(Web site).doc.doc.doc


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

(Web site).doc.doc.doc

  1. 1. Wireless Security Initiatives Keith Fleming Wireless Security Initiatives The Wireless LAN (WLAN) industry is the fastest growing networking market, only overcome by limitations to secure it. There has been a widespread adoption of wireless networks in the SOHO user market. Wireless LAN technology is recognized, accepted and adopted by many organizations worldwide. Many companies and government entities are realizing the competitive advantage of deploying wireless technology in the workplace. Wireless technologies are continually evolving and providing advancements in speed, bandwidth, and security. However, large enterprises have been reluctant to deploy wireless networks due to perceived limitations in wireless security and the risks it poses to the organization. Simply, WLAN’s are a disruptive technology that has many challenges with securing its networks. Today, the WLAN industry can be categorized as “overheated”, where technology adoption is being driven by an impatient user base demanding more features, and an all out effort by vendors to address known wireless security vulnerabilities. There is a high priority in the industry, especially with the federal government, to push the technology to a point where the risk of compromise is minimized. The intent of this paper is to address the security issues surrounding wireless networks in an enterprise environment. This paper will provide a high level overview of all the challenges and components associated with securing a wireless network. The fundamental question plaguing the industry today is if wireless networks can be deployed 1
  2. 2. Wireless Security Initiatives Keith Fleming securely. There is a mindset prevailing that wireless networks are inherently insecure. Can this be actually true, a fact or fabrication? What known security holes limit enterprise deployments of a WLAN and can they be fixed? This paper will shed light on these questions and detail how wireless networks are secured and point out their limitations. Additionally, this paper will explore current and future initiatives to secure wireless networks in a large enterprise environment, and provide a roadmap where wireless security is headed in the future. WLAN Overview, Standards and Organizations WLAN technology first dates back to the mid-1980s when the Federal Communications Commission (FCC) made the RF spectrum available to the industry. In 1990, the Institute of Electrical and Electronics Engineers (IEEE) formed a working group (WG) to develop a wireless standard to provide wireless networking technology to be similar to the wired Ethernet (802.3).1 This group focused on developing a general standard for radio equipment and networks working at 2.4 GHz, with access time of 1 and 2 Mbps. In June 1997, the IEEE released the wireless standard describing the operations for WLAN, known as 802.11. The 802.11 specifications is the fundamental standard for WLAN. The new standard defined the following functions and technologies: WLAN architecture, MAC layer services such as association, re-association, authentication and privacy, frame formats, signaling functions, and WEP algorithm. 1 A working group, formed by the IEEE, is a collection of researchers, academics, and industry professionals formed with a goal to develop an industry standard to be eventually approved by the IEEE. 2
  3. 3. Wireless Security Initiatives Keith Fleming In September 1999, the IEEE ratified 802.11b that provided the same basic architecture, features and service as 802.11, but improved upon the standard by adding higher data rates (5.5 and 11 Mbps) and more robust connectivity. 2 The 802.11b standard established operations in the unlicensed 2.4 –2.5GHz frequency range using direct sequence spread-spectrum (DSSS) technology.3 In late 2001, 802.11a was ratified that improved the data rate to 54 Mbps, operating at a licensed frequency range of 5 GHz, and using orthogonal frequency division multiplexing (OFDM) technology to reduce interference. 4 This was a dramatic technology shift from 802.11b providing fast data transfers at a higher frequency range that was not susceptible to interference from other devices. However, the 802.11a standard sacrificed decreases in range comparable to 802.11b. In 2003, the IEEE published 802.11g Amendment 4 that provided a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). It provided backward compatibility to 802.11b, a major advantage, by still supporting the complimentary code key (CCK) modulation. The 802.11g provided the best of both worlds (802.11a and 802.11b) with higher speeds, and employing OFDM technologies (like 802.11a), but in the 2.4 GHz frequency bands where range was not compromised (like 802.11b). 2 802.11 operated only at 1 & 2 Mbps not comparable to Ethernet speeds of 10 Mbps. 3 This frequency range is known as the Industrial, Scientific, and Medical (ISM). 4 802.11a Working Group (WG) technically started before 802.11b. However, the objectives were considerably more difficult that resulted in a later ratification date. 3
  4. 4. Wireless Security Initiatives Keith Fleming The above IEEE standards (802.11a, 802.11b, and 802.11g) serve as the major players in the world of wireless networking. However, there are various other standard tasks and WGs involved with promoting the overall functionality of the 802.11 protocol. Two important standards that directly addressed security limitations in the 802.11 protocols were the IEEE 802.11i and 802.1x standards. The IEEE 802.11i and 802.1x specifications addressed several separate initiatives for improving WLAN security. The IEEE Task Group i (TGi) developed the 802.11i standard, published in 2004, to provide short-term and long-term solutions for wireless security to ensure message confidentiality and integrity. 5 The TGi developed the Temporal Key Integrity Protocol (TKIP) as a short-term solution, known as WiFi Protected Access (WPA), to address problems with WEP and to support legacy systems.6 It is a cipher suite that consists of three protocols: a cryptographic message integrity algorithm, a key mixing algorithm, and an enhancement to the initialization vector (more on this later). The long-term solution defined in 802.11i is the Counter Mode/CBC-MAC Protocol (CCMP) based on the newly released Advanced Encryption Standard (AES). CCMP is a highly robust algorithm solution that is not compatible with older WEP- oriented hardware, as thus will require new hardware and protocol changes. 7 The AES (CCMP) protocol provides WLANs with a stronger encryption (confidentiality) 5 The TGi group was formed in March 2001to provide enhancements in security and authentication for the 802.11 MAC. The TGi group split from the MAC Enhancement Task Group (TGe) to address security limitations of 802.11. 6 TKIP was a fix for deficiencies identified in WEP, without any hardware changes. Fixes had to be made to the firmware or software drivers only. WPA is a subset of the TGi solution and an interim fix that incorporates two main features: (1) 802.1x, and (2) TKIP. 7 AES it considered to be a very secure encryption suite, as a result of wide international security by cryptographic experts. It is the current state-of -the art encryption algorithm, as a result of international involvement to produce a strong encryption algorithm. The U.S. government has accepted AES has a standard encryption suite. Approved and published in the FIPS-142. 4
  5. 5. Wireless Security Initiatives Keith Fleming capability, and message integrity than TKIP. Also, it incorporates replay protection. 8 The future of WLAN deployments is moving towards CCMP as the accepted compliance standard. The 802.1x technology was primary developed to support 802 LANs, and is included in the 802.11i standard to provide MAC layer security enhancements.9 The 802.1x is a port authentication algorithm that provides a framework at the link layer allowing for a variety of authentication algorithms to operate over it. It primarily uses the Extensible Authentication Protocol (EAP) to exchange authentication information. It allows WLAN clients to communicate with an authentication server to validate their credentials, and supports strong mutual authentication and key management. 10 In WLANs, the 802.1X framework consists of three entities: the client (resides on the wireless client), the authenticator (resides on the access point), and the authenticator server or AS (resides on a RADIUS server). The 802.1X protocol is an end-to-end communication authentication process between the client and the AS, with the AP serving as the conduit for the authentication messages. The client and AP communicate by means of the EAP encapsulation over LAN (EAPOL) protocol. The AP and the AS communicate through RADIUS. 11 It should be noted that the 802.1X protocol supports 8 Replay protection denies an attacker the capability to capture at least one packet traveling from a victims wireless client laptop/AP to be replayed back into the network, causing the target AP to respond and provide more traffic to capture. 9 IEEE standard 802.1X-2001 is a port-based network access specification that was ratified in June 2001. 802.1aa is a revision to 802.1X and work is still in progress. 10 802.1x allows an AP and a wireless client to mutually authenticate one another. 11 Remote Address Dial-In User Service (RADIUS) is an access server authentication and accounting protocol developed by Livingston Enterprises, Inc. In June 1996, the Internet Engineering Task Force (IETF) approved RADIUS as a standard: RADIUS Specification (RFC 2058) and RADIUS accounting standard (RFC 2059). 5
  6. 6. Wireless Security Initiatives Keith Fleming several different authentication protocols in addition to RADIUS such as Diameter, and Kerberos. The 802.1X can be implemented with different EAP types (to be covered later). Figure 1 illustrates the communication paths of the client, AP and AS, and the 802.1X authentication process. Figure 1 - 802.1x Authentication Process (WPA2) 1. Client request access with AP. 2. Authenticator detects client association and enables the client’s port. 3. Port is forced into an unauthorized state to forward only 802.1x traffic (all other traffic is blocked). 4. The AP passes request to the RADIUS server. 5. The AS and client exchange authentication messages for server to verify client’s identity (password). Mutual authentication also possible where client is verifying the AS identity. 6. The AS instructs the AP via a RADIUS-ACCEPT message to let the client onto the network if the client has satisfied the authentication criteria. If not, an RADIUS-REJECT message is sent to the AP. 7. Upon receipt of the RADIUS-ACCEPT message, the AP transitions the client port to an authorized state allowing the client onto the network. 6
  7. 7. Wireless Security Initiatives Keith Fleming Since the ratification of the initial 802.11 standard, the IEEE 802.11 WG has made numerous revisions through various task groups to improve wireless technologies and security. 12 Table I provides a summary of the 802.11 standards. (Note: Standards highlighted in blue will be the main focus of this paper.) Table I – Summary of 802.11 Standards Specification Description Main Purpose Interest to Security Availability 802.11: Wireless LAN Media Access Control (MAC) and Physical Layer Specifications Original WLAN standard designed for 1 to 2 Mbps wireless transmissions at 2.4 GHz frequency range. Defined the WLAN infrastructure, MAC level services, Frame formats, FHSS and DHSS functions, and WEP algorithm. Operates at the physical and data link layer of the OSI model. Basic wireless technology standard Low Completed in June 1997 802.11a: Wireless LAN MAC and PHY Specifications A physical layer standard in the 5 GHz frequency band. Second major revision to 802.11 standard that provided significant increases in the transfer rate to a maximum theoretical speed of 54 Mbps per channel, and 8 available channels. Higher Performance Low Approved and ratified by IEEE in 2001 802.11b: Wireless LAN MAC and PHY Specifications A physical layer standard in the 2.4 GHz unlicensed frequency band. First major revision to 802.11 standard that provided enhancements with a maximum link rate of 11 Mbps per channel, and 3 available radio channels. Provided a major leap forward in speed, ease of use, implementation flexibility, and relative cost. Performance Enhancements Low Approved and ratified by IEEE in September, 1999 12 For the latest IEEE 802.11 developments and initiatives refer to http://standards.ieee.org/getieee802. 7
