wireless security - pennsylvania state universitytrj1/cse497b-s07/slides/cse497b-lecture-27... ·...
TRANSCRIPT
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Security
CSE497b - Spring 2007Introduction Computer and Network Security
Professor Jaegerwww.cse.psu.edu/~tjaeger/cse497b-s07/
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
At the mall ...
Page 2
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Networks
• Network supported by radio communications ..
• Alphabet soup of standards, most on 802.11
• .. destroys the illusion of a hard perimeter.
Page 3
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Why you should fear Simon Byers ...
• Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation.
• ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries.
Page 4
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless LANs
• Access point networks (ranging to about 300 feet)• All devices connect to the central access point
• Pro: very easy to setup and maintain, simple protocols
• Con: reliability/speed drops as you get away from AP or contention increases.
Page 5
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Ad hoc Networks (a.k.a peer-to-peer)
• Devices collaboratively work together to support network communication
• Network topology changes in response to moving devices, e.g., bluetooth
• Pro: highly flexible and responsive to changes in environment
• Con: complex, subject to traffic manipulation by malicious peers
Page 6
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Devices
• Laptops (canonical wireless devices)• Desktops, mobile phones, ....• Bluetooth
Page 7
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Attacks on Wireless Networks
• DOS• Planted devices• Hijacked connections• Eavesdropping• Somebody is "in the wire" ...
Page 8
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Threats
• This is an open network ...• ... to which anyone can connect.• What security is necessary?
– Authentication?– Confidentiality?– Integrity?– Privacy?– DOS Protection?– Accountability (traceability)?
Page 9
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Security Mechanisms
• Note: this is just a network with different threats, so implementing security is very similar to network security
• Authentication– Q: What are you authenticating in a wireless network?– Methods: password/passphrase, smartcard, etc.– Tools: radius, Kerberos, PKI services ....
• Confidentiality/Integrity– Typically implemented via some transport protocol– IPsec (just implement a VPN -- this is what PSU does)
Page 10
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Security Approaches
• MAC Authentication• WEP (Wired Equivalent Privacy)• 802.11i (WPA - Wifi Protected Access)• EAP/LEAP (Extensible Authentication Protocol)• WAP (Wireless Application Protocol)
11
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
MAC Authentication
• Create a list of MAC addresses– media access layer, e.g., ether 00:0a:95:d5:74:6a– Only these devices are allowed on network
• Attack– Listen on network for MAC address use -- laptop– Masquerade as that MAC address (easy to do, many
devices programmable)– ... can wait for it to go off line to avoid conflict, but not
necessary• ARP Security limitations
Page 12
ether 00:0a:95:d5:74:6a
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
WEP (Wired Equivalent Privacy)
• Keys– Pass-phrase converts 40 bits from passphrase, plus 24 bit
initialization vector (or)– 26 char hexadecimal + 24-bit IV = 128-bit WEP– Ability to send packets is essentially authentication
• integrity used as authentication– Built into the vast majority of home wireless routers
Page 13
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
The WEP Flaw (greatly simplified)
Page 14
Protocol
• Passphrase Key kp
• Initialization vector ivi
• Plaintext data d1, d2 (for separate blocks 1 and 2)
• Traffic Key kti = kp||ivi
• Ciphertext = E(kti, di) = RC4(kti) ! di
Attack
• Assume iv1 = iv2
• Only 17 million IVs (224), so IV of two packets can be found (" one in 4096)
(RC4(kt1) ! d1) ! (RC4(kt1) ! d2) = d1 ! d2
1
Protocol
• Passphrase Key kp
• Initialization vector ivi
• Plaintext data d1, d2 (for separate blocks 1 and 2)
• Traffic Key kti = kp||ivi
• Ciphertext = E(kti, di) = RC4(kti) ! di
Attack
• Assume iv1 = iv2
• Only 17 million IVs (224), so IV of two packets can be found (" one in 4096)
(RC4(kt1) ! d1) ! (RC4(kt1) ! d2) = d1 ! d2
1
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
802.11i (WPA - Wifi Protected Access)
• Solution to problems with WEP• Two modes of operation
– Pre-shared key mode -- WEP like, shared key derived from single network passphrase
– Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users
• Protocol fixes to WEP– increase IV size to 48 bits– TKIP - change keys every so often -- Temporal Key Integrity Protocol
– improved integrity (stop using CRC and start using MAC)– WPA2: AES instead of RC4
Page 15
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
WAP (Wireless Application Protocol)
• A set of protocols for implementing applications over thin (read wireless) pipes.
• Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices– reduce overhead and flabby content (image rich HTML)– support limited presentation and content formats
• Wireless Markup Language (XML-based language)– reduce the footprint of the rendering engine (browser)
• Security: WTLS– SSL/TLS protocol -- public keys, key negotiation, etc.
• Success in Japan, little elsewhere (currently)
Page 16
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
EAP/LEAP
• Extensible Authentication Protocol– Challenge response - auth. only– Bolts onto other authentication mechanisms, e.g.,
Kerberos, RADIUS– Passes authentication information onto other protocols
(WEP, WAP)– LEAP: Cisco implementation/modifications (security
problems are possibly serious)– Standards: EAP-MD5, EAP-TLS– PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2
protocols
Page 17
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Bluetooth
• A standard for building very small personal area networks (PANs)
• Connects just everything you can name: PDAs, phones, keyboards, mice, your car
• Very short range range network: 1 meter, 10 meters, 100 meters (rare)
• Advertised as solution to "too many cables"• Authentication
– "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?)
Page 18
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Bluetooth Security
• Everything really works off the PIN• Attacks have progressively been successful at
identifying vulnerabilities in the way PINs are used, can be reverse engineered
• Privacy: know what is on and how public it is ...• Problem: Cambridgeshire, England• Problem: Bluetooth rifle
Page 19
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
RFIDs• Radio Frequency Identification (RFID)• identity-providing transponders
• Passive: no external power - backscatter (Walmart)
• Active: internal power (SpeedPass)
• History: a soviet listening device (1945), alied FoF (1939)
• Privacy/Security anyone?• Q: How do you control who is accessing your information?
• A: You don’t (currently)
• Security measures• Rolling code (one time tokens)
• Crypto-protocols, limited range, ... 20
Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
NIST Evaluation
• Any vulnerability in a wired network is present in the wireless network
• Many new ones: protocols, systems more public and vulnerable
• Recommendations:– Disable file and directory sharing– Turn off APs when not in use– Use robust passwords, 128-bit encryption– Audit, audit, audit– VPNs are a good ...
Page 21