1 / 46

Wireless Security

Wireless Security. Outlines. 802.11 Basics Security in 802.11 WEP summary WEP Insecurity. Wireless Networking. ALOHAnet 1999: IEEE 802.11a (54 Mbps) 1999: IEEE 802.11b (11 Mbps) 2003: IEEE 802.11g (54 Mbps) 2009: IEEE 802.11n (150 Mbps). IEEE 802.11 Wireless LAN. 802.11b

cespinoza
Télécharger la présentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security

  2. Outlines • 802.11 Basics • Security in 802.11 • WEP summary • WEP Insecurity

  3. Wireless Networking • ALOHAnet • 1999: IEEE 802.11a (54 Mbps) • 1999: IEEE 802.11b (11 Mbps) • 2003: IEEE 802.11g (54 Mbps) • 2009: IEEE 802.11n (150 Mbps)

  4. IEEE 802.11 Wireless LAN • 802.11b • 2.4-2.485 GHz unlicensed radio spectrum • up to 11 Mbps • direct sequence spread spectrum (DSSS) in physical layer: all hosts use same chipping code • 802.11a • 5-6 GHz range • up to 54 Mbps • Physical layer: orthogonal frequency division multiplexing (OFDM) • 802.11g • 2.4-2.485 GHz range • up to 54 Mbps • OFDM • All use CSMA/CA for multiple access • All have base-station and ad-hoc versions • All allow for reducing bit rate for longer range

  5. Infrastructure Mode • Wireless host communicates with a base station • base station = access point (AP) • Basic Service Set (BSS) (a.k.a. “cell”) contains: • wireless hosts • access point (AP): base station • BSS’s combined to form distribution system (DS)

  6. Ad Hoc Mode • No AP (i.e., base station) • wireless hosts communicate with each other • to get packet from wireless host A to B may need to route through wireless hosts • Applications: • “Laptop” meeting in conference room • Vehicle Network • Interconnection of “personal” devices • Battlefield

  7. Channels, beacon frames & association • 802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies; 3 non-overlapping • AP admin chooses frequency for AP • interference possible: channel can be same as that chosen by neighboring AP! • AP regularly sends beacon frame • Includes SSID, beacon interval (often 0.1 sec) • host: must associate with an AP • scans channels, listening for beacon frames • selects AP to associate with; initiates association protocol • may perform authentication • After association, host will typically run DHCP to get IP address in AP’s subnet

  8. 6 4 2 2 6 6 6 2 0 - 2312 frame control duration address 1 address 2 address 3 address 4 payload CRC seq control 802.11 frame: addressing Address 4: used only in ad hoc mode Address 1: MAC address of wireless host or AP to receive this frame Address 3: MAC address of router interface to which AP is attached Address 2: MAC address of wireless host or AP transmitting this frame

  9. router AP Internet H1 MAC addr R1 MAC addr source address dest. address 802.3frame H1 MAC addr AP MAC addr R1 MAC addr address 3 address 2 address 1 802.11 frame 802.11 frame: addressing H1 R1

  10. router AP Internet R1 MAC addr H1 MAC addr source address dest. address 802.3frame AP MAC addr H1 MAC addr R1 MAC addr address 3 address 2 address 1 802.11 frame 802.11 frame: addressing H1 R1

  11. frame: 6 4 2 2 6 6 6 2 0 - 2312 frame control duration address 1 address 2 address 3 address 4 payload CRC seq control 2 2 4 1 1 1 1 1 1 1 1 Protocol version Type Subtype To AP From AP More frag Retry Power mgt More data WEP Rsvd frame control field expanded: • Type/subtype distinguishes beacon, association, ACK, RTS, CTS, etc frames. • To/From AP defines meaning of address fields • 802.11 allows for fragmentation at the link layer • 802.11 allows stations to enter sleep mode • Seq number identifies retransmitted frames (eg, when ACK lost) • WEP = 1 if encryption is used 802.11 frame (more)

