Transcript WLAN and IEEE 802.11 Security

WLAN and IEEE 802.11 Security
Agenda

Intro to WLAN

Security mechanisms in IEEE 802.11

Attacks on 802.11

Summary

Workgroup Task
Fundamental Premise

Security cannot be considered in isolation and to be effective
must consider the entire system

That is, network and LAN security must be:
– Consistent with other security mechanisms

E.g. application, data, hardware, and physical
– Supportive of other security mechanisms
Wireless LAN Technologies

WLAN technologies are becoming increasingly popular, and promise to be
the platform for many future applications:
– Home Entertainment Networking

Example WLAN/WPAN Technologies:
– IEEE 802.11
– Bluetooth
IEEE 802.11 Wireless Networks

Speeds of upto 54 Mb/s

Operating Range: 10-100m indoors, 300m outdoors

Power Output Limited to 1 Watt in U.S.

Frequency Hopping (FHSS), Direct Sequence
& Infrared (IrDA)
(– Networks are NOT compatible with each other)

Uses unlicensed 2.4/5 GHz band (2.402-2.480 ,5 GHz)

Provide wireless Ethernet for wired networks
WLAN Components
More about WLAN
Modes of Operation

Ad Hoc mode (Independent Basic Service Set - IBSS)

Infrastructure mode (Basic Service Set - BSS)
Ad-Hoc mode
Client B
Client A
Client C
Laptop users wishing to share files could set up an ad-hoc network using
802.11 compatible NICs and share files without need for external media.
Infrastructure mode
In this mode the clients communicate via a central station called Access Point
(AP) which acts as an ethernet bridge and forwards the communication onto
the appropriate network, either the wired or the wireless network.
Client A
Client B
Access point
WLAN Security – Problem !!
There is no physical link between the nodes of a wireless network, the nodes
transmit over the air and hence anyone within the radio range can eavesdrop
on the communication. So conventional security measures that apply to a
wired network do not work in this case.
Internal network
protected
Wireless
Access Point
Valid User Access Only
Wireless Security of 802.11

The IEEE 802.11 specification identified several services to provide a secure
operating environment. The security services are provided largely by the
Wired Equivalent Privacy (WEP) protocol to protect link-level data during
wireless transmission between clients and access points.

WEP does not provide end-to-end security, but only for the wireless portion
of the connection
Basic security services defined by IEEE

The three basic security services defined by IEEE for the WLAN
environment are as follows:

Authentication—A primary goal of WEP was to provide a security service
to verify the identity of communicating client stations. This provides access
control to the network by denying access to client stations that cannot
authenticate properly. This service addresses the question, “Are only
authorized persons allowed to gain access to my network?”

Confidentiality—Confidentiality, or privacy, was a second goal of WEP. It
was developed to provide “privacy achieved by a wired network.” The intent
was to prevent information compromise from casual eavesdropping (passive
attack). This service, in general, addresses the question, “Are only authorized
persons allowed to view my data?”

Integrity—Another goal of WEP was a security service developed to ensure
that messages are not modified in transit between the wireless clients and the
access point in an active attack. This service addresses the question, “Is the
data coming into or exiting the network trustworthy—has it been tampered
with?”
Authentication

The IEEE 802.11 specification defines two means to “validate” wireless
users attempting to gain access to a wired network: open-system
authentication and shared-key authentication.

One means, shared-key authentication, is based on Cryptography, and the other is not.
The open-system authentication technique is not truly authentication; the access point
accepts the mobile station without verifying the identity of the station. It should be
noted also that the authentication is only one-way: only the mobile station is
authenticated. The mobile station must trust that it is communicating to a real AP.
Privacy

The 802.11 standard supports privacy (confidentiality) through the use of
cryptographic techniques for the wireless interface. The WEP cryptographic
technique for confidentiality also uses the RC4 symmetric key, stream cipher
algorithm to generate a pseudo-random data sequence.
Integrity

The IEEE 802.11 specification also outlines a means to provide data integrity for
messages transmitted between wireless clients and access points. This security service
was designed to reject any messages that had been changed by an active adversary “in
the middle.” This technique uses a simple encrypted Cyclic Redundancy Check
(CRC) approach.
IEEE 802.11 Basic Security Mechanisms

Service Set Identifier (SSID)

MAC Address filtering

Wired Equivalent Privacy (WEP) protocol

WPA – Wifi Protected Access
802.11 products are shipped by the vendors with all security
mechanisms disabled !!
Security Threats

Network security attacks are typically divided into passive and
active attacks. These two broad classes are then subdivided into
other types of attacks.
Passive Attack

Passive Attack—An attack in which an unauthorized party gains access to
an asset and does not modify its content (i.e., eavesdropping). Passive attacks
can be either eavesdropping or traffic analysis (sometimes called traffic flow
analysis). These two passive attacks are described below.