  8. 8. Wireless Security Initiatives Keith Fleming Specification Description Main Purpose Interest to Security Availability 802.11d-2001 Amendment 3 A supplementary standard to the MAC layer in 802.11 to add features and restrictions to allow WLANs to operate within the rules of other countries. It will allow APs to communicate information on the permissible radio channels with acceptable power levels for user devices. Promote Worldwide Use Low Published in 2001 as Amendment 3 to 802.11 802.11e: Wireless LAN MAC and PHY Specifications: Amendment 7: MAC Quality of Service (QOS) Enhancements. A supplementary standard to the MAC layer in 802.11 to support applications that require QOS such as VoIP, and video over 802.11wireless networks. QOS Enhancements Low Active 802.11f: IEEE Trial- Use Recommended Practice for Multi- Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation A "recommended practice" standard designed to enhance AP interoperability within multi-vendor WLAN networks. The specification addresses the information that needs to be exchanged between APs, use of RADIUS protocol, and context handling for faster roaming to support interoperability. Interoperability Medium Published in 2003 802.11g: Wireless LAN MAC and PHY Specifications and Amendment 4 Developed a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). Provided backward capatibility to 802.11b, and supports OFDM, CCK, and PBCC modulations. Higher Performance with 802.11b Backward Compatibility Low Published in 2003 as Amendment 4 to 802.11 802.11h: Wireless LAN MAC and PHY Specifications A supplementary standard to the MAC layer to satisfy regulatory requirements for operations in the 5 GHz band in Europe. Defines the use of Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) to comply with European regulations. European Regulation Compliance Low Published in 2003 802.11i: Wireless LAN MAC and PHY Specifications: Amendment 6: MAC Security Enhancements A supplementary standard to the MAC layer to enhance security and authentication mechanisms. Supports the 802.11 a, b & g standards, and is an alternative to WEP. IEEE 802.1x forms a major part of 802.11i. Security Improvements High Published in 2004 8
  9. 9. Wireless Security Initiatives Keith Fleming Specification Description Main Purpose Interest to Security Availability 802.11j: Wireless LAN MAC and PHY Specifications: Specification to Enhance Japanese Compliance An enhancement to 802.11 standard and amendments to operate in the Japanese 4.9 GHz and 5 GHz frequency bands. Japan Compliance Low Published in 2004 802.11K: Wireless LAN MAC and PHY Specifications: Specification for Radio Measurement Standard to define Radio Resource Management measurement enhancements for external use. Originally designed for internal use only, these enhancements will provide radio and network information to higher layers for management, maintenance, and enhanced data that will provide such services as roaming, and coexistence to external entities. Radio Resource Management (External Source) Low Active 802.11n Study group formed to investigate a standard for higher throughput (108 - 320 Mbps), and to enable newer applications and market segments. Higher Performance Low Active (High Throughput Study Group (HTSG) 802.11p An amendment to 802.11 standard to make it suitable for interoperable communications to and between vehicles in the 5 GHz frequency bands. Improvement in Latencies and Communications Between Transport Environments Low Active 802.11r Provide enhancements to 802.11 MAC layer by improving the Basic Service Set (BSS) transition with Extended Service Set (ESS), and support real-time constraints imposed by latency sensitive applications such as VoIP. 802.11 MAC Enhancements for BSS Low Active 802.11s Develop a protocol between an ESS mesh and a Wireless Distribution System (WDS) to support broadcast/multicast and unicast delivery over self-configuring multi- hop topologies. 802.11 MAC & PHY Enhancements Low Active 9
  10. 10. Wireless Security Initiatives Keith Fleming Specification Description Main Purpose Interest to Security Availability 802.11t Develop recommended practices to enable measuring and predicting the performance of 802.11 WLAN devices based on a common and accepted set of performance metrics, measurements and methodologies and test conditions. Improvements to Methodology & Processes to Predict WLAN Performance Low Active 802.11u Amendments to 802.11 MAC and PHY layer to enable Inter-Working with external networks. 802.11 MAC & PHY Enhancements Low Active 802.11v Amendments to 802.11 MAC and PHY layer to support wireless management of attached stations in a centralized or in a distributed fashion, and create an Access Port Management Information Base (AP MIB). 802.11 MAC & PHY Enhancements Low Active 802.11w An amendment standard to 802.11 MAC layer to enhance security of 802.11management frames, including de-authentication and disassociation frames. Goal is to develop a host of security features including data integrity, data confidentiality, data origin authenticity, and replay protection. Security Enhancements High Active (WG formed in 2005) 802.1x: Port-Based Network Access Control Primary developed to support 802 wired LANs, the 802.1x authentication framework is included in the 802.11i MAC layer security enhancements. The 802.1x standard provides a framework at link layer for extensible authentication allowing a variety of authentication algorithms to operate over it. Establishes a framework for WLAN client to communicate with an authentication server to validate the client credentials. It is only focused on authentication and key management, and does not provide encryption. 802.1x is used in combination with an encryption cipher. Security Enhancements High Published in June, 2001 10
  11. 11. Wireless Security Initiatives Keith Fleming Besides the IEEE, there are several other organizations that have played a major role in defining the security standards for WLAN. The Internet Engineering Task Force (IETF) has been the primary architect for EAP protocols such as EAP-TLS, Protected EAP (PEAP), and EAP-Fast.13 EAP is a flexible and transport protocol that is used to carry authentication information that can support multiple authentication mechanisms.14 EAP is versatile and may be used on dedicated links, switched circuits, and wired/ wireless networks. Table II provides a summary of the EAP protocols – IETF. Table II – Summary of the EAP Protocols -IETF Specification Description Main Purpose Interest to Security Availability Extensible Authentication Protocol (EAP) RFC 2284 EAP is the original 1998 RFC standard (RFC 2284) for authentication exchange. It provides an authentication method for the Point-to-Point (PPP) Protocol at the transport layer. A versatile framework that supports multiple authentication extensions (i.e. EAP- TLS, EAP-MD5, EAP-TTLS, etc.) 15 Authentication Exchange High EAP-TLS (Transport Layer Security) Based on the TLS protocol, similar to SSL version 3 (Secure Sockets Layer) protocol used for secure WEB traffic. EAP-TLS provides mutual authentication and the capability to dynamically change encryption keys. Uses digital certificates, and requires Mutual Authentication & Key Management Medium 13 The IETF consists of network designers, operators, vendors, and researchers from all over the world concerned with the evolution and smooth operation of the Internet. 14 EAP was originally defined by RFC 2284. RFC 3579 is a revision to the initial version of EAP. 15 EAP supports many different authentication methods (which will not be discussed in this paper). It is important to note that every AP, client or RADIUS/EAP server supports all EAP authentication methods. Therefore, the EAP authentication method proposed will drive product selection and network design, etc. EAP protocols accommodate different levels of security needs for the EAP client and the back-end EAP server. 11
  12. 12. Wireless Security Initiatives Keith Fleming Specification Description Main Purpose Interest to Security Availability RFC 2716 an infrastructure to manage (i.e. issue, revoke, and verify) the certificates and keys. Protected EAP (PEAP) PEAP is an EAP extension that is similar to EAP-TLS but adds capabilities needed for the wireless domain. PEAP provides the security framework for mutual authentication between an EAP client and an EAP server, and adds client authentication and key exchange not available from EAP-TLS. PEAP addresses gaps in EAP by securing the initial exchange, add user database extensibility, and support for one-time token authentication and password change or aging. 16 Authentication Enhancements High Based on an Internet-Draft from (I-D).17 Still in draft (not yet a standard) EAP-FAST EAP-FAST is considered the most comprehensive and secure WLAN scheme. 18 Provides a mutually authenticated (protected) tunnel to EAP, and incorporates deployment flexibility and extensibility by enabling support for most password authentication interfaces. Authentication Enhancements High Based on an (I-D).19 Still a work in progress (not yet a standard) 16 PEAP provides advantages for deploying WLANs in large enterprise environments. It is based on a server-side EAP-TLS mechanism. First, issues associated with installing digital certificates on every client machine are avoided (EAP-TLS it is a requirement). Second, organization can select methods of client authentication that best suit their needs, such as logon passwords, or One Time Password (OTP). 17 PEAP is an Internet-Draft, a collaboration of engineers from Cisco Systems, Microsoft, and RSA Security, submitted to the IETF. 18 The verdict is not conclusive. Refer to an article by George C. Ou, “EAP-FAST: The LEAP and PEAP killer?” at http://www.lanarchitect.net/Articles/Wireless/EAP-FAST/. 19 Internet-Drafts are working documents of the IETF, its areas, and its working groups, and are valid for a period of six months. 12
  13. 13. Wireless Security Initiatives Keith Fleming Specification Description Main Purpose Interest to Security Availability Cisco Lightweight EAP (LEAP) LEAP was developed by Cisco to provide security advantages including username/password-based mutual authentication between a wireless client and a RADIUS server, and dynamic key generation and key exchange to enhance confidentiality and encryption. 20 Authentication Enhancements to 802.11 High Introduced in December 2000 by Cisco. The Wi-Fi Alliance is a non-profit organization that promotes and tests for WLAN interoperability of 802.11 devices. 21 The Wi-Fi Alliance will certify a product if has successfully met the interoperability requirements, allowing a vendor to use the Wi- Fi certified logo for its product. 22 This Wi-Fi seal of approval carries a high level of interoperability, and assures the end user is achieving interoperability with other WLAN devices that also bear the Wi-Fi logo. There are many factors required to meet Wi-Fi Alliance interoperability compliance including 40-bit WEP keys, fragmentation, PSP Mode, and SSID probe requests to name a few. In addition to certifying WLAN devices for interoperability, the Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) to address security deficiencies in WEP.23 WPA, a subset of 802.11i specification, provided an interim solution for the security gaps identified in WEP, without waiting for 802.11i standard to be developed. The WPA 20 LEAP is not an IETF standard, but introduced by Cisco in December 2000 as a way to quickly improve the overall security of WLAN authentication. 21 The Wi-Fi Alliance was formed in 1999 as WECA – Wireless Ethernet Compatibility Alliance. In October 2002, the Wi-Fi Alliance announced the WPA standard would be available in Wi-Fi products starting in early 2003. 22 There are over 200 members associated with the Wi-Fi Alliance from the world’s leading companies. In 2005, there are over 1,500 Wi-Fi Certified products. 23 WPA addressed all known vulnerabilities in WEP. 13
