1 / 72

Wireless Security

Wireless Security. 802.11 With a focus on Security by Brian Lee Takehiro Takahashi. Survey (1). Do you have wireless networking at home? If yes, I’m assuming that it is encrypted…. What is your security? WEP WPA Mac filtering I consider my home network as local wireless hotspot

medwin
Télécharger la présentation

Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Security 802.11 With a focus on Security by Brian Lee Takehiro Takahashi

  2. Survey (1) • Do you have wireless networking at home? • If yes, I’m assuming that it is encrypted…. • What is your security? • WEP • WPA • Mac filtering • I consider my home network as local wireless hotspot • Do you think your wireless network is secure?

  3. Brief Overview • Case Study • Current Wireless Technology Overview • 802.11 a/b/g • WEP • New Wireless Security Standard • 802.1x • WPA • WPA2 - 802.11i

  4. GOAL • Realize the real problem set and the solution in wireless security.

  5. GOAL • Realize the real problem set and the solution in wireless security. • Exploi… (cough)

  6. So….. Is wireless network secure? • Umm… kind of? • Why is it not secure? • How insecure is it? • Some misunderstanding… • How can we make it secure?

  7. An exercise in wireless insecurity • Tools used: • Laptop w/ 802.11a/b/g card • GPS • Netstumbler • Aircrack (or any WEP cracking tool) • Ethereal • the car of your choice

  8. Step1: Find networks to attack • An attacker would first use Netstumbler to drive around and map out active wireless networks • Using Netstumbler, the attacker locates a strong signal on the target WLAN • Netstumbler not only has the ability to monitor all active networks in the area, but it also integrates with a GPS to map AP’s

  9. WarDriving

  10. Step 2: Choose the network to attack • At this point, the attacker has chosen his target; most likely a business • Netstumbler can tell you whether or not the network is encrypted • Also, start Ethereal to look for additional information. This time……. Your target is GTwireless

  11. Step3: Analyzing the Network • WLAN has no broadcasted SSID • Netstubmler tells me that SSID is GTwireless • Multiple access points • Many active users • Open authentication method • WLAN is encrypted with 40bit WEP • WLAN is not using 802.1X (WEB-auth)

  12. Step4: Cracking the WEP key • Attacker sets NIC drivers to Monitor Mode • Begins capturing packets with Airodump • Airodump quickly lists the available network with SSID and starts capturing packets. • After a few hours of airodump session, launch aircrack to start cracking! • WEP key for GTwireless is revealed!

  13. Step5: Sniffing the network • Once the WEP key is cracked and the NIC is configured appropriately, the attacker is assigned an IP, and can access the WLAN • However, a secure proxy with an SSL enabled web based login prevents access to the rest of network and the Internet • Attacker begins listening to traffic with Ethereal

  14. Step6: Sniffing continued… • Sniffing a WLAN is very fruitful because everyone on the WLAN is a peer, therefore you can sniff every wireless client • Listening to connections with plain text protocols (in this case FTP and Telnet) to servers on the wired LAN yielded 2 usable logins within 1.5hrs

  15. What was accomplished? • Complete access to the WLAN • Complete access to the wired LAN • Complete access to the internet • Access to servers on the wired LAN using the sniffed accounts • Some anonymity. Usage of Netstumbler and other network probing devices can be detected. Skip that step if possible.

  16. Other possibilities • Instead of sniffing a valid login, the attacker could have exploited a known vulnerability in the proxy (provided there is one) • Attacker could have hijacked a valid user’s session using a DOS attack against the user, and then assuming his MAC address and IP • Both ways present a greater risk for being noticed, something an attacker does not want

  17. That’s it…the network is compromised • Most wireless networks remain no more secure than this, many are less secure • Hundreds of business’s, schools, airports, and residences use wireless technology as a major point of access to their networks

  18. Basic 802.11b Overview • 802.11b was IEEE approved in 1999 • Infrastructure Mode or Ad Hoc • Utilizes 2.4GHz band on 15 different channels (only 11 in US) • 11Mbps shared among all users on access point • Cheap!!!

