1 / 30

Lecture 4

Lecture 4. Objectives . IEEE 802.11i IEE 802.1x WPA WPA 2. IEEE 802.11i. Provides solid wireless security model Robust security network (RSN) Addresses both encryption and authentication Encryption accomplished by replacing RC4 (stream cipher) with a block cipher

eyal
Télécharger la présentation

Lecture 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 4

  2. Objectives • IEEE 802.11i • IEE 802.1x • WPA • WPA 2

  3. IEEE 802.11i • Provides solid wireless security model • Robust security network (RSN) • Addresses both encryption and authentication • Encryption accomplished by replacing RC4 (stream cipher) with a block cipher • Manipulates entire block of plaintext at one time • Block cipher used is Advanced Encryption Standard (AES)

  4. IEEE 802.11i (continued) Table 9-1: Time needed to break AES

  5. IEEE 802.11i (continued) • IEEE 802.11i authentication and key management is accomplished by IEEE 802.1x standard • Implements port security • Blocks all traffic on port-by-port basis until client authenticated using credentials stored on authentication server • Key-caching: Stores information from a device on the network, for faster re-authentication • Pre-authentication: Allows a device to become authenticated to an AP before moving to it

  6. IEEE 802.11i (continued) Figure 9-2: IEEE 802.1x

  7. WEP Insecurities -- Checksum (ICV) • CRC-32 is NOT a hash function! • Still can be malicious Linear Properties: CRC-32(P  C) = CRC-32(P)  CRC-32(C) - Bit flipping

  8. Wi-Fi Protected Access (continued) Figure 9-3: Message Integrity Check (MIC)

  9. Wi-Fi Protected Access (WPA) • Subset of 802.11i that addresses encryption and authentication • Temporal Key Integrity Protocol (TKIP): Replaces WEP’s encryption key with 128-bit per-packet key • Dynamically generates new key for each packet • Prevents collisions • Authentication server can use 802.1x to produce unique master key for user sessions

  10. TKIP • Temporal Key Integrity Protocol • Cryptographic message integrity code (MIC) forgery • New IV sequencing (TSC) replay • Per-Packet mixing function weak IV • Re-keying key reuse

  11. WPA Personal Security: TKIP Encryption (continued) Figure 9-7: TKIP/MIC process

  12. Wi-Fi Protected Access (continued) • Message Integrity Check (MIC): Designed to prevent attackers from capturing, altering, and resending data packets • Replaces CRC from WEP • CRC does not adequately protect data integrity • Authentication accomplished via IEEE 802.1x or pre-shared key (PSK) technology • PSK passphase serves as seed for generating keys

  13. WPA Personal Security: TKIP Encryption • TKIP is a substitute for WEP encryption • Fits into WEP procedure with minimal change • Device starts with two keys: • 128-bit temporal key • 64-bit MIC • TKIP required in WPA

  14. Wi-Fi Protected Access 2 (WPA2) • Second generation of WPA security • Based on final IEEE 802.11i standard • Uses AES for data encryption • Supports IEEE 802.1x authentication or PSK technology • Allows both AES and TKIP clients to operate in same WLAN

  15. WPA • 2 modes: WPA-Personal, WPA-Enterprise • PSK • pass phrase 802.1x Authentication

  16. Summary of Wireless Security Solutions (continued) Table 9-2: Wi-Fi modes Table 9-3: Wireless security solutions

  17. Transitional Security Model • Transitional wireless implementation • Should be temporary • Until migration to stronger wireless security possible • Should implement basic level of security for a WLAN • Including authentication and encryption

  18. Authentication: Shared Key Authentication • First and perhaps most important step • Uses WEP keys • Networks that support multiple devices should use all four keys • Same key should not be designated as default on each device

  19. Authentication: SSID Beaconing • Turn off SSID beaconing by configuring APs to not include it • Beaconing the SSID is default mode for all APs • Good practice to use cryptic SSID • Should not provide any information to attackers

  20. Authentication: MAC Address Filtering Figure 9-6: MAC address filter

  21. WEP Encryption • Although vulnerabilities exist, should be turned on if no other options for encryption are available • Use longest WEP key available • May prevent script kiddies or “casual” eavesdroppers from attacking Table 9-4: Transitional security model

  22. Personal Security Model • Designed for single users or small office home office (SOHO) settings • Generally 10 or fewer wireless devices

  23. WPA Personal Security: PSK Authentication • Uses passphrase (PSK) that is manually entered to generate the encryption key • PSK used a seed for creating encryption keys • Key must be created and entered in AP and also on any wireless device (“shared”) prior to (“pre”) the devices communicating with AP

  24. WPA2 Personal Security: PSK Authentication • PSK intended for personal and Small Office and Home Office users without enterprise authentication server • Provides strong degree of authentication protection • PSK keys automatically changed (rekeyed) and authenticated between devices after specified period of time or after set number of packets transmitted (rekey interval) • Employs consistent method for creating keys • Uses shared secret entered at AP and devices

  25. WPA2 Personal Security: AES-CCMP Encryption • WPA2 personal security model encryption accomplished via AES • AES-CCMP: Encryption protocol in 802.11i • CCMP based on Counter Mode with Cipher Block Chaining Message Authentication Code (CBC-MAC) (CCM) of AES encryption algorithm • CCM provides data privacy • CBC-MAC provides data integrity and authentication • AES processes blocks of 128 bits • Cipher key length can be 128, 192 and 256 bits • Number of rounds can be 10, 12, and 14

  26. WPA2 Personal Security: AES-CCMP Encryption (continued) • AES encryption/decryption computationally intensive • Better to perform in hardware Table 9-5: Personal security model

  27. 802.11i Parts Robust Secure Network (RSN) 802.1x / EAPoL AESCCMP / TKIP Encryption / Integrity EAP RADIUS EAP-TLS Outside of 802.11i, but de facto standard Authentication / Key Dist.

  28. 802.11i - Auth. Goals 1. Mutual authentication 2. Identity privacy 3. Dictionary attack resistance 4. Replay attack resistance 5. Derivation of strong session keys 6. Tested implementation 7. Fast reconnect: Mobile IP, different auth. procedure, see 802.11r, modified handshaking

  29. 802.1x • - Link Security • Can only communicate with AS, e.g. RADIUS, until “EAP-Success” message received • DHCP Blocked

  30. LAB WEP Crack II • For this lab you will require two computers and one AP (Cisco or Linksys) • Set up a linksys or CISCO wireless router with a WEP key (use the smallest key size available in the router so you can crack it fast (64 bit)). Use your phone number for a ley • Refer to LAB B, conduct a DSS attack as indicated in LAB B in one of the computers • In the second computer, Launch Commview • Set up the location of the log file as indicated by your instructor • Connect to the AP you want to attack by using Commview and collect at least 300,000 packets • Once you reach at least 300,000 packets, stop collecting data. • Launch log viewer and open the latest log file (tagged by date) • Export the log file as a tcmpdump format • Run aircrack-ng GUI and chose the file that you exported as tcmp dump • Lauch the attack by clicking in the launch tool

More Related