  14. 14. Wireless Security Initiatives Keith Fleming solution required firmware updates (not hardware), and products be certified by Wi-Fi Alliance, while maintaining 802.11i compatibility.24 WPA uses the Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC) for encryption. It provides mutual authentication by using 802.1x/EAP authentication or pre-shared key (PSK) technology. In large enterprise environments, WPA provides a high level of confidentiality and mutual authentication for all wireless users when deployed with a RADIUS server and database. WPA offers two classes of certification: a WPA-Enterprise and WPA-Personal. 25 The Wi-Fi Alliance released Wireless Protected Access 2 (WPA2) in September 2004, which incorporated the full implementation of 802.11i.26 WPA2 provides major advancements in key management, encryption and pre-authentication mechanisms. WPA2 differs from WPA by providing a stronger encryption mechanism through CCMP using the AES encryption standard. It is similar to WPA in that it still utilizes the 802.1x and EAP for authentication. Similar to WPA, WPA2 offers two modes of operations: a Personal and Enterprise mode. Also, WPA2 creates fresh session keys on very association (similar to WPA). This provides an added security benefit by offering unique, fresh encryption keys for a specific client, and avoids key reuse. WPA2 does not address any flaws with WPA, but provides an advantage to corporations and government entities since it provides a security solution (AES) that meets the FIPS (Federal Information 24 WPA can be implemented immediately and inexpensively through firmware (software) upgrades, reduces the overall cost and impact to network operations. 25 The personal mode is designed for the home and SOHO environment, and does not employ the 802.1x authentication process. It does deploy the same encryption procedures as an Enterprise mode. The Personal mode is not subject of this paper. 26 WPA2 certification was launched in September 1, 2004. In the Spring 2006, the Wi-Fi Alliance will require all APs be WPA2 certified to receive the Wi-Fi seal of approval. 14
  15. 15. Wireless Security Initiatives Keith Fleming Processing Standards) 140-2 compliance requirements.27 WPA2 certified products are backward compatible with WPA. Upgrading to WPA2 may require new hardware requirements due to AES, and not be available for firmware (software) upgrade. Table III provides a summary of the WLAN standards - Wi-Fi Alliance. Table III – Summary of WLAN Standards – Wi-Fi Alliance Specification Description Main Purpose Interest to Security Availability WPA (Wi-Fi Protected Access) A subset of 802.11i, WPA addresses all known vulnerabilities in WEP. Provides mutual authentication by means of the 802.1x/EAP authentication process. Provides a stronger encryption technology than WEP through TKIP with MIC. Security Enhancement High Launched October 2003 WPA2 (Wi-Fi Protected Access 2) WPA2 is the certified interoperable version of the 802.11i specification. WPA2 provides mutual authentication by means of the 802.1x/EAP authentication process. Provides a new advanced encryption technology using CCMP deploying AES encryption. Higher Performance High Launched September 2004. The Wireless LAN Association (WLANA) is a non-profit education trade organization that’s chartered to educate and promote WLAN technologies. It serves as an educational resource to learn more about WLANs that includes a directory, white papers and case studies providing valuable information about WLAN products, services, and 27 AES is adopted has the official government standard by the Department of Commerce, and the National Institute of Standards and Technology (NIST). 15
  16. 16. Wireless Security Initiatives Keith Fleming implementations.28 The organization offers various levels of certifications to provide an educational standard for the WLAN industry. 29 Wireless Security (Overview) Wireless communications offers many benefits to an organization including portability, flexibility, increased productivity, and lower installation costs. However, there is the security challenge with WLAN. Enterprise organizations must have the assurance that a WLAN deployment offers minimum risk before the benefits can be fully realized. In additional to the risks associated in wired networks, there are additional risks inherent in wireless technology exacerbated by wireless connectivity, and some new risks not associated with wired networks. Simply, security is the weak link to the wireless revolution. In the wired world, protection is provided to some extent by wires, and access is available through a physical jack to communicate. In the wireless world, the airwaves are open for all to listen, similar to an “Ethernet port in the parking lot”, creating more challenges. Security breaches can be very costly to an organization putting at risk their most valuable assets, including intellectual property, proprietary business processes, customer data, not to mention the dollar costs due to lost business and recovering from the event. The security challenge is to incorporate basic security mechanics and mechanisms for 28 WLANA has many partners contributing content and information to the WLANA directory of information. Refer to the WLANA website: www.wlana.org. 29 WLANA offers the following certifications: Certified Wireless Network Administrator (CWNA), Certified Wireless Security Professional (CWSP), Certified Wireless Network Integration ((CWNI), and the Certified Wireless Network Expert (CWNE). 16
  17. 17. Wireless Security Initiatives Keith Fleming organizations deploying wireless networks.30 The goal to successfully implementing a WLAN is to ensure all tools and techniques are used to minimize any security risks associated from a passive or active attach. The first step to address the complexity of securing wireless networks is by discussing the basic security mechanics, and mechanisms available for wireless deployments. Basic security mechanics, in the wireless world, entails the general capabilities of confidentiality, integrity, availability, authentication, authorization, and access control. Mechanisms provide the means through technologies, protocols, and implementations to achieve the basic security mechanics. Some important key mechanisms to deploy in a wireless network include encryption protocols, digital signatures, and key management. Security, for all practical purposes, is the combination of processes, procedures, and systems used to achieve the basic security mechanics. Table IV describes the basic security mechanics and mechanisms for wireless deployments. Table IV – Basic Security Mechanics and Mechanisms Basic Security Mechanics & Key Mechanisms Definitions Mechanisms Confidentiality Capability to protect information from unauthorized entities. The capability to send/receive data without divulging any information to unauthorized entities during the transmission of data. Encryption (Symmetric and Asymmetric) Integrity Capability to protect data content from unauthorized modifications. Capability to send/receive data such that unauthorized entities cannot change any part of the Digital Signatures (Using one-way hash functions) 30 Cisco defines basic security mechanics as a general capability that includes confidentiality, integrity, availability, authentication, authorization, and access control. Mechanisms are defined as detailed technologies, protocols, and implementations that include encryption and key management. 17
  18. 18. Wireless Security Initiatives Keith Fleming Basic Security Mechanics & Key Mechanisms Definitions Mechanisms exchanged data without the sender/receiver detecting the change. Availability Capability to send/receive data without disruption. Ensures that a system or data is accessible/available when needed. 31 Defensive technologies to detect/guard against DoS attacks Authentication Capability to validate the identity of the sender/receiver of information. 802.1x, RADIUS, PAP/CHAP, MS- CHAP, etc. Authorization Usually follows an authentication procedure, and establishes what capabilities and information a user can access. 802.1x (based on authentication), multiple levels and protocols Access Control Capability ensuring users see only the information for which they are authorized. Based on authentication, encryption Encryption Capability to transform data (or plain text) into meaningless bytes (Cipher text) based on some algorithm. WEP, CKIP, TKIP, AES Decryption Capability to transform the meaningless bytes (Cipher text) back to meaningful data (or plain text). WEP, CKIP, TKIP, AES Key Management Process and capability of generating, storing, and distributing keys. 32 Confidentiality The goal of confidentiality is to protect information during its transmission from unauthorized entities. Encryption is the key mechanism to achieve confidentiality. Simply, encryption is the means to encode data using cryptography to achieve privacy of in-transit data, and meaningless to unauthorized recipients. By converting data into a form that cannot be easily understood, encryption attempts to prevent eavesdropping from anyone who is not authorized to read it. In the wireless world, the goal is to prevent 31 A denial of network availability usually involves some form of DoS attack, which can range from physical destruction of network equipment to attacks designed to saturate a network’s bandwidth. 32 Key is a digital code used to encrypt, decrypt and sign information. Key management is the process of generating, storing, distributing, and providing the overall protection of keys. A compromised key can provide the most direct means of unauthorized access. 18
  19. 19. Wireless Security Initiatives Keith Fleming eavesdroppers from capturing packets and analyzing them later. Therefore, the algorithm must be able to achieve confidentiality for a certain length of time. The process to encrypt data is through use of an algorithm, or key. There are two key paradigms used to encrypt data: symmetric key and asymmetric key algorithms. In the wireless world, the preferred method for data confidentiality is symmetric key algorithms. 33 It uses a common key and the same cryptographic algorithm to both encrypt and decrypt data. Symmetric key algorithm uses one of two different methods to encrypt and decrypt data: block ciphers and stream ciphers. Early WLAN deployments used the block cipher method.34 Generally, block cipher methods are more suitable for software-based encryption. The newer symmetric key algorithms employ a stream cipher method. 35 Stream ciphers are more efficient for hardware-based encryption. In addition, stream ciphers are considered more inherently secure than block ciphers. Whereas, block ciphers transform identical message blocks into identical cipher-text blocks when using a fixed key, allowing for an unauthorized entities to delete, insert or replay of cipher-text, and conduct cipher-text searching for matches. Stream ciphers employ a memory function that encrypts a stream of data (usually a character or byte of data) under a time varying function of the key that prevents deletion, insertion or replay of cipher-text, and cipher-text searching. 33 Also known as secret key encryption, symmetric key encryption is faster having a major performance advantage that can handle bulk encryption much better than asymmetric key encryption. Designed for hardware, the symmetric key encryption can encrypt large amounts of data more efficiently. 34 Block cipher method breaks up data in 64-bit blocks or a finite size, and chains them together using one of four common chaining mechanisms called a mode (ECB, CBC, CFB & OFB). A mode is a method of combining the plain text (not encrypted), the secret key, and cipher text (encrypted) of a message to generate the cipher text that is transmitted to the recipient. Cryptosystems are used on each block independently. 35 Stream cipher method encipher stream of data usually a byte at a time. 19
