Wireless Security

New Standards for 802.11 Encryption and Authentication

Kazi Khaled Al-Zahid

Wired vs. Wireless

Wired networks offer more and better security options than wireless More thoroughly established standards with wired networks Wireless networks are much more equipment dependent than wired networks Easier to implement security policies on wired networks

802.11b Overview

Standard for wireless networks

Approved by IEEE in 1999

Two modes: infrastructure and ad hoc

IBSS (ad hoc) mode

BSS (infrastructure) mode

2

802.11
802.11 Standards 802.11 The original WLAN Standard. Supports 1 Mbps to 2 Mbps. 802.11a High speed WLAN standard for 5 Ghz band. Supports 54 Mbps. 802.11b WLAN standard for 2.4 Ghz band. Supports 11 Mbps. 802.11e Address quality of service requirements for all IEEE WLAN radio interfaces. 802.11f Defines inter-access point communications to facilitate multiple vendor-distributed WLAN networks. 802.11g Establishes an additional modulation technique for 2.4 Ghz band. Intended to provide speeds up to 54 Mbps. Includes much greater security. 802.11h Defines the spectrum management of the 5 Ghz band for use in Europe and in Asia Pacific. 802.11i Address the current security weaknesses for both authentication and encryption protocols. The standard encompasses 802.1X, TKIP, and AES protocols.
3

Wireless Security?

Hacking is no longer the esoteric domain of the techno-elite. Most often done by young males ages 15-25 that have extensive computer programming knowledge. Variety of reasons from simple curiosity all the way to achieving terrorist ideals.

Most often used for identity theft and industrial espionage.

Security Risks of Wireless LANs

Easier for unauthorized devices to attach to wireless network

- Dont need physical access

- Many organizations dont apply security

- Presence of free wireless hacking tools

Internal systems are usually not as secure as external or DMZ systems

Business Risks of Wireless LANs

A wireless attacker could affect you business in the following ways: Ability to destroy data Ability to steal proprietary data from client workstations and servers Disruption of network service through corruption of network devices

RISK: Inability to meet core business and customer needs that could lead to loss of revenue
6

Security Risks INTRODUCED by Wireless Technology

Rogue Access Points Clients Communicating in Ad Hoc Mode

Computerworld survey estimate at least 30 percent of businesses have rogue wireless LANs.

Original 802.11 Security

Service set identifier (SSID)

A simple code that identifies the WLAN.

Clients must be configured with the correct SSID to access their WLAN.

Media access control (MAC)

MAC address filtering restricts WLAN access to computers that are on a list you create for each access point on your WLAN.

Wired equivalent privacy (WEP)

Encryption and authentication scheme that protects WLAN data streams between clients and access points (AP) This was discovered to have flaws.
8

Access Point SSID

Service Set Identifier (SSID) differentiates one access point from another
By default, access point broadcasts its SSID in plaintext beacon frames every few seconds

Default SSIDs are easily guessable

Linksys defaults to linksys, Cisco to tsunami, etc. This gives away the fact that access point is active

Access point settings can be changed to prevent it from announcing its presence in beacon frames and from using an easily guessable SSID
But then every user must know SSID in advance
9

Wired Equivalent Protocol (WEP)

Special-purpose protocol for 802.11b

Intended to make wireless as secure as wired network

Goals: confidentiality, integrity, authentication

Assumes that a secret key is shared between access point and client

Uses RC4 stream cipher seeded with 24-bit initialization vector and 40-bit key
Terrible design choice for wireless environment In SSL, we will see how RC4 can be used properly

10

WEP Flaws

Two basic flaws undermined its use for protection against other than the casual browser - eavesdropper
No defined method for encryption key refresh or distribution Pre-shared keys were set once at installation and rarely if ever changed

Use of RC4 which was designed to be a one-time cipher not intended for multiple message use
But because the pre-shared key is rarely changed, same key used over and over

Attacker monitors traffic and finds enough examples to work out the plaintext from message context
With knowledge of the cipertext and plaintext, can compute the key
11

Encryption

WEP Flaw
Takes about 10,000 packets to discover the key

Large amounts of known data is the fastest way of determining as many keystreams as possible
The information may be as innocuous as the fields in the protocol header or the DNS name query

Monitoring is passive so undetectable

Simple tools and instructions freely available to spit out the key Legal experts postulate this type of monitoring may not be illegal

12

Other Problems

SSID (service set identifier)