  19. Basic 802.11g Overview • Faster than 802.11b (54Mbps) • Backward compatibility • Same interference problem with 802.11b Future work… • 802.11n • Over 100Mbps actual throughput…?? • Backward compatibility with a/b • Still trying to come up with the first draft…

  20. 802.11 Built in Security Features • Service Set Identifier (SSID) • Differentiates one access point from another • SSID is cast in ‘beacon frames’ every few seconds. • Beacon frames are in plain text! • First layer of security • Stealth Mode – probe request

  21. Do’s and Don'ts for SSID’s • Default SSID’s are well known (Linksys AP’s default to linksys, CISCO defaults to tsunami, etc) so change them immediately. • Do change the settings on your AP so that it does not broadcast the SSID in the beacon frame.

  22. Hiding the SSID • As stated earlier, the SSID is by default broadcast every few seconds. • Turning it off makes it harder to figure out a wireless connection is there • Reading raw packets will reveal the SSID since even when using WEP, the SSID is in plain text • Increases deployment difficulty

  23. MAC address filtering • MAC address filtering works by only allowing specific hardware to connect to the AP • Management on large networks unfeasible • Using a packet sniffer, one can very easily find a valid MAC address and modify their OS to use it, even if the data is encrypted • May be good for small networks • Prevents casual hacking..

  24. Associating with the AP • Access points have two ways of initiating communication with a client • Shared Key or Open Key authentication • Open key allows anyone to start a conversation with the AP • Shared Key is supposed to add an extra layer of security by requiring authentication info as soon as one associates

  25. How Shared Key Auth. works • Client begins by sending an association request to the AP • AP responds with a challenge text (unencrypted) • Client, using the proper WEP key, encrypts text and sends it back to the AP • If properly encrypted, AP allows communication with the client

  26. Is Open or Shared Key more secure? • Ironically enough, Open key is the answer in short • Using passive sniffing, one can gather 2 of the three variables needed in Shared Key authentication: challenge text and the encrypted challenge text

  27. Wired Equivalent Protocol (WEP) • Primary built-in security for 802.11 protocol • Provides “Confidentiality”, and “Integrity”. • “Authentication” ? • Uses 40/104 bits RC4 encryption + CRC • Unfortunately, the usage of RC4 in WEP has been proven insecure

  28. WEP Encryption

  29. 64/40 and 128/104 bits confusion • IV (24bits) • Your WEP key: • 5-ASCII char word = 40bits • 13-ASCII char word = 104bits Security-wise, it’s really 40bits or 104bits

  30. Problems with WEP • 1 static key • No encryption is strong if one key is used forever • Key length is short for default settings(40bits) • Brute forcing is possible • Using CRC32 in ICV • Bit flipping attack: CRC(msg XOR delta) = CRC(M) XOR CRC(delta) • bits cannot be set or cleared, but could be flipped • No specification on key distribution • Lacks scalability • No protection against replay attack • Improper RC4 implementation • Protocol doesn’t actually specify IV’s use • 2 existing attacks

  31. Numerical Limitation Attack • IV’s are only 24bit, and thus there are only 16,777,216 possible IV’s • A busy network will repeat IV’s often

  32. FMS Attack -- weak IV attack -- • Some IV’s do not work well with RC4 • Using a formula, one can take these weak IV and infer parts of the WEP key • 5 % chance of guessing correctly • Once again, passively monitoring the network for a few hours can be enough time to gather enough weak IV’s to figure out the WEP key • 7M~ packets to decrypt 40bit WEP key • The time needed to deploy the attack is linearly proportional to the key length • 104bit key is just as useless as 40bits key

  33. Is RC4 really vulnerable? • There are a few flaws but it is still considered safe. • WEP did not use RC4 properly. • IPSEC • SSL