  20. 20. Wireless Security Initiatives Keith Fleming Asymmetric encryption uses a pair of keys to encrypt and decrypt data: a public key and a private key. 36 It can use the same algorithm or a different but complimentary algorithm to scramble or unscramble data. What one key encrypts, only the other key can decrypt. Thus, if plain text is encrypted using the public key, than the private key must be used to decrypt the cipher-text (and vice versa). Asymmetric encryption is rarely used for data confidentiality. 37 The algorithm is typically used in applications involving sender authentication using digital signatures and key management, and the exchange of session symmetric keys. Integrity Integrity provides the means to detect if data has been tampered with in any way. Deploying strong integrity mechanisms are aimed at providing confidence that the data coming into or exiting the network is trustworthy. A digital signature is the preferred mechanism to achieve integrity. Simply, a digital signature is an encrypted message digest or hash that is appended to a document.38 A digital signature uses a public key encryption algorithm to confirm the identity of the sender and encrypt the hash of a message, and a one-way secure hash function algorithm to ensure the integrity of the document. 39 36 Also known as public key encryption. 37 Asymmetric encryption requires public/private key generation that is complex that includes stringent mathematical computations and is processor intensive. Also, this performance constraint makes it less effective to hardware (chip) offload. 38 A hash or message digest is a result of a one-way hash algorithm to generate a fixed length code from an input message. 39 The sender generates a hash and encrypts it to be transmitted to the receiver. The receiver separates the message and the signature. The message is input into a one-way hash function with a result of a hash of the message. The hash from this message is verified with the decrypted hash from the digital signature. Integrity has been preserved if the both codes are equal. 20
  21. 21. Wireless Security Initiatives Keith Fleming Authentication Authentication is the capability to validate the identities of a user, service or device based on predefined criteria. Due to the broadcast nature of WLANs, much attention and focus has been given to authentication to prevent unauthorized access to network resources by a user or device. Authentication is the process of determining whether the authorized user, service or device that has tried to gain access to the network is in fact the authorized entity. In the wireless world, the 802.11 specifications do not consider the user, but only authenticates a wireless station or device. Authentication systems can range from simple name-password matches to challenge-response protocols. The 802.11 specifications define two basic authentication services: open authentication and shared-key authentication methods. There are two other mechanisms that are commonly used for authentication: the Service Set Identifier (SSID), and the Media Access Control (MAC) address. Open Authentication and Vulnerabilities Open authentication method does not employ cryptographic validation. It is a null authentication algorithm, meaning the AP will grant any request for authentication by a device. A wireless station can access the wireless network without any identity verification. If a wireless client (station) can find and communicate with an Access Point (AP), it will be allowed to join the wireless network. The only security mechanism employed for open authentication is the SSID of the AP. If WEP encryption is not employed, a device only needs to know the SSID of the AP to gain access to the network. 21
  22. 22. Wireless Security Initiatives Keith Fleming 40 If WEP encryption is enabled on the AP, the device will not be able to transmit or receive data from the AP without a correct WEP key. In 1997, 802.11 specified authentication to be connectivity-oriented, and allow devices quick access to wireless networks. 41 Open authentication provides simplicity and ease with connecting to a wireless network, and is recommended for a public WLAN. 42 There is no way an AP can determine whether a wireless client is valid or not by employing open authentication. This can provide considerable security risk if open authentication is deployed without WEP encryption implemented. However, WEP has been compromised and is no longer a viable WLAN security solution. WEP vulnerabilities will be discussed in more detail later. Shared Key Authentication and Vulnerabilities Shared key authentication use to be considered one of the more secure methods of authentication in a WLAN environment. It uses a cryptographic technique for authentication, and is based on a challenge-response protocol. The shared key authentication requires a static WEP key to be configured by a wireless client. The AP sends a random challenge in plaintext to a wireless client. If the wireless client has knowledge of the shared key, it will encrypt the challenge and sent the result back to the AP. The AP will allow access only if the decrypted value (the result computed by the wireless client) is the same as the random challenge transmitted by the AP. 40 Wired Equivalent Privacy (WEP) is the security protocol specified in 802.11 specifications. It is designed to provide a WLAN with the same level of security and privacy expected of a wired LAN. 41 Many 802.11 compliant devices do not have the CPU capabilities required to exercise complex authentication algorithms such bar code readers. 42 Open authentication is a viable connectivity mechanism when employing technologies like an IPSec/VPN solution for security to connect to corporate networks. 22
  23. 23. Wireless Security Initiatives Keith Fleming There are several fundamental problems with shared-key authentication. First, it does not provide for mutual authentication, but merely establishes proof that both parties (AP and wireless client) share the same secret. 43 Secondly, the shared-key authentication method depends on the WEP infrastructure that has been deemed insecure for a variety of reasons. Third, the challenge-response process explained above is vulnerable to a man- in-the-middle attack. An eavesdropper can capture both the plain-text challenge text and the cipher-text response by just sniffing with a protocol analyzer, and determine the key stream (Figure 2). 44 Figure 2 – Known Plaintext Attack 43 The wireless client does not actually authenticate the AP and vice versa, and has no assurance as of each parties identity. 44 The WEP encryption process derives cipher-text by performing an exclusive OR (XOR) function on the plaintext with the key stream. An eavesdropper can perform a XOR on the captured plaintext and cipher- text to derive the key stream. 23
  24. 24. Wireless Security Initiatives Keith Fleming MAC Address Authentication and Vulnerabilities The AP’s policy can also base its access on the client’s MAC address, where the authenticating MAC address is matched to the AP’s table of valid MAC addresses.45 MAC address filtering is not specified in the 802.11 specifications. However, many vendors support this method of authentication. MAC address filtering provide another layer of security to limit unauthorized devices from accessing an network, and augments the open and shared key authentications provided by 802.11 specifications. Availability 45 MAC based authentication is not suitable for large enterprise deployments, and more appropriate for the SOHO environment where the number of computers (and corresponding registration table) are small. It is valid as a first layer of defense to deny access to client adapters. 24
  25. 25. Wireless Security Initiatives Keith Fleming Requires that a WLAN be available to authorized users when needed. It is the capability to receive and send data without disruption of services. DoS attacks are a threat to network availability. Organizations must deploy defense mechanisms to detect and guard against various forms of DoS attacks to ensure availability is achieved. Access Control Access control is the capability to ensure users see only the information for which they are authorized. Entities (usernames, MAC/IP addresses, etc.) use credentials such as passwords, and shared keys to establish the identity, that is authenticated by AAA systems (RADIUS, LDAP, etc). It uses 802.1x authentication protocols or similar (EAP, LEAP, PEAP, etc.) to exchange credentials and establish challenge/response handshakes. Once authenticated, an AAA system provides the authorization and controls the access to what network resources are allowed by a user. Access control security mechanisms are based on authentication, and having knowledge of WEP keys before access and privileges are granted. Encryption/Decryption Encryption is the mechanism to achieve confidentiality. It is the capability to transform plaintext into meaningless bytes, known as Cipher text, based on three primary 802.11 algorithms: WEP, TKIP and AES (CCMP). Decryption is the reverse process. It is the capability to transform meaningless bytes (Cipher text) back to meaningful data (or plain text). Simply, encryption techniques provide three main goals in a WLAN: confidentiality, message integrity, and supports authentication, authorization and access control process. See discussions above for 25
  26. 26. Wireless Security Initiatives Keith Fleming confidentiality, message integrity and access control. A detailed discussion of WEP, TKIP, and AES (CCMP) encryption algorithm are found later in this paper. Key Management Key management is the process of distributing keys to support encryption, decryption, and mutual authentication. It is the process of generating, storing, distributing, and providing the overall protection of keys. A key is digital code. Primarily used to encrypt, decrypt and sign information. Keys length and the strength of a key are two important topics related to key management. Key strength is the capability to withstand the digital code from being deciphered, and is usually measured by the time, effort and resources required to break the key. Key length is the number of bits in the key. The longer the key length, the more difficult it becomes to break a key with brute-force. However, there must be a balance between key “cost” and the worth of the information that the key is protecting. Longer key lengths require more overhead and bandwidth, and are more computationally expensive to encrypt and decrypt. There are two types of keys: public keys, and shared or secret keys. With public keys, there known by everyone. With shared (or secret keys), it is known only by the recipient of the message. (See symmetric and asymmetric key operations above for a discussion on keys). With WEP, keys were distributed manually, and unique only to the network. A WEP key was vulnerable to unauthorized access. A compromised key provides the most direct means of unauthorized access. With the IEEE 802.11i standard (WPA/WPA2 protocols), keys are distributed dynamically (automated), and are unique to a packet, session and user. 26
  27. 27. Wireless Security Initiatives Keith Fleming WLAN (Basic Architecture & Fundamentals) Wireless networks can be categorized into three groups based on their coverage range. The Wireless Wide Area Networks (WWAN) extends over large geographical areas and includes technologies such 3G cellular, Cellular Digital Packet Data CDPD, and Global Systems for Mobile Communications (GSM). WWAN is focused on linking different networks over a large geographical area to allow wider file sharing and connectivity. Wireless Personal Area Networks (WPAN) is an IEEE 802.15 specification that represents technologies with a very short range such as Bluetooth and IR. 46 WPAN is focusing on technology called “plugging in” that allows any two WPAN-equipped devices that come into close proximity (within several meters of each other) or within a few kilometers of a central server to communicate as if connected by a cable. Also, WPAN is promoting the ability of each device to lock out other devices selectively, preventing needless interference or unauthorized access to information. The focus of this paper is WLANs that has range coverage that falls between WWANs and WPANs. WLAN Architecture The 802.11 standard is based on cellular architecture where the system is divided into cells. Each cell (called a Basic Service Set or BSS) is controlled by a base station called an Access Point or (AP). 47 A typical installation will include several cells, where APs are connected through a backbone (called a Distribution System or DS) usually Ethernet. 48 However, a backbone can be wireless. The whole interconnected WLAN including the 46 WPAN is fairly new and undergoing a rapidly development. Currently, there are four specifications defined by the IEEE (802.15.1 –802.15.4) that deal with Bluetooth. 47 BSS can be considered a coverage area. 48 A DS is usually a wired network that connects a WLAN to the rest of the world such as a corporate LAN, access provider, or the Internet. 27
