802.11 Insecurities
Download
Report
Transcript 802.11 Insecurities
Wireless News
'BlueBag' PC sniffs out
Bluetooth flaws
• In just under 23 hours of
travel, BlueBag was able
to spot more 1,400
devices with which it
could have connected
• If you happened to fly
through Milan's Malpensa
Airport last March, your
mobile phone may have
been scanned by the
BlueBag.
Wireless News
Next generation wireless is new, nifty, but
not yet standard
• The good news is that there's a new
generation of wireless networking products on
the horizon, products that feature about four
times as much coverage and more than 10
times faster access than traditional WiFi
networks.
• The bad news is that this new-and-improved
wireless standard doesn't actually exist yet,
even though there's no shortage of retailers
who are more than willing to sell it to you right
now.
Wireless News
A team of researchers
from Research Triangle
Institute successfully
tested a paint-on
antenna for highaltitude airships on
June 21, in the Nevada
desert.
Misbehaving with WiFi
Chapter Eight
Wireless LAN Security and
Vulnerabilities
Topics
Snake oil access control
MAC layers lacks per frame authentication
The spoofing problems which result
802.1X issues related to spoofing
WEP (dead horse, I’ll discuss it briefly)
Attacks against these schemes
Recommendations
Wireless tools you can mess with
WEP Crack Demo
Terminology
SSID – Service Set ID
• A text string used to identify sets of APs
Spoofing
• Illegitimate generation of network traffic
Fake packets all together
Insert traffic into a stream
WEP – Wired Equivalent Privacy
• Broken 802.11 encryption scheme
• Should be “What on Earth does this Protect?”
Terminology (continued)
Access point
• Device serving as wireless-to-wired bridge
Association request
• Wireless stations ‘associate’ with an AP
• Follows rudimentary authentication procedure
Per Frame Authentication
• Every Frame authenticity information
• Should be used with initial auth. exchange
Terminology (continued)
Snake oil is a Traditional Chinese
medicine used for joint pain. However, the
most common usage is as a derogatory
term for medicines to imply that they are
fake, fraudulent, and usually ineffective.
The expression is also applied
metaphorically to any product with
exaggerated marketing but questionable
or unverifiable quality.
(borrowed from Wikipedia)
Ted’s Hacker
TED’S HACKER
Auth. in the 802.11 MAC Layer
Two types
• Open System
No authentication
Gratuitous access
• Shared Key
Uses WEP – broken scheme
Key distribution and usage issues
No per frame auth.
• frame spoofing is easy
• If a authentication scheme is to be effective, it needs to be
per frame
No AP auth. – allows impersonation of APs
MAC layer does leave room for other auth. schemes
• None presently implemented
• New schemes which conform to standard still can’t be per
frame
• Per frame authentication
Other Forms of Access Control
SSID hiding (complete snake oil)
• SSID often beaconed by APs
• APs can be configured to stop beaconing
MAC address filtering (snake oil)
• DHCP servers
• AP ACLs
802.1X (spoofing issues)
• Takes places following MAC layer auth. and assoc. to AP
• Controls access only to world beyond AP via EAP
• Does allow for more robust authentication (Kerberos,
others)
• Doesn’t solve per packet auth. problem
• No clients for all OS’s which all use the same auth. scheme
WEP, the “Sweet & Low” of 802.11
Passive listening
• Numerous documented attacks
• Attacks widely implemented
• Key can be recovered at worst in a few hours of passive
listening
Only encrypts data frames
• Management, control frames sent in the clear
• We can still spoof these frame types without a key
Key management issues
• If key changes all devices must change it at the very same
time, so short key periods won’t help much
• Employee leaves with key in hand
• Basically Broken
Sniffing the SSID - easy
Mischievous
Station
Running
NetStumble
r or similar
Regular User Station
being innocent
Sniff,
sniff,
sniff…
AP w/ SSID ‘Paris’
Assoc. Request
(…, SSID ‘Paris’, …)
Beating MAC Address Filters - easy
Sniff legitimate MAC Addresses
Wait for a station to leave
Set your MAC to a legitimate address
• linux# ifconfig wlan0 hwaddr 00:00:de:ad:be:ef
• openbsd# wicontrol wi0 –m b5:db:5d:b5:db:5d
You can now authenticate and associate
MAC filtered by DHCP server?
