• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

(Web site).doc.doc.doc

  • 1,631 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,631
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
19
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Wireless Security Initiatives Keith Fleming Wireless Security Initiatives The Wireless LAN (WLAN) industry is the fastest growing networking market, only overcome by limitations to secure it. There has been a widespread adoption of wireless networks in the SOHO user market. Wireless LAN technology is recognized, accepted and adopted by many organizations worldwide. Many companies and government entities are realizing the competitive advantage of deploying wireless technology in the workplace. Wireless technologies are continually evolving and providing advancements in speed, bandwidth, and security. However, large enterprises have been reluctant to deploy wireless networks due to perceived limitations in wireless security and the risks it poses to the organization. Simply, WLAN’s are a disruptive technology that has many challenges with securing its networks. Today, the WLAN industry can be categorized as “overheated”, where technology adoption is being driven by an impatient user base demanding more features, and an all out effort by vendors to address known wireless security vulnerabilities. There is a high priority in the industry, especially with the federal government, to push the technology to a point where the risk of compromise is minimized. The intent of this paper is to address the security issues surrounding wireless networks in an enterprise environment. This paper will provide a high level overview of all the challenges and components associated with securing a wireless network. The fundamental question plaguing the industry today is if wireless networks can be deployed 1
  • 2. Wireless Security Initiatives Keith Fleming securely. There is a mindset prevailing that wireless networks are inherently insecure. Can this be actually true, a fact or fabrication? What known security holes limit enterprise deployments of a WLAN and can they be fixed? This paper will shed light on these questions and detail how wireless networks are secured and point out their limitations. Additionally, this paper will explore current and future initiatives to secure wireless networks in a large enterprise environment, and provide a roadmap where wireless security is headed in the future. WLAN Overview, Standards and Organizations WLAN technology first dates back to the mid-1980s when the Federal Communications Commission (FCC) made the RF spectrum available to the industry. In 1990, the Institute of Electrical and Electronics Engineers (IEEE) formed a working group (WG) to develop a wireless standard to provide wireless networking technology to be similar to the wired Ethernet (802.3).1 This group focused on developing a general standard for radio equipment and networks working at 2.4 GHz, with access time of 1 and 2 Mbps. In June 1997, the IEEE released the wireless standard describing the operations for WLAN, known as 802.11. The 802.11 specifications is the fundamental standard for WLAN. The new standard defined the following functions and technologies: WLAN architecture, MAC layer services such as association, re-association, authentication and privacy, frame formats, signaling functions, and WEP algorithm. 1 A working group, formed by the IEEE, is a collection of researchers, academics, and industry professionals formed with a goal to develop an industry standard to be eventually approved by the IEEE. 2
  • 3. Wireless Security Initiatives Keith Fleming In September 1999, the IEEE ratified 802.11b that provided the same basic architecture, features and service as 802.11, but improved upon the standard by adding higher data rates (5.5 and 11 Mbps) and more robust connectivity. 2 The 802.11b standard established operations in the unlicensed 2.4 –2.5GHz frequency range using direct sequence spread-spectrum (DSSS) technology.3 In late 2001, 802.11a was ratified that improved the data rate to 54 Mbps, operating at a licensed frequency range of 5 GHz, and using orthogonal frequency division multiplexing (OFDM) technology to reduce interference. 4 This was a dramatic technology shift from 802.11b providing fast data transfers at a higher frequency range that was not susceptible to interference from other devices. However, the 802.11a standard sacrificed decreases in range comparable to 802.11b. In 2003, the IEEE published 802.11g Amendment 4 that provided a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). It provided backward compatibility to 802.11b, a major advantage, by still supporting the complimentary code key (CCK) modulation. The 802.11g provided the best of both worlds (802.11a and 802.11b) with higher speeds, and employing OFDM technologies (like 802.11a), but in the 2.4 GHz frequency bands where range was not compromised (like 802.11b). 2 802.11 operated only at 1 & 2 Mbps not comparable to Ethernet speeds of 10 Mbps. 3 This frequency range is known as the Industrial, Scientific, and Medical (ISM). 4 802.11a Working Group (WG) technically started before 802.11b. However, the objectives were considerably more difficult that resulted in a later ratification date. 3
