1 / 46

Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks

Wireless Networks and Mobile Systems. Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks. Lecture Objectives. Introduce security vulnerabilities and defenses Describe security functions in Basic mechanisms WiFi Protected Access (WPA) IEEE 802.11i

wynona
Télécharger la présentation

Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Networks and Mobile Systems Lecture 12Mobile Networks: Security inWireless LANs and Mobile Networks

  2. Lecture Objectives • Introduce security vulnerabilities and defenses • Describe security functions in • Basic mechanisms • WiFi Protected Access (WPA) • IEEE 802.11i • Describe some other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 2

  3. References • J. F. Kurose and K. W. Ross, Computer Networking: A Top-Down Approach Featuring the Internet, 2nd ed., Addison Wesley, 2003, Chapter 7. • T. Karygiannis and L. Owens, “Wireless Network Security: 802.11, Bluetooth, and Handheld Devices,” NIST Special Publication 800-48, Nov. 2002. • http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf • WiFi Protected Access (WPA) • http://www.wi-fi.org/OpenSection/protected_access.asp Mobile Networks: Security in Wireless LANs and Mobile Networks 3

  4. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 4

  5. Wireless Magnifies Exposure Vulnerability • Information going across the wireless link is exposed to anyone within radio range • RF may extend beyond a room or a building • Infrared limited to a room • Traditional wireline networks benefit from physical security • Access to the wire is required to gain information • Switched networks further reduce exposure Sniffing is easy Mobile Networks: Security in Wireless LANs and Mobile Networks 5

  6. Mobility Makes it Difficult toEstablish Trust • A mobile user must connect to a network component (e.g., an access point) that is physically hidden • Problem on both home and foreign networks • Mobility on foreign networks -- service providers are unknown and, perhaps, not trusted • Access points • Foreign agents • DHCP servers Is this my AP? Mobile Networks: Security in Wireless LANs and Mobile Networks 6

  7. Lack of Infrastructure • Lack of security infrastructure • Authentication servers • Certificate authorities • Unknown nodes providing service • Intermediate nodes for ad hoc routing Can intermediatenode be trusted? Mobile Networks: Security in Wireless LANs and Mobile Networks 7

  8. System Design Issues • Mobile form factor • Desire low power consumption • Minimize computation • Minimize network communication • Constrained by low processing capabilities • Constrained by limited link capacity • Need cryptographic and other security-related algorithms to be simple • Need to minimize communications overhead for security protocols Mobile Networks: Security in Wireless LANs and Mobile Networks 8

  9. Secure Communications (1) • Privacy or confidentiality • The intended recipients know what was being sent but unintended parties cannot determine what was sent • Requires some form of encryption and decryption • Encryption at the sender • Decryption at the receiver using a public or private (secret) key to decode the encrypted information • Authentication • Confirms the identity of the other party in the communication • Assures that • The claimed sender is the actual sender • The claimed receiver is the actual receiver Mobile Networks: Security in Wireless LANs and Mobile Networks 9

  10. Secure Communications (2) • Message integrity and non-repudiation • Data integrity – data is transmitted from source to destination without undetected alteration • Non-repudiation – prove that a received message came from a claimed sender • Availability and access control • Ensures availability of resources for the intended users • Controls access to resource Mobile Networks: Security in Wireless LANs and Mobile Networks 10

  11. Link Versus End-to-End Security • End-to-end security • Provided by network (e.g., IPsec), transport (e.g., SSL), and/or application layer (e.g., application-specific) • Link security • Provided by link layer (e.g., IEEE 802.11 WEP, WPA, or IEEE 802.11i) End-to-End Security Link Security Mobile Networks: Security in Wireless LANs and Mobile Networks 11

  12. Security Objectives (1) • Major concerns at the link layer • Authentication (but, related to access control) • Privacy • Integrity • Major concerns at the network layer (e.g., IPsec) • Authentication • Privacy • Integrity Mobile Networks: Security in Wireless LANs and Mobile Networks 12