• Sniff addresses and set your IP statically
Cracking WEP – easy, time consuming
Mischievous
Station
Running
AirSnort or
similar
Regular User Station
being innocent
WEP encrypted Data
Frames
(A1%h8#/?e$! ...)
Sniff,
sniff…
CRACK
!
Access Point
Back to the Spoofing
Spoofing allows lots of naughty behavior
• Station disassociation DoS
Disrupt wireless station’s access
• Access point saturation DoS
MAC level limit the number of associated stations to ~2000
Implementation limits set lower to prevent congestion
Prevent new stations from authenticating to an AP
• Hijacking of legitimately authenticated sessions
• Man in the middle attacks
Old ARP cache poisoning, DNS spoofing affect 802.11 too
Impersonate AP to a client, tamper with traffic, pass it
along
Tools for Spoofing Frames
challenging, getting easier
Libradiate makes it easy
• No longer supported
AirSnarf
• mimics a legitimate access point
DoS Tools (disassoc, AP saturate, etc)
THC-RUT
• combines detection, spoofing, masking, and
cracking into the same tool
Hotspotter
• deauthenticate frame sent to a MS Windows XP
user’s computer that would cause the victim’s
wireless connection to be switched to a nonpreferred connection, AKA a rouge AP.
Disassociating a Wireless Station –
easy after implementation!
Mischievous
Station
running dis2
Regular User Station
being innocent
Sniff,
sniff…
DISASSOC
!
Disassociate Frame
(SANTA’S MAC, AP BSSID,
DISASSOC, …)
General Wireless Traffic
(MGMT, CRTL, DATA)
Access Point
Session Hijacking
MITM (Man-In –The-Middle)
The wireless advantage: easy access to medium!
Hijacking a wireless session
• Known network/transport layer attacks – easy w/
implementations
• MAC level hijacking
• Simple combination of disassociation and MAC spoofing
• Can beat 802.1X, if hijacking after EAP Success received by
station
MITM
• SSH, SSL – easy w/ sshmitm, webmitm (dsniff package)
ARP Poisoning, DNS redirect still work (may need retooling for 802.11
MAC)
Same issues that go along with these attacks on wired medium exist
here
• AP impersonate MITM – doable, challenging
• Could be detectable
Main Points
Wireless medium is an inherently
insecure
The 802.11 MAC poorly compensates
MAC layer needs stronger
authentication
Per packet auth. could solve many
issues
802.1X exchange comes too late
Spoofing attacks will become public
Recommendations
The first rule is…
• Secure your network protocols
• SECURE NETWORK PROTOCOLS
• SECURE NETWORK PROTOCOLS
wireless only makes attacks easier
Snake oil can provide hurdles for the
casual
Treat wireless the way you treat remote
traffic
High security environments: no wireless
allowed
Wireless Tools for your Tinkering
Windows
• Netstumbler – find APs and their SSIDs
• Airopeek – wireless frame sniffer
Linux
• Airsnort (and other WEP tools)
• Airtraf (Netstumbler-like)
• Kismet (Netstumbler-like, WEP capture, other
stuff)
WEP Cracking Demo
Cracking WEP in 10 Minutes
http://www.hackingdefined.com/mov
ies/see-sec-wepcrack.zip
This is a demo from a distro called
Woppix which later became
BackTrack
Wireless Security
“The nice thing about standards is that
there are so many to choose from.”
- Andrew S. Tannenbaum
Wireless Security –
Obviously Many Don’t Bother
Wireless Security Problems
Common Techniques to Compromise
Wireless Data Networks:
• Rogue Access Point Insertion
• Traffic Sniffing
• Traffic Data Insertion
• ARP-Snooping (via “Dsniff”) – trick
wired network to pass data over
wireless
Approximate Wireless Ranges
802.11b/g Wireless Radio
Channels (USA)
Note: Only using channels 1, 6, and 11 incur the least
amount of adjacent radio channel interference.
