wireless engineering body of knowledge (webok) wireless security webok tutorial paul kubik
TRANSCRIPT
Wireless Engineering Body of Knowledge (WEBOK)Wireless Security
WEBOK Tutorial
Paul Kubik
What is Wireless Security?
Confidentiality: the communication data are only disclosed to authorized users.
Integrity: the data in the communication retain their veracity and are not able to be modified by unauthorized users.
Availability: authorized users are granted timely access and sufficient bandwidth to access the data.
What is Wireless Security?
Why is Wireless Security important? Fraud, Theft – Stealing customer login details from a WiFi hotspot Sabotage – Disabling a local 2G cellular network using a jamming
device Espionage – Stealing a phonebook from a mobile phone via
bluetooth Malicious – Distribution of Mobile viruses, unsolicited Bluetooth
advertising etc.
How can we protect technology through Security? Encryption – protects the information stored in a message Authentication – validates the identity of end-points in a
communication Authorization - restricts access to a service through the use of
authentication systems. Certification – authentication of end-points by a third party
What is Wireless Security? What type of attacks are there?
brute-force attack authenticate by incrementing through every possible combination of a password
dictionary attack authenticate by guessing the password from a library of common words
Man-in-the-middle Attacker actively intercepts the path of communications between two legitimate parties, thereby obtaining authentication credentials and data. Attacker can then masquerade as a legitimate party.
Spoofing Attacker impersonates an authorized user and gains certain unauthorized privileges.
Replay attack Attacker passively monitors transmissions and retransmits messages, acting as if the attacker were a legitimate user.
Denial of service Attacker prevents or prohibits the normal use or management of networks or network devices.
What is Wireless Security?
Common concepts in security Private Key - two (or more) parties share the same
key, and that key is used to encrypt data from clear-text to a cipher-text. Private key cryptography relies on keeping the key secret
Eg. AES, DES, 3-DES Public Key – each party has a pair of keys. One key is
public and the other is private. A message encrypted with the public key can be decrypted with the private key. The public key can be made known to all parties (including attackers). The private key is kept secret.
Eg. RSA, Diffie-Hellman
Network Access Control
Network Access Control is used to authenticate, authorize and account for a user or client on the network
Challenge-Response Authentication The authenticating party asks for information that
could only be known to the user Network Access Control protocols:
RADIUS Diameter Extensible Access Protocol
Network Access Control – RADIUS
User authenticates with NAS using a username/password
NAS sends Access-request to RADIUS server
RADIUS server generates an Access-Challenge for the user.
User calculates hash and sends response to the RADIUS server
User is authenticated as an end-point in the network (Access-Accept)
Network Access Control – Diameter
Failover: supports application-layer acknowledgment and defines failover algorithms.
Confidentiality: IPSEC support is mandatory for Diameter and TLS is optional.
Reliable transport: Transmission Control Protocol (TCP) or STCP protocols.
Server-initiated messages: Mandatory support allowing re-authentication/re-authorization
Auditability: Data-object security mechanisms preventing against untrusted proxies modifying attributes or packet headers
Capability negotiation: Error messages, capability negotiation, mandatory/non-mandatory flags for attributes (AVPs).
Peer discovery and configuration: Dynamic discovery of peers using Domain Name System (DNS). Dynamic session keys via transmission-level security.
Roaming support: Supports user roaming, interdomain exchange of user and accounting information.
Network Access Control - EAP
Extensible Access Protocol is a authentication framework, not a specific implementation. It defines methods and common functions used for authentication.
Supplicant – The party that wants to be authenticated Authenticator - The party that demands proof of authentication Four types of messages are defined in EAP: request, response,
success, and failure. The authenticator sends a request message to the
supplicant asking for a response message to authenticate. If the authentication is successful, a success message is sent to the supplicant; if not, a failure message is sent.
Encapsulation on IEEE wireless LANs, IEEE-802.11i WPA, WPA2 Standard EAP-TLS, EAP-TTLS, PEAP
Network Access Control – 802.1x
An authentication protocol based on EAP
The supplicant is the authenticating user, sends an EAP-Start message to the authenticator
The authenticator is the Wireless Access Point (802.11), sends an EAP-Request Identity to the supplicant
The authenticator only allows the supplicant to generate EAP traffic (EAPoL) until it has been authenticated
The authentication server determines whether a supplicant is authenticated (eg RADIUS server)
NAC Example (1) The Traffic Capture is RADIUS
conversation using EAP-TLS Supplicant
MAC: Z-Com_64:61:dc Authenticator
MAC: 3com_7a:eb:fcIP Addr: 192.168.4.62
Auth ServerIP Addr: 192.168.4.51
3: The supplicant sends an EAP Response containing “mobile@lab”
4: The authenticator sends a RADIUS packet to the authentication server containing the connection details
https://www.openpacket.org/
NAC Example (2) 8: The authentication server
sends an access-challenge to verify the supplicant’s identity.
