Wireless Security - PowerPoint PPT Presentation

About This Presentation

Title:

Wireless Security

Description:

Sniffs. Searches for weaker IVs. Records encrypted data. Until ... May sniff your neighbours... SMU. CSE 5349/7349. Location of AP. Ideally locate access points ... – PowerPoint PPT presentation

Number of Views:16

Avg rating:3.0/5.0

Slides: 36

Provided by: nair6

Learn more at: https://s2.smu.edu

Category:

more less

Transcript and Presenter's Notes

Title: Wireless Security

1
Wireless Security

802.11, RFID, WTLS

2
802.11

802.11 a, b,
Components
Wireless station
A desktop or laptop PC or PDA with a wireless
NIC.
Access point
A bridge between wireless and wired networks
Radio
Wired network interface (usually 802.3)
Bridging software
Aggregates access for multiple wireless stations
to wired network.

3
802.11 modes

Infrastructure mode
Basic Service Set
One access point
Extended Service Set
Two or more BSSs forming a single subnet.
Most corporate LANs in this mode.
Ad-hoc mode (peer-to-peer)
Independent Basic Service Set
Set of 802.11 wireless stations that communicate
directly without an access point.
Useful for quick easy wireless networks.

4
Infrastructure mode
Access Point
Basic Service Set (BSS) Single cell
Station
Extended Service Set (ESS) Multiple cells
5
Ad-hoc mode
Independent Basic Service Set (IBSS)
6
Open System Authentication

Service Set Identifier (SSID)
Station must specify SSID to Access Point when
requesting association.
Multiple APs with same SSID form Extended Service
Set.
APs broadcast their SSID.

7
MAC Address Locking

Access points have Access Control Lists (ACL).
ACL is list of allowed MAC addresses.
E.g. Allow access to
0001420E121F
000142F172AE
0001424FE201
But MAC addresses are sniffable and spoofable.
Access Point ACLs are ineffective control.

8
Interception Range
Station outside building perimeter.
100 metres
Basic Service Set (BSS) Single cell
9
Interception

Wireless LAN uses radio signal.
Not limited to physical building.
Signal is weakened by
Walls
Floors
Interference
Directional antenna allows interception over
longer distances.

10
Directional Antenna

Directional antenna provides focused reception.
D-I-Y plans available.
Aluminium cake tin.
11 Mbps at 750 meters.
http//www.saunalahti.fi/elepal/antennie.html

11
802.11b Security Services

Two security services provided
Authentication
Shared Key Authentication
Encryption
Wired Equivalence Privacy

12
Wired Equivalence Privacy

Shared key between
Stations.
An Access Point.
Extended Service Set
All Access Points will have same shared key.
No key management
Shared key entered manually into
Stations
Access points
Key management a problem in large wireless LANs

13
RC4

Refresher
RC4 uses key sizes from 1 bit to 2048 bits.
RC4 generates a stream of pseudo random bits
XORed with plaintext to create ciphertext.

14
WEP Sending

Compute Integrity Check Vector (ICV).
Provides integrity
32 bit Cyclic Redundancy Check.
Appended to message to create plaintext.
Plaintext encrypted via RC4
Provides confidentiality.
Plaintext XORed with long key stream of pseudo
random bits.
Key stream is function of
40-bit secret key
24 bit initialisation vector (more later)
Ciphertext is transmitted.

15
Initialization Vector

IV must be different for every message
transmitted.
802.11 standard doesnt specify how IV is
calculated.
Wireless cards use several methods
Some use a simple ascending counter for each
message.
Some switch between alternate ascending and
descending counters.
Some use a pseudo random IV generator.