  • 4. Wireless Security Initiatives Keith Fleming The above IEEE standards (802.11a, 802.11b, and 802.11g) serve as the major players in the world of wireless networking. However, there are various other standard tasks and WGs involved with promoting the overall functionality of the 802.11 protocol. Two important standards that directly addressed security limitations in the 802.11 protocols were the IEEE 802.11i and 802.1x standards. The IEEE 802.11i and 802.1x specifications addressed several separate initiatives for improving WLAN security. The IEEE Task Group i (TGi) developed the 802.11i standard, published in 2004, to provide short-term and long-term solutions for wireless security to ensure message confidentiality and integrity. 5 The TGi developed the Temporal Key Integrity Protocol (TKIP) as a short-term solution, known as WiFi Protected Access (WPA), to address problems with WEP and to support legacy systems.6 It is a cipher suite that consists of three protocols: a cryptographic message integrity algorithm, a key mixing algorithm, and an enhancement to the initialization vector (more on this later). The long-term solution defined in 802.11i is the Counter Mode/CBC-MAC Protocol (CCMP) based on the newly released Advanced Encryption Standard (AES). CCMP is a highly robust algorithm solution that is not compatible with older WEP- oriented hardware, as thus will require new hardware and protocol changes. 7 The AES (CCMP) protocol provides WLANs with a stronger encryption (confidentiality) 5 The TGi group was formed in March 2001to provide enhancements in security and authentication for the 802.11 MAC. The TGi group split from the MAC Enhancement Task Group (TGe) to address security limitations of 802.11. 6 TKIP was a fix for deficiencies identified in WEP, without any hardware changes. Fixes had to be made to the firmware or software drivers only. WPA is a subset of the TGi solution and an interim fix that incorporates two main features: (1) 802.1x, and (2) TKIP. 7 AES it considered to be a very secure encryption suite, as a result of wide international security by cryptographic experts. It is the current state-of -the art encryption algorithm, as a result of international involvement to produce a strong encryption algorithm. The U.S. government has accepted AES has a standard encryption suite. Approved and published in the FIPS-142. 4
  • 5. Wireless Security Initiatives Keith Fleming capability, and message integrity than TKIP. Also, it incorporates replay protection. 8 The future of WLAN deployments is moving towards CCMP as the accepted compliance standard. The 802.1x technology was primary developed to support 802 LANs, and is included in the 802.11i standard to provide MAC layer security enhancements.9 The 802.1x is a port authentication algorithm that provides a framework at the link layer allowing for a variety of authentication algorithms to operate over it. It primarily uses the Extensible Authentication Protocol (EAP) to exchange authentication information. It allows WLAN clients to communicate with an authentication server to validate their credentials, and supports strong mutual authentication and key management. 10 In WLANs, the 802.1X framework consists of three entities: the client (resides on the wireless client), the authenticator (resides on the access point), and the authenticator server or AS (resides on a RADIUS server). The 802.1X protocol is an end-to-end communication authentication process between the client and the AS, with the AP serving as the conduit for the authentication messages. The client and AP communicate by means of the EAP encapsulation over LAN (EAPOL) protocol. The AP and the AS communicate through RADIUS. 11 It should be noted that the 802.1X protocol supports 8 Replay protection denies an attacker the capability to capture at least one packet traveling from a victims wireless client laptop/AP to be replayed back into the network, causing the target AP to respond and provide more traffic to capture. 9 IEEE standard 802.1X-2001 is a port-based network access specification that was ratified in June 2001. 802.1aa is a revision to 802.1X and work is still in progress. 10 802.1x allows an AP and a wireless client to mutually authenticate one another. 11 Remote Address Dial-In User Service (RADIUS) is an access server authentication and accounting protocol developed by Livingston Enterprises, Inc. In June 1996, the Internet Engineering Task Force (IETF) approved RADIUS as a standard: RADIUS Specification (RFC 2058) and RADIUS accounting standard (RFC 2059). 5
  • 6. Wireless Security Initiatives Keith Fleming several different authentication protocols in addition to RADIUS such as Diameter, and Kerberos. The 802.1X can be implemented with different EAP types (to be covered later). Figure 1 illustrates the communication paths of the client, AP and AS, and the 802.1X authentication process. Figure 1 - 802.1x Authentication Process (WPA2) 1. Client request access with AP. 2. Authenticator detects client association and enables the client’s port. 3. Port is forced into an unauthorized state to forward only 802.1x traffic (all other traffic is blocked). 4. The AP passes request to the RADIUS server. 5. The AS and client exchange authentication messages for server to verify client’s identity (password). Mutual authentication also possible where client is verifying the AS identity. 6. The AS instructs the AP via a RADIUS-ACCEPT message to let the client onto the network if the client has satisfied the authentication criteria. If not, an RADIUS-REJECT message is sent to the AP. 7. Upon receipt of the RADIUS-ACCEPT message, the AP transitions the client port to an authorized state allowing the client onto the network. 6