Eavesdropping—The attacker monitors transmissions for message content.
An example of this attack is a person listening into the transmissions on a
LAN between two workstations or tuning into transmissions between a
wireless handset and a base station.

Traffic analysis—The attacker, in a more subtle way, gains intelligence by
monitoring the transmissions for patterns of communication. A considerable
amount of information is contained in the flow of messages between
communicating parties.
Active Attack

Active Attack—An attack whereby an unauthorized party makes
modifications to a message, data stream, or file. It is possible to detect this
type of attack but it may not be preventable. Active attacks may take the form
of one of four types (or combination thereof): masquerading, replay, message
modification, and denial-of-service (DoS).

Masquerading—The attacker impersonates an authorized user and thereby
gains certain unauthorized privileges.

Replay—The attacker monitors transmissions (passive attack) and
retransmits messages as the legitimate user.

Message modification—The attacker alters a legitimate message by
deleting, adding to, changing, or reordering it.

Denial-of-service—The attacker prevents or prohibits the normal use or
management of communications facilities.
Technical Countermeasures

Technical countermeasures involve the use of hardware and
software solutions to help secure the wireless environment.

Software countermeasures include proper AP configurations
(i.e., the operational and security settings on an AP), software
patches and upgrades, authentication, intrusion detection
systems (IDS), and encryption.

Hardware solutions include smart cards, VPNs, public key
infrastructure (PKI), and biometrics. It should be noted that
hardware solutions, which generally have software components,
are listed simply as hardware solutions.
Service Set Identifier (SSID) and their limits!


Limits access by identifying the service area covered by the
access points.
AP periodically broadcasts SSID in a beacon.

End station listens to these broadcasts and chooses an AP to
associate with based upon its SSID.

Use of SSID – weak form of security as beacon management
frames on 802.11 WLAN are always sent in the clear.

A hacker can use analysis tools (eg. AirMagnet, Netstumbler,
AiroPeek) to identify SSID.

Some vendors use default SSIDs which are pretty well known
(eg. CISCO uses tsunami)
MAC Address Filtering
The system administrator can specify a list of MAC addresses
that can communicate through an access point.
Advantage :

Provides a little stronger security than SSID
Disadvantages :

Increases Administrative overhead

Reduces Scalability

Determined hackers can still break it
Wired Equivalent Privacy (WEP)

Designed to provide confidentiality to a wireless network similar to that of
standard LANs.

WEP is essentially the RC4 symmetric key cryptographic algorithm (same
key for encrypting and decrypting).

Transmitting station concatenates 40 bit key with a 24 bit Initialization Vector
(IV) to produce pseudorandom key stream.

Plaintext is XORed with the pseudorandom key stream to produce ciphertext.

Ciphertext is concatenated with IV and transmitted over the Wireless
Medium.

Receiving station reads the IV, concatenates it with the secret key to produce
local copy of the pseudorandom key stream.

Received ciphertext is XORed with the key stream generated to get back the
plaintext.
WEP has its cost!
WEP – vulnerability to attack

WEP has been broken! Walker (Oct 2000), Borisov et. al. (Jan 2001),
Fluhrer-Mantin -Shamir (Aug 2001).

Unsafe at any key size : Testing reveals WEP encapsulation remains
insecure whether its key length is 1 bit or 1000 or any other size.

More about this at:
http://grouper.ieee.org/groups/802/11/Documents/DocumentHolder/0362.zip
WEP Overview

WEP relies on a shared key K between communicating parties
1.
Checksum: For a message M, we calculate c(M). The plaintext is
P={M,c(M)}
2.
Encryption: The plaintext is encrypted using RC4. RC4 requires an
initialization vector (IV) v, and the key K. Output is a stream of bits
called the keystream. Encryption is XOR with P.
C  P  RC 4 ( v , K )
3.
Transmission: The IV and the ciphertext C are transmitted.
Message
CRC
RC4(v,K)
v
Ciphertext
Transmit
Encrypted WEP frame
Wireless Network Security
RC4 keystream XORed with
plaintext
Wireless Network Security
Encryption Process
Wireless Network Security
Decryption Process
Wireless Network Security
WEP Authentication
Wireless Network Security
WEP Security Goals

WEP had three main security goals:
– Confidentiality: Prevent eavesdropping
– Access Control: Prevent inappropriate use of 802.11 network, such
as facilitate dropping of not-authorized packets
– Data Integrity: Ensure that messages are not altered or tampered
with in transit