16
WEP Encryption
IV Cipher text
Initialisation Vector (IV)
PRNG

Key Stream
?
Seed
Secret key
Plaintext

32 bit CRC
ICV
Message
17
WEP Receiving

Ciphertext is received.
Ciphertext decrypted via RC4
Ciphertext XORed with long key stream of pseudo
random bits.
Check ICV
Separate ICV from message.
Compute ICV for message
Compare with received ICV

18
Shared Key Authentication

When station requests association with Access
Point
AP sends random number to station
Station encrypts random number
Uses RC4, 40 bit shared secret key 24 bit IV
Encrypted random number sent to AP
AP decrypts received message
Uses RC4, 40 bit shared secret key 24 bit IV
AP compares decrypted random number to
transmitted random number

19
Security - Summary

Shared secret key required for
Associating with an access point.
Sending data.
Receiving data.
Messages are encrypted.
Confidentiality.
Messages have checksum.
Integrity.
But SSID still broadcast in clear.

20
Security Attacks

Targeted network segment
Free Internet
Malicious use of identity
Access to other network resources
Malicious association
Host AP
Interference Jamming
Easy to jam the signals
DOS through repeated, albeit unsuccessful access
requests (management messages are not
authenticated. Egs. Wlan-jack)
DoS through disassociation commands
Interference with other appliances (2.4 G
spectrum)
Attack against MAC authentication
Can spoof MAC with loadable firmware
Defense?
Vulnerability through ad hoc mode

21
802.11 Insecurities

Authentication two options
Open
Shared-key
Shared-key more insecure?
Static key management
If one device is compromised/stolen, everyone
should change the key
Hard to detect
WEP keys
40 or 128 can be cracked in less than 15 minutes

22
IV Collision attack

If 24 bit IV is an ascending counter,
If Access Point transmits at 11 Mbps, IVs
exhausted in roughly 5 hours.
Passive attack
Attacker collects all traffic
Attacker could collect two encrypted messages
If two messages EM1, EM2, both encrypted with
same key stream ( same key and same IV)
EM1 ? EM2 M1 ? M2
Effectively removes the key stream
Can now try to derive plaintext messages

23
Limited WEP keys

Some vendors allow limited WEP keys
User types in a password
WEP key is generated from passphrase
Passphrases creates only 21 bits of 40 bit key.
Reduces key strength to 21 bits 2,097,152
Remaining 19 bits are predictable.
21 bit key can be brute forced in minutes.

24
Brute Force Key Attack

Capture ciphertext.
IV is included in message.
Search all 240 possible secret keys.
1,099,511,627,776 keys
200 days on a modern laptop
Find which key decrypts ciphertext to plaintext.

25
128 bit WEP

Vendors have extended WEP to 128 bit keys.
104 bit secret key.
24 bit IV.
Brute force takes 1019 years for 104-bit key.
Effectively safeguards against brute force
attacks.

26
IV weakness

WEP exposes part of PRNG input.
IV is transmitted with message.
Initial keystream can be derived
TCP/IP has fixed structure at start of packets
Attack is practical.
Passive attack.
Non-intrusive.
No warning.

27
Wepcrack

First tool to demonstrate attack using IV
weakness.
Open source
Three components
Weaker IV generator.
Search sniffer output for weaker IVs record 1st
byte.
Cracker to combine weaker IVs and selected 1st
bytes.

28
Airsnort

Automated tool
Does it all!
Sniffs
Searches for weaker IVs
Records encrypted data
Until key is derived.

29
Safeguards

Security Policy Architecture Design
Treat as untrusted LAN
Discover unauthorised use
Access point audits
Station protection
Access point location
Antenna design

30
Wireless as Untrusted LAN

Treat wireless as untrusted.
Similar to Internet.
Firewall between WLAN and Backbone.
Extra authentication required.
Intrusion Detection
WLAN / Backbone junction.
Vulnerability assessments

31
Discover Unauthorised Use

Search for unauthorised access points or ad-hoc
networks
Port scanning
For unknown SNMP agents.
For unknown web or telnet interfaces.
Warwalking!
Sniff 802.11 packets
Identify IP addresses
Detect signal strength
May sniff your neighbours

32
Location of AP

Ideally locate access points
In centre of buildings.
Try to avoid access points
By windows
On external walls
Line of sight to outside
Use directional antenna to point radio signal.

33
IPSec VPN

IPSec client placed on every PC connected to the
WLAN
Filters to prevent traffic from reaching anywhere
other than VPN gateway and DHCP/DNS server
Can combine user authentication also

34
IEEE 802.11i