  28. 28. Wireless Security Initiatives Keith Fleming different cells, respective APs and DS, is seen as the upper layers of the OSI model, as a single 802 network. This is referred to as an Extended Service Set (ESS). Simply, the ESS consists of two or more BSS, or wireless clients that are connected to an AP, forming a single sub-network. ESS is multiple BSS cells linked together by either a wired or wireless backbones (DS). 49 A typical WLAN is depicted (Figure 3). Figure 3 - Typical 802.11 Wireless Local Area Network Distribution System (DS) ESS The 802.11 define two modes of WLAN operations including the independent BSS (IBSS), and the infrastructure mode or ESS (already discussed). Large enterprise deployments are consistent with the WLAN infrastructure mode. On the other hand, the IBSS mode is an ad-hoc mobile network that is not used very often. An IBSS is a BSS that stands alone and is not connected to an AP, communicating only peer to peer. IBSS are usually spontaneous networks that can be set up rapidly, and are limited both temporally and spatially. 50 49 The ESS is the most common WLAN mode. 50 The IBSS mode is an emerging technology with the potential of providing value to the Internet. There are several Mobile Ad-Hoc Network (MANet) protocols being worked at the IETF standards level. Two experimental protocols are: (1) The Ad hoc On-Demand Distance Vector (AODV) algorithm enables dynamic, self-starting, multi-hop routing between participating mobile nodes wishing to establish and maintain an ad hoc network, and (2) Adaptive Demand-Driven Multicast Routing (ADMR) protocol is a new 28 AP BSS AP BSS
  29. 29. Wireless Security Initiatives Keith Fleming 802.11 Physical Layer The IEEE 802.11 standard focuses on the bottom two layers of the OSI model: the physical and data link layer. The physical layer provides the transmission of bits through a wireless network. The IEEE 802.11 defines several physical techniques to transmit data using a WLAN: Diffused Infrared (IR), frequency hopping spread spectrum (FHSS), direct sequence spread spectrum (DSSS), and orthogonal frequency division multiplexing (OFDM). RF-base solutions are the traditional technology for transmission of data over WLANs. Whereas, IR-based solutions have not generated much interest as a technology, and vendors have not produced 802.11 IR compliant products. IR offers higher transmission rates than RF based systems, but due to distinct limitations precludes its use as a WLAN physical layer standard. 51 Spread spectrum technology uses radio frequency (RF) to transmit data over a WLAN that include: FHSS, DSSS and OFDM. Spread spectrum takes a digital signal and expands it to make it appear more like random background noise (wide bandwidth and low peak power). This makes a spread spectrum signal harder to detect, more noise-like, and difficult to intercept and decode without the proper equipment. 52 The technology employs several methods of modulation including various versions of phase shift keying (PSK), Quadrature amplitude modulation (QAM), and complementary code keying (CCK). on-demand ad hoc network multicast routing protocol that attempts to reduce any non-on-demand components within the protocol. 51 First, frequencies are in the terahertz range. It is restricted to line of sight operations (similar to visible light). Proponents of this technology advocate higher security advantages due to IR not being able to penetrate through walls, and no RF interference. However, due to limited range, costs can more expensive than radio-based solutions. Second, the power output must be set low to reduce damage to the human eye, but also limits the effective transmission range. IR is highly reflective. 52 Spread spectrum was developed by the military in the 1950s in an attempt to reduce jamming and eavesdropping. 29
  30. 30. Wireless Security Initiatives Keith Fleming DSSS is the spread spectrum technology chosen by the IEEE 802.11 working group, and is widely used with 802.11b devices. 53 A data signal is combined with a higher data rate bit sequence, known as a chipping code or processing gain, that convert each bit of user data into a series of redundant bit patterns (known as chips). 54 DSSS works by dividing the 2.4 GHz band into 11 channels that are 22 MHz wide, and uses a 1 MHz carrier frequency for data transmission. Data is spread and transmitted over one of these 22 MHz channels without hopping to other channels, in effect causing noise on the given channel. With the combination of chips and spreading the signal across the 22 MHz channels, DSSS provides a mechanism for error checking and correction functionality to recover data. The center frequencies for each channel are 5 MHz apart, creating overlapping channels. 55 There is a maximum of only three non-overlapping channels that can be co-located (channels 1, 6 & 11) without some degradation in throughput. DSSS is primary used with 802.11b devices. The FCC (Regulation 15.247) governs DSSS in the United States. In Europe, the European Standard Organizations and Regulations (ETSI) by regulation 300-328 governs the DSSS technology. OFDM is not a spread spectrum technology, but rather a frequency division multiplexing (FDM) modulation technique that can transmit large amounts of digital data over a radio wave. OFDM works by splitting the digital signal into separate sub-signals that are 53 Vendors and the IEEE 802.11 working group did not favor FHSS, due mostly to security concerns that the hopping codes are published (802.11 standard) and available to anyone. 54 A chipping sequence is a data stream of ones and zeros that are modulated with a second pattern to generate a redundant bit pattern to be transmitted, resulting in a signal that appears as wide band noise to an unintended receiver. 802.11b uses two different sequencing techniques. The Barker code achieves data rates of 1 and 2 Mbps. The CCK uses a series of codes (called complementary sequences) to achieve 5.5 and 11 Mbps data rates. 55 Overlapping channels should not be co-located, since a drastic or complete reduction in throughput will be experienced. 30
  31. 31. Wireless Security Initiatives Keith Fleming simultaneously transmitted separately at different frequencies over a wireless network. A data signal is divided across 48 separate sub-carriers within a 20 MHz channel that yields transmission rates up to 54Mbps. OFDM is a very efficient at transmitting data at high- speed, and minimizing the amount of crosstalk in signal transmissions. Besides being deployed as an 802.11a and 802.11g WLAN standards, OFDM has been selected for use with 802.16 and WiMax technologies. 56 The U.S. Code of Federal Regulation (Title 47 Section 15.407) regulates OFDM within the United States. The IEEE 802.11 physical layer is divided into two sub-layers: the Physical Layer Convergence Protocol (PLCP), and the Physical Medium Dependent (PMD). The PLCP is responsible for preparing the 802.11 frames (signal) for transmission. It directs the PMD, primary responsible for encoding, to transmit and receive signals, and change radio channels amongst other functions. 57 The Big Three: 802.11b, 802.11a and 802.11g The 802.11 standard has evolved since being ratified in 1997. The original 802.11 specification supported 1 and 2 Mbps in the 2.4 GHz spectrum using FHSS, DSSS and IR. Also, the 802.11 specifications defined the WLAN architecture, various MAC layer services, and WEP algorithm to provide wireless security. Today, three IEEE 802.11 protocols have provided major technological advancements to the WLAN industry including 802.11b, 802.11a and 802.11g. 56 OFDM has been supporting the symmetric digital subscriber line (ADSL) standard for quite some time. In addition, OFDM is used with the European based HiperLAN/2 wireless standards. 57 Refer to http://grouper.ieee.org/groups/802/11/main.html for a detailed discussion of the PLCP and PMD. 31
  32. 32. Wireless Security Initiatives Keith Fleming The 802.11b standard is the most widely deployed wireless standard with data rates of 11megabits per seconds (Mbps) that is similar to the Ethernet wired LAN connections of 10 Mbps. It operates in the unlicensed portion of 2.4 GHz radio band and is limited to three frequency channels. The protocol increased the data rate to 11 Mbps, and provided an improved range over 802.11. Benefits to 802.11b included ease of use, implementation flexibility, and cost savings. However, 802.11 operate in an unlicensed band (2.4 GHz) that has become overcrowded, and can provide interference problems. 58 The 802.11b is ideal for home and SOHO deployments, but provided liabilities for large enterprise deployments. 59 The 802.11a standard provided significant benefits over 802.11b, with speed (transfer rate) being the greatest advancement. Delivering a maximum data rate of 54Mbps and eight non-overlapping frequency channels, this standard provides increased network capacity, improved scalability, and more flexibility in designing “microcells” without interference from adjacent cells. The IEEE 802.11a standard operates in the 5 GHz frequency ranges that are in the unlicensed National Information Infrastructure (U-NII frequency spectrum. This provides another major advantage for 802.11a, since it is immune to interference from devices that operate in the crowded 2.4 GHz range. The standard introduced multiplexing (OFDM) as a transfer mechanism. While tremendous transfer speeds are achieved with 802.11a, the effective range is sacrificed. The maximum effective range is 80 feet (average) with relatively an unobstructed path. Whereas, 802.11b can achieve ranges upward of 300 feet given optimal conditions. 60 58 Devices such as microwave ovens, cordless telephones and Bluetooth devices operate in the 2.4 GHz frequency range. 59 Mostly due to bandwidth limitations and insecurities of WEP. 60 IEEE 802.11b maximum effective range is about 175 feet (average). 32
  33. 33. Wireless Security Initiatives Keith Fleming Another disadvantages, 802.11a is not backward compatible with IEEE 802.11b compliant devices. However, 2.4 and 5 GHz devices can operate within the same physical environment without interference. In Europe, the HiPerLAN/2 directly competes with the 802.11a standard. The IEEE 802.11h standard is working with the ETSI to establish interoperability with HiPerLAN/2. 61 The 802.11g standard provides best of both worlds (802.11a and 802.11b). It achieves the higher speeds, while employing OFDM technologies (like 802.11a). But operates in the 2.4 GHz frequency bands where range was not compromised (like 802.11b). The greatest advantage for WLAN users deploying 802.11g, that higher data rates could still be achieved up to 54 Mbps while operating in the 2.4 GHz unlicensed frequency band. In addition, the maximum effective range of 175 feet (average) was not compromised even though operating at higher data rates. Another advantage, the 802.11g standard offers backward capability for the 802.11b standard by still supporting the CCK modulation. This capability provides upgrading WLANs simple and inexpensive. Again like 802.11b, the 802.11g standard has three channels that can limit wireless capacity and scalability. Another disadvantage is that 802.11g operate in the crowded 2.4 GHz frequency band making it susceptible to interference. Table V provides a standard technology overview for the 802.11 standards. Table V - 802.11 Standard Technology Overview 802.11b 802.11a 802.11g 61 Known as the “5UP” initiative (5 GHz Unified Protocol) where the IEEE and the ETSI is working to unify certain wireless technologies. 33