Security Overview
Authentication
Determines:
• If you are who you say you are
• If (and What) access rights are granted
Examples are:
• “Smart Card” - SecureId® Server/Cards
• S/Key – One time password
• Digital Certificates
Examples of “Smart Cards”
http://www.rsasecurity.com
Wireless Security Overview
Data Encryption
• WEP – Wired Equivalent Privacy (No Authentication)
• WPA – WiFi Protected Access
Note: Due to computational overhead, almost all data
encryption techniques impose an Access Point
performance / throughput penalty.
Average Throughput Reduction Example – (Relative to No
[email protected] w/Linksys WRT54gs):
WPA-PSK w/AES (29.005Mbps)
= ~14.8% slower
WPA-PSK w/TKIP (28.464Mbps)
= ~16.4% slower
WEP-128 (22.265Mbps)
= ~34.6% slower
http://www.tomsnetworking.com/Reviews/images/scrnshots/linksys_wrt54gs_security.png
WEP
(Wired Equivalent Privacy)
RC4 (Rivest Cipher 4 / Ron’s Code 4) Encryption
Algorithm <http://www.cebrasoft.co.uk/encryption/rc4.htm>
Shared (but static) secret 64 or 128-bit key to
encrypt and decrypt the data
• 24-bit ‘initialization vector’ (semi-random) leaving only
40 or 104 bits as the ‘real key’
WEP Key Cracking Software
• WEPCrack / AirSnort / Aircrack (as well as others)
• Cracking Time: 64-bit key = 2 seconds
128-bit key = ~ 3-10 minutes
www.netcraftsmen.net/welcher/papers/wlansec01.html and
www.tomsnetworking.com/Sections-article111-page4.php
WEP Attack Approaches
Traffic (Packet) Collection Techniques
• High Traffic Access Points (APs)
Simple/passive traffic sniffing / capture
• Low Traffic Access Points
Have client ‘deauth’ to disassociate from the
AP
• (Forces traffic when AP re-associates to the AP)
Replay captured ‘arp’ requests to the AP
Sniff / capture resulting packets for analysis
WPA and WPA2
(WiFi Protected Access)
Created by the Wi-Fi Alliance industry
group due to excessive delays in 802.11i
approval
WPA and WPA2 designed to be backward
compatible with WEP
Closely mirrors the official IEEE 802.11i
standards but with EAP (Extensible
Authentication Protocol)
Contains both authentication and
encryption components
Wireless Authentication
802.11i
• EAP – Extensible Authentication Protocol
PEAP (Protected EAP) = EAP + RADIUS
Server
Currently ~40 different EAP authentication methods
RADIUS = Remote Authentication Dial-In User Service
Kerberos
• Provided as Part of Win2K+ UNIX Server
Platforms
IPSec (IP Security) / VPN’s
• End-to-End Encryption
RADIUS Authentication
Remote User
• Desktop / Client
NAS Client
(Network Access
Server)
• Access desired to
this Client/Server
AAA (RADIUS)
Server
• Authentication,
Authorization, and
Accounting
http://www.wi-fiplanet.com/img/tutorial-radius-fig1.gif
Kerberos (a.k.a. “Fluffy”)
End-to-End Authentication
Kerberos is a widely used authentication server in an open
environment.
Kerberos tickets have a limited life – generally configured to be 8
Kerberos
hours.
Request a ticket for TGS
Authentication
Ticket for TGS
Server (AS)
Client
User
Request a ticket for Service
secret keys
Ticket-granting
Server (TGS)
Ticket for Service
Request Service
Service
http://www.cs.dartmouth.edu/~minami/Presentations/security.ppt
The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades.
http://www.faqs.org/faqs/kerberos-faq/general/section-4.html
WPA / WPA2 Encryption
WPA
• Mandates TKIP (Temporal Key Integrity Protocol)
Scheduled Shared Key Change
(i.e.; every 10,000 data packets)
• Optionally specifies AES (Advanced Encryption
Standard) capability
WPA will essentially fall back to WEP-level
security if even a single device on a network
cannot use WPA
WPA2
Mandates both TKIP and AES capability
WPA / WPA2 networks will drop any altered packet
or shut down for 30 seconds whenever a message
alteration attack is detected.
