Presentation Description

No description available.


Presentation Transcript

PowerPoint Presentation:



Outline Wireless intro & history Wireless network modes SSID WEP WPA WPA2 Wireless Network tools References Wireless Network Security

Background & Overview:

Background & Overview History Developed for military use Security widely noticed after Peter Shipley’s 2001 DefCon preso on War Driving DHS labeled Wi-Fi a terrorist threat, demanded regulation Non Wi-Fi types CDPD – 19.2 kbps analog GPRS – 171.2 kbps digital WAP – bandwidth-efficient content delivery Ricochet – 176 kbps wireless broadband flop Bluetooth – personal area networks, range limited only by transmit power Blackberry – Use cellular & PCS networks, no authentication at console IEEE 802 series standards 802.11 – wireless LANs 802.15 – wireless personal area networks (e.g., Bluetooth) 802.16 – wireless broadband up to 155Mb, wireless ISPs Wireless Network Security

802.11 Standards:

802.11 Standards 802.11a – 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to clients Cisco products: Aironet 1200 802.11b – 11 Mbps@2.4 GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200 802.11g – 54 Mbps@2.4 GHz Same range as 802.11b Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200 Wireless Network Security

802.11 Standards (Cont.):

802.11 Standards (Cont.) 802.11e – QoS Dubbed “Wireless MultiMedia (WMM)” by Wi-Fi Alliance 802.11i – Security Adds AES encryption Requires high cpu, new chips required TKIP is interim solution 802.11n –(2009) up to 300Mbps 5Ghz and/or 2.4Ghz ~230ft range 802.11ac – (under development) Will provide high through put in the 5 GHz band Will use wider RF bandwidth will enable multi-station WLAN throughput of at least 1 Gbps a maximum single link throughput of at least 500 Mbps Wireless Network Security

Wireless Network Modes:

Wireless Network Modes The 802.11 wireless networks operate in two basic modes: Infrastructure mode Ad-hoc mode Infrastructure mode: each wireless client connects directly to a central device called Access Point (AP) no direct connection between wireless clients AP acts as a wireless hub that performs the connections and handles them between wireless clients Wireless Network Security

Wireless Network Modes (cont’d):

Wireless Network Modes (cont’d) The hub handles: the clients’ authentication, Authorization link-level data security (access control and enabling data traffic encryption) Ad-hoc mode: Each wireless client connects directly with each other No central device managing the connections Rapid deployment of a temporal network where no infrastructures exist (advantage in case of disaster…) Each node must maintain its proper authentication list Wireless Network Security

SSID – Service Set Identification:

SSID – Service Set Identification Identifies a particular wireless network A client must set the same SSID as the one in that particular AP Point to join the network Without SSID, the client won’t be able to select and join a wireless network Hiding SSID is not a security measure because the wireless network in this case is not invisible It can be defeated by intruders by sniffing it from any probe signal containing it. Wireless Network Security

SSID (Cont’d):

SSID (Cont’d) A way for vendors to make more money So easy to find the ID for a “hidden” network because the beacon broadcasting cannot be turned off Simply use a utility to show all the current networks:   inSSIDer  NetStumbler  Kismet  Wireless Network Security

IEEE 802.11 Security – Access control list:

IEEE 802.11 Security – Access control list Access control list Simplest security measure Filtering out unknown users Requires a list of authorized clients’ MAC addresses to be loaded in the AP Won’t protect each wireless client nor the traffic confidentiality and integrity ===>vulnerable Defeated by MAC spoofing: ifconfig eth0 hw ether 00:01:02:03:04:05 (Linux) SMAC - KLC Consulting (Windows) MAC Makeup - H&C Works (Windows) Wireless Network Security

WEP - Wired Equivalent Privacy:

WEP - Wired Equivalent Privacy The original native security mechanism for WLAN provide security through a 802.11 network Used to protect wireless communication from eavesdropping (confidentiality) Prevent unauthorized access to a wireless network (access control) Prevent tampering with transmitted messages Provide users with the equivalent level of privacy inbuilt in wireless networks. Wireless Network Security


WEP Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY) Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) message keys + a 24-bit IV random initialization vector (CONFIDENTIALITY) . The Initialization Vector (IV) and default key on the station access point are used to create a key stream The key stream is then used to convert the plain text message into the WEP encrypted frame. Wireless Network Security

Encrypted WEP frame:

Encrypted WEP frame Wireless Network Security

RC4 keystream XORed with plaintext:

RC4 keystream XORed with plaintext Wireless Network Security

WEP Components:

