR the Challenge and ICV against the
  Ciphertext C ? M K
• And get the keystream back !!!

Challenge (M)
Primer from http//www.nwfusion.com/research/2002
/0909wepprimer.html
40
Overview of Presentation

• Introduction
• The Jargon
• The 802.11 family of standards
• Security
• Defend yourself
• Deployment
• Counter Measures
• Conclusion

41
Defend Yourself WLAN Assessment

• Hacking yourself before someone else does
• How to assess your WLAN
• Home brew
• Commercial products
• How to hide amongst others in the crowd
• If everyone is screaming loudly then who is
  screaming what you wish to hear.
• How to fool the bad guys
• More ways to fool the bad guys

42
Defend Yourself Home Brew

• What is required
• A card with a connector for an external antenna
• Cisco Aironet 352, Agere Orinoco Gold, and the
  Compaq WL100
• Software
• Lots of software available for assessment
• No software does all of the functions
• Not all software works with all cards
• Not all cards works with all OS
• Will need more than one piece of software, card,
  and OS
• Laptops
• With proper OS and Card drivers
• External Antenna for better gain

43
Defend Yourself Home Brew toolkit

• As easy as 1-2-3
• Free User Friendly sniffing and cracking
  software
• Detect rogue networks that you may not know about

NetStumblerKismetAPSniffSniffer Pro
WirelessAiroPeekWepCrackAirSnort


165 US
44
Defend Yourself WLAN Assessment

• Some of the functionality found in WLAN sniffer,
  cracker, protocol analyzer, and assessment
  software

45
Defend Yourself WLAN assessment
46
Defend Yourself Commercial ToolKit
47
Defend Yourself Commercial ToolKit

• Verify Signal Strength and clients on AP

48
Defend Yourself - Warfare

• In 1978 while deploying HF, VHF, and UHF radio
  stations for DOD, I would have never guessed that
  my antenna theory would come to use for WLAN one
  day.
• Position of the AP
• As far away as possible from the unfriendly zone
• Move it toward the centre of coverage zone if
  possible
• Diffusion, Diffraction, Reflexion
• Shield between you and remote
• Type of antenna
• Use a shield if necessary to direct waves
• Use a cone shape to direct waves upward

49
Defend Yourself Fake AP Tool

• Hide in the crowd
• Generates thousand of fake AP
• RedHat only
• Prism2/2.5/3 based 802.11b cards
• Currently in development
• Very promising
• Available athttp//www.blackalchemy.to/Projects
  /fakeap/fake-ap.html

50
Defend Yourself Locate the enemy

• Electronic Warfare Techniques
• Ekahau Positioning Engine (www.ekahau.com)
• Find a device within 1 meter
• Need three points at least for accuracy
• Marketing potential as well
• Show ads to people close to a store for example
• Disallow access to people outside your area
• Available now

51
Defend Yourself HOWTO

• Control who gains access to your network
• Use defence in depth
• Implement strong user based authentication vs
  device based
• Implement data encryption and do not rely on WEP
• Attempt to create a centralize management point
• it is very costly to maintain manually separate
  user database or to distribute keys to each
  devices.
• Dynamic session-based encryption keys
• Keys should be changed automatically at fixed
  intervals and on reauthentications, making them
  more difficult for intruders to crack than static
  WEP keys
• Mutual authentication
• So that a client isn't deceived by a "rogue"
  (unauthorized) access point

52
Defend Yourself HOWTO

• A. Wireless LAN behind a firewall (treat as
  untrusted)
• B. Do not use the default SSID
• Change it regularly
• Disable SSID broadcast if your device supports it
• C. Make use of WEP, it is better than nothing
• Change the WEP key from the default
• Attempt to use product that dynamically generates
  key
• D. Ban rogue networks
• E. Ensure a policy exists that restricts WLANs
  from being established without formal approval.

53
Defend Yourself HOWTO

• F. Add personalized authentication
• Using MAC address
• (802.1x)-based control lists
• G. Leverage existing RADIUS servers
• Integrate wireless LANs into the existing RADIUS
  infrastructure to more simply manage users. It
  not only enables wireless authentication, but
  also ensures wireless users go through the same
  authorization and accounting approvals as remote
  users.
• H. Not all WLANs are created equal, many
  manufacturer equipment does not include enhanced
  security features.
• I. Consider using a VPN
• Virtual Private Networks have been deployed over
  the Internet to allow secure communications for
  years. The same can be deployed in a wireless
  environment to add Layer 3 encryption to the
  wireless (Layer 2) communication.

54
FUN STUFF Expedient Antennas

• WLAN Can also be fun to experiment with
• Keep you Pringles cans for your expedient antennas

55
FUN STUFF WarPumpkin

• WLAN Hackers Can Adapt to seasonal changes
• Open WLAN, SSIDGoAway, Speed1.5Mbps

56
WAR DRIVING

• Are network really as badly protected as it is
  claimed

57
Questions ?
For further infoClément Dupuiscdupuis_at_cccure.org
Downloadable version available
athttp//www.cccure.org/Documents/Wireless/OTS20
02.zip
58
WLAN Online References

• The ultimate guide to WarXing
  http//www.kraix.com/downloads/TDGTW-WarXing.txt
• Great article on Security News Portal on how to
  defend yourselfhttp//www.securitynewsportal.com
  /cgi-bin/cgi-script/csNews/csNews.cgi?databaseJan
  R2edbcommandviewoneid34opt
• The Ethernet Wireless Compatibility alliance
  http//www.wi-fi.org

59
WLAN Assessment Software

• Netstumbler http//www.netstumbler.com
• WEPcrack http//wepcrack.sourceforge.net
• AirSnort http//airsnort.shmoo.com/
• Kismet http//www.kismetwireless.net/index.shtml
  
• Aerosol http//www.sec33.com/sniph/aerosol.php
• APSniff http//www.zdnet.com.au/downloads/pc/swi
  nfo/0,2000036746,7997854,00.htm
• Wellenreiter http//www.remote-exploit.org
• Triangulation http//www.ekahau.com/

60
Commercial WLAN Assessment Software

• Distributed Wireless Security Auditor,
  IBMhttp//www.research.ibm.com/resources/news/200
  20617_dwsa.shtml
• AirDefense Security Appliance
  http//www.airdefense.net/
• AirMagnet PDA http//www.airmagnet.com/
• Airopeek NX http//www.wildpackets.com/product
  s/airopeek_nx
• NAI Sniffer Pro Wireless http//www.nai.com/

61
Other Fun tools and Projects

• Fake APhttp//www.blackalchemy.to/Projects/fakea
  p/fake-ap.html
• Pringle Can Antenna Recipehttp//verma.sfsu.edu/
  users/wireless/pringles.php
• Milk Can Antenna Recipehttp//reseaucitoyen.be/?
  BoiteDeConserve1
• Map and Statistics of Toronto War
  Drivinghttp//www.nakedwireless.ca/winudcol.htm