Identifies the 802.11 devices that belong to a Basic Service Set (BSS). A BSS is analogous to a LAN segment in wired terms SSID is meant as a method to identify what Service Set you want to communicate with; not as a security layer authentication Even when using WEP, the SSID remains fully visible Some mgfr even allow the WLAN cards to poll for the SSID and self configure

13

Other Problems

MAC (media access control)

Possible to restrict access by MAC address on many AP (access points) by means of an ACL All standards compliant NIC cards, including WLAN cards, should have unique MAC, some software allow this address to be spoofed

Spoofing Wireless
Is easy Unlike internet devices which have routing issues to overcome, IP addresses of wireless devices can be manually changed at will Some networks systems serve up the IP address dynamically

14

Do Not Do This
[courtesy of Brian Lee]

Ingredients: Laptop (with 802.11b card, GPS, Netstumbler, Airsnort, Ethereal) and the car of your choice

Drive around, use Netstumbler to map out active wireless networks and (using GPS) their access points If network is encrypted, park the car, start Airsnort, leave it be for a few hours
Airsnort will passively listen to encrypted network traffic and, after 5-10 million packets, extract the encryption key

Once the encryption key is compromised, connect to the network as if there is no encryption at all
Alternative: use Ethereal (or packet sniffer of your choice) to listen to decrypted traffic and analyze

Many networks are even less secure

15

Weak Countermeasures

Run VPN on top of wireless

Treat wireless as you would an insecure wired network VPNs have their own security and performance issues Compromise of one client may compromise entire network

Hide SSID of your access point

Still, raw packets will reveal SSID (it is not encrypted!)

Have each access point maintain a list of network cards addresses that are allowed to connect to it
Infeasible for large networks Attacker can sniff a packet from a legitimate card, then re-code (spoof) his card to use a legitimate address

16

Fixing the Problem

Extensible Authentication Protocol (EAP)

Developers can choose their own authentication method Cisco EAP-LEAP (passwords), Microsoft EAP-TLS (public-key certificates), PEAP (passwords OR certificates), etc.

802.11i standard fixes 802.11b problems

Patch: TKIP. Still RC4, but encrypts IVs and establishes new shared keys for every 10 KBytes transmitted No keystream re-use, prevents exploitation of RC4 weaknesses Use same network card, only upgrade firmware

Long-term: AES in CCMP mode, 128-bit keys, 48-bit IVs

Block cipher (in special mode) instead of stream cipher Requires new network card hardware
17

Improved Security Standards

802.1x Authentication (2001)

WPA (Wi-Fi Protected Access) (2002)

802.11i (2003-4)

18

802.1X Authentication and EAP

802.1X
Framework to control port access between devices, AP, and servers

Uses Extensible Authentication Protocol (EAP) (RFC 2284)

Uses dynamic keys instead of the WEP authentication static key Requires mutual authentication protocol Users transmission must go thru WLAN AP to reach authentication server performing the authentication Permits number of authentication methods RADIUS is the market de facto standard
19

EAP Types

EAP-TLS (RFC 2716)

EAP is extension of PPP providing for additional authentication methods TLS provides for mutual authentication and session key exchange Negotiated mutual key becomes Master-Key for 802.11 TKIP Requires client & server certificates (PKI based) Deployed by Microsoft for its corporate network Shipping in Windows 2000 and XP

20

Other EAP Types

EAP-TTLS
Tunneled TLS -- -- uses two TLS sessions Outer--TLS session with Server certificate for server authentication Inner Inner--TLS session using certificates at both ends and password Protects users identity from intermediary entities

PEAP
Similar to EAP-TTLS, but only allows EAP for authentication Server authentication via Server certificate

Users password delivered through SSL protected channel

Session continues when users password verified Client-side certificate optional
21

WPA Interim 802.11 Security

Wi-Fi Protected Access (WPA) Interim Solution between WEP and 802.11i
Plugs holes in legacy 802.11 devices; typically requires firmware or driver upgrade, but not new hardware
Subset of the 802.11i and is forward compatible

Sponsored by the Wi-Fi Alliance

Will require WPA for current certifications

Support announced by Microsoft, Intel, others

Agere Atheros Athnel Colubris Funk Sftw Intesil Proxim Resonext TI
22

WPA

Improves WEP encryption Based on TKIP protocol and algorithm

Changes the way keys are derived
Refreshes keys more often Adds message integrity control to prevent packet forgeries

Benefits
Encryption weakness improved but not solved Some concern that TKIP may degrade WLAN performance without hardware accelerator But protects current device investment Will be available sooner than 802.11i
23

