440 likes | 805 Vues
Introduction to Wireless Security Lecture 10. Outline. The importance of Wireless communications Wireless networks and security risks Why is it so hard to secure wireless communications? Wireless communications and network security issues WEP WAP Bluetooth (reading)
E N D
Outline • The importance of Wireless communications • Wireless networks and security risks • Why is it so hard to secure wireless communications? • Wireless communications and network security issues • WEP • WAP • Bluetooth (reading) • WWAN and security (reading) • Principles for securing a wireless network • What need to be done to secure a wireless network? Information and Nework Security
References • http://www.practicallynetworked.com/tools/wireless_articles_security.htm • http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf • http://www.drizzle.com/~aboba/IEEE/ • http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/ • http://www.cis.ohio-state.edu/~jain/refs/wir_refs.htm Information and Nework Security
Importance of wireless communications Growing of Wireless Devices • Huge growth of wireless communication devices, wireless laptops, PDA, handheld PC, Mobile phone, etc. Pictures borrowed from other authors Information and Nework Security
Wireless Networks and Mobile Commerce services • Entertainment • Music • Games • Graphics • Video • etc • Communication • e-mail • Chatrooms • Video-conferencing • etc Wireless services m-commerce • Information • News • City guides • Directory services • Maps • Traffic & weather • Corporate information • etc • Transactions • Banking • Broking • Shopping • Auctions • Betting • Booking & reservations • etc Information and Nework Security
Wireless Communication Usage • Internet revolution has lead to the emergence of e-commerce market • Around 105 million Yahoo! subscribers in 2001 • Expansion of Wireless devices has lead to the explosive growth of mobile communications • More than 200 million wireless subscribers in 2001 • Around 1 billion by 2004 (estimated) • Wireless & Internet convergence has lead to the explosion of the Mobile Commerce market • Very High number in the future! Information and Nework Security
Wireless connectionsEnd-to-End Simple Wireless LAN WNIC WNIC Information and Nework Security
Simple Wireless LAN (e.g) Access Point users Information and Nework Security
WLAN Protocol Setup LAN Access Point Shared Key Mobile Station Mobile Station Mobile Station Information and Nework Security
Internet A Possible Wireless Network (e.g) e-businesses Internet users Information and Nework Security
Example of a WLANs • Try to find out if there is a WLAN on Caulfield campus • Try to find out who else has a WLAN in Melbourne (in the city area) • Check other university campuses, hotels with conference rooms, libraries, etc. Information and Nework Security
Wireless Computing and Security • Wireless computing offers many benefits: • Portability • Flexibility • Increased productivity • Lower cost installations • Wireless computing provides new working environments and imposes new security issues. • Protecting the networks against attacks, ensuring secure data transmission, detecting and tracking down any penetration to a wireless network are difficult. Information and Nework Security
Wireless Communications and Risks • Risks • Wireless technology has not advanced fast enough to allow better security mechanisms to be implemented. • Currently wireless traffic is not secure • E.g: sensitive data may be transmitted over unsecured connections • Credit Card numbers • Corporate email • Usernames/passwords • Expert hackers can access wireless networks easier than wired ones • Security holes in wireless systems can be quickly found with the ideas and tools that have been used with wired networks Information and Nework Security
Wireless Network Security Issues • Wireless devices are “radios” and have limitations in capacity • Wireless communication medium is the airwave and openly exposed to intruders • A wireless port of a wireless Local Area Network (WLAN) is logically equivalent to an Ethernet port without any protection • Possible loss of confidentiality and integrity and the thread of denial of service Information and Nework Security
Wireless LAN Security Issues (e.g) • Cracking the encryption key • Reading and decrypting wireless LAN packets are not as hard as in the case of wired networks due to the key generation problems • Unauthorised accessing • An unregistered user can easily access to a wireless LAN resource if an Access Point is not correctly configured. • The user can also access to the main wired network via the wireless LAN • Authorised users abusing the systems, eg: • Unauthorised sniffing of other traffic by users • Eavesdropping on other users traffic • Setting up phantom Access Points to gather data from genuine users • Setting up an unknown wireless LAN inside a corporation => making wired network more vulnerable Information and Nework Security