  34. 34. Wireless Security Initiatives Keith Fleming Frequency Band 2.4 GHz (ISM Band) 5GHz (UNII Band) 2.4Ghz (ISM Band) Frequency Range (US) 2.412-2.484 GHz (83 MHz wide) 5.15 – 5.35 GHz 5.725-5.825GHz (300 MHz wide) 2.412-2.484 GHz (83 MHz wide) Channel Support 11 (1-11) (25 MHz Channels) 12 Non-overlapping channels 11 (1-11) (25 MHz Channels) Non-Overlapping Channels Only 3 12 Non-overlapping channels Only 3 Availability Worldwide US/AP Worldwide Data Rates 1, 2, 5.5 and 11 Mbps 6, 9, 12, 18, 24, 36, 48, and 54 Mbps 6, 9, 12, 18, 22, 24, 36, 48, and 54 Mbps Maximum Data Rate 11Mbps 54Mbps 54Mbps AP Simultaneous Users 20 –30 Users 100+ Users 100 + Users Methods of Transmission DSSS (CCK, BPSK, QPSK) OFDM (BPSK, QPSK, 16- QAM, 64-QAM) OFDM & DSSS (CCK, BPSK, QPSK) Basic Access Method CDMA/CA CDMA/CA CDMA/CA Interference (Other Devices) Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices HiperLAN Devices Cordless Phones Microwave Ovens Wireless Video Bluetooth Devices Maximum Range (Average) 175 feet 80 feet 175 feet The 802.11 Medium Access Control (MAC) Layer The 802.11 Mac layer is responsible for managing and maintaining communications between WLAN entities (APs, wireless clients - Network Interface Cards (NIC), and Distribution Systems). The 802.11 WLAN consists of a set of essential services that are implemented by WLAN entities to coordinate access to shared radio channels, data 34
  35. 35. Wireless Security Initiatives Keith Fleming transfer, authentication and other important functions. 62 Services are achieved by communication of messages between entities that are composed within frames. Table VI provides a list of essential 802.11 services executed in the MAC layer, but is not an inclusive list. Table VI – 802.11 Mac Layer Essential Services Service Description Group Type Authentication Process of establishing client identity prior to a wireless client associating with an AP. The authentication server must be satisfied that it is indeed the authorized wireless client. Goal is to provide access control equivalent to a wired LAN. SS 63 Request 64 De- authentication Process of terminating an existing authentication. SS Notification 65 Association Process of establishing the wireless link between the wireless client and the AP. Executed after an authentication, an association must take place before data frames can be transmitted. A wireless client is associated with only one AP. SS & DSS Request Disassociation Process of terminating an association between a wireless client and an AP. SS & DSS Request Re-association Process of providing a roaming capability for the wireless client. Allows a wireless client to move from one AP to another within an ESS. DSS 66 Request 62 Station services (SS) are MAC layer services implemented by an AP or wireless client. Distribution system services (DSS) are MAC layer services implemented by the backend DS. 63 A station service (SS) is a service that is either implemented by an AP or wireless client within a BSS. 64 A request type can be denied by an entity. 65 A notification type is final, and must be executed. It cannot be refused be either party. 66 A distributed system service (DSS) is a service that is implemented by a back-end DS. 35
  36. 36. Wireless Security Initiatives Keith Fleming Service Description Group Type Confidentiality Provides the capability to protect information from unauthorized entities. This service is provided only for data frames. SS (DSS for key material) Request Distribution Process of delivering messages (MAC frames) across a DS. DSS Request Integration Process of connecting a WLAN with a back-end LAN. Simply, it performs translation of 802.11 frames to frames that can transverse another network, and vice versa. DSS Request Data Delivery Process of delivering data between MAC service access points, with minimal duplication and reordering of frames. . SS Request There are two ways to provide medium access to a radio channel, as defined in the 802.11 standard, before a frame can be transmitted: the distributed coordination function (DCF), and point coordination function (PCF). DCF is based on collision sense multiple access with collision avoidance (CSMA/CA) methodology to access wireless entities. 67 With DCF, a wireless station contending for access will transmit data after first sensing if the medium is free.68 If not, the wireless station will wait and defer its transmission to a later time. 69 The receiving station sends an acknowledgment (ACK) if no errors was detected in the frame. The sending station will retransmit a frame if it does not receive an ACK within a specified amount of time, assuming a collision or RF interference occurred. PCF is an optional provision in 802.11 to allow an AP to grant access to wireless stations 67 WLANs, different from the wired world, cannot both receive and transmit on the same channel using radio transceivers (unless a full duplex radio is developed significantly increasing the cost). The receiving station must inform the sending station through an acknowledgment (ACK) that no errors were received in the frame. CSMA/CD cannot be used for the IEEE 802.11 technology. 68 The medium must be free for a specified amount of time, also known as the Distributed Inter Frame Space (DFIS). 69 The IEEE 802.11 uses a basic back-off algorithm and a back-off timer for fairness. 36
  37. 37. Wireless Security Initiatives Keith Fleming after polling a station during the contention free period. It is primary used to implement time-critical services such as voice and video transmissions. The transmission of PCF- based traffic occurs alternately between contention periods (or DCF). Prior to transmitting a frame, the sending station calculates a value, known as network allocation vector (NAV), to determine the amount of time necessary to send the frame based on the frames length and data rate. 70 The NAV value is placed in the duration field within the header of the frame. The receiving station uses this value to set its corresponding NAV, and reserve the medium for the sending station. The wireless 802.11 uses the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) as the packet transmission protocol. This differs from the “wired” Ethernet, which uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Radio Frequency technology does not have the capability to detect collisions, and uses collision avoidance by first listening to determine if another wireless station is transmitting. If the medium is not busy, the wireless station can transmit. If the medium is busy, the CSMA/CA protocol uses a random back-off timer before transmitting again. Wireless Basic Components The basic WLAN architecture consists of APs that comprise the WLAN infrastructure and network interface cards (NIC) or client adapters for the wireless client. The antenna is a significant component of the WLAN that can make a difference in the overall performance, and is responsible for radiating the modulated signal for reception by wireless components. Wireless bridges and repeaters serve to provide connectivity 70 NAV must be zero before a sending station can attempt to transmit a frame. 37
  38. 38. Wireless Security Initiatives Keith Fleming between multiple LANs (wired and wireless) at the MAC layer. The enterprise WLAN network is also comprised of the following components: the authentication, authorization and accounting (AAA) server, network management server (NMS), and “wireless-aware” switches and routers. The WLAN components listed above can be easily folded into the current wired architecture within an organization, and provide end-to-end network mobility in enterprise and vertical markets. Table VII provides a description of WLAN components. Table VII – Description of WLAN Components WLAN Component Description Access Point (AP) (Fat AP) A primary component of the WLAN infrastructure providing clients with a point of access to the network. It is a layer 2 device that serves as an interface between a wireless and wired network, controlling medium access using RTS/CTS (4-way handshake). An AP is a half- duplex device that incorporates intelligence similar to a sophisticated Ethernet switch. Operates either at the 2.4 or 5 GHz frequency range depending on the 802.11 standard deployed, and uses standard 802.11 modulation techniques (see above). APs are responsible for notifying wireless clients of its availability, and authenticating/associating wireless clients to a WLAN. In addition, APs coordinate use of wired resources and roaming functionality such as re-association. APs can be configured in three modes: root, bridge or repeater mode. There are several kinds of APs ranging from single and multiple radios (depending on the 802.11 technologies), to centrally managed thin APs. 71 A new, integrated AP architecture is emerging that puts the intelligence in the network infrastructure. 72 71 Thin APs, also known as lightweight APs, are little more than a radio-for-wire media converter. It is a stripped down version of the “fat” AP that is paired with a central management controller. Whereas a “fat” AP is a standalone device responsible for all WLAN functionality, the “thin” AP communicates with a single centralized intelligent point that handles the WLAN functionality (802.1x user authentication, wireless encryption, secure mobility, and WLAN management). According to the results of a new International Data Corporation (IDC) research report, “Worldwide WLAN 4Q04 Market Share Update”, “thin” APs showed marginal growth and continued to gain over the “fat” AP architecture. In the report, IDC acknowledged that “fat” AP enterprise shipments and revenues decreased. Presently, there is an industry-wide debate on whether APs should be standalone, “fat” APs , or “thin” APs, whether AP WLAN functionality should be performed at the AP or in the network infrastructure. 72 Companies like Trapeze Networks is introducing a new category of AP, known as the integrated mobility point (MP) or “fit” AP, that takes an intelligent, system approach by separating the responsibilities of the 38
  39. 39. Wireless Security Initiatives Keith Fleming WLAN Component Description NIC or Client Adapters Used by end-user nodes such as PCs, laptops or PDA computers to connect to a WLAN. The NIC is responsible for scanning the frequency range for connectivity and then associating to an AP or wireless client. Radio cards are manufactured only in two physical formats: PCMCIA and Compact Flash (CF). Radio cards are connected to adapters such as PCI, ISA and USB. Bridge and Workgroup Bridge (WGB) 73 Wireless bridges and repeaters serve to provide connectivity between multiple LANs (wired and wireless) at the MAC layer. Bridges are used to provide wireless connectivity from building-to-building, and covers longer ranges than APs. 74 A WGB is a smaller-scale bridge responsible for supporting only a limited number of wired clients. Operates at the layer 2 network architecture, and provide segmentation of data frames. Antennas Responsible for radiating the modulated signals through the air for reception by wireless components. An antenna is a device that converts high frequency (RF) signals from a cable or waveguide to into propagated waves in the air. Antennas are deployed on APs, bridges, and clients (through a NIC or client adapter), and come in three generic categories: Omni-directional, semi-directional, and highly directional. Each category of RF antennas has different RF characteristics (propagation pattern, gain, transmit power, etc.), and appropriate uses. 75 AAA Server Better known as a Remote Authentication Dial-In User Service (RADIUS) server, an AAA server uses the RADIUS protocol to provide authentication, authorization, and accounting services in a WLAN for enterprise infrastructures. Simply, a RADIUS server is a computer-based database that compares usernames and passwords to allow access to a wireless network. AAA servers can provide several functions from granting different levels of authorization rights to administrative users, passing policy such as virtual LAN (VLAN) and SSID for clients, to generating dynamic encryption keys for WLAN users. Additionally, an AAA server can provide accounting services such as capturing the start/end of a session to provide statistical data AP and the intelligent control point. The “fit” AP architecture involves an intelligent wire-speed device, known as a Mobility Exchange (MX), located in the wiring closet that is integrated with directly attached MPs. MPs act as an extension of the MX’s physical ports with RF specific intelligence. Fat and Thin APs, on the other hand, uses different architecture approaches. With “fat” APs, all WLAN functionality is distributed to the AP. Whereas, the intelligence of “thin APs” are centralized at an intelligent control point within the network infrastructure. 73 Bridges are not currently defined in the 802.11 standards (not an open standard), which mean they are only compatible with same vendor WLAN components. 74 According to the IEEE 802.11 specification, the maximum coverage range for an AP is one mile. 75 Antennas selection is an important consideration to enhance the security of a WLAN. An antenna should be properly chosen and positioned can reduce signal leakage from the workplace, and reduce the capability to eavesdrop extremely difficult. 39