WPA

Works similarly to 802.1X authentication

Both Clients and AP must be WPA enabled for encryption to and from 802.1X EAP server Key in a pass phrase (master key) in both client and AP If pass phrase matches, then AP allows entry to the network

Pass phrase remains constant, but a new encryption key is generated for each session

24

TKIP

Temporal Key Integrity Protocol

Quick fix to overcome the the reuse of encryption key problem with WEP Combines the pre-shared key with the clients MAC and and larger IV to ensure each client uses different key stream Still uses WEP RC4, but changes temporal key every 10K packets Mandates use of MIC (Michael) to prevent packet forgery

Benefits
Uses existing device calculation capabilities to perform the encryption operations
Improves security, but is still only a short-term fix
25

New 802.11i Security

Addresses the main problems of WEP and Shared-Key Authentication

Temporal Key Integrity Protocol (TKIP) Message Integrity Control ~ Michael AES Encryption replacement for RC4 Robust Security Network (RSN)

Require new wireless hardware Ratification ~ YE 2003

26

Robust Security Network

RSN uses Dynamic Negotiation

For authentication and encryption algorithms between AP and client devices Authentication is based on 802.1X and EAP AES Encryption

27

How RSN Works

1. 2. 3.

Client

Access Point 4

WLAN Switch

Ethernet Switch

RADIUS Server

1. Client sends request for association and security negotiation to AP, which forward to WLAN switch. 2. WLAN switch passes request to Authentication Server (RADIUS). 3. RADIUS authenticates client. 4. Switch and client initiate 4 way key negotiation to create unique session key. Switch pushes key, which is AES encrypted to AP. AES encrypts all data traffic.

28

Final Words

802.11 is truly useful technology Wireless networking will continue to expand As the networking standards change so will the security issues Network security specialists need to understand wireless networking; and vice versa

Start evaluating and deploying new security standards

SANS Institute Information Security Reading Room
http://www.sans.org/rr/wireless/

NIST Wireless Network Security

http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdf
29

30

802.11a

Works at 40mhz, in the 5ghz range THEORETICAL transfer rates of up to 54mpbs ACTUAL transfer rates of about 26.4mbps Limited in use because it is almost a line of sight transmittal which necessitates multiple WAPs (wireless access points) Cannot operate in same range as 802.11b/g Absorbed more easily than other wireless implementations

31

802.11b WiFi

Operates at 20mhz, in the 2.4ghz range Most widely used and accepted form of wireless networking THEORETICAL speeds of up to 11mbps

ACTUAL speeds depend on implementation

5.9mbps when TCP (Transmission Control Protocol) is used (error checking) 7.1mbps when UDP (User Datagram Protocol) is used

(no error checking)

Can transmit up to 8km in the city; rural environments may be longer if a line of sight can be established

32

802.11b - WiFi (cont.)

Not as easily absorbed as 802.11a signal Can cause or receive interference from:
Microwave ovens (microwaves in general) Wireless telephones Other wireless appliances operating in the same frequency

33

802.11g - Super G

Operates at the same frequency range as 802.11b THEORETICAL throughput of 54mpbs ACTUAL transmission rate is dependent on several factors, but averages 24.7mbps Logical upgrade from 802.11b wireless networks backwards compatibility Suffers from same limitations as 802.11b network System may suffer significant decrease in network speeds if network is not completely upgraded from 802.11b

34

802.11n (Ultranet)

Standards in discussion now; should be completed by the end of 2006 REAL throughput of at least 100mbps
4 5 times faster than 802.11g/a 20 times faster than 802.11b!

Better distance than 802.11a/b/g Being designed with speed and security in mind Perfect compliment for WWW2

35

Wireless Networking Categories

Personal Area Networking

Bluetooth, UWB

Local Area Networking

IEEE 802.11 (a, b, g) HomeRF Packet Radio 900mhz ISM

Wide Area Networking

2.5-3G cellular Blackberry

36

Rogue Device Threat

Can make your network vulnerable

Even with a secure wireless network

Even if you have no wireless network

Both Access Points and Clients are dangerous

Goal Protect network jacks

Identify unauthorized wireless devices

37

WarChalking

38

Wireless Tools

Types of Monitoring tools

Stumbling

Sniffing
Handheld

Hacking tools
WEP Cracking ARP Spoofing

39

Stumbling Tools
Stumbling tools identify the presence of wireless networks. They look for beacons from access points, and also broadcast client probes and wait for access points to respond.

