Wireless LAN Security

1
Wireless LAN Security
2
Security Basics

• Three basic tools
• Hash function. SHA-1, SHA-2, MD5
• Block Cipher. AES, RC4,
• Public key / Private key. RSA.

3
Cryptographic hash functions

• One-way given x, very difficult to find a such
  that H(a) x.
• Collision resistance very difficult to find two
  strings x1 and x2 such that H(x1) H(x2).
• Here, difficult means that computational
  infeasible.

4
Block Cipher

• Very widely used.
• The sender is sending information to the receiver
  via an insecure channel, but wishes no one can
  know the information.
• The sender and the receiver share a secret key.
• The information is encrypted according to the
  secret key, and if other people does not have the
  key, they cannot decrypt the information.
• CEkey (P), PDkey(C).
• Typically, C and P are of the same size. In AES,
  128 bits.
• Cannot means computational infeasible.

5
Cipher Modes ECB

• ECB Electronic Code Book Mode. Break the entire
  file into blocks, and encode every block
  individually.
• Problems. You can replace a block if it is good
  for you.

6
CBC Cipher block chaining

• Encryption
• C0 E(P0 xor IV).
• C1 E(P1 xor C0), and so on.
• IV is transmitted in plain text.
• Decryption
• P0 IV xor D(C0)
• P1 C0 xor D(C1), and so on.
• So, same message wont result in the same code.

7
Stream Cipher Mode

• T0 E(IV).
• T1 E(T0), and so on.
• C P xor T.
• Dont use the same stream twice.

8
Counter mode

• Ti E(IVi).
• Ci Pi xor Ti.
• The advantage is that you can randomly access any
  block.
• Used by Skype. Often called ICM (Integer counter
  mode).
• ECB also supports random access. Does it have the
  same problem as ECB? No, because the Ivs are
  different.

9
Public key / Private Key

• If A and B wants to use a block cipher, they must
  share the same secret key.
• How can the key be established?

10
Public Key / Private Key

• Everyone has a public key and private key.
• With Bs public key (pkB) A can encode data that
  only B can decode with his private key (skB)
  because other people does not have Bs private
  key.
• D_skBE_pkB(W) W
• E_pkBD_skB(W) W

11
Public Key /Private key

• So, A can choose a string W as the session key
  and send E_pkB(W) to B. B runs the decryption
  algorithm to get D_skBE_pkB(W) W.

12
The RSA algorithm

• Most common, the RSA algorithm is used to get the
  public key/private key.
• Choose two large primes, p and q.
• Compute npq and z(p-1)(q-1).
• Choose a large number relatively prime to z and
  call it d.
• Find e such that ed 1 mod z. (such e must
  exist)
• (e,n) is the public key for encoding and (d,n) is
  the private key for decoding.

13
The RSA algorithm

• To encrypt a message M, CMe mod n.
• To decrypt from C, M Cd mod n.
• D_skBE_pkB(M) M
• E_pkBD_skB(M) M.

14
Why is RSA secure?

• The problem is, given (d,n), can you figure out
  e?
• It is difficult.
• You can try to find p and q given n. If you
  indeed can, then you get z. Given z and d, you
  get e.
• But it is difficult to factor large numbers.

15
Wireless LAN Security

• Compared to wired LAN, wireless LAN are more
  vulnerable because the frames are broadcast in
  the air, everyone can sniff it if they like,
  while wired LANs typically has a pretty good
  physical security.

16
802.11 Security

• A node needs to associate with the AP.
• The AP broadcast the beacon signal periodically,
  which contains the SSID (Service Set ID).
• The node selects an AP, send a request (probe
  request management frame) to join.
• The AP either just lets the node in without any
  authentication, or authenticate the node with
  some mechanisms.
• Then the client is associated with the AP. Can
  start to send or receive data.