  40. 40. Wireless Security Initiatives Keith Fleming WLAN Component Description on the amount of resources (time, packets, bytes, etc.) used during the session. Network Management Servers (NMS) NMS can provide a wide range of services to support the management of large WLAN networks including security, performance and reliability. NMS support should include configuration management, application management, and performance trending and reporting. To manage large enterprise WLAN networks, NMS services should also include client association reporting capabilities, and tools to manage the RF spectrum and detect rogue APs. "Wireless-Aware" Switches and Routers Wireless-aware" switches and routers provide layer 2 and 3 integration services between traditional WLAN components and wired network components, and enhanced scalability and management of WLAN networks. Cisco catalyst 6500 series switch, a “wireless-aware" switch, provides roaming, network management and security services. Enterprise wireless gateways provide specialized authentication, management and connectivity for wireless clients, and appropriate for large-scale enterprise WLAN deployments. Access Points (APs) - Future Direction: Fat, Fit (Integrated) or Thin There is an industry-wide debate raging that will affect the future direction of large enterprise WLAN deployments. This debate focuses on the functionality of IEEE 802.11 APs. There are three different architecture approaches to where WLAN functionally (intelligence) should be implemented: within the AP (fat), not within the AP (thin), or in a system, integrated approach (fit). The choice of AP will have a fundamental impact on the scalability, performance, security and resiliency of an enterprise WLAN. The standalone or “fat” AP, known as the “traditional” AP architecture, places all WLAN functionally in the AP device. These responsibilities include such important WLAN functions as 802.1x user authentication, wireless encryption, and secure mobility and management. In addition, “fat” APs can handle critical network functions such as 40
  41. 41. Wireless Security Initiatives Keith Fleming routing, IP tunneling, Virtual Private Network (VPN), and 802.1Q trunking. Fat APs are independent devices, which autonomously manage all data and control frames between wireless clients and wired LANs. Thin APs, for all practical purposes are radio-for-wire media converters, which communicates with a single centralized intelligent point in the network core. It is a stripped down version of the “fat” AP, with the WLAN functionality now residing with a central management controller. WLAN functions such as 802.1x user authentication, wireless encryption, and secure mobility and management are the responsibility of the central management controller. The “thin” AP is not a standalone or independent device, and must be managed and configured by the management controller. The management controller device, not the AP, is responsible for handling all data and control frames coming to and from all APs. This technology has recently gained industry support. First, it simplifies the management responsibilities due central management of APs. Second, it can be more cost-effective than “fat” APs in large-scale enterprise deployments. The Mobility Point (MP) is a new, integrated AP architecture that distributes the WLAN functions (intelligence) where appropriate. Known as the “integrated” or “fit” AP, the architecture consists of an intelligent wire-speed device, known as a Mobility Exchange (MX), that is located in the wiring closet. It is integrated and directly attached to a MP, which acts as an extension of the MX’s physical ports with RF specific intelligence. Being an integrated system, the MX is primary responsible for security control, user authentication, management and data flow analysis, whereas MP is primary responsible 41
  42. 42. Wireless Security Initiatives Keith Fleming for RF-specific functions such as packet conversion (802.11 to 802.3), wireless encryption, and RF statistics gathering and monitoring (supports rogue AP detection). A key factor to deploying “fit” APs, MX and MP devices can reside anywhere on the network, and can be placed between any wired infrastructures providing security, performance, and ease of deployment benefits. For example, rogue detection, encryption, and off-loaded 802.1x authentication are security functions best performed closest to the user, at the MP. There are distinct advantages to deploying “fit” AP architecture in an enterprise-wide environment: diminishes security risks, simplifies configuration and management requirements, highly scalable, improves performance, and seamlessly integrates with the wired LAN. The following is list of key features that diminish security risks with “fit” AP deployments: • All security-related control functions, such as 802.1x authentication and secure mobility, are performed by the MX and physically secure (inside a locked wiring closet), while still being placed as close to a user as possible. • EAP processing and master key generation are performed by a MX, which provides significant load reductions on the AAA server. 76 • Integrated AP via the MP has the capability to conduct RF data and statistics for troubleshooting and detection of rouge APs. • Integrated AP supports wireless packet encryption at the MP, that is deployed closest to the user with the benefits of network traffic reduction and encryption deliver performance improvements. There is no traffic bottlenecks at the MX, and provides system scalability with each MP. 76 With some EAP protocols, the “fit” or “integrated” AP can eliminate up to 80% of the load from a RADIUS server (as compared to “fat” and “thin” AP implementation). 42
  43. 43. Wireless Security Initiatives Keith Fleming • Provides identity-based authorization and enforcements (i.e. VLAN membership and ACLs) to provide uninterrupted session capabilities. 77 • Eliminates a single point of failure (provide relief during a DoS attack). • Provides no impact to the backbone configuration during a deployment or upgrade, since no new client software or reconfiguration is required. . Serious consideration must be given to what AP architecture is implemented. Key factors to consider are security, scalability, ease of management and configuration, performance and cost. The integrated (fit) AP architecture is a new approach to implementing an enterprise-wise WLAN infrastructure, and positioned to be embraced by the industry. Table VIII summarizes the security features of an integrated (fit) AP architecture, with comparisons to the fat and thin AP architectures. Table IX provides a comparison where functions are distributed in the different AP architecture (Fat, Fit and Thin). Table VIII – Security Comparisons for AP Architectures (Fat, Fit and Thin) 78 Fat AP Thin AP Integrated (Fit) AP Security Physical Security of APs No Yes Yes Security of AP Link No No Yes Identity-based Authorization and Enforcement (VLAN Membership, ACLs) No No Yes 77 With an integrated (fit) AP architecture, a MX has the capability to learn each user’s identity when they authenticate to the network. In addition, it obtains the user’s authorizations from an AAA server to be able to enforce those permissions. This allows secure mobility for the user to move about the network with the same local VLAN and subnet, providing uninterrupted session capabilities. Enforcement can include roaming policies that restrict the geographic roaming areas for a user. 78 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part 2: Scalability, Performance and Resiliency", (http://www.trapezenetworks/technology/whitepapers). 43
  44. 44. Wireless Security Initiatives Keith Fleming Fat AP Thin AP Integrated (Fit) AP Security Security Enforcement Point AP (Insecure location) Central Controller (leaves path to core vulnerable) Within the wiring closet Rogue Detection and Location No system- wide coordination or location Insufficient RF processing horsepower Yes Table IX - WLAN Functionality for Different AP Architecture (Fat, Fit and Thin) 79 Fat AP Thin AP Integrated (Fit) AP Security 802.11 to 802.3 Packet Conversion AP Central Controller Mobility Point Wireless Encryption (WEP, TKIP, AES) AP Central Controller Mobility Point Authentication Control AP Central Controller Mobility Exchange Wireless to Wireless Forwarding AP Central Controller Mobility Exchange Stored Configuration, Image AP Central Controller Mobility Exchange Console Port Configuration AP Central Controller Mobility Exchange RF Statistics Gathering and Monitoring AP Central Controller Mobility Point QoS Treatment AP Central Controller Mobility Point Class of Service (CoS) AP Central Controller Mobility Exchange Access Control List (ACL) Enforcement AP Central Controller Mobility Exchange 79 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part I: Security and Manageability", (http://www.trapezenetworks/technology/whitepapers). 44
  45. 45. Wireless Security Initiatives Keith Fleming WLAN Basic Topology The basic topology of a WLAN usually consists of a wireless infrastructure (such as wireless clients, stations, supplicants, and APs) that is connected to a distribution system medium (DSM) or wired infrastructure, by means of an AP. There are several design options depending on the organization (University, corporate, public WLAN, etc.), WLAN policies, and cost restraints. Figure 3 provides a simplified WLAN topology that is suitable for large enterprise deployments. Notice the AAA system and RADIUS server is part of the DSM, and not within the wireless infrastructure. Figure 4 – Simplified WLAN Topology 45
  46. 46. Wireless Security Initiatives Keith Fleming Wireless Threats and Vulnerabilities WLANs are more susceptible to attacks and unauthorized access, than wired LAN environments. It is difficult to prevent access to a wireless network, since WLANs work through the air. Anyone can capture and transmit wireless signals if they are within range and have the right tools. This makes wireless security a real challenge. The press and published reports/papers have documented numerous attacks on 802.11 wireless networks exposing organizations to considerable security risks. The consequences of an attack can lead to devastating results for an organization such as loss of proprietary information, loss of network service, legal and recovery costs, and a tarnished image that can have financial and operational ramifications. 46
  47. 47. Wireless Security Initiatives Keith Fleming There are two types of security attacks: passive and active. Passive attacks consist of unauthorized access to an asset or network for the purpose of eavesdropping or traffic analysis, and not modifying its content. An active attack is an unauthorized access to an asset or network for the purpose of either making modifications to a message, data stream, or file, or by disrupting the functions of a network service. There are many reasons why an attacker may target a wireless network or organization. However, the three main goals of an attacker are to disrupt an organization normal network operations by denial of service (DoS), gaining read access, and/or by gaining write access. The sequence of an attack usually starts with the reconnaissance phase, followed by an active attack to gain network access or DoS. Figure 5 provides a general taxonomy of WLAN security attacks. 47
