290 likes | 295 Vues
Wireless and Instant Messaging. Katherine Morris 2-26-2004. Chapter Overview. Wireless security issues Efforts of the IEEE to combat security problems 802.11x standards WAP, WEP, & WTLS Wireless site survey IM security issues. 802.11x standards.
E N D
Wireless and Instant Messaging Katherine Morris 2-26-2004
Chapter Overview • Wireless security issues • Efforts of the IEEE to combat security problems • 802.11x standards • WAP, WEP, & WTLS • Wireless site survey • IM security issues
802.11x standards • 802.11 group formed in 1990 as part of the IEEE standards body • Soon groups ‘a’ thru ‘j’ were formed • Now groups 802.15 and 802.16 are working on wireless PANs and MANs standards, respectively.
WAP 1.x • Wireless Application Protocol • Mobile phones, pagers, PDAs, two-way radios • Developed by WAP Forum • Web content on computers vs. handhelds
WAP 1.x Stack • Same concept as the OSI Model for web/Internet • More condensed, leaner • Data transaction is as compressed as possible
WAP 1.x Stack • WAP Gateway • Wireless Application Layer (WAL) & WAE • Wireless Session Protocol (WSP) • Wireless Transaction Protocol (WTP) • Wireless Datagram Protocol (WDP)
WAP Gap • WAP gateway • Financial services companies • Possibility of capturing data is very small
WAP 2.0 Stack • Security enhancements • Suite of utilities • WTLS vs. TLS • WAP 1.x stack replaced by standard Internet layers • Elimination of the WAP Gap
WAP 2.0 Stack Features • WAP Push • User Agent Profile • Wireless Telephony Application • External Functionality Interface (EFI) • Multimedia Messaging Service (MMS)
Wireless Transport Layer Security Protocol (WTLS) • Provides authentication, data encryption, and privacy for WAP 1.x • Scaled-down version of TLS • Less processing power, memory, and battery life
WTLS Cont. • 3 authentication classes: • Class 1: anonymous, client or gateway cannot authenticate each other • Class 2: Only allows client to authenticate the gateway • Class 3: Both client and gateway allowed to authenticate (requires Wireless Identity Card such as Smart Card in device)
Class 2 Authentication • 4 steps: • 1. WAP device sends a request for authentication • 2. Gateway responds and sends its certificate with the public key • 3. Receives certificate and public key then generates a unique random value • 4. WAP gateway receives encrypted value and uses private key to decrypt it
Notes on Class 2 Authentication • TLS and WTLS distinguish between a connection and a session-session can exist over several connections • In WAP 1.x, WTLS is optional • In WAP 1.x, WTLS only encrypts data between the client and the gateway, WAP gap still exists • Unsafe use of service set identifiers (SSIDs) • Weak keys
WLAN • Connects clients to each other or network resources using radio signals to pass data through the ether • Access Points act as broadcast stations • WNICs connect clients to the network
Wired Equivalent Privacy (WEP) • Optional security specified by 802.11 protocol • Used to encrypt data passed between the client and the APs • Used to authenticate clients that request access to network resources • Not considered adequate security
WEP Cont. • Uses a symmetric key to authenticate wireless devices, not users • Encrypts the transmissions of data • APs and clients need to share the same key • Client requests to send data or use the network • Client then begins and challenge-and-response authentication process
WEP Weaknesses • Initialization vector • Sequence of random bytes • Appended to the front of data • Sent in plaintext across the WLAN • Only 24 bits long • Reused on a regular basis
WEP Weaknesses Cont. • Doesn’t require asymmetric authentication, in which each wireless device would use its own secret key • More likely for the shared key to get into unauthorized hands more likely • Keys are manually configured • Critical information could get into the wrong authorized hands intentionally or unintentionally • Rekeying should be done regularly, or chance of hacking is increased
General WLAN Security Holes • Easier for people to detect WLANs and jump on to the network • War driving: most WLANs do not use WEP or any other form of encryption • DoS attacks much easier/more likely • WEP authenticates clients, not users
Conducting a wireless site survey • Conduct a needs assessment • Obtain site’s blueprints • Do a walk-through of the site • Identify possible AP locations • Verify AP locations • Document your findings
Instant Messaging • Real-time communications model • Either peer-to-peer or peer-to-network configuration • Peer-to-peer: • Clients talk directly to one another • Does not rely on a central server • Could expose each client’s IP address of machine • Peer-to-network • Central server • DoS talks are becoming more frequent • AOL Instant Messenger, MSN Messenger, Yahoo! Messenger, ICQ, and Internet Relay Chat (IRC)
IM Security Issues • Messages are sent in plaintext, no inherent encryption unless user enables it • Makes sessions vulnerable to packet sniffing, especially if the connection is not encrypted • Solutions: • Enabling private channel communication (MS NetMeeting) • Enterprise AIM and Trillian both use encryption to protect messages
Social Engineering • Obtaining of sensitive data by social means: pretending to be someone who has access • Username/Password authentication makes IM moderately secure • Unmonitored terminals are susceptible to social engineering • Not like email, which allows for greater response time, IM demands an instant response/decision • Informal nature
Technical IM Issues • File transfers: • Files cannot be scanned as they arrive, requires antivirus package on the local machine • Application sharing: • Allows users to remotely control another computer • Lots of security issues
Legal IM Issues • If wrong message is sent or overheard, litigation and criminal indictment could result • Either all or nothing in terms of allowing IM • Difficult to control, but easy to block IM ports • SMS (Simple Messaging Service): IM client provided by most cell phone carriers