  12. 802.11 Built in Security • Service Set Identifier (SSID) • Differentiates one access point from another • SSID is cast in ‘beacon frames’ every few seconds. • Beacon frames are in plain text! • Encryption

  13. Outlines • 802.11 Basics • Security in 802.11 • WEP summary • WEP Insecurity

  14. The needforencryption • Why do we need the encryption? • Wi-Fi networks use radio transmissions • prone to eavesdropping • Mechanism to prevent outsiders from • accessing network data & traffic • using network resources

  15. Associating with the AP • Access points have two ways of initiating communication with a client • Shared Key or Open System authentication • Open System: need to supply the correct SSID • Allow anyone to start a conversation with the AP • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

  16. How Shared Key Auth. works • Client begins by sending an association request to the AP • AP responds with a challenge text (unencrypted) • Client, using the proper key, encrypts text and sends it back to the AP • If properly encrypted, AP allows communication with the client

  17. Evolution of Wireless Security • 1997: Original 802.11 standardonlyoffers • SSID • MAC Filtering • 1999: Introduceof Wired Equivalent Privacy (WEP) • Severalindustryplayersformes WECA (Wireless Ethernet Compatibility Alliance) for rapid adaptionof 802.11 networkproducts • 2001:Discoverweaknesses in WEP • IEEE started Task Group i • 2002: WECA was renamed in WI-FI • 2003:WiFiProtected Access (WPA) • Interim Solution fortheweaknessof WEP • 2004: WPA2 (IEEE-802.11i-2004)

  18. Wired Equivalent Protocol (WEP) • Primary built security for 802.11 protocol • RC4 encryption • 64-bits RC4 keys • Non-standard extension uses 128-bit keys • Many flaws in implementation

  19. Wi-Fi Protected Access (WPA) • Interim solution for replacement of WEP • Goals: • improved encryption • user authentication • Two Modes • WPA Personal : TKIP/MIC ; PSK • WPA Enterprise : TKIP/MIC ; 802.1X/EAP

  20. WPA Key Distribution • WPA-Personal • Also refer to WPA-PSK (WPA Pre-shared Key) • Designed for home and small office networks and doesn't require an authentication server. • WPA-Enterprise • Known as WPA-802.1X • Designed for enterprise networks and requires an authentication server • An Extensible Authentication Protocol (EAP) is used for authentication • Supports multiple authentication method based on: • passwords (Sample: PEAP) • digital certificates (Sample: TLS, TTLS)

  21. WPA Encryption Protocol • TKIP (Temporal Key Integrity Protocol)  • The 128 bit RC4 stream cipher used in WPA • CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) • An AES-based encryption mechanism used in WPA2

  22. WPA2 • Approved in July 2004 • AES is used for encryption • Two mode like WPA: • Enterprise Mode: • authentication: 802.1X/EAP • encryption: AES-CCMP • Personal Mode: • authentication: PSK • encryption: AES-CCMP

  23. Comparion

  24. Wrap-Up • WEP is no longer a secure wireless method • WPA2 with AES encryption is currently the best encryption scheme • If on an unsecured network, use SSH or VPN tunneling to secure your data

  25. Outlines • 802.11 Basics • Security in 802.11 • WEP summary • WEP Insecurity

  26. WEP Theory of Operation • A block of plaintext is bitwise XORed with a pseudorandom key sequence of equal length • RC4 PRNG

  27. WEP Encryption CRC • ICV computed – 32-bit CRC of payload 802.11 Frame Header Payload Payload ICV 32

  28. WEP Encryption 4 x 40 Key 1 • ICV computed – 32-bit CRC of payload • One of four keys selected – 40-bits Key 2 Keynumber Key Key 3 40 Key 4

  29. WEP Encryption • ICV computed – 32-bit CRC of payload • One of four keys selected – 40-bits • IV selected – 24-bits, prepended to keynumber IV keynumber 8 24

  30. WEP Encryption 64 IV Key • ICV computed – 32-bit CRC of payload • One of four keys selected – 40-bits • IV selected – 24-bits, prepended to keynumber • IV+key used to encrypt payload+ICV RC4 Payload ICV Payload ICV