  48. 48. Wireless Security Initiatives Keith Fleming Figure 5 – General Taxonomy of WLAN Security Attacks There is usually two phases to an attack. The first phase is the known as the reconnaissance phase, conducted passively. 80 During the reconnaissance phase, an attacker must discover a target network, and then find out more information about the network. Two methods are deployed to execute undetectable passive attack: eavesdropping, and traffic analysis. Eavesdropping is the capability to monitor transmissions for message content. An attacker listens and intercepts wireless signals between the AP and wireless client. Traffic analysis is the capability to gain intelligence by monitoring transmission for patterns of communications, or perform packet analysis. In the wireless world, sniffing tools are the most effective means of finding out what is happening on a network. Undetectable, sniffing can perform two key functions: packet capture and packet analysis and display. Analyzing a packet allows an attacker to 80 Active host and port scanning is also a reconnaissance technique, but considered an active attack which can be detectable. 48 Attacks (WLAN) Passive Attacks Active Attacks Eavesdropping Traffic Analysis DoS AttacksNetwork Access Read Access Write Access
  49. 49. Wireless Security Initiatives Keith Fleming determine what capabilities are on a network, and can provide all sorts of confidential information to exploit an organization. With packet capture, an attacker is able to recover WEP keys within a few minutes, providing the capability to read all the data passing between the wireless client and the AP.81 There is a wide variety of sniffing tools available, both on the commercial market and through open-source code.82 Another technique used during reconnaissance is War Driving. War Driving is the process of surveying wireless networks by use of an automobile. 83 With programs like Network Stumbler and GPS, a WLAN can be detected, plotted and posted to a website. Table X provides a list of some of the more popular sniffing tools. Table X – Sniffing Tools Tool Capability Source Notes AirSnort War Driving (Packet capture and analysis) Open-source: http://airsnort. shmoo.com Recovers encryption keys (Windows or Linux Based) WEBCrack Packet Analysis Open-source: http://wepcrack. sourceforge.net Recovers WEP keys (PERL based scripts) Ethereal Packet Capture Open-source: http://ethereal.com Based on Libpcap, a packet capture library (text and GUI based) Tcpdump Packet Capture Open-source: http://tcpdump.org Based on Libpcap, a packet capture library 81 The Fluher-Mantin-Shamir Attack (FMS) is the most damaging attack on WEP. Discovered by three cryptographers: Scott Fluhrer, Itsik Mantin, and Adi Shamir. Through packet capture, an attacker was able to recover WEP keys in little as nine minutes of sniffing. After gathering five to 10 million packets, an attacker uses tools such as WEPCrack and AirSnort that can determine encryption keys in a few minutes. Refer to the paper "Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer, Mantin and Shamir for more details. 82 Sniffing tools are not only used by attackers, but find value in an organization with use by network administrators. Sniffing tools are helpful determine if a network is properly configured, and to detect whether attacks are taking place. 83 Similar to War Driving, there are several other methods used to detect WLANs. War Strolling is the technique of walking around with wireless equipment looking for networks. War flying is executed by mounting an antenna on a plane and flying around to search for networks. War Chalking is the practice of signposting open APs. Once found, a basic war-chalking symbol is made on the sidewalk, usually with chalk or spray paint. 49
  50. 50. Wireless Security Initiatives Keith Fleming Tool Capability Source Notes (text based only) Sniffer Wireless Packet Capture & Display Network Associates (commercial product) Capability to decrypt WEP-based traffic and quickly detect Rogue APs. (Windows and PDA based) Net Stumbler War Driving; Network Discovery; Packet Capture Open-source: http://netstumbler.com Records SSIDs in beacons and interfaces with GPS to map a network. (Windows- based) Prismdump Packet Capture Freeware (Linux) Text base Kismet War Driving; Network Discovers; Packet Capture Open-source: http://kismetwireless.net Most complete War Driving tool. Works with most client cards that support Rfmon mode. Operates on most OS systems. Wellenreiter War Driving; Network Discovers; Packet Capture Open-source: http://www.wellenreiter.net Perl and C++ based for Linux and BSD systems. AiroPeek & OmniPeek Packet Capture & Analysis/Display WildPackets - http://www.wildpackets.com Deployed to troubleshoot, secure and monitor WLANs Active attacks are primarily conducted by either limiting an organizations network availability through a DoS attack or by gaining unauthorized read and/or write access to a network (Network Access). An active attacker may masquerade as an authorized user and gain certain unauthorized privileges, monitor transmissions passively and then retransmit messages as a legitimate user (replay), or modify legitimate messages. DoS attacks can range from physical destruction of equipment, disruption of certain network services that prevent or prohibit the normal use of an organization’s network capabilities to a full-blown attack designed to use all of a network’s bandwidth. DoS 50
  51. 51. Wireless Security Initiatives Keith Fleming attacks can disrupt services for a particular user or for the whole network. End results can include an attacker a means to setup a rogue AP and associate users to a bogus network (Man-in-the-Middle (MitM) attack, to completely shutting down the network not allowing any transaction to take place. In the wireless world, DoS attacks are more problematic since it is easier to access a network. The following are some common practices for accomplishing DoS: • Deploy radio-jamming equipment • Saturate a network’ bandwidth by continually broadcasting frames • Conduct disassociation/de-authentication attacks • Conduct transmit duration attacks by configuring the transmit duration field to a maximum of 30-packets-per-second rate • Saturate AP tables by flooding associations • Setup a rogue AP and associate users to a bogus network to establish a MitM attack Active attacks can be accomplished by means of gaining network access to have read and write capabilities. The goal for network access attacks is to gain access to network resources or to capture and decrypt data (if encrypted). Read access is the ability of an attacker to intercept and read traffic from a network, providing the capability to launch attacks on encryption, authentication, and other protection methods. Once an attacker is able to discover a target network through reconnaissance, and capture unencrypted or encrypted traffic by means of a sniffer, the attacker has the potential to gain key material and recover encryption keys. A compromise of the encryption keys can provide an 51
  52. 52. Wireless Security Initiatives Keith Fleming attacker full access to the target network. Write access is the capability to send traffic to a network entity. The following are some goals of an attacker with network read and write access: • Recover encryption keys • Recover keystreams generated by encryption keys 84 • Inject data packets: write encrypted data by replaying captured keystream • Encrypt data with key and inject the data to the network • Install spying software on a wireless client and have the capability to read the results • Setup a rogue AP and control network parameters (such as encryption keys) • Bypass Authentication schemes: o By deploying MAC address spoofing to evade MAC address filtering o By deploying shared-key authentication bypass attacks o By performing LEAP Dictionary attacks if network is using 802.1x for authentication o By performing PEAP MitM attacks if network is using 802.1x for authentication • Install malicious code on a wireless client 84 In legacy systems not deploying WPA and 802.11i, there are several uses for recovered keystreams. An attacker only needs one keystream to inject an unlimited number of packets into a network. An attacker can conduct bit-flipping attacks and replay, and has the capability to decrypt packets if has gathered a complete keystream dictionary for the WEP key. 52
  53. 53. Wireless Security Initiatives Keith Fleming WLANs, by its own architecture, have security problems embedded in its technology. The WLAN technology must advertise their existence so clients and APs can link up. Accomplished by special frames called beacons that are transmitted and serve as the primary discovery mechanisms for wireless clients to detect APs within a BSS. This exposes a signal to anyone cable of listening and within range. If a WLAN can be located within a heavy-shielded office where RF signals are not capable of escaping, then the risk of unauthorized access is minimized. Since this is not always a viable solution, other security methods must be deployed such as strong access control and encryption technology. The techniques for gaining unauthorized access to a WLAN are well-known security issues. Many security issues exploiting WLANs have recently been corrected with technology developments in the 802.11i standard. Table XI is list of well-known security attacks deployed against WLANs. Table XI – Wireless Security Attacks Attack Description Target Solutions for Protection DoS Attacks Disruption of network services. Network Services Mac Filtering, Firewalls (wired), IDS (Wired), DMZ architecture, 802.11i Disassociation & De-authentication (DoS Attack) 85 Exploits unauthenticated nature of 802.11 management frames. Due to a lack of strong authentication, a wireless client can spoof disassociate or de-authenticate a message, thereby disrupting network services. Since an AP must associate with a wireless client first before traffic can be transmitted, an attacker can effectively keep one or more stations from transmitting by repeatedly sending Network Services Requires strong authentication of management and control frames. 802.11i does not currently prevent these attacks. 85 Disassociation and De-authentication attack are at the MAC layer. 53
  54. 54. Wireless Security Initiatives Keith Fleming Attack Description Target Solutions for Protection disassociate frames. There are several known implementations of this type of attack.86 Transit Duration Field (DoS Attack) 87 Based on the Transit Duration field of an 802.11 frame, that announces to other nodes how long a frame will last. If a stream of packets are sent by an attacker, and the transit duration field is set to its maximum setting (1/30th of a second), this prevents other stations from transmitting for that duration of time, effectively occupying the network. Network Services Logic in wireless NIC cards to ignore the Transmit Duration field. Requires strong authentication of management and control frames. 802.11i does not currently prevent these attacks Authentication Attacks Exploits authentication methods to gain network access. 88 Network Access 802.1x& EAP- based Authentication Shared-key Authentication Flawed mutual authentication mechanism, based on a challenge- response protocol. During the shared-key authentication process, each party responds to a challenge with an encrypted message proving its knowledge of the WEP key. 89 An attacker can simply XOR the challenge and response message and determine a portion of the keystream to generate a successful authentication response in the future. Network Access Open-key authentication or EAP-based authentication MAC Address Spoofing Sniffing can detect valid MAC addresses that can be used with certain 802.11 card drivers to spoof a MAC address and gain network access. Network Access 802.11i (TKIP and CCMP) or VPNs 86 Omerta (named after the Sicilian code of silence), developed by Mike Schiffman, is a tool capable of listening and sending a disassociate message for every packet it sees. AirJack is suite of tools (essid_jack, wlan_jack, and fata_jack) that can launch disassociation or de-authentication attacks. For more details refer to http://802.11ninja.net. Void11, developed by Reyk Floeter, consist of two types of de- authentication attacks. In one version, an AP is flooded with authenticate requests, thereby attempting to crash the AP or deny service by filling up tables of associated services. 87 Transit Duration field attacks occur at the MAC layer. 88 Authentication attacks can be launched on shared-key and MAC address filtering schemes, as while as attacks on the 802.1x protocols. 89 The shared-key authentication process requires a wireless client to use a pre-shared WEP key with an AP. The client encrypts the challenge, and the AP authenticates the client by decrypting the shared key response. 54