The basic WEP standard uses a 40-bit key (with 24bit IV)

Additionally, many implementations allow for 104-bit key (with
24bit IV)

None of the three goals are provided in WEP due to serious
security design flaws and the fact that it is easy to eavesdrop on
WLAN
WEP vulnerabilities
1. The Initialization Vector (IV) is Too Small
2. The Integrity Check Value (ICV) algorithm is
not appropriate
3. WEP’s use of RC4 is weak
4. Authentication Messages can be easily forged
Wireless Network Security
Attacks on WEP
WEP encrypted networks can be cracked in 10 minutes
Goal is to collect enough IVs to be able to crack the key
IV = Initialization Vector, plaintext appended to the key to
avoid Repetition
Injecting packets generates IVs
Wireless Network Security
Attacks on WEP

Backtrack 5 (Released 1st March 2012)

Tutorial is available

All required tools on a Linux
bootable CD + laptop +
wireless card
Wireless Network Security
WEP cracking example
Wireless Network Security
WPA - WI-FI Protected Access

New technique in 2002

replacement of security flaws of WEP.

Improved data encryption

Strong user authentication

Because of many attacks related to static key,
WPA minimize shared secret key in accordance
with the frame transmission.

Use the RC4 algorithm in a proper way and
provide fast transfer of the data before someone
can decrypt the data.
Wireless Network Security
WPA

Data is encrypted using the RC4 stream cipher,
with a 128-bit key and a 48-bit initialization vector
(IV).

One major improvement in WPA over WEP is the
Temporal Key Integrity Protocol (TKIP), which
dynamically changes keys as the system is used.

When combined with the much larger IV, this
defeats the well-known key recovery attacks on
WEP.

WPA also provides vastly improved payload
integrity.
Wireless Network Security
WPA

A more secure message authentication code
(usually known as a MAC, but here termed a MIC
for "Message Integrity Code") is used in WPA, an
algorithm named "Michael".

The MIC used in WPA includes a frame counter,
which prevents replay attacks being executed.

The Michael algorithm is a strong algorithm that
would still work with most older network cards.

WPA includes a special countermeasure
mechanism that detects an attempt to break TKIP
and temporarily blocks communications with the
attacker.
Wireless Network Security
WPA Schema
WPA
Wireless Network Security
How WPA Addresses the WEP
Vulnerabilities

WPA wraps RC4 cipher engine in four new algorithms
1. Extended 48-bit IV and IV Sequencing Rules


248 is a large number! More than 500 trillion
Sequencing rules specify how IVs are selected and
verified
2. A Message Integrity Code (MIC) called Michael


Designed for deployed hardware
Requires use of active countermeasures
3. Key Derivation and Distribution

Initial random number exchanges defeat man-in-themiddle attacks
4. Temporal Key Integrity Protocol generates perpacket keys
Wireless Network Security
WPA2 - WI-FI Protected Access 2

Based on the IEEE 802.i standard

2 versions: Personal & Enterprise

The primary enhancement over WPA is the use of the AES
(Advanced Encryption Standard) algorithm

The encryption in WPA2 is done by utilizing either AES or
TKIP

The Personal mode uses a PSK (Pre-shared key) & does
not require a separate authentication of users

The enterprise mode requires the users to be separately
authenticated by using the EAP protocol
Wireless Network Security
WPA2

WPA uses AES with a key length of 128 bit to
encrypt the data

The AES uses the Counter-Mode/CBC-MAC Protocol
(CCMP)

The CCMP uses the same key for both encryption
and authentication, but with different initialization
vectors.
Wireless Network Security
WPA2

WPA2 has immunity against many types of hacker
attacks
 Man-in-the middle
 Authentication forging
 Replay
 Key collision
 Weak keys
 Packet forging
 Dictionary attacks
Wireless Network Security
WPA2 weaknesses

Can’t protect against layer session hijacking

Can’t stand in front of the physical layer attacks:
 RF jamming
 Data flooding
 Access points failure

Vulnerable to the Mac addresses spoofing
Wireless Network Security
Am I secure if I use WPA-PSK

WPA-PSK protected networks are vulnerable to dictionary
attacks

Works with WPA & WPA2 (802.11i)

New attack techniques have increased the speed of this attack
– CowPatty 4.6
 Run CowPatty against packets to crack the key
 Needs SSID to crack the WPA-PSK, easily obtainable!
 Also supports WPA2-PSK cracking with the same precomputed tables!