WEP Components Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network interface 16.7 million possible keys ( 2 24 ) Shared Secret Key 40 bits long (5 ASCII characters) when 64 bit key is used 104 bits long (13 ASCII characters) when 128 bit key is used   Wireless Network Security

WEP Components (cont’d):

WEP Components (cont’d) RC4 algorithm consists of 2 main parts: The Key Scheduling Algorithm ( KSA ): involves creating a scrambled state array This state array will now be used as input in the second phase, called the PRGA phase. The Pseudo Random Generation Algorithm( PRGA ): The state array from the KSA process is used here to generate a final key stream. Each byte of the key stream generated is then Xor’ed with the corresponding plain text byte to produce the desired cipher text. Wireless Network Security

WEP Components (cont’d):

WEP Components (cont’d) ICV (Integrity Check Value)= CRC32 (cyclic redundancy check) integrity check XOR operation denoted as ⊕ plain-text ⊕ keystream= cipher-text cipher-text ⊕ keystream= plain-text plain-text ⊕ cipher-text= keystream Wireless Network Security

How WEP works:

How WEP works Wireless Network Security IV RC4 key IV encrypted packet original unencrypted packet checksum

Encryption Process:

Encryption Process Wireless Network Security

Decryption Process:

Decryption Process Wireless Network Security

WEP Authentication:

WEP Authentication The station sends an authentication request to AP AP sends challenge text to the station. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and it sends the latter to AP. AP decrypts the encrypted text using its configured WEP key that corresponds to the station's default key. AP compares the decrypted text with the original challenge text. If the decrypted text matches the original challenge text, then the access point and the station share the same WEP key, and the access point authenticates the station. The station connects to the network. Wireless Network Security

WEP Authentication (Cont’d):

WEP Authentication (Cont’d) Wireless Network Security

WEP Authentication (Cont’d):

WEP Authentication (Cont’d) There is a well-documented vulnerability with shared-key authentication. The authentication process leaks information about the key stream It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication. SKA is regarded as insecure. The problem is that a monitoring attacker can observe both the challenge and the encrypted response. he can determine the RC4 stream used to encrypt the response, He can use that stream to encrypt any challenge he receives in the future Wireless Network Security

WEP flaws and vulnerabilities:

WEP flaws and vulnerabilities Weak keys: It allows an attacker to discover the default key being used by the Access Point and client stations This enables an attacker to decrypt all messages being sent over the encrypted channel. IV reuse and small size: There are 2 24 different IVs On a busy network, the IV will surely be reused, if the default key has not been changed and the original message can be retrieved relatively easily. Wireless Network Security

WEP flaws and vulnerabilities (cont’d):

WEP flaws and vulnerabilities (cont’d) With IV reuse, it is possible to determine keystreams and hence enable an attacker to forge packets obtaining access to the WLAN. If WEP is using 40 bit long key then it will need more protection from attacks as compared to 128 bit long WEP key. Hence, both are very weak and unable to provide the security to Wi-Fi Networks. uses weak authentication algorithm uses weak data encapsulation method The use of improper integrity algorithm i.e. CRC-32 Lack of mutual authentication and key management Wireless Network Security

Attacks on WEP:

Attacks on WEP Wireless Network Security WEP encrypted networks can be cracked in 10 minutes Goal is to collect enough IVs to be able to crack the key IV = Initialization Vector, plaintext appended to the key to avoid Repetition Injecting packets generates IVs

Attacks on WEP:

Attacks on WEP Backtrack 5 (Released 1 st March 2012) Tutorial is available All required tools on a Linux bootable CD + laptop + wireless card Wireless Network Security

WEP cracking example:

WEP cracking example Wireless Network Security

WPA - WI-FI Protected Access:

WPA - WI-FI Protected Access New technique in 2002 replacement of security flaws of WEP. Improved data encryption Strong user authentication Because of many attacks related to static key, WPA minimize shared secret key in accordance with the frame transmission. Use the RC4 algorithm in a proper way and provide fast transfer of the data before someone can decrypt the data. Wireless Network Security


WPA Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP. WPA also provides vastly improved payload integrity. Wireless Network Security


WPA A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named " Michael ". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed. The Michael algorithm is a strong algorithm that would still work with most older network cards. WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker. Wireless Network Security


WPA Wireless Network Security

How WPA Addresses the WEP Vulnerabilities:

