WLAN

보안 1

WLAN Security

•

Requirements for Secure Wireless LANs

–

Authentication

–

Access Control

–

Data Privacy

–

Data Integrity

–

Protection Against Replay

2

WLAN Attack

• Wardriving –

Driving around looking for unsecured wireless networks.

– term coined by Pete Shipley • 워드라이빙 : – 이동수단을 이용하여, 무인증 무선네트워크를 찾아다니는 행위 – – 해킹 경유지의 순차적 추적 불가능 무선 AP에는 접속 로그 미존재 – – 실시간 추적시에도 무선 AP로부터 접속자 위치 확인 불가능 실시간 이동 공격자에 대한 추적 대책 미흡 (핸드폰 위치추적기술과 같은 방법 개발 필요) 3

MAC address Authentication Attack

• Strengths (장점) – MAC 주소를 기반으로 AP에 접속하고자 하는 Station들을 제어 • Weaknesses (단점) – MAC 주소는 쉽게 위조 가능 – 무선랜 네트워크를 모니터링(sniffing)함으로써 쉽게 MAC 주소를 획득 – – – 공격자들은 무선랜 통신을 계속 감시 가능 MAC 주소의 Brute-force 공격이 가능 Man in the middle attack 기술로 네트워크가 공격에 노출 - TOOL - Windows  AiroPeek : Wireless Network Management Tool  SMAC : MAC address Changer - Linux  Kismet : Wireless Network Sniffing Tool  macchanger : MAC address Changer 4

MAC Address Attack

5

Rogue AP – Spoofing Attack

• • • • • • Station은 항상 가장 신호가 센 AP로 접속 Attacker는 목표 AP와 동일한 SSID를 사용 Attacker는 목표 AP보다 강한 신호를 발생시켜 Victim이 접속하기 가장 용이한 AP로 위장 Victim은 아무런 의심없이 AP에 접속 Attacker는 정상적인 홈페이지를 위장한 가상홈페이지를 열어놓 고 ID와 PW 입력 유도 6

Rogue AP – Spoofing Attack

7

802.11 Passive Monitoring

Access Point Station Attacker Passive Monitoring Captures data 8

802.11 DOS Attack

Station Access Point X Connection is broken Attacker spoofs 802.11

Disassociate frame 9

802.11 Man in the Middle Attack

• Attacker broadcasts spoofed AP SSID and MAC Address • Station unknowingly connects to attacker • MIM attacks can always be established • But if strong authentication and encryption are used, attacker will be nothing more than a bridge.

Station

Station MAC Address

Access Point Attacker

Station MAC Address AP MAC Address AP MAC Address

10

Authentication and Encryption Standards

Credentials Certificate Username/Password TLS PEAP Authentication Protocols EAP Encryption Algorithms Encryption Standards RC4 WEP 802.1x

RC4 WPA-TKIP AES 802.11i

WEP

:

Wired Equivalent Privacy , WPA: Wi-Fi Protected Access, TKIP: Temporal Key Integrity Protocol PEAP: Protected Extensible Authentication Protocol; uses server-side public key certificates to authenticate the server

11

Evolution of WLAN Security

– WEP: not adequate – IEEE formed a Task Group “i” to develop 802.11i standard

• Objective: to produce a detailed specification to enhance the security features for WLANs

IEEE 802 Working group IEEE 802.11

WLAN WG IEEE 802.11i

WLAN security Robust Security Network RSN

12

TSN Transitional Security Network

Evolution of WLAN Security

– Responses from Wi-Fi Alliance – The industry cannot wait for the 802.11i standard. It is demanding a more secure wireless environment right now – Wi-Fi Alliance, together with IEEE, developed Wi-Fi Protected Access (WPA) to offer a strong interoperable security standard to the market • 802.11i contributed TKIP (encryption) and MIC (integrity) algorithms, which were being developed for RSN but applicable to WPA

Wi-Fi Alliance IEEE 802.11i

Wi-Fi Protected Access WPA TKIP + MIC Temporal Key Integrity Protocol Message Integrity Check

13

High-level Differences Between RSN and WPA

• RSN – Designed from the start, without regards to existing WEP systems – Will require new hardware to support new methods of encryption – Supports options for encryption (privacy) • TKIP • AES • WPA – Designed with constraints around existing WEP systems – Objective: use same hardware and upgrade software only – Only supports one encryption standard: TKIP

Essentially, the two approaches are very similar and built around the same security architecture

14

WEP Encryption

24 bit IV clear text IV integrity check Payload CRC-32 Encrypted with 40 or 104 bit key. RC4 Algorithm.

WEP has several problems 1. IV is too small. At 10,000 packets per second IV repeats in 0.5 2.

hours.

- For 24 bits, an IV will be reused after 16777216 packets if IV value is incremented by 1 each time. For a device sending 10,000 packets per second 24-bit IV takes half an hour to rollover There are several “weak keys”. Those are especially vulnerable.