Spoof the Mac address of the AP and tell client to disassociate

Sniff the wireless network for the WPA-PSK handshake (EAPOL)
Wireless Network Security
WPA Cracking Example
Wireless Network Security
WEP vs WPA vs WPA2
WEP
WPA WPA2
ENCRYPTION
RC4
RC4
AES
KEY ROTATION
NONE
Dynamic
Session Keys
Dynamic Session
Keys
KEY
DISTRIBUTION
Manually typed
into each device
Automatic
distribution
available
Automatic
distribution
available
Can use 802.1x
& EAP
Can use 802.1x
& EAP
AUTHENTICATION Uses WEP key as
Authentication
Wireless Network Security
Procedures to improve wireless
security

Use wireless intrusion prevention system (WIPS)

Enable WPA-PSK

Use a good passphrase
(https://grc.com/password)

Use WPA2 where possible

AES is more secure, use TKIP for better
performance

Change your SSID every so often

Wireless network users should use or upgrade
their network to the latest security standard
released
Wireless Network Security
Other Security Problems of 802.11

Easy Access

"Rogue" Access Points

Unauthorized Use of Service

Traffic Analysis and Eavesdropping

Higher Level Attacks
What are the major security risks to 802.11b?

Insertion Attacks (Intrusions!)

Interception and monitoring wireless traffic

Misconfiguration

Jamming

Client to Client Attacks (Intrusions also!)
Packet Sniffing
Jamming (Denial of Service)

Broadcast radio signals at the same frequency as the
wireless Ethernet transmitters - 2.4 GHz

To jam, you just need to broadcast a radio signal at the
same frequency but at a higher power.

Waveform Generators

Microwave
Jamming (Denial of Service)

Originally named wifijammer is a python script to interfere with Wifi access
points and disrupt the network. This can be useful for penetration testing of
your own network or if you suspect that spy wireless cams are around in your
premises.
– python wifijammer.py [-a AP MAC] [-c CHANNEL] [-d] [-i
INTERFACE] [-m MAXIMUM] [-n] [-p PACKETS] [-s SKIP] [t TIME INTERVAL]

There are online shops selling hardware wireless jammers too but they cost
additional dollars, wifijammer is a simple application that anyone with a
laptop and basic Linux knowledge can use.

This kind of applications must be used with caution, you need to be careful
not to interfere with a network that is not yours or risk arrest.

See more at :
– http://www.hacker10.com/computer-security/jam-wifi-signals-usingyour-wireless-card-with-wifijammer/
– https://github.com/DanMcInerney/wifijammer
Replay Attack
Good guy Alice
Good guy Bob
Authorized WEP Communications
Eavesdrop and Record
Bad guy Eve
Play back selections
Measures to strengthen WLAN security
Recommendations
Wireless LAN related Configuration
 Enable WEP, use 128bit key*
 Using the encryption technologies
 Disable SSID Broadcasts
 Change default Access Point Name
 Choose complex admin password
 Apply Filtering
 Use MAC (hardware) address to restrict access
 The Use of 802.1x
 Enable firewall function
Other proposed countermeasures

Adopt personal identification system for physical access control.

Disable file and directory sharing on PCs.

Ensure that sensitive files are password protected and encrypted.

Turn off all unnecessary services on the AP.

If practical, power off the AP(s) when not in use.

If the AP supports logging, turn it on and review the logs regularly.

Secure AP configuration as follows:
– Choose robust password to ensure a higher level of security.
– Use 128-bit encryption.
– Create MAC ACLs and enable checking in APs.
– Change SSID from default setting and suppress its broadcast.
– Change WEP keys from default settings.
– Disable remote SNMP.

Conduct site survey and strategically place wireless APs.

Deploy VPN overlay (gateway and client) with integral firewall.

Establish comprehensive security policies regarding use of
wireless devices.

Deploy personal firewalls and antivirus software on the wireless
clients.

Investigate 802.11 products with best long-term wireless
security strategy and longevity in marketplace.

Select products with SNMPv3 (or other encrypted management
capabilities) on the APs and the integrated firewall-VPN device.
Prevent Your Network from Getting Hacked

Don’t broadcast your SSID . This is usually done during the
setup of your wireless router.

Change the default router login to something else.

If your equipment supports it, use WPA or WPA 2 because it
offers better encryption which is still able to be broken but much
harder.

Always check for updates to your router.

Turn off your router or access point when not using it.

There is no such thing as 100% percent security when using
wireless networks but at least with these few simple steps you
can make it harder for the average person to break into your
network.

