SECURITY IN WIRELESS WAN MADHURI RAMBHATLA
OBJECTIVE • Thoroughly study the various aspects of Wireless Technology and analyse the vulnerabilities in Wireless WAN and its affects on the society. • To delve into some of the problems currently faced by WAN and present a few probable solutions to it. • To bring in security awareness amongst students and other population.
SECURITY IN NETWORKING • The various types of Networking systems available are LAN, WAN,MAN,PAN & WPAN. • The main purpose of a WAN is to provide reliable, fast and safe communication between two or more places (nodes) with low delays and at low prices. WANs enable an organization to have one integral network between all its departments and offices, even if they are not all in the same building or city, providing communication between the organization and the rest of the world.
Hacker Tools • LophtCrack • NT Recover/Locksmith • Password Hacker • Password Cracking Archive • Snadboy’s Revelation • Legion The other hacker tools are available at this following URL: http://netsecurity.about.com/cs/hackertools/
Possible Security Measures…. • Fire Walls – Stops Ankle Biters • Virtual Private Networks • Secure Web Servers • Keep your system patched “It’s always best to build security in from the beginning rather than to add it later”
WIRELESS TECHNOLOGY • Evolving of Wireless…. Wireless technology has been around since the turn of the last century, but only as we take a step into the 21st century are we beginning to see such technology take hold in so many aspects of our lives. Students entering higher education in the next few years may take for granted the idea of a wireless campus—a place they may never have to worry about finding a phone jack or a data line to connect to the school's network. They will have the ability to use their laptops and handheld devices—to e-mail a paper, do library research, participate in a class online discussion—anywhere on campus, without having to worry about physically plugging in their hardware.
Wireless is a major factor in changing the way that students, faculty and staff at Universities communicate and gather information. • While the world of wireless is confusing, a defacto campus standard has emerged- 802.11b. • This is available everywhere from coffee shops to airports. • 802.11a is being developed which has a higher bandwidth and useful for multimedia purposes.
Why security in WAN is better than in LAN…. • LAN products have poor encryption options and their emission signals (about 100 yards in all directions) were too easy to intercept. • Point to point signaling in WAN is more difficult to intercept. An eavesdropper would have to stand directly in the signal's path to collect data or hijack the signal. • Tsunami, a product from Western Multiplex Inc. in Sunnyvale, Calif. Tsunami speeds data along at 430M bit/sec. in each direction, encodes those transmissions and supports third-party encryption products.
WHY SECURITY ?? • Security is the key word for any kind of public, multi usage networking or interface. Security involves protection of data against malicious eyes and hands and transmitting confidential matters to the correct authorities. • Wireless networking has many security breaches and here a few vulnerabilities… • With a wireless WAN, transmitted data is broadcast over the air using radio waves, so it can be received by any wireless WAN client in the area served by the data transmitter. Because radio waves travel through ceilings, floors, and walls, transmitted data may reach unintended recipients on different floors and even outside the building of the transmitter.
Installing a wireless WAN may seem like putting Ethernet ports everywhere, including in your parking lot. Similarly, data privacy is a genuine concern with wireless WANs because there is no way to direct a wireless WAN transmission to only one recipient.
SECURITY IN WIRELESS WAN SECURITY BREACHES • Hard Ware Threats: (a)It is common to statically assign a WEP key to a client, either on the client's disk storage or in the memory of the client's wireless LAN adapter. When this is done, the possessor of a client has possession of the client's MAC address and WEP key and can use those components to gain access to the wireless LAN. If multiple users share a client, then those users effectively share the MAC address and WEP key.
(b) When a client is lost or stolen, the intended user or users of the client no longer have access to the MAC address or WEP key, and an unintended user does. It is next to impossible for an administrator to detect the security breach; a proper owner must inform the administrator. When informed, an administrator must change the security scheme to render the MAC address and WEP key useless for wireless LAN access and decryption of transmitted data. The administrator must recode static encryption keys on all clients that use the same keys as the lost or stolen client. The greater the number of clients, the larger the task of reprogramming WEP keys.
What is needed is a security scheme that: - Base wireless WAN authentication on device-independent items such as usernames and passwords, which users possess and use regardless of the clients on which they operate. - Use WEP keys that are generated dynamically upon user authentication, not static keys that are physically associated with a client.
Rogue Access Points: - The 802.11b shared-key authentication scheme employs one-way, not mutual, authentication. An access point authenticates a user, but a user does not and cannot authenticate an access point. If a rogue access point is placed on a wireless WAN, it can be a launch pad for denial-of-service attacks through the "hijacking" of the clients of legitimate users. - What is needed is mutual authentication between the client and an authentication server whereby, both sides prove their legitimacy within a reasonable time. Because a client and an authentication server communicate through an access point, the access point must support the mutual authentication scheme. Mutual authentication makes it possible to detect and isolate rogue access points.
Other Threats: Standard WEP supports per-packet encryption but not per-packet authentication. A hacker can reconstruct a data stream from responses to a known data packet. The hacker then can spoof packets. One way to mitigate this security weakness is to ensure that WEP keys are changed frequently. By monitoring the 802.11 control and data channels, a hacker can obtain information such as: -Client and access point MAC addresses -MAC addresses of internal hosts -Time of association/disassociation The hacker can use such information to do long-term traffic profiling and analysis that may provide user or device details. To mitigate such hacker activities, a site should use per-session WEP keys.