WPA / WPA2 (Cont’d)
WPA
SOHO / Personal
WPA
Enterprise
WPA2
SOHO /Personal
WPA2
Enterprise
Authentication
Method
Encryption
Method
Pre-Shared Key
Temporal Key
Integrity Protocol
802.1X / Extensible
Authentication
Protocol
Temporal Key
Integrity Protocol
Pre-Shared Key
Advanced Encryption
Standard
802.1X / Extensible
Authentication
Protocol
Advanced Encryption
Standard
WPA / WPA2 (Cont’d)
Personal Pre-shared Key
• User–entered 8 – 63 ASCII Character
Passphrass Produces a 256-bit Pre-Shared Key
• To minimize/prevent key cracking, use a
minimum of 21 characters for the passphase
• Key Generation
passphrase, SSID, and the SSIDlength is hashed
4096 times to generate a value of 256 bits
WPA Key Cracking Software
• coWPAtty / WPA Cracker (as well as others)
WPA Authentication
(Before Extended EAP-May 2005)
Personal Mode = Pre-Shared Key
Enterprise Mode = EAP-TLS
• (Transport Layer Security)
WPA / WPA2 Authentication
(Since Extended EAP-May 2005)
Now Five WPA / WPA2 Enterprise
Standards
1. EAP-TLS
a. Original EAP Protocol
b. Among most secure but seldom
implemented as it needs a Clientside certificate ie; smartcard
(SecurId Key Fob
http://www.securid.com/)
WPA / WPA2 Authentication
(Since Extended EAP-May 2005)
2. EAP-TTLS/MSCHAPv2
a. Better than #1, as username and
password not in clear text
(Tunneled Transport Layer Security)
3. PEAPv0/EAP-MSCHAPv2
a. Commonly referred to as “PEAP”
b. Most Widely Supported EAP Standard
WPA / WPA2 Authentication
(Since Extended EAP-May 2005)
4. PEAPv1/EAP-GTC
a. Created by Cisco as alternative to #3.
Cisco’s LEAP or EAP-FAST standard not
frequently used as it can be cracked.
b. This standard is rarely used
5. EAP-SIM
a. Used by GSM mobile telecom industry
with SIM card authentication
Other Security Techniques
The following techniques may provide
marginal additional security, but may also
make network administration tasks more
difficult:
The six dumbest ways to secure a wireless LAN
• MAC Address Filtering
• Disabling SSID Broadcasts
• Disabling Access Point’s DHCP server (so new client addresses
are not automatically issued)
• Cisco LEAP / EAP-FAST
• Use 802.11a / Bluetooth
• Antenna type, placement, direction, and transmitted power
levels - Effective Isotropic Radiated Power (EIRP)
http://www.netstumbler.com/2002/11/13/antenna_to_boost_wireless_security
/
Security Configuration
Recommendations
Enterprise
1. WPA2 – RADIUS / Kerberos
2. WPA2 – Pre-shared Key
3. (Continue With SOHO / Personal Options)
SOHO / Personal
1.
2.
3.
4.
5.
WPA with AES
WPA with TKIP
WEP with 128-bit key
WEP with 64-bit key
No Encryption
Security Configuration
When configuring a wireless router /
access point, always use a ‘wired’
connection!
• (Don’t cut ‘the branch you’re standing on’!)
When changing a configuration option,
always make the change on the
router / access point first, then make
the compatible change on your local
wireless network card / configuration!
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Security Configuration Options
Other Firmware Options
Cisco/Linksys WRT54G/GS wireless
router /access point utilizes some
Open Source (Linux) code.
Cisco released the firmware source
code in July, 2003 – Additional
branches of firmware are now
available.
Sources Of Other Firmware
Sveasoft
• http://www.sveasoft.com/
DD-WRT (I use this)
• http://www.dd-wrt.org
Earthlink
Sputnik
LinksysInfo
WRT54G.net
Other Firmware Options
Support / Provide:
VPN Services
VoIP Services
Configure as a repeater / bridge
A Managed ‘Hot Spot’ with RADIUS Support
Manage bandwidth per protocol
Control traffic shaping
Support IPv6
Boost antenna power
Remotely access router logs
Use router as a low power PC running Linux Applications
Bad firmware flash recovery:
• WRT54G Revival Guide
http://www.wi-fiplanet.com/tutorials/article.php/3562391
Miscellaneous Links
WEP Cracking Article
• http://www.securityfocus.com/infocus/1814
SecureDVD
• http://securedvd.org/screenshots.html