  31. WEP Encryption WEP Frame • ICV computed – 32-bit CRC of payload • One of four keys selected – 40-bits • IV selected – 24-bits, prepended to keynumber • IV+key used to encrypt payload+ICV • IV+keynumber prepended to encrypted payload+ICV Header IV keynumber Payload ICV

  32. WEP Decryption 4 x 40 Key 1 • Keynumber is used to select key Key 2 Keynumber Key Key 3 40 Key 4

  33. WEP Decryption 64 IV Key RC4 Payload ICV Payload ICV • Keynumber is used to select key • ICV+key used to decrypt payload+ICV

  34. WEP Decryption Payload ICV CRC ICV’ 32 Header Payload • Keynumber is used to select key • ICV+key used to decrypt payload+ICV • ICV recomputed and compared against original

  35. 128-bit Variant 24 104 128-bits IV Key • Purpose – increase the encryption key size • Non-standard, but in wide use • IV and ICV set as before • 104-bit key selected • IV+key concatenated to form 128-bit RC4 key RC4 Payload ICV Payload ICV

  36. WEP Keying • Keys are manually distributed • Keys are statically configured • often infrequently changed and easy to remember! • Key values can be directly set as hex data • Key generators provided for convenience • ASCII string is converted into keying material • Non-standard but in wide use • Different key generators for 64- and 128-bit

  37. Key Entry Example

  38. Try the generator • http://www.wepkey.com/

  39. Outlines • 802.11 Basics • Security in 802.11 • WEP summary • WEP Insecurity

  40. WEP Vulnerability • Problem: Keystream Reuse • WEP’ s Solution: Per Packet Ivs • But… XOR cancels keystream so knowing one plaintext will get you the other

  41. IV is REUSED! • IV only 24-bits in WEP, • It must repeat after 2^24 or ~ 16.7M packets • practical? • How long to exhaust the IV space in busy network? • A busy AP constantly send 1500 bytes packet • Consider Data Rate 11 Mbps • IV exhausts after.. Consequences: • Keystream for corresponding IV is obtained

  42. WEP Attack • 2001: Fluhrer, Mantin, Shamir : Weaknesses in the Key Scheduling Algorithm of RC4. • completely passive attack • Inductive chosen plaintext attack • Takes 5-10M. packets to find secret key • Showed that WEP is near useless

  43. Some Attack Tools • In 2001, airsnort was released but needs millions of packets • ‹In 2004, aircrack and weblap require only hundreds of thousands of packets • http://securityfocus.com/infocus/1814 • ‹http://www.securityfocus.com/infocus/1824

  44. Summary of WEP flaws One common shared key • If any device is stolen or compromised, must change shared key in all devices • No key distribution mechanism • Infeasible for large organization: approach doesn’t scale Crypto is flawed • Early 2001: Integrity and authentication attacks published • August 2001 (weak-key attack): can deduce RC4 key after observing several million packets • AirSnort application allows casual user to decrypt WEP traffic Crypto problems • 24 bit IV to short • Same key for encryption and message integrity • ICV flawed, does not prevent adversarial modification of intercepted packets • Cryptanalytic attack allows eavesdroppers to learn key after observing several millions of packets

  45. 802.11 security summary • SSID and access control lists provide minimal security • no encryption • WEP provides encryption, but is easily broken • Emerging protocol: 802.11i • Back-end authentication server • Public-key cryptography for authentication and master key distribution • TKIP: Strong symmetric crypto techniques

  46. Resources • Fluhrer, Mantin, Shamir - Weakness in the Key Scheduling Algorithm of RC4.http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf • Stubblefield, Loannidis, Rubin – Using the Fluhrer, Mantin, and Shamir Attack to Break WEP.http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf • Rivest – RSA Security Response to Weakness in the Key Scheduling Algorithm of RC4.http://www.rsasecurity.com/rsalabs/technotes/wep.html • RC4 Encryption Algorithm.http://www.ncat.edu/~grogans/algorithm_breakdown.htm

More Related