How WPA Addresses the WEP Vulnerabilities WPA wraps RC4 cipher engine in four new algorithms 1. Extended 48-bit IV and IV Sequencing Rules 248 is a large number! More than 500 trillion Sequencing rules specify how IVs are selected and verified 2. A Message Integrity Code (MIC) called Michael Designed for deployed hardware Requires use of active countermeasures 3. Key Derivation and Distribution Initial random number exchanges defeat man-in-the-middle attacks 4. Temporal Key Integrity Protocol generates per- packet keys Wireless Network Security

WPA2 - WI-FI Protected Access 2 :

WPA2 - WI-FI Protected Access 2 Based on the IEEE 802.i standard 2 versions: Personal & Enterprise The primary enhancement over WPA is the use of the AES (Advanced Encryption Standard) algorithm The encryption in WPA2 is done by utilizing either AES or TKIP The Personal mode uses a PSK (Pre-shared key) & does not require a separate authentication of users The enterprise mode requires the users to be separately authenticated by using the EAP protocol Wireless Network Security


WPA2 WPA uses AES with a key length of 128 bit to encrypt the data The AES uses the Counter-Mode/CBC-MAC Protocol ( CCMP ) The CCMP uses the same key for both encryption and authentication, but with different initialization vectors. Wireless Network Security


WPA2 WPA2 has immunity against many types of hacker attacks Man-in-the middle Authentication forging Replay Key collision Weak keys Packet forging Dictionary attacks Wireless Network Security

WPA2 weaknesses:

WPA2 weaknesses Can’t protect against layer session hijacking Can’t stand in front of the physical layer attacks: RF jamming Data flooding Access points failure Vulnerable to the Mac addresses spoofing Wireless Network Security

Am I secure if I use WPA-PSK:

Am I secure if I use WPA-PSK WPA-PSK protected networks are vulnerable to dictionary attacks Works with WPA & WPA2 (802.11i) New attack techniques have increased the speed of this attack – CowPatty 4.6 Run CowPatty against packets to crack the key Needs SSID to crack the WPA-PSK, easily obtainable! Also supports WPA2-PSK cracking with the same pre-computed tables! Spoof the Mac address of the AP and tell client to disassociate Sniff the wireless network for the WPA-PSK handshake (EAPOL) Wireless Network Security

WPA Cracking Example:

WPA Cracking Example Wireless Network Security

WEP vs WPA vs WPA2:

WEP vs WPA vs WPA2 Wireless Network Security WEP WPA WPA2 ENCRYPTION RC4 RC4 AES KEY ROTATION NONE Dynamic Session Keys Dynamic Session Keys KEY DISTRIBUTION Manually typed into each device Automatic distribution available Automatic distribution available AUTHENTICATION Uses WEP key as Authentication Can use 802.1x & EAP Can use 802.1x & EAP

Procedures to improve wireless security:

Procedures to improve wireless security Use wireless intrusion prevention system (WIPS) Enable WPA-PSK Use a good passphrase ( ) Use WPA2 where possible AES is more secure, use TKIP for better performance Change your SSID every so often Wireless network users should use or upgrade their network to the latest security standard released Wireless Network Security

Wireless Network tools:

Wireless Network tools MAC Spoofing WEP Cracking tools Wireless Analysers Wireless Network Security


Questions Q1) Given the cipher-text: 11010110 and the plaintext: 00110101. Compute the keystream. A1) cipher-text: 1 1 0 1 0 1 1 0 plain-text: 0 0 1 1 0 1 0 1 keystream: 1 1 1 0 0 0 1 1 Encrypting: plain-text keystream = cipher-text Decrypting: cipher-text keystream = plain-text Wireless Network Security

Questions (Cont’d):

Questions (Cont’d) Q2) Why SSID hiding or disabling technique is not an 100% effective? A2) The beacon broadcasting cannot be turned off and hackers can still detect the SSID by sniffing different messages using hacking tools. Wireless Network Security


Questions(Cont’d) Q3) List 4 WEP vulnerabilities A3) The Initialization Vector (IV) is Too Small The Integrity Check Value (ICV) algorithm is not appropriate WEP’s use of RC4 is weak Authentication Messages can be easily forged Wireless Network Security


REFERENCES Hytnen, R., and Garcia, M. An Analysis of Wireless Security. 2006 Whalen, S. Analysis of WEP and RC4 Algorithms. March 2002 Wireless LAN Medium Access Control and Physical Layer Specifications. IEEE Std 802.11. June 2007 Wireless Network Security

PowerPoint Presentation:

Thank You! Wireless Network Security

authorStream Live Help