Wireless LAN Security - Background • Most Wireless Network Interface Card (WNIC) and Access Point (AP) are used for WLAN • Each WNIC or AP must be manually configured with some shared key • The sending and receiving stations/AP share a secret key • A sending station encrypts each frame before transmission • Receiving station decrypts the frame Information and Nework Security
Wireless LAN Security - 802.x,802.11b (commercial name as WiFi),etc. • The 802.x • Family of standards set forth by IEEE to define the specifications for wireless LANs: • Wireless Medium Access Control (WMAC): • regulate access to the medium • Use 48 bits as Ethernet addresses on wired LANs • Physical Layer Specifications • Spectrum, distance, bit rate, etc Information and Nework Security
IEEE 802.X standards Borrowed from RFC Information and Nework Security
Security problems with WLANs • Easy access: signals fly into the air • Rouge Access Point • Set up by experts or normal users • Unauthorised access to services • Majority of access points are put in services with minimum modifications to their default configuration • Denial of services • Attackers can inject traffic into a wireless network without being attached to an AP; A ping flood can be launched from a wired network to overwhelm the limited-capacity wireless devices • WMAC spoofing and session hijacking • Attackers can observe MAC addresses of stations and adopt those addresses for malicious transmissions • Traffic analysis and eavesdropping • Frame headers can be transmitted in the clear form and are visible to anybody with a wireless network analyser • Chain attacks to wired networks via a wireless one Information and Nework Security
Wireless LAN Security - WEP • Wired Equivalent Privacy (WEP) • Designed by the IEEE aimed to prevent eavesdroppers and unauthorised connections to a wireless network • WEP tries to achieve similar security as a wired LAN • Confidentiality: protect the contents of wireless trafic • Access Control: prevent an adversary from using your wireless network • Data Integrity: prevent the modification of data in transit Information and Nework Security
RC4(iv,k) Security with WEP ciphertex ciphertex • iv – the initialization vector, a random sequence of bits • k – the secret key • RC4 – a stream cipher, believed to be secure • Takes in an initialization vector and key; produces a key stream Information and Nework Security
Security with WEP • A secret key (k) shared between the communicating parties is distributed and each packet is encrypted with shared secret key + initialization vector (IV) [24 bits] The sender: • Computes a checksum c(M) • Picks an IV v, and generate a keystream RC4(v,k) • XORs <M,c(M)> with the keystream to get the ciphertext • Transmits v and the ciphertext over the radio link Upon receipt, the receiver: • Uses the transmitted v and the shared k to generate the keystream RC4(v,k) • XORs the ciphertext with RC4(v,k) to get <M',c'> • Checks to see if c' = c(M') • If it is, accepts M' as the message transmitted Information and Nework Security
WEP and Security Issues • The keystream for WEP is RC4(v,k), which depends only on v and k. k is a fixed shared secret, that is rarely changed • In many setups, many users share the same k • So the keystream depends only on v • If two packets ever get transmitted with the same value of v, you reuse the keystream, which is vulnerable • Since v gets transmitted in the clear form for each packet, an attacker can easily tell when a value of v is reused • How many possible values of v are there? v only occupies 24 bits of the header, so at most there are 2^24 • After 2^24 packets, there will be a repeat one! Information and Nework Security
Wireless LAN Security with WEP • Since IV is relatively short & shared keys that remain static, eventually WEP may use the same IV for different data packets for a large busy network in a short period of time • If you can collect enough packets based on the same IV, you can work out the secret key • 802.11 with WEP does not provide any functions that support the exchange of keys among stations => system administrators or users generally use the same keys for a long time Information and Nework Security
WEP and its Vulnerabilities • WLAN tools that recover encryption keys • Exploits weakness in Key Scheduling Algorithm of RC4 • Requires 5-10 million encrypted packets • Once enough packets have been gathered, can guess the encryption key in under a second • For more information: • http://airsnort.sourceforge.net/ • http://wepcrack.sourceforge.net/ Information and Nework Security
Wireless attacks (e.g) • Session hijacking • Occurs because of race conditions in 802.x and 802.x state machines • A hacker waits for successful authentication • Then, breaks the user’s connection and impersonates her • The hacker can exploit the user’s session until timeout • Man-in-the-Middle • Since 802.x uses only one-way authentication a hacker can act as an AP to users • APs are trusted entities => bad design=> security problems for WLANs Information and Nework Security
