wireless security
DESCRIPTION
Rudi van Drunen Presentation on wireless security NLUUG vj 08. Courtesy of www.competa.comTRANSCRIPT
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
3
Me
• Rudi van Drunen
• Senior Consultant & CTO Competa IT
• Design, Deliver and Maintain Complex IT Infrastructure
• CTO XlexiT Technology B.V.
• Wireless / Embedded / Networking
• Tech Guru Wireless Leiden
• Largest wireless community network in NL
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
4
This Talk
• Attacks
• What to do about it, Applied to wireless
• RF level
• Protocol level
• Encryption
• Authentication
• Application level
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Hierarchy
5
Attacks
Passive Active
Traffic analysis
EavesdroppingReplay
Masquerade
MessageModification
Denialof Service
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Passive
• Eavesdropping
• Need signal
• Decrypt if needed
• Traffic Analysis
• Get data from signal and traffic
6
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Active (1)
• Denial of Service
• Radio Level (microwave method)
• Flooding AP with packets
• Disconnect messages
7
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Active (2)
• Replay
• Listen to the traffic, get SSID, MAC
• replay and associate, masquerade
• Message modification
• Rogue Accesspoint
8
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
802.11 alphabet soup
• 802.11a 5 GHz WLAN
• 802.11b 2.4 GHz WLAN
• 802.11c Bridging between APs
• 802.11d Global frequency harmonization
• 802.11e MAC level enhancements for QoS
• 802.11f Inter Access Point Protocol for Roaming
• 802.11g High Rate 2.4 GHz WLAN
• 802.11h ETSI requirements of Dynamic Frequency Selection and Transmitter Power Control
• 802.11i Security Enhancements
• 802.11n Super Fast WLAN (mimo)
9
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Wireless
• RF Level ...
• cf. ethernet level.....
10
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Antennae
12
Omnidirectional Directional
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Site Survey
14
- Outside-in- Use Antennas (remember:Leaky building)- Check RF interference
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Protocol Level
15
• Encryption
• WEP, WPA, WPA2
• Key management
• Authorization - Authentication
• 802.1x, RADIUS
• EAP Methods
• Cooking it up: WPA2 with EAP-TLS
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Next please ...
• 802.11i
• WPA
• Transient Security Network (TSN)
• TSN = TKIP + WPA(1) + Radius
• Temporal keys, Message Integrity Check
• WPA2
• Robust Security Network (RSN)
• RSN = CCMP + WPA(2) + Radius
17
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
WPA
• 802.11i framework
• Try to fix the flaws introduced in WEP
• TKIP, MIC, tsc
• Keep backwards compatible
• (HW level (should be firmware update))
• Add authentication layer (802.1x)
18
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Key managment
21
• Pairwise Keys
• Between EACH client and AP different pair
• Computed / Distributed @association time
• Unicast
• Group Keys
• Same key between AP and every client
• Broadcast (and multicast)
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Key Hierachy
• Pairwise master key (PMK)
• From Auth server (or pre-shared)
• Generated during authentication (tls/ssl)
• WPA: Radius server sends PMK to AP
• From PMK AP derives Temporal keys
• Pairwise Transient Keys
• Data Encryption ,Integrity keys ; EAPOL keys
• These keys are used in encryption engines
22
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Authentication
• 802.1x
• Not part of 802.11 suite
• Can also be used on wired networks.
23
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Authentication: Radius
• Component in 802.1x
• Other Applications in Wireless
• MAC Address authentication
• NOT SECURE !
• Captive Portal
• nocat, m0n0wall (www.m0n0.ch/wall)
24
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Cooking it up
• EAP-TLS enterprise in time
• Authentication mechanism
• Key distribution mechanism
• Other fun things wpa
• WPA @home
26
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Fun things WPA
29
• Key caching • Returning authenticated client
• send (PM)Key name in associate request
• AP start 4-way handshake
• AP verifies PMKey
• Pre-authentication
• Makes Roaming seamless and faster
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
WPA@home
• No Radius server
• Primary Master Key as Shared Secret
• Key generation from password (rfc 2898)
• good passwords: https://www.grc.com/passwords
• AP and Client have same PMK
• 4 way handshake between AP - Client
• Client / AP derive temporal keys for encryption
30
© 2008 [email protected]
<X
le
xi
T>
Wireless security
Slidever. 1.3
Application Level
• VPN (ipsec, OpenVPN)
• Some Setup required
• SSL connections
• You thought everything did ssl, right ?!
• Captive portals
• Hotspot model
32