  13. Security Mechanisms (2) • Security mechanisms at the transport layer (e.g., SSL) and in applications may deal with all objectives • Authentication • Privacy • Integrity • Access control Mobile Networks: Security in Wireless LANs and Mobile Networks 13

  14. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 14

  15. Cryptography • Symmetric (private) key cryptography • Sender and receiver keys are identical (KA = KB) • Asymmetric (public) key cryptography • Sender (encryption) key (KA) is public • Receiver (decryption) key (KB KA) is private Plaintext KA Ciphertext KB Plaintext Encryption Decryption Mobile Networks: Security in Wireless LANs and Mobile Networks 15

  16. Public Key Cryptography • Unlike a private key system, one can publish the key for encryption in a public key encryption system KB+ Public key Private key Plaintext Ciphertext KB- Plaintext Encryption Decryption m KB+(m) m = KB-(KB+(m)) Mobile Networks: Security in Wireless LANs and Mobile Networks 16

  17. Authentication withPrivate Key Cryptography • Authentication can be implemented with symmetric (private) key cryptography A B Claim “A” Generate aone-time “nonce” R encrypt decrypt K(R)  R Mobile Networks: Security in Wireless LANs and Mobile Networks 17

  18. Authentication withPublic Key Cryptography • Use of public key avoids shared key problem • Vulnerable to “man-in-the-middle” attack A B Claim “A” KA+: A’s public key KA-: A’s private key R KA-(R) Sender must have used private key of A, so it is A Key Request KA+  Compute KA+(KA-(R)) = R Mobile Networks: Security in Wireless LANs and Mobile Networks 18

  19. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Authentication • Privacy • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 19

  20. IEEE 802.11 Security • Security was not thoroughly addressed in the original IEEE 802.11 standard • Based on Wired Equivalent Privacy (WEP) • Objective is to not compromise security when compared to a standard wired LAN (e.g., Ethernet) – but what does this really mean? • Evolution • Long-term: IEEE 802.11i • Short-term: WiFi Protected Access (WPA) Mobile Networks: Security in Wireless LANs and Mobile Networks 20

  21. IEEE 802.11: Authentication (1) • IEEE 802.11 supports two authentication schemes • Open system “authentication” • Shared key authentication • Authentication management frames used in a transaction to establish authentication • Authentication algorithm number • Authentication transaction sequence number • Status code • Deauthentication management frame sent to terminate an association • Reason code Mobile Networks: Security in Wireless LANs and Mobile Networks 21

  22. IEEE 802.11: Authentication (2) • Open system “authentication” is really just a placeholder for systems that do not wish to implement true authentication • One station asserts its identity • The other station responds with success • Shared key authentication • Both stations must have a copy of a WEP key • Station proves identity by encrypting and returning challenge text • 128-bit challenge text based on RC4 stream cipher • Shared key authentication only authenticates the station to the AP, not the AP to the station! Mobile Networks: Security in Wireless LANs and Mobile Networks 22

  23. IEEE 802.11: Shared Key Authentication • Uses private key authentication scheme shown earlier STA AP identity assertion 128-bitone-time nonce identity assertion/challenge text Encrypted using shared WEP key encrypted text Decrypted using shared WEP key success/failure Mobile Networks: Security in Wireless LANs and Mobile Networks 23

  24. IEEE 802.11: Deauthentication • A station can terminate an authentication association with another station by sending that station a deauthentication frame • Contains just a reason code, e.g., sending station is leaving the BSS or ESS Mobile Networks: Security in Wireless LANs and Mobile Networks 24

  25. IEEE 802.11: Privacy • Based on Wired Equivalent Privacy (WEP) • MAC at sender encrypts frame body of data frames • Headers and non-data frames are not encrypted • Does not protect against data analysis attacks • MAC at receiver decrypts and passes data to higher level protocol • Uses RC4 symmetric stream cipher • Same key at sender and receiver • Can be applied to variable length data • Key distribution not addressed in standard Mobile Networks: Security in Wireless LANs and Mobile Networks 25