WEP and Security Concerns • 802.x with WEP is not enough • Should put more things together for security • Need another encryption protocol provide better security • Problems • Need hardware acceleration • Optimize for speed and efficiency • Tradeoff in security scheme Information and Nework Security
Wireless LAN Security – Enhanced WEP • Digital Certificates can be used for distributing keys dynamically to WLAN • Solves key re-use problem • Enhance authentication between clients and APs via an authentication server • Increase key length and change keys after a certain number of frames Information and Nework Security
Internet Wireless Application Protocol (WAP) • WAP tries to provides • Authentication • Confidentiality • Integrity • WAP security gateway • Server product dedicated to providing WTLS sessions • Works with today’s WAP phones HTTP/SSL WTP/WTLS Web Server WAP Gateway users Information and Nework Security
Wireless Application Protocol (WAP) • Designed to provide Internet connections for wireless users, particularly mobile phone users • Employs WML, WTLS • Uses WAP Identity Module to provide resistance to device-tampering Information and Nework Security
Wireless Application Protocol (WAP) • A WAP-enable mobile phone can execute an application that requests a URL or runs a script on a standard web server • The agent on the phone sends an URL requests to a WAP gateway in the form specified by WTP (wireless Transaction Protocol) • WAP gateway translates the request into HTTP request (if the transmission is sent using WTLS, the gateway also translates the data into HTTPS) • The gateway forwards (or encrypts then forwards) the (HTTP/HTTPS) request to the web server • Web server processes the request and returns the results to the gateway (using HTTP/SSL) • The gateway receives the results and does necessary translations (if it is not done by a WAP server) and decryptions • The gateway then sends the results to the phone Information and Nework Security
WAP Security • The security of WAP systems is left to architects and developers • WTLS does not provide end-to-end security • WAP has common limitations as other wireless technologies such as size, space, and speed. • WAP gateways are trusted to encrypt and decrypt data • WML and WML script are limited subsets of languages with known security control Information and Nework Security
How about Using PKI to Enhance Security of Wireless Environments? Public Key Infrastructure can be used to enhance wireless security e-businesses users Borrowed from Paul Ho Information and Nework Security
Problems with Using PKI to Enhance Security of Wireless Environments. • Wireless devices may not have sufficient power capacity to use PKI for security • Applications may require fast processing • Security protocols can employ private key distribution to resolve the low-computational power problem Information and Nework Security
Secure a Wireless Network Maintain a secure wireless network requires significant effort and resources and we need to: • Develop an organisational security policy that addresses the use of all handheld devices • Ensure users on the network are fully trained in computer security awareness and the risks associated with handheld devices • Conduct ongoing, random security audits to monitor and track mobile devices • Ensure external boundary protection is in place around the perimeter of the building or buildings of the organisation • Deploy physical access controls to the building and other secure areas (e.g., photo ID, card badge readers, etc) Information and Nework Security
Secure a Wireless Network • Label all handheld devices with the owner and organization's information • Ensure that users know where to report a lost or stolen device • Ensure that devices are stored securely when left unattended • Make sure that add-on modules are adequately protected when not in use • Enable a “power-on” password for each handheld device • Ensure proper password management (aging, complexity criteria, etc.) for all handheld devices Information and Nework Security
Secure a Wireless Network • Synchronise devices with its corresponding PC regularly • Delete sensitive data from the handheld device and archive it on the PC when no longer needed on the handheld • Turn off Infrared ports during periods of inactivity • Install antivirus software on all handheld devices • Install personal firewall software on all handheld devices • Ensure that PDAs are provided with secure authorization software/firmware • Make sure that a user can be securely authenticated when operating locally and remotely • Use enterprise security applications to manage handheld device security • Ensure security assessment tools are used on handheld devices Information and Nework Security
Key Security Requirements To be able to deal with wireless security problems, there are needs for: • Security from a wireless station or AP to • A wireless network • A wired network • Internet • From one wireless network to another • A global standards-based open architecture for all mobile devices is critical • Device and bandwidth independence regulations need to be enforced Information and Nework Security