17
802.11 Security WEP Overview

• WEP Wired Equivalent Privacy
• Has flaws, but people still use it.
• Provides some level of security, better than
  nothing.
• Used to
• Protect from eavesdropping
• Prevent from unauthorized access
• Prevent from tampering with transmitted message
• Uses static 40 or 104 bit key for authentication
  and encryption.
• Uses RC4 stream cipher.
• Only exists between wireless stations

18
WEP continued

• The stations share a secret key.
• Before the data transmission, a 24-bit random
  Initialization Vector (IV) is generated by the
  sender.
• The IV and the secret key are combined to make
  the session key. So the session key is 64 or 128
  bits.
• The data is encrypted with the session key by the
  RC4 stream cipher. Then the encrypted data is
  sent to the receiver along with the plaintext IV.
• The receiver can decrypt the data with the IV and
  the shared key.
• Different IV are used for each transmission.

19
WEP Vulnerabilities

• WEP is vulnerable because the keys are static and
  the IVs are short.
• With 24 bits, eventually, packets will share the
  same IV. 24 bits is about 16M. Remember that the
  IVs are sent in plaintext. With enough data
  packets encrypted by the same IV, the hackers can
  then recover the key stream, and maybe the secret
  key.
• Does not specify how to establish the secret
  keys. So the same key exists for a long time.
• Does not prevent replay attack.

20
WEP vulnerabilities

• WEP authenticates the node, but not the AP.
• So, an attacker can pose as the AP!

21
802.11i

• Goals
• The data should not be decrypted by unauthorized
  means.
• All transmitted packets should be from the
  original sender
• Authentication should be mutual

22
Authentication Enhancements 802.1X

• Port-based authentication mechanism
• Interplay by
• Supplicant
• Authenticator
• Authentication Server (AS)
• "Port-based network access control makes use of
  the physical access characteristics of IEEE 802
  LAN infrastructures in order to provide a means
  of authenticating and authorizing devices
  attached to a LAN port that has point-to-point
  connection characteristics, and of preventing
  access to that port in cases which the
  authentication and authorization fails. A port in
  this context is a single point of attachment to
  the LAN infrastructure."

23
Authentication Enhancements 802.1X

• A wireless node (WN, the supplicant) asks for
  authentication. It needs to prove its
  credentials. The WN sends the request following
  EAPOL protocol. Before authentication, only EAP
  traffic is allowed.
• The Authenticator then forwards the message to
  the Authentication Server using the RADIOUS
  format.
• If the authentication passes, ports can be opened
  for the WN.

http//www.docmirror.net/en/linux/howto/networking
/8021X-HOWTO/intro.html
24
Better Key Management

• The AS sends the Master Key (MK) in the last
  authentication message if the authentication is
  successful.
• Both the WN and the AS derives a key, called the
  Pairwise Master Key (PMK).
• The PMK is moved from the AS to the Authenticator
  (the AP).
• PMK is used between the WN and the AP to
  derive, bind, and verify the Pairwise
  Transient Key (PTK). The PTK includes
• Key Confirmation Key (KCK), used to prove the
  posession of the PMK and to bind the PMK to the
  AP
• Key Encryption Key (KEK)  used to distributed
  the Group Transient Key (GTK)
• Temporal Key 1 2 (TK1/TK2) used for encryption

25
TKIP
26
CCMP
27
Reading

• http//www.sans.org/reading_room/whitepapers/wirel
  ess/the_evolution_of_wireless_security_in_802_11_n
  etworks_wep_wpa_and_802_11_standards_1109?show110
  9.phpcatwireless
• http//www.larsstrand.org/writings/pres/2005-linpr
  o/Linpro-80211i.pdf
• http//www.aspdac.com/aspdac2008/Archive_Folder/7B
  _Slides/7B-5.pdf
• http//www.seas.gwu.edu/cheng/388/LecNotes/TKIP.p
  df
• http//madwifi-project.org/browser/madwifi/trunk/n
  et80211/ieee80211_crypto_wep.c
• http//madwifi-project.org/browser/madwifi/trunk/n
  et80211/ieee80211_crypto_tkip.c
• http//madwifi-project.org/browser/madwifi/trunk/n
  et80211/ieee80211_crypto_ccmp.c
• http//www.docmirror.net/en/linux/howto/networking
  /8021X-HOWTO/intro.html
• Check http//www.aircrack-ng.org/doku.php for
  attack tools.