Wireless LAN Security - Northeastern Illinois University

Download Report

Transcript Wireless LAN Security - Northeastern Illinois University 

Wireless LAN Security
Kim W. Tracy
NEIU, University Computing
[email protected]
1
Outline



Threats to LANs & Wireless LANs
Wireless LAN Security Techniques
Summary
2
Fundamental Premise


Security cannot be considered in
isolation and to be effective must
consider the entire system
That is, network and LAN security must
be:

Consistent with other security mechanisms


E.g. application, data, hardware, and physical
Supportive of other security mechanisms
3
Threats
4
LAN Threats
Protecting Integrity
Protecting Secrecy
Network Traffic
Protecting Availability
5
Specific LAN Threats

Availability



Worms/Virus DoS
Errant applications creating lots of
traffic/malformed traffic
Authentication

Spying devices on LAN


For example, a contractor connecting to LAN
Secrecy

Sniffers being connected to the LAN to collect
passwords, etc.
6
Authentication
7
Current State of LAN
Authentication

Usually none!


If in the building can plug in to the LAN
Can cause severe problems:


Using LAN for illegal purposes
(company/person may be liable)
Can more easily compromise servers


For example, send spam from your mail servers
Wireless LANs are bringing issue out
8
Authentication services

802.1X – IEEE standard for LAN
authentication


Kerberos (closed environment)




Can use PKI certificate-based authentication
Single login (once per session)
To multiple servers/domains
‘Ticket’ for each server
X.509 (open environment)



Based on public key infrastructure
Used in SSL, IPSEC, S/MIME, SET…
One-way, two-way or three-way authentication
9
Kerberos
10
X.509 Authentication
A
One-way authentication
B
[Ta, Ra, B, EkpubB(Kab) ] sgnA
[Ta, Ra, B, EkpubB(Kab) ] sgnA
Two-way authentication
[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB
[Ta, Ra, B, EkpubB(Kab) ] sgnA
[Tb, Rb, A, Ra, EkpubA(Kab) ] sgnB
Three-way authentication
[Rb] sgnA
11
IEEE 802.1X Terminology
Supplicant
Authenticator
Authentication
Server
Uncontrolled port
Controlled port
802.1X
• created to control access to any 802 LAN
• used as a transport for Extensible Authentication Protocol
(EAP, RFC 2284)
12
802.1X Model
AP
STA
Authentication
Server
Associate
EAP Identity Request
EAP Identity Response
EAP Identity Response
EAP Auth Request
EAP Auth Request
EAP Auth Response
EAP Auth Response
EAP-Success
EAP-Success
Authentication traffic
Port Status:
Normal Data
13
Wireless LAN Security
14
Introduction

802.11 standard specifies the operating
parameters of wireless local area networks
(WLAN)




History: 802.11, b, a, g, i
Minimal security in early versions
Original architecture not well suited for
modern security needs
802.11i attempts to address security issues
with WLANs
15
802.11b

Wired Equivalent Privacy (WEP)

Confidentiality

Encryption



Access Control


40-bit keys (increased to 104-bit by WEP2)
Based on RC4 algorithm
Shared key authentication + Encryption
Data Integrity

Integrity checksum computed for all messages
16
802.11b

Vulnerabilities in WEP

Poorly implemented encryption




Key reuse, small keys, no keyed MIC
Weak authentication
No key management
No interception detection
17
802.11b

Successful attacks on 802.11b






Key recovery - AirSnort
Man-in-the-middle
Denial of service
Authentication forging
Known plaintext
Known ciphertext
18
802.11i

Security Specifications

Improved Encryption





CCMP (AES), TKIP, WRAP
2-way authentication
Key management
Ad-hoc network support
Improved security architecture
19
802.11i Authentication
Source: Cam-Winget, Moore, Stanley and Walker
20
802.11 Encryption
Source: Cam-Winget, Moore, Stanley and Walker
21
802.11i – Potential Weaknesses

Hardware requirements

Hardware upgrade needed for AES support



Authentication server needed for 2-way
authentication
Complexity


Strength of TKIP and Wrap questionable in the long term
The more complex a system is, the more likely it
may contain an undetected backdoor
Patchwork nature of “fixing” 802.11b
22
No Control over WLAN?


Often you want to connect to a wireless LAN
over which you have no control
Options:


If you can, connect securely (WPA2, 802.11i, etc.)
If unsecured, connect to your secure systems
securely:




VPN – Virtual Private Network
SSL connections to secure systems
Be careful not to expose passwords
Watch for direct attacks on untrusted networks
23
WLAN Security - Going Forward




802.11i appears to be a significant improvement
over 802.11b from a security standpoint
Vendors are nervous about implementing 802.11i
protocols due to how quickly WEP was
compromised after its release
Only time will tell how effective 802.11i actually
will be
Wireless networks will not be completely secure
until the standards that specify them are
designed from the beginning with security in mind
24
Summary


Wireless LAN Security is not
independent of the greater network
security and system security
Threats to the Wireless LAN are largely
in terms of being available and in
providing a means to attack systems on
the network

That is, not many folks attack routers (yet)
25
References


ftp://ftp.prenhall.com/pub/esm/web_marketing
/ptr/pfleeger/ch07.pdf - Charles & Shari
Pfleeger’s chapter on network security
http://www.gocsi.com/forms/fbi/pdf.jhtml - To
request the Computer Security Institute/FBI
yearly survey results (widely referenced)
26