40

Netstumbler
http://www.netstumbler.com
Free Window based Very simple GUI GPS capable

41

Wellenreiter
http://www.remote-exploit.org
Free Linux based Supports many wireless cards GPS capable

42

Other Stumbling Tools

MacStumbler (MAC)
http://homepage.mac.com/macstumbler/

MiniStumbler (PocketPC)
http://www.netstumbler.com/download.php?op=getit&lid=21

Mognet (JAVA)
http://chocobospore.org/mognet/

BSD-AirTools dstumbler (BSD)

http://www.dachb0den.com/projects/bsd-airtools.html

43

Sniffing Tools
Sniffing tools capture the traffic from a wireless network and can view the data passed across the air.

44

Kismit
http://www.kismetwireless.net
Free Linux based GPS capable

45

AiroPeek
http://www.wildpackets.com/products/airopeek
Must pay for it Windows based Real time packet decoding

46

Other Sniffing Tools

AirTraf (Linux)
http://airtraf.sourceforge.net/index.php

Ethereal (All OSs)

http://www.ethereal.com/

Sniffer Wireless (Windows, PocketPC)

http://www.sniffer.com/products/snifferwireless/default.asp?A=3

BSD-AirTools - Prism2dump (BSD)

http://www.dachb0den.com/projects/bsd-airtools.html

47

Handheld Tools
Handheld tools are more portable and provide wireless network identification and network status monitoring.

48

AirMagnet
http://www.airmagnet.com/
Pocket PC based

49

Waverunner
http://www.flukenetworks.com/us/LAN/Handheld+Testers/Wa veRunner/Overview.html
Linux kernal on iPaq

50

Other Handheld Tools

Kismet (Linux, Sharp Zaurus)

http://www.kismetwireless.net

IBM Wireless Security Auditor (Linux, iPaq)

http://www.research.ibm.com/gsal/wsa/

51

Hacking Tools
Hacking tools are for pointed attacks to gain access to secured wireless networks.

52

WEP Cracking Tools

WEPCrack
http://wepcrack.sourceforge.net/

AirSnort
http://sourceforge.net/projects/airsnort/

BSD-Tools dweputils
http://www.dachb0den.com/projects/dweputils.html

53

ARP Spoofing MitM Tools

libradiate
http://www.packetfactory.net/projects/radiate/

ettercap
http://ettercap.sourceforge.net

dsniff
http://naughty.monkey.org/~dugsong/dsniff/

AirJack
http://802.11ninja.net

54

Wireless Security Monitoring

Need For Wireless Security Monitoring

To protect the Wired network from Wireless Technology:

To Identify and locate wireless devices within the organization Provide method of response

56

Effective Wireless Security Monitoring

Complete area coverage 24/7 monitoring

Remote distributed sensors

Central data aggregation and analysis Integration into enterprise network management Scalability

57

Wireless Monitoring Product Types

Products that Scan Wired Network for Access Points

ISS Internet Scanner

http://www.iss.net

Foundstone Foundscan
http://www.foundstone.com

Qualys
http://www.qualys.com

Nmap
http://www.insecure.org/nmap/

59

Wireless Clients (laptop or PDA) walked around facility

Netstumbler
http://www.netstumbler.com

Kismet
http://www.kismetwireless.net

Wellenreiter
http://www.remote-exploit.org

Air Magnet
http://www.airmagnet.com/

60

Enterprise Wireless Monitoring Solutions

Air Defense
http://www.airdefense.net/

IBM Distributed Wireless Security Auditor

http://www.research.ibm.com/gsal/dwsa/

Isomair
http://www.isomair.com/

NETSEC Wireless Security Monitoring Service

http://www.netsec.net/

61

Wireless Security Answer

Wireless can be Secure

Apply all security features of products Require Authentication and Authorization and Encryption Use the same well known network security solutions as wired networks including:
Network segmentation

Use of personal firewalls

Well defined, trainable, and enforceable security policy

Perform Wireless Security Monitoring

63

My Favorite Wireless URLs

Wireless Security Links

http://bengross.com/wireless.html
http://www.wirelessanarchy.com/

Wireless Industry News

http://www.80211-planet.com/

Wireless Blogs
http://www.wardriving.com/ http://80211b.weblogger.com/

Mailing Lists
wireless-subscribe@kismetwireless.net
64

Limitation of Wireless Networks

Availability Environmental Adding

Devices

Availability

Wireless becoming more and more available as time passes Wireless data networks are growing at roughly the same rate as cellular telephone networks with comparable coverage Does not rely on laying cables for connectivity Network cannot be accessed in situations where RF signals have interference Largely inaccessible in rural areas