10: The authenticator requests that the supplicant use EAP-TLS to verify the user identity
26: The authentication server decides that client certificate is valid and the supplicant is a known user
29: Now the authenticator must still make sure that the supplicant has the correct WPA pre-shared key
Wireless LAN Security
Service Set Identifier (SSID) - wireless LAN name used client to identify the network
Media Access Control (MAC) address - administrator may specify which MACs are allowed to access the network
Security Algorithm – used for network authentication, including WEP, WPA or WPA2
WLAN Security - WEP
WEP Initialization Vector (IV) – 24-bit seed value to
initialize the cryptographic system Stream cipher (RC4) – 40-bit, 104-bit keys.
Generates a key which is XOR’ed with the message. A different sequence is used for each message
Integrity checking (CRC-32) – computed and encrypted on each message, becomes the Integrity Check Value (ICV) on the frame
WLAN Security - TKIP
TKIP is used to enhance the RC4 cipher. It is designed to strengthen the WEP protocol (based on RC4) without significant performance degradation
Message encryption using the RC4 algorithm Integrity protection, using the Message Integrity
Code (MIC) Replay prevention, using a frame sequencing
technique; and Use of a new encryption key for each frame.
WLAN Security - CCMP
CCMP is used to enhance the AES cipher. AES is the secure cipher used by WPA/WPA2
CCMP provides authentication and privacy features based on AES Integrity control (MIC) Message encryption (payload only)
CCMP is designed for a 128-bit key and block size
WLAN Security – WPA/WPA2
WPA RC4 Cipher. TKIP/MIC Encryption Implements partial 802.11i standard TKIP generates a sequence of WEP keys based on a master
key. Message Integrity Code (MIC) and ICV (Integrity Check
Value) identify if the packet is tampered with
WPA2 AES Cipher (instead of RC4). AES-CCMP Encryption Implements full 802.11i standard, known as RSN AES is a secure cipher that can be implemented in
hardware. CCMP arranges for Message Integrity Control (MIC) and
Message encryption (payload only)
WLAN Security Example
Securing your network
Enable WPA/WPA2 security on the access point.
Change the default admin password
Change the default SSID and disable broadcast.
Disable DHCP, enable MAC address filtering
Cellular Security
AMPS Security Analog FM system. Unencrypted channels ESN / MIN used for Customer and Handset registration on the network
CDMA Security Subscriber Authentication (CAVE) Subscriber Identity confidentiality (TMSI). No SIM card Spreading sequences on physical channel
GSM Security Subscriber Authentication (A3/COMP128) Subscriber Identity confidentiality (TMSI). Removable SIM card Encryption of Air interface only
UMTS security Mutual authentication (Subscriber and Network) Encryption from Air interface to RNC Mechanism for upgrading security features.
Cellular Security – CDMA
Cellular Security – GSM
IMEI (International Mobile Equipment Identity) is a unique 17 or 15 digit code used to identify a Mobile Station (hardware)
IMSI (International Mobile Subscriber Identity) is a unique 15-digit code used to identify a subscriber (user)
Ki (128-bit) is a secret key shared between the Mobile Station and the HLR
Kc (64-bit) is a Session Key for channel encryption. Kc is generated by the Mobile Station from RAND and Ki using the A8 algorithm.
RAND (128-bit) is a random challenge generated by the HLR. SRES (32-bit) is a Signed Response generated by both the
Mobile Station and the HLR from the RAND to verify identity HLR / AuC – Stores the IMSI and Ki for Mobile Stations EIR – Stores an IMEI black-list to prevent calls from stolen or
unauthorized Mobile Stations.
Cellular Security – GSM
The Mobile Station (MS) signs into the network. The HLR uses the A8 algorithm to generate RAND, SRES and Kc The HLR sends RAND to the RNC and the MS The MS generates SRES from RAND and Ki using the A3 algorithm The MS sends SRES to the MSC The MSC verifies SRES (Mobile) and SRES (HLR) The MS generates Kc from RAND and Ki using the A8 algorithm The BTS verifies Kc (MS) and Kc (HLR) The MS initialises the A5 algorithm with Kc and the frame number An encrypted channel between the MS and the BTS is established
HLRMobileStation
MSCBTS
RAND
SRESKi, Kc Ki, Kc
Bluetooth Security
Bluetooth Security Attacks Bluejacking - attempt to send a phone contact or business card to another
nearby phone for the purpose of spamming information / advertising Bluesnarfing - stealing data (messages, calendar, phone book etc) from the
target device in an unauthorised manner which includes bypassing the usual paring requirement.
Bluebugging - victim device is controlled by the attacker who sends commands to perform actions as if having physical access to the device
Security attributes Bluetooth address : unique device identifier (48-bit). The first 3 bytes are
assigned to a manufacturer. The last 3 bytes allocated by the manufacturer.
"Discoverable" mode : determines whether the device is visible to other devices.
PIN Code : Four digit secret code entered into both devices to establish a Link Key (128-bit)
Frequency hopping : Pseudo-random sequence (1600 hops / second)
Wireless Security
END