Other WLAN Security
MAC Filtering

Hampir setiap wireless access point maupun router difasilitasi dengan
keamanan MAC Filtering. Hal ini sebenarnya tidak banyak membantu dalam
mengamankan komunikasi wireless, karena MAC address sangat mudah
dispoofing atau bahkan dirubah. Tools ifconfig pada OS Linux/Unix atau
beragam tools spt network utilitis, regedit, smac, machange pada OS
windows dengan mudah digunakan untuk spoofing atau mengganti MAC
address
Captive Portal

Infrastruktur Captive Portal awalnya dirancang untuk keperluan
komunitas yang memungkinkan semua orang dapat terhubung
(open network). Captive portal sebenarnya merupakan mesin
router atau gateway yang memproteksi atau tidak mengizinkan
adanya trafik hingga user melakukan registrasi/otentikasi
Radius Server

Radius server adalah server Remote Authentication Dial-in Service
(RADIUS), sebuah protokol keamanan jaringan komputer berbasis server
yang sering digunakan untuk melakukan authentikasi dan otorisasi serta
pendaftaran akun (account) pengguna secara terpusat untuk mengakses
jaringan yang aman.

Radius server bertugas untuk menangani AAA (Authentication,
Authorization, Accounting). Intinya bisa menangani otentikasi user, otorisasi
untuk servis2, dan penghitungan nilai servis (billing) yang digunakan user.

Radius server bisa dibedakan menjadi 2 : internal mikrotik dan eksternal

Hotspot bisa menggunakan internal radius mikrotik, bisa juga
menggunakan eksternal. Jika tidak bisa mengautentikasi pada lokal database
mikrotik, jika telah dispesifikasikan, maka hotspot mikrotik bisa mencari
pada radius eksternal.

See more :
– http://www.nadasumbang.com/apa-itu-radius-server/
– http://www.nadasumbang.com/setting-hotspot-mikrotik/
– http://www.nadasumbang.com/setting-radius-dan-hotspot-mikrotik/
Wireless Network tools

MAC Spoofing
 http://aspoof.sourceforge.net/
 http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
 http://www.klcconsulting.net/smac/

WEP Cracking tools





http://www.backtrack-linux.org/
http://www.remote-exploit.org/articles/backtrack/index.html
http://wepattack.sourceforge.net/
http://wepcrack.sourceforge.net/
Wireless Analysers
 http://www.kismetwireless.net/
 http://www.netstumbler.com/
Wireless Network Security
References

Intercepting Mobile Communications: The Insecurity of
802.11(Borisov, Goldberg, and Wagner 2001)

Your 802.11 Wireless Network Has No Clothes (Arbaugh,
Shankar, and Wan 2001)

Weaknesses in the Key Scheduling Algorithm of RC4(Fluhrer,
Mantin, and Shamir 2001)

The IEEE 802.11b Security Problem, Part 1 (Joseph
Williams,2001 IEEE)

An IEEE 802.11 Wireless LAN Security White Paper (Jason S.
King, 2001)
Thank You!
Questions?
Wireless Network Security
How to crack wireless internet
A little info…

When a user uses wireless internet they generate what are called
data “packets”.

Packets are transmitted between the wireless NIC card and the
wireless access point via radio waves whenever the computer is
connected with the access point.

Depending on how long the computer is connected, it can
generate a certain number of packets per day.

The more users that are connected to one access point, the more
packets are generated.
First…

You must locate the wireless signal

This can be done by using your default Windows tool “View
Available Wireless Network”

More useful tools include NetStumbler and Kismet. Kismet has
an advantage over the other because it can pick up wireless
signals that are not broadcasting their SSID.
Second…

Once you located a wireless network you can connect to it
unless it is using authentication or encryption.

If it is using authentication or encryption then the next step
would be to use AirSnort, a tool for sniffing out and cracking
WEP keys.
AirSnort

AirSnort must gather about 5 to 10 million packets before it can
even begin to crack a wireless key.

This could take anywhere between a few minutes to a few
weeks depending on how many packets are being generated. If a
small number of people are using the network then it will most
likely take weeks.
Third…

Once AirSnort has recovered enough packets it will then go to
work on reading the captured information gathered from the
packets and crack the key giving you access.

Other tools such as CowPatty can use dictionary files to crack
hard WPA keys.
Drive By Hacking (War Driving)
Less than 1500ft
*
PalmPilot
Mobile Phone
If the distance from the Access Point to the
street outside is 1500 feet or less, then a
Intruder could also get access – while sitting
outside
WarWalking
WarChalking

Jika di depan rumah tiba-tiba terlihat tanda-tanda ini, artinya seorang
"warrior" barusan lewat. Bila Anda sempat bertemu dengan orangnya jangan
lupa menjitak kepalanya karena telah mengotori rumah Anda !