Evolution of Wireless LAN Security Standards

1
Evolution of Wireless LAN Security Standards
Bo Li Daniel Menchaca Harold Lee Narendra Kamat
2
Outline

• Why security?
• Demo (hopefully answers the above)
• Wired Equivalent Privacy and flaws
• VPN
• 802.1x and design flaws
• 802.11i (anticipated)
• Conclusions and recommendations

3
Purposes of network security

• Four main purposes
• Secrecy (or confidentiality) Encryption of
  information
• Secrecy of the cryptographic algorithm
  (restricted algorithm)
• The cryptographic algorithm is not a secret, but
  the key is.
• Authentication Verification of identity of
  participants
• Message integrity Assurance that message
  received was not altered
• Non-repudiation Deniable sending of a message
  not possible

4
Security

• Somebody elses job!
• But only people with a UT EID can connect to
  this Wireless LAN
• Isnt there some sort of encryption?

5
A Demo

• The Cast
• Typical wireless Laptop User (you?)
• Typical unskilled hacker (me, for this demo!)
• Typical unprotected WLAN (ENS)
• Attacking wireless laptop promiscuous mode
• Courtesy Network Engineering Lab (Prof. Bill
  Bard)

6
The Next StepWEP

• Encryption.
• Initial idea Wired Equivalent Privacy (WEP)
• An implementation of RC4 a commercial
  stream-cipher
• C (Mc(M)) XOR RC4(IV,k)
• Integrity
• 32-bit integrity check vector (CRC)
• Authentication
• Open System (!)
• Shared Key (40-bit challenge/response)

7
Secure? Not quite

• k is 40 (recently, 104 bits), infrequently
  changed
• IV can be seen by everyone
• IV space is small (24 bits)
• C1 P1 XOR RC4(IV, k)
• C2 P2 XOR RC4(IV, k)
• C1 XOR C2 P1 XOR P2.
• IV changed on per-packet basis.
• IV collision 24-bit IV, exhausted in a few hours.

8
IEEE 802.1x

• Provides an architecture for authenticity methods
• Simplicity
• Simple transport for EAP messages
• Runs over all 802 LANs
• Inherits EAP (Extensible Authentication Protocol)
  architecture
• Provides port-based network access control
• Network port An association between a Station
  and an AP
• Provides dynamic key management

9
802.1x Set Up
10
IEEE 802.1x Check List

• Improvement over WEP
• Authentication
• Dynamic key management
• MAC access control
• 802.1x issue
• No encryption specification, vendors may keep WEP

11
Known Design Flaw- MITM Attack

• An attacker acts as an AP to supplicant and as
  client to the AP (authenticator)
• Reason lack of mutual authentication
• One way authentication of the supplicant to AP
• An attacker can get all network traffic from
  supplicant to pass through it

12
Other Known Design Flaws

• Session Hijacking
• Lack of clear communication between RSN and
  802.1x state machines and message authentication
• Denial of Service
• 802.1x enables per-user session keys, but no
  keyed message integrity check in 802.11

13
Solutions

• Per-packet authentication
• Authentication and integrity of EAP messages
• Peer-to-peer authentication
• Symmetric authentication
• Scalable authentication
• Adopt strong encryption algorithms
• Luckily, 802.11i modified 802.1x

14
IEEE 802.11i

• 802.11i proposed architecture
• 802.1x
• Robust authentication
• Key distribution
• TKIP (upgrade path)
• Fixes WEP issues
• Backward compatible
• CCMP (Mandatory)
• Advanced Encryption Standard (AES)
• Privacy, integrity

15
802.11i Data Transfer Requirements

• Never send or receive unprotected data
• Message origin authenticity-prevent forgeries
• Sequence packets-detect replays
• Protect source and destination addresses
• Use one strong cryptographic primitive for both
  confidentiality and integrity

16
More 802.11i Features

• Pre-authentication and roaming
• PEAP and legacy authentication support
• Pre-shared key without authentication
• Ad hoc networks
• Home networks
• Password-to-Key mapping
• Home networks
• Random number generation
• High quality pseudo-random number generator is
  required of cryptographic applications

17
IEEE 802.11i Checklist

• New 802.11i data protocols provide
  confidentiality, data origin authenticity, replay
  protection
• Fresh key is generated on every session
• Key management delivers keys used as
  authorization tokens, proving channel access in
  authorized
• Architecture ties keys to authentication

18
Is 802.11i Our Final Solution?

• Time will prove it !!

19
Conclusions

• No solution/protocol is completely secure, at
  least not for long
• Hacking techniques improved, standards have to
  keep pace, and evolve continuously
• Lessons from previous standards
• Wired solutions implemented in a wireless
  environment
• Partial solution cannot work

20
Recommendations

• Use of strong cryptographic primitives
• Tradeoff between speed and security
• Hardware support for encryption
• Dynamic key management
• Mutual authentication
• Complexity vs. manageability

21
Q A