wireless security - pennsylvania state universitytrj1/cse497b-s07/slides/cse497b-lecture-27... ·...

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wireless Security

CSE497b - Spring 2007Introduction Computer and Network Security

Professor Jaegerwww.cse.psu.edu/~tjaeger/cse497b-s07/

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

At the mall ...


Wireless Networks

• Network supported by radio communications ..

• Alphabet soup of standards, most on 802.11

• .. destroys the illusion of a hard perimeter.


Why you should fear Simon Byers ...

• Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation.

• ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries.


Wireless LANs

• Access point networks (ranging to about 300 feet)• All devices connect to the central access point

• Pro: very easy to setup and maintain, simple protocols

• Con: reliability/speed drops as you get away from AP or contention increases.


Ad hoc Networks (a.k.a peer-to-peer)

• Devices collaboratively work together to support network communication

• Network topology changes in response to moving devices, e.g., bluetooth

• Pro: highly flexible and responsive to changes in environment

• Con: complex, subject to traffic manipulation by malicious peers


Devices

• Laptops (canonical wireless devices)• Desktops, mobile phones, ....• Bluetooth


Attacks on Wireless Networks

• DOS• Planted devices• Hijacked connections• Eavesdropping• Somebody is "in the wire" ...


Threats

• This is an open network ...• ... to which anyone can connect.• What security is necessary?

– Authentication?– Confidentiality?– Integrity?– Privacy?– DOS Protection?– Accountability (traceability)?


Security Mechanisms

• Note: this is just a network with different threats, so implementing security is very similar to network security

• Authentication– Q: What are you authenticating in a wireless network?– Methods: password/passphrase, smartcard, etc.– Tools: radius, Kerberos, PKI services ....

• Confidentiality/Integrity– Typically implemented via some transport protocol– IPsec (just implement a VPN -- this is what PSU does)


Wireless Security Approaches

• MAC Authentication• WEP (Wired Equivalent Privacy)• 802.11i (WPA - Wifi Protected Access)• EAP/LEAP (Extensible Authentication Protocol)• WAP (Wireless Application Protocol)

11


MAC Authentication

• Create a list of MAC addresses– media access layer, e.g., ether 00:0a:95:d5:74:6a– Only these devices are allowed on network

• Attack– Listen on network for MAC address use -- laptop– Masquerade as that MAC address (easy to do, many

devices programmable)– ... can wait for it to go off line to avoid conflict, but not

necessary• ARP Security limitations

ether 00:0a:95:d5:74:6a


WEP (Wired Equivalent Privacy)

• Keys– Pass-phrase converts 40 bits from passphrase, plus 24 bit

initialization vector (or)– 26 char hexadecimal + 24-bit IV = 128-bit WEP– Ability to send packets is essentially authentication

• integrity used as authentication– Built into the vast majority of home wireless routers


The WEP Flaw (greatly simplified)

Protocol

• Passphrase Key kp

• Initialization vector ivi

• Plaintext data d1, d2 (for separate blocks 1 and 2)

• Traffic Key kti = kp||ivi

• Ciphertext = E(kti, di) = RC4(kti) ! di

Attack

• Assume iv1 = iv2

• Only 17 million IVs (224), so IV of two packets can be found (" one in 4096)

(RC4(kt1) ! d1) ! (RC4(kt1) ! d2) = d1 ! d2

1

Protocol

• Passphrase Key kp

• Initialization vector ivi

• Plaintext data d1, d2 (for separate blocks 1 and 2)

• Traffic Key kti = kp||ivi

• Ciphertext = E(kti, di) = RC4(kti) ! di

Attack

• Assume iv1 = iv2

• Only 17 million IVs (224), so IV of two packets can be found (" one in 4096)

(RC4(kt1) ! d1) ! (RC4(kt1) ! d2) = d1 ! d2

1


802.11i (WPA - Wifi Protected Access)

• Solution to problems with WEP• Two modes of operation

– Pre-shared key mode -- WEP like, shared key derived from single network passphrase

– Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users

• Protocol fixes to WEP– increase IV size to 48 bits– TKIP - change keys every so often -- Temporal Key Integrity Protocol

– improved integrity (stop using CRC and start using MAC)– WPA2: AES instead of RC4


WAP (Wireless Application Protocol)

• A set of protocols for implementing applications over thin (read wireless) pipes.

• Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices– reduce overhead and flabby content (image rich HTML)– support limited presentation and content formats

• Wireless Markup Language (XML-based language)– reduce the footprint of the rendering engine (browser)

• Security: WTLS– SSL/TLS protocol -- public keys, key negotiation, etc.

• Success in Japan, little elsewhere (currently)


EAP/LEAP

• Extensible Authentication Protocol– Challenge response - auth. only– Bolts onto other authentication mechanisms, e.g.,

Kerberos, RADIUS– Passes authentication information onto other protocols

(WEP, WAP)– LEAP: Cisco implementation/modifications (security

problems are possibly serious)– Standards: EAP-MD5, EAP-TLS– PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2

protocols


Bluetooth

• A standard for building very small personal area networks (PANs)

• Connects just everything you can name: PDAs, phones, keyboards, mice, your car

• Very short range range network: 1 meter, 10 meters, 100 meters (rare)

• Advertised as solution to "too many cables"• Authentication

– "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?)


Bluetooth Security

• Everything really works off the PIN• Attacks have progressively been successful at

identifying vulnerabilities in the way PINs are used, can be reverse engineered

• Privacy: know what is on and how public it is ...• Problem: Cambridgeshire, England• Problem: Bluetooth rifle

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

RFIDs• Radio Frequency Identification (RFID)• identity-providing transponders

• Passive: no external power - backscatter (Walmart)

• Active: internal power (SpeedPass)

• History: a soviet listening device (1945), alied FoF (1939)

• Privacy/Security anyone?• Q: How do you control who is accessing your information?

• A: You don’t (currently)

• Security measures• Rolling code (one time tokens)

• Crypto-protocols, limited range, ... 20


NIST Evaluation

• Any vulnerability in a wired network is present in the wireless network

• Many new ones: protocols, systems more public and vulnerable

• Recommendations:– Disable file and directory sharing– Turn off APs when not in use– Use robust passwords, 128-bit encryption– Audit, audit, audit– VPNs are a good ...

wireless security - pennsylvania state universitytrj1/cse497b-s07/slides/cse497b-lecture-27... ·...

Documents