A Complete Security Solution • What is needed is a wireless WAN security solution that uses a standards-based and open architecture to take full advantage of 802.11b security elements, provide the strongest level of security available, and ensure effective security management from a central point of control. A promising security solution implements key elements of a proposal jointly submitted to the IEEE by Cisco Systems, Microsoft and other organizations. • Central to this proposal are the following elements: -Extensible Authentication Protocol (EAP), an extension to Remote Access Dial-In User Service (RADIUS) that can enable wireless client adapters to communicate with RADIUS servers. -IEEE 802.1X, a proposed standard for controlled port access.
Cont…. • When the security solution is in place, a wireless client that associates with an access point cannot gain access to the network until the user performs a network logon. • The following sequence of events flow.. - A wireless client associates with an access point. - The access point blocks all attempts by the client to gain access to network resources until the client logs on to the network. - The user on the client supplies a username and password in a network logon dialog box or its equivalent. - Using 802.1X and EAP, the wireless client and a RADIUS server on the wired LAN perform a mutual authentication through the access point.
Cont… -When mutual authentication is successfully completed, the RADIUS server and the client determine a WEP key that is distinct to the client and provides the client with the appropriate level of network access, thereby approximating the level of security inherent in a wired switched segment to the individual desktop. The client loads this key and prepares to use if for the logon session. - The RADIUS server sends the WEP key, called a session key, over the wired LAN to the access point. - The access point encrypts its broadcast key with the session key and sends the encrypted key to the client, which uses the session key to decrypt it. - The client and access point activate WEP and use the session and broadcast WEP keys for all communications during the remainder of the session.
Real Life Examples • A 15-year-old Connecticut youth faces charges of hacking into a government computer system that tracks the positions of U.S. Air Force planes worldwide, according to government officials. 03/31/01 • Hacker accesses AT&T computers, stealing $1 million worth of software. 09/18/87 • Hackers break into Stanford Unix computers. 09/16/86 • Hacker cracks USAF satellite-positioning satellite. 06/21/89 • Citibank hacked by Vladimir Levin; $10 million in illegal transfers. 06/13/94
BLUETOOTH TECHNOLOGY WIRED vs WIRELESS Is wired network obsolete?? Of course Not!! The whole network infrastructure contains a place for wired and wireless connections. Every wireless access point using the 802.11 standards needs a wired connection. Wiring for wireless access points requires a different topology than for traditional wired jacks, so a network mixing both wireless and wired connections may need as much or more wire than before—even with fewer jacks. If the 3G or 4G digital standards (see below for the explanations of standards and terminology) come into place, which at the moment looks less than certain, and no wired access points are needed on campus. Bluetooth Technology is aiming at exactly that… a complete wireless, technology.
What is bluetooth? • Bluetooth is a global de facto standard for wireless connectivity. Based on a low-cost, short-range radio link, bluetooth cuts the cords that used to tie up digital devices.
Bluetooth in Action • Bluetooth can give you a new kind of freedom. You might share information, synchronize data, access the Internet, integrate with LANs or even unlock your car - all by simply using your Bluetooth equipped mobile phone – absolutely wireless!!!!
Security in Bluetooth • In the encryption scheme of Bluetooth there seems to be some weaknesses. The E0 stream cipher with 128-bit key length can be broken in O(2^64) in some circumstances. The proof is rather mathematical in nature and therefore out of the scope of this paper, so it will be omitted. However, the detailed version can be read in . In a nutshell, there is a divide-and-conquer type of attack that is possible to perform, if the length of the given keystream is longer than the period of the shortest LFSR user in the key stream generation in E0. • There is a problem in the usability of the Bluetooth devices, too. The use of the PIN code in the initialization process of two Bluetooth devices is tacky.
RESOURCES • http://netsecurity.about.com/cs/hackertools/ • http://www.dpo.uab.edu/sura/Security/sld008.htm • http://www.computerworld.com/itresources/rcstory/0,,KEY73_STO63837,00.html • http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/a350w_ov.htm • http://www.almaden.ibm.com/cs/user/pan/pan.html • http://techupdate.zdnet.com/techupdate/filters/mrc/0,14175,6020424,00.html • http://www.nwfusion.com/news/2001/0424hack.html • http://www.networkcomputing.com/1202/1202f1d1.html • http://www.nokia.com/bluetooth/whatis.html • http://www.nokia.com/bluetooth/inaction.html • http://www.niksula.cs.hut.fi/~jiitv/bluesec.html
CONCLUSION • In the light of this study, it is quite apparent that the security measures for wireless networking are inadequate. As the basic problems have been corrected, more sophistication in the use of mobile devices would lead to more security breaches and hence more protection towards it. As we have seen, the WSA’s and other hacking protection tools do provide sufficient help, but this should not put us at ease and we should be on the look out for more vulnerabilities and ways to seal them. I hope this presentation has brought awareness among us students and my objective has been achieved.