3. No key update mechanism built in.

4. Message replay attacks. DOS.

15

WPA

• •

Key features to address WEP vulnerabilities

– Access Control and Authentication: • Implements 802.1X EAP based authentication to enforce mutual authentication – Encryption • Applies Temporal Key Integrity Protocol (TKIP) on existing WEP to impose strong data encryption – Integrity • Uses Message Integrity Check (MIC) rather than CRC-32 for message integrity

WPA also presents some potential security issues

– There are still potential encryption weaknesses in TKIP. Fortunately, the successful crack is expected to be heavy and expensive.

– Performance may be sacrificed potentially due to a more complex and computation intensive authentication and encryption protocols.

Note: The ultimate wireless security solution is still 802.11i RSN. All products are supposed to comply with RSN standard since it is released, often under the name WPA2.

16

Wi-Fi Protected Access (WPA) TKIP-Encryption

• Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers).

• WPA-TKIP fixes problems with WEP.

IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec Use IV as a replay counter Message integrity Per-packet keying • Supported on many wireless card and on Windows XP (after applying 2 hot fixes).

• Uses 802.1x for key distribution.

• Can also use static keys.

17

•

802.11i RSN Key features to address WEP vulnerabilities

– Access Control and Authentication • Implements 802.1X EAP based authentication to enforce mutual authentication (same as WPA) – – – – – • WRAP: RSN includes a Wireless Robust Authentication Protocol. Uses AES in offset codebook mode (OCB) for encryption and integrity.

Encryption • TKIP: In order to support legacy device, the 802.11i chooses TKIP as one of the encryption options • AES: Stands for Advanced Encryption Standard, which is a much stronger encryption algorithm. AES requires a hardware coprocessor to operate Integrity • Uses Michael Message Integrity Check (MIC) for message integrity Other security features: Secure IBSS (Ad Hoc mode), secure fast handoff, secure de-authentication and disassociation.

Supports Roaming Is referred to as WPA2 by the Wi-Fi Alliance IBSS: Independent Basic Service Set 18

802.11i AES-encryption

• Ratified by the IETF in June of 04.

• Uses the AES algorithm for encryption and 802.1x for key distribution.

• Backwards compatible with TKIP to support WPA clients.

• 802.11i not in many products yet.

19

Access Control and Authentication – 802.1X / EAP

– Initially designed for wired networks but is now applicable to WLANs.

– Provides port-based authentication server.

authenticated access control and mutual authentication between client and APs via an – 802.1X standard is comprised of three elements • A supplicant: the client (laptop, PDA,…) who wants to be • An authenticator: the AP, which acts as an intermediary between a supplicant and an authentication server.

• An authentication server: such as a RADIUS (Remote Access Dial-In User Service) server.

Station Supplicant Access Point Authenticator 20 RADIUS Server Authorizer

Access Control and Authentication – 802.1X / EAP

• EAP – EAP (Extensible Authentication Protocol): protocol that 802.1X uses to manage mutual authentication.

– Initially developed for use with PPP (RFC2284) – Several EAP types depending on the authentication method (passwords, PKI certificates,…) • EAP-MD5 • EAP-TLS • EAP-TTLS • PEAP • LEAP • EAP-SIM – The authenticator does not need to understand the details about authentication methods. It simply package and repackage EAP packets, usually between Supplicant and RADIUS 21

802.1x EAP-TLS Authentication

Client digital cert From XYZ CA Station Access Point Supplicant Authenticator Server Digital cert From XYZ CA RADIUS Server Authorizer 22

802.1x PEAP authentication

Phase 1: Authenticate AP. Digital cert From XYZ CA Secure tunnel to AP using TLS Station Supplicant Access Point Authenticator Username Dan Password: encrypted Phase 2: Password authentication with directory server Success/Fail RADIUS Server Authorizer Directory Server 23

LEAP (Lightweight Extensible Authentication Protocol)

• LEAP Characteristics

– Primarily developed by Cisco for Aironet WLAN deployments.

– Cisco is now licensing the software, other vendors are now beginning to support LEAP in their wireless LAN adapters.

– Encrypts data transmissions using dynamically generated WEP keys and supports mutual authentication.

– No certificates are required – Uses bi-directional challenge-response with user password as shared secret – Transaction sent in clear text (dictionary attacks !) 24

EAP Authentication Types Comparison Chart

802.1x EAP Types Feature / Benefit Client side certificate required Server side certificate required WEP key management Rogue AP detection Developer Authentication Attributes Deployment Wireless Security MD5 no no no no One way Easy Poorest TLS yes yes yes no TTLS no no yes no PEAP no yes yes no LEAP no no yes yes Mutual Difficult Highest Mutual Moderate High Mutual Moderate High Mutual Moderate High 25