  34. Another Attack - KoreK • Vendors have implemented a ‘hack’ • Another statistical analysis based attack on WEP key • Extremely fast • Possible with as little as 0.1M IVs… • Traditional method requires more than 4M packets • Accelerate it with packet injection - ARP Fast swapping of WEP key is no longer safe

  35. Conclusion: WEP • Confidentiality • FMS attack • KoreK attack • Integrity • Bit-flipping attack • Authentication • Attacks are passive and difficult to detect NO MORE WEP

  36. WEP…. Wired Equivalent Privacy Well.. More like What on the Earth does it Protect?

  37. Virtual Private Networking (VPN) • Deploying a secure VPN over a wireless network can greatly increase the security of your data • Idea behind this is to treat the wireless network the same as an insecure wired network (the internet).

  38. VPN is really not the greatest option…. • Overhead • Deployment • Performance • susceptible to any attack against the specific VPN Bottom Line: Not practical

  39. Finally…. Some Solutions! 802.1x (Authentication) per-user authentication Key distribution mechanism WPA (Confidentiality, Integrity) Subset of 802.11i 2 forms 802.1x + EAP + TKIP + MIC Pre-shared Key + TKIP + MIC WPA2 – 802.11i WPA2 is the implementation of 802.11i Usage of AES + CCMP

  40. 802.1X • 802.1X is a port-based, layer 2 (MAC address layer) authentication framework on IEEE 802 networks. • Not limited or specific to 802.11 networks • Uses EAP for implementation • 802.1X is not an alternative to WEP, it works along with the 802.11 protocol to manage authentication for WLAN clients

  41. How authentication takes place • A client requests access to the AP • The AP asks for a set of credentials • The client sends the credentials to the AP which forwards them to authenticating server • The exact method for supplying credentials is not defined in 802.1X itself

  42. 802.1x authentication

  43. Extensible Authentication Protocol (EAP) • 802.1X utilizes EAP for it’s authentication framework • flexible: one time passwords, certificates, smartcards, own EAP protocol, etc • zero per packet overhead • cost efficient • 802.1X integrates well with other open standards such as RADIUS • RADIUS is de-facto

  44. more benefits of choosing 802.1X… • Software upgrade • Access points only need a firmware upgrade to enable 802.1X • On the client side, 802.1X can be enabled with an updated driver for the NIC • Depending on the EAP you choose, you can have a very secure authentication scheme! • Proprietary versions of dynamic key management available

  45. Implementations • EAP-MD5 • EAP-LEAP • EAP-TLS • EAP-TTLS • PEAP

  46. EAP-MD5 • EAP-MD5 is a simple EAP implementation • Uses and MD5 hash of a username and password that is sent to the RADIUS server • Authenticates only one way • Man in the middle attack • Bottom line: Not recommended

  47. EAP-LEAP (Cisco Wireless) • Like MD5-LEAP, it uses a Login/Password scheme that it sends to the RADIUS server • Each user gets a dynamically generated one time key upon login • Authenticates client to AP and vice versa • Can be used along with RADIUS session time out feature, to dynamically generate keys at set intervals • Only guaranteed to work with Cisco wireless clients • Broken – ASLEAP by Joshua Wright

  48. EAP-TLS by Microsoft • Instead of a username/password scheme, EAP-TLS uses certificate based authentication • Has dynamic one time key generation • Two way authentication • Uses TLS (Transport Layer Security) to pass the PKI (Public Key Infrastructure) information to RADIUS server • Compatible with many OS’s • Harder to implement and deploy because PKI for clients are also required

  49. PEAP by Microsoft and Cisco • A more elegant solution! • Very similar to EAP-TLS except that the client does not have to authenticate itself with the server using a certificate, instead it can use a login/password based scheme • Much easier to setup, does not necessarily require a PKI • Currently works natively with Windows XP SP1, but other platforms should support it soon

More Related