wireless authentication and associationvalue, every 802.11 required . everybody to have an rssi...
TRANSCRIPT
Wireless Authentication and Association
Table of Contents
Authentication: the Standard Is ‘Null’ ........................................................................................... 2
Association and RSSI ....................................................................................................................... 9
‘Hidden’ SSIDs ............................................................................................................................... 11
Notices .......................................................................................................................................... 12
Page 1 of 12
Authentication: the Standard Is ‘Null’
9
Authentication: the Standard Is ‘Null’
The default authentication had a basic security flaw.
By default, systems can be set to null authentication.• All systems requesting authentication will be granted.• The SSID must still match for association.• Higher-level security protocols (encryption, etc.) still deny data
access.
**009 So, authentication. You know, engineers sometimes just miss the mark, and when the original 802.11 standard was written they just missed the mark in a couple of ways. This is one of them. Does anybody remember something called a WEP key? Okay, Wired Equivalent Privacy. Now, a WEP key never guaranteed security. As a matter of fact, the term WEP was what? Wired Equivalent Privacy, it means it's only as good as a wired network, and a wired network doesn't have encryption or security, right? So they weren't really making much of a promise when they said WEP.
Page 2 of 12
But here's the problem, authentication, what's authentication do? Student: Identify the party you're trying to talk with. Joe Mayes: Right, at least in one direction that you're really talking to someone who matches your description for who you think you're talking to, right? So what would happen is in this environment here's my laptop complete with a wireless antenna. There's my AP, and who's authenticating to whom here? Student: It's usually left up to the AP because it's somebody wanting to get in. Student: The AP is authenticating to the laptop that it is the AP it says it is. Joe Mayes: Yeah, that's an interesting question. Who's authenticating? Is this one-way or two-way authentication? Student: It's two way. Joe Mayes: It's one-way authentication. Joe Mayes: Uh-huh, and what you're getting is the laptop, I'm sorry, the AP sends a string to the laptop. The laptop then takes that string, encrypts it with the WEP key. So this
Page 3 of 12
is an unencrypted string. The laptop sends it back as an encrypted string, and what did it encrypt it with? Student: The WEP key. Joe Mayes: The WEP key. So basically what happened at that point is the access point already knew the WEP key. It's testing to see whether the laptop knows the WEP key. So if the laptop uses the WEP key, and is successful at encrypting this packet, what happens over here? The laptop or, I'm sorry, the access point can then decrypt the packet with the WEP key, verify that it's the right WEP key, because it successfully decrypted it and let you on. Worst thing in the world you can do. Student: Sorry, so did you just say that the U string, which is the WEP key, comes out of the access point in clear? Joe Mayes: Well, it's not the WEP key. It's clear text. It's just a text string, but the laptop then encrypts it with the WEP key. So now you get the same string sent back encrypted, and the access point decrypts it, and if it works then it's the right WEP key, and that's its authentication method. It uses the WEP key for authentication. Absolute worst thing on earth you can do. Where are my security people? Who is a cryptologist here in
Page 4 of 12
the room? How many cryptologists in the room? Okay, I guess I'm going to have to. I'll substitute for a cryptologist, okay? Here's why it's a terrible thing. If you are a cryptologist, if you are a code breaker, if you want to break and hack computers, the ideal thing in the world you can have is to have the encrypted and the unencrypted version of the same string, because then you just keep trying WEP keys until the unencrypted one, or until the encrypted one, excuse me, until the encrypted one is successfully broken and looks just like the unencrypted one. Because now you know when you have the right value, you're not guessing that you've got the right value. You actually know because you've got the unencrypted one right here. All you have to do is, find out which key decrypts it and puts it back to the unencrypted value. So it's a terrible thing because it is breakable because it gave you the encrypted and the unencrypted version of the same thing. It's worse than terrible. What's the worse than terrible? I mean, that's bad enough from a cryptographer's standpoint, cryptology standpoint. What makes it even worse? Student: If you know the encryption algorithm along with that you'd be good. Joe Mayes: Well, once you've broken the WEP key at the
Page 5 of 12
authentication level, it's the same key that can be used to encrypt all of the data after you associate. You just didn't break the authentication key. You broke the data encryption key also because they use the same key twice. They use the WEP key for the authentication, and for the data encryption later, correct? So if I can capture the authentication of the authentication exchange I can break the WEP key and also capture all the data. So, having said all that, what do you think the most secure method of authentication is? Using the original 802.11 the most secure authentication is no authentication, because at least you left the WEP key hidden. Performing the authentication actually makes your system less secure because you're going to reveal the WEP key, and that's kind of counterintuitive until you hear the explanation. So when you're ever setting a system up and it says, "Do you want to use authentication for the association," you're going to say no, at least initially. We'll show you a better way to do that as we go here, but a brand new system just out of the box if it gives you the option to authenticate or not authenticate using the WEP key, the right answer is not authenticate with the WEP key, because if you authenticate with the WEP key you're
Page 6 of 12
going to expose it. Once you've exposed it it's easy to do, and then it breaks everything. So by default systems should be set to null authentication, and null authentication means everybody gets on, but at least they didn't violate the WEP key at the same time. So if once you've passed the authentication side, what's the second step? Student: Association. Joe Mayes: The second step is association. That's where you exchange MAC addresses and name values, and now you become listed as an associated client to that access point. In the older days, when all you had was this, what they would do is you would still use a higher-level encryption like the Layer-3 encryption, an encryption at the IP level, and if you had encryption running at the IP level what would happen is that the authentication would be bypassed because it's null. The association would occur, and then you would request an IP address, and you couldn't read the IP address because the DACP reply was in the authenticated IP stream. So you'd be associated on Layer 2, but you couldn't see any IP data. You couldn't see anything because all the IP streams were encrypted, and you didn't have the encryption on your side for the IP stream.