66

Environmental

Weather
Rain, lightening affect RF signals Solar flares

RF interference from ambient sources or other RF devices

Microwave towers Radio towers

Electromagnetic interference
Generators Power plants

67

Adding Devices

Extending range requires additional WAPs Not always a viable option Possible conflicts between 802.11b and 802.11g cause significant speed decrease in network Opens network up to more attacks Non-conflicting SSIDs (Service Set Identifiers)
SSIDs are numbers that identify wireless devices on a network. When SSIDs are not set dynamically

68

Security Issues

Wired

vs. Wireless and Cracking of Attacks

Hacking Types Open

Networks

Wired vs. Wireless

Wired networks offer more and better security options than wireless More thoroughly established standards with wired networks Wireless networks are much more equipment dependent than wired networks Easier to implement security policies on wired networks

70

Hacking and Cracking

Wired networks less susceptible to hackers/crackers RF signals allow for more unauthorized attempts Ubiquitous wireless networking devices allow access Hacking
Gaining unauthorized access to networks/devices by algorithms or penetration programs

Cracking
Extending the use of devices past original intentions

71

Common Hacking & Cracking Techniques and Devices

Referred to as Wardrivers or Warchalkers Use PDAs, laptops, scanners, tablets or any WiFi enabled devices Underground networks list and update open networks that are waiting to be exploited Attack weak keys or sniff messages going over the network to determine SSID range

72

Types of Attacks

Man in the Middle Attacks

Attacker intercepts identification information of the sending and receiving parties. Substitutes own key in both situations Gives access to all information passed between parties

Denial of Service or Distributed Denial of Service

TCP SYN ACK Flood or Buffer Overrun Typical DoS Illicit servers used to set up zombie machines for a DDoS

Social Engineering

Most prevalent form of network attacks

Hardest to defend against because it involves human nature

73

Types of Attacks (cont.)

Weak key attacks

Involve algorithms in RC4 hashing algorithm and WEP (Wired Equivalent Privacy) Both implementations use easily broken algorithms WEP has been broken in under 2 hours

Dictionary attacks
Attackers use pre-populated list of frequently used passwords and regular words

Birthday attacks
A complicated algorithmic attack

74

Open Networks

Most often associated with home networks Networks are the target of hackers that wardrive. Result of wireless networks that are either unsecured entirely or are using weak WEP keys Effects can be devastating

75

Mitigating Risks on a Wireless Network

or

How I learned to love WLANS and stop fearing the Wardrivers

Wireless Networks

Ensure all unused ports are closed

Any open ports must be justified Pessimistic network view

Enforce the rule of least access Ensure SSIDs are changed regularly Ensure insurance and authentication standards created and enforced

77

Encryption and Data Insurance

USE STRONG ENCRYPTION!!

SHA-1 (Secure Hashing Algorithm)

End to End Encryption

Initiate encryption at user and end at server that is behind the firewall, outside the DMZ

Treat WLANs as untrusted networks that must operate inside the DMZ

Access trusted network via VPN and two-factor authentication

Increase application security
Possibly through use of an enterprise application system Minimally through increased encryption

78

Encryption and Data Insurance

Do not, under any circumstances, allow ad hoc WLANS Embrace and employ the 802.11i IEEE security standard
Native per user access control Native strong authentication (tokens, smartcards and certificates)

Native strong encryption

Best bet for new wireless networks

79

Wireless Future To the future and beyond!! -Buzz Lightyear

IPv4 Moving to IPv6

IPv4 changing to IPv6

US currently using IPv4; consists of four 8 bit fields (255.255.255.255)

When initially created, US received lion share of IP addresses; Europe and Asia left with remainder

IPv6 is the future

Already in use in Asia and Europe

Limited implementation in use

(RFIDs and shipping ports)

New devices currently on market

Netgear Cisco

81

Pros of IPv6

Eliminates the need for SSIDs

Every device will have its own IP address Billions of unique IP addresses

Eliminates the need for NAT (natural address translation)

Can accept a range of IP addresses Minimizes hackers/crackers ability to penetrate networks Increases scalability

82

Cons

Cost of Change Over

Current infrastructure cannot be used unless it is already IPv6 compliant New hardware required

Network Changes
Re-addressing of current IPv4 hardware/clients

Compatibility with existing wireless infrastructure

83

Parting Thoughts

Wireless Networking while great in theory has significant problems that are not easily addressed Upgrades to wireless technology that are on the horizon make changing over/integrating far less attractive

84