  26. WEP Data Encryption • Host/AP share 40-bit symmetric key • Semi-permanent WEP key • May be longer (e.g., 128 bits) • Host appends 24-bit initialization vector (IV) for each frame to create a 64-bit key • 152-bit key with 128-bit WEP key • The 64-bit key is used to generate a stream of keys, kiIV , using RC4 private key stream cipher algorithm • Key kiIV is used to encrypt byte i, di, in the frame • ci = di XOR kiIV (XOR is exclusive-or) • Initialization vector (IV) and the encrypted bytes, ci, are sent in the frame Mobile Networks: Security in Wireless LANs and Mobile Networks 26

  27. WEP Encryption at the Sender KS Key Sequence Generator KS = shared WEP key IV … … k1IV k2IV kNIV kN+1IV kN+4IV … … d1 d2 dN crc1 crc4 Supports integrity      … … c1 c2 cN cN+1 cN+4 802.11Header IV WEP-encrypted data and CRC Mobile Networks: Security in Wireless LANs and Mobile Networks 27

  28. WEP Encryption Vulnerability • Initialization vectors are 24 bits in length and a new one is used each frame, so IVs are eventually reused • IVs are transmitted in plaintext, so IV reuse can be detected just by packet sniffing • Attack • An intruder causes a host to encrypt known plaintext, d1, d2, d3,… • The intruder sees ci = di XOR kiIV • The intruder knows ci and di, so it can compute kiIV • The intruder knows encrypting key sequence k1IV, k2IV, k3IV, k4IV, … • The next time that the same IV is used, the intruder can decrypt Mobile Networks: Security in Wireless LANs and Mobile Networks 28

  29. IEEE 802.11: Security Weaknesses (1) • WEP encryption is flawed, affecting privacy and authentication • Static WEP keys leave encryption vulnerable • Initialization vectors sent in the clear • Generation of IVs may be weak • Not specified in the standard • All NICs from a vendor may generate the same sequence of IVs or the IV may be a fixed value • Exposed IV (revealing part of key) plus weakness of RC4 make WEP vulnerable to analysis • Can be broken for a busy network by a contemporary personal computer – about 10 hours for sniffing and a few seconds to “guess” the key Mobile Networks: Security in Wireless LANs and Mobile Networks 29

  30. IEEE 802.11: Security Weaknesses (2) • Integrity check based on CRC • Relatively weak compared to a hash or message authentication scheme • Introduces vulnerabilities for certain kinds of attacks • Unilateral challenge-response used for authentication vulnerable to “man-in-the-middle” attack • Asymmetric authentication • Station cannot authenticate AP • Key management is not addressed by the standard • Very complex task, especially for a large network Mobile Networks: Security in Wireless LANs and Mobile Networks 30

  31. IEEE 802.11: Security Weaknesses (3) • “Out-of-the-box” default is usually no security • Ease of deployment and ease of operation for users • Lots of WLANs with no security configured! Mobile Networks: Security in Wireless LANs and Mobile Networks 31

  32. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 32

  33. Improving IEEE 802.11 Security • RSA Security’s Fast Packet Rekeying • WiFi Alliance’s WiFi Protected Access (WPA) • IEEE 802.11 Technical Group i (IEEE 802.11i) Mobile Networks: Security in Wireless LANs and Mobile Networks 33

  34. Fast Packet Rekeying • Generates a unique key to encrypt each network packet on the WLAN • Hashing technique used to rapidly generates per packet keys • The IEEE 802.11 group has approved fast packet rekeying as a fix for WEP security weaknesses Mobile Networks: Security in Wireless LANs and Mobile Networks 34

  35. WiFi Protected Access • WiFi Protected Access (WPA) is intended as a near-term solution to the IEEE 802.11 security problem • Software-only updates – requires update to AP firmware and NIC driver • A subset of the more extensive IEEE 802.11i techniques • Based on two main functions • 802.1x port-based access control • Temporal Key Integrity Protocol (TKIP) Mobile Networks: Security in Wireless LANs and Mobile Networks 35