Page 7 of 12
So that was the original state of affairs. This is like circa 1999, 2000, 2001, 2002, is they brought out a flawed system in WEP, Wired Equivalent Privacy, which means you had to turn, essentially, WEP off to be more secure, and then you would use some other alternate encryption to secure your data to keep unauthorized people from getting on the network. We had to fix that, right? That couldn't exist. That couldn't be good enough.
Page 8 of 12
Association and RSSI
10
Association and RSSIBeacon and probe processes permit client to locate APs with permitted SSIDs.
Client decides which AP to connect to based on Received Signal Strength Indicator (RSSI).
• RSSI quantifies signal strength and error rates.Successful association creates Layer 1-2 connection.
• Wireless version of connecting to Ethernet switch
**010 So here's the association. Client decides which AP to connect to based on the Received Strength Signal Indicator, the RSSI value, and that's what we said they found the strongest one, right? Interesting thing about the RSSI value, every 802.11 required everybody to have an RSSI value. It didn't require how you measured it. So somebody could be using decibel values for RSSI, and somebody else could be using one through five from strongest to weakest or from weakest to strongest. Somebody else could use colors from green to red.
Page 9 of 12
Anybody see a problem here? They never actually agreed on how to read it. Who finally agreed on a standard for that, any ideas? Student: IEEE? Joe Mayes: Not the IEEE, but the Wi-Fi Alliance. They needed a standard for interoperability between vendors, right? So Wi-Fi Alliance developed decibels as the standard, but initially IEEE never explained what the standard should be. Just that you had to have RSSI values. So Wi-Fi Alliance was the ones who made it interoperable. So there are some things that are up by Wi-Fi Alliance that have never been touched by IEEE. Interesting side notes, right? So based on who's strongest that's where you made the association, and it's kind of the wireless version of connecting to an Ethernet switch. If you really think about it, it's the equivalent to the green light coming on, on your switch when you put a cable in. Can you put a cable in and have the light not come on? Student: Uh-huh. Student: Yes. Joe Mayes: Yeah, because things don't agree, right? I've seen it where a switch was gigabit only. The client machine only had 10/100. You'd put
Page 10 of 12
the cable in and it wouldn't light up because they couldn't match protocols. Well, the same thing here, ultimately. Only if you get everything to match does the association occur, and once the association occurs then you can start moving data at levels higher than Layer 2 which would be, in most cases, at the IP layer, Layer 3.
‘Hidden’ SSIDs
11
‘Hidden’ SSIDs
If an access point does not advertise its SSID, then clients must know the SSID to join to the wireless network.
Some client systems do not support hidden SSIDs, as they cannot manually be programmed with SSIDs.
**011 Hidden SSIDs, the access point doesn't advertise the SSID then the client has to know it, and the problem you get with that one is that some machines don't have a way to
Page 11 of 12
manually enter an SSID. Some devices just only do it by discovery. They have no way of manually entering one. Think of something like a scanner gun. It may not have a keyboard. It's got no way to put an SSID into it, or a printer the same way. A printer may do it only by discovery. It's got no way of manually entering an SSID.
Notices
2
Notices© 2014 Carnegie Mellon University
This material is distributed by the Software Engineering Institute (SEI) only to course attendees for their own individual study.
Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or used in any other manner without requesting formal permission from the Software Engineering Institute at [email protected].
This material was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The U.S. government's rights to use, modify, reproduce, release, perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial Items clauses (DFAR 252-227.7013 and DFAR 252-227.7013 Alternate I) contained in the above identified contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce the disclaimers contained on this slide.
Although the rights granted by contract do not require course attendance to use this material for U.S. government purposes, the SEI recommends attendance to ensure proper understanding.
THE MATERIAL IS PROVIDED ON AN “AS IS” BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL, MERCHANTABILITY, AND/OR NON-INFRINGEMENT).
CERT ® is a registered mark owned by Carnegie Mellon University.
Page 12 of 12