  36. IEEE 802.1x Port-Based Access Control • Allows use of upper-layer authentication protocols • AP and station can authenticate each other • Integrates with IETF’s Extensible Authentication Protocol (EAP) • See RFC 2284 • Authentication can be… • On the AP • Use a backend server, e.g., with RADIUS • Allows use of session keys • 802.1x keys can be changed each session • Standard WEP keys are semi-permanent Mobile Networks: Security in Wireless LANs and Mobile Networks 36

  37. Temporal Key Integrity Protocol • Extends the initialization vector (IV) space beyond 24 bits • Uses key construction for each packet • Improves cryptographic integrity check beyond CRC used in WEP • Supports key derivation and distribution Mobile Networks: Security in Wireless LANs and Mobile Networks 37

  38. IEEE 802.11i • IEEE 802.11i also known as Robust Security Network (RSN) • Longer-term solution (but should be available very soon) • Requires hardware replacements for APs and NICs • Superset of WPA – includes… • IEEE 802.1x port-based access control • Temporal Key Integrity Protocol (TKIP) • Includes support for Advanced Encryption Standard (AES) for confidentiality and integrity Mobile Networks: Security in Wireless LANs and Mobile Networks 38

  39. Advanced Encryption Standard • The Advanced Encryption Standard (AES) is published by NIST as the successor to Data Encryption Standard (DES) • Operation • 128-byte blocks of data (cleartext) • 128-, 192-, or 256-bit symmetric keys • NIST estimates that a machine that can break 56-bit DES key in 1 second would take about 149 trillion years to crack a 128-bit AES key (unless someone is very lucky) Mobile Networks: Security in Wireless LANs and Mobile Networks 39

  40. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 40

  41. Mitigating Risk* • Management countermeasures • For example, standardizing AP settings and controlling use of WLANs within an organization • Operational countermeasures • For example, controlling coverage area of APs • Technical countermeasures • Access point configuration • Firmware and software updates • Personal firewalls • Intrusion detection systems (IDS) • Maximizing WEP key length • Security audits • Virtual private networks *Karygiannis and Owens, 2002 Mobile Networks: Security in Wireless LANs and Mobile Networks 41

  42. Virtual Private Networks • Using a VPN (e.g., based on IPsec) above the WLAN provides the security present in the environment of the VPN server VPN Tunnel Link Security VPNServer Mobile Networks: Security in Wireless LANs and Mobile Networks 42

  43. Agenda • Security vulnerabilities and objectives • Security mechanisms • Basic security features in IEEE 802.11 • Improving WLAN security • Augmenting WLAN security • Other security issues Mobile Networks: Security in Wireless LANs and Mobile Networks 43

  44. Bluetooth • While generally more secure than IEEE 802.11, there are vulnerabilities • More information… • C. T. Hager and S. F. Midkiff, “Demonstrating Vulnerabilities in Bluetooth Security,” IEEE Global Telecommunications Conference (GLOBECOM), Vol. 3, Dec. 1-5, 2003, pp. 1420-1424. • C. T. Hager and S. F. Midkiff, “An Analysis of Bluetooth Security Vulnerabilities,” IEEE Wireless Communications and Networking Conference, Vol. 3, March 16-20, 2003, pp. 1825-1831. Mobile Networks: Security in Wireless LANs and Mobile Networks 44

  45. Mobile Networks • Security vulnerabilities in Mobile IP • Rogue Foreign Agents • Impersonating a Home Agent • Impersonating a Mobile Host to redirect traffic • Reducing security to enable Mobile IP – router at foreign network • Security vulnerabilities in mobile ad hoc networks (MANETs) • Generating faulty routing information • Snooping on relayed traffic • Refusing to route • Power-oriented attacks Mobile Networks: Security in Wireless LANs and Mobile Networks 45

  46. Summary • Examined the basic objectives of security and fundamental approaches to cryptography and authentication • IEEE 802.11 security features (which are flawed) • Authentication • Privacy and integrity • Solutions to IEEE 802.11’s security problems • WiFi Protected Access (WPA) • IEEE 802.11i – Robust Security Network (RSN) • Higher layer security methods can also address WLAN security problems • Other security issues in wireless and mobile systems Mobile Networks: Security in Wireless LANs and Mobile Networks 46

More Related