  • 7. Wireless Security Initiatives Keith Fleming Since the ratification of the initial 802.11 standard, the IEEE 802.11 WG has made numerous revisions through various task groups to improve wireless technologies and security. 12 Table I provides a summary of the 802.11 standards. (Note: Standards highlighted in blue will be the main focus of this paper.) Table I – Summary of 802.11 Standards Interest to Specification Description Main Purpose Security Availability Original WLAN standard designed for 1 to 2 Mbps wireless transmissions at 802.11: Wireless LAN 2.4 GHz frequency range. Defined Basic wireless Media Access Control the WLAN infrastructure, MAC level Completed in technology Low (MAC) and Physical services, Frame formats, FHSS and June 1997 standard Layer Specifications DHSS functions, and WEP algorithm. Operates at the physical and data link layer of the OSI model. A physical layer standard in the 5 GHz frequency band. Second major Approved 802.11a: Wireless LAN revision to 802.11 standard that Higher and ratified MAC and PHY provided significant increases in the Low Performance by IEEE in Specifications transfer rate to a maximum 2001 theoretical speed of 54 Mbps per channel, and 8 available channels. A physical layer standard in the 2.4 GHz unlicensed frequency band. First major revision to 802.11 Approved standard that provided 802.11b: Wireless and ratified enhancements with a maximum link Performance LAN MAC and PHY Low by IEEE in rate of 11 Mbps per channel, and 3 Enhancements Specifications September, available radio channels. Provided a 1999 major leap forward in speed, ease of use, implementation flexibility, and relative cost. 12 For the latest IEEE 802.11 developments and initiatives refer to http://standards.ieee.org/getieee802. 7
  • 8. Wireless Security Initiatives Keith Fleming Interest to Specification Description Main Purpose Security Availability A supplementary standard to the MAC layer in 802.11 to add features and restrictions to allow WLANs to operate within the rules of other Published in 802.11d-2001 countries. It will allow APs to Promote 2001 as communicate information on the Low Amendment 3 Worldwide Use Amendment permissible radio channels with 3 to 802.11 acceptable power levels for user devices. 802.11e: Wireless LAN A supplementary standard to the MAC and PHY MAC layer in 802.11 to support Specifications: QOS applications that require QOS such Low Active Amendment 7: MAC Enhancements as VoIP, and video over Quality of Service 802.11wireless networks. (QOS) Enhancements. 802.11f: IEEE Trial- A "recommended practice" standard Use Recommended designed to enhance AP Practice for Multi- interoperability within multi-vendor Vendor Access Point WLAN networks. The specification Interoperability via an addresses the information that needs Published in Interoperability Medium Inter-Access Point to be exchanged between APs, use 2003 Protocol Across of RADIUS protocol, and context Distribution Systems handling for faster roaming to support Supporting IEEE interoperability. 802.11 Operation Developed a higher data rate extension in the 2.4 GHz unlicensed Higher 802.11g: Wireless Published in frequency band up to 54 Mbps Performance LAN MAC and PHY 2003 as (similar to 802.11a). Provided with 802.11b Low Specifications and Amendment backward capatibility to 802.11b, and Backward Amendment 4 4 to 802.11 supports OFDM, CCK, and PBCC Compatibility modulations. A supplementary standard to the MAC layer to satisfy regulatory requirements for operations in the 5 802.11h: Wireless GHz band in Europe. Defines the use European Published in LAN MAC and PHY of Transmit Power Control (TPC) and Regulation Low 2003 Specifications Dynamic Frequency Selection (DFS) Compliance to comply with European regulations. A supplementary standard to the 802.11i: Wireless LAN MAC layer to enhance security and MAC and PHY authentication mechanisms. Specifications: Supports the 802.11 a, b & g Security Published in High Amendment 6: MAC standards, and is an alternative to Improvements 2004 Security WEP. IEEE 802.1x forms a major Enhancements part of 802.11i. 8
  • 9. Wireless Security Initiatives Keith Fleming Interest to Specification Description Main Purpose Security Availability An enhancement to 802.11 standard 802.11j: Wireless LAN and amendments to operate in the MAC and PHY Japanese 4.9 GHz and 5 GHz Specifications: Japan Published in frequency bands. Low Specification to Compliance 2004 Enhance Japanese Compliance Standard to define Radio Resource Management measurement enhancements for external use. Originally designed for internal use 802.11K: Wireless only, these enhancements will Radio Resource LAN MAC and PHY provide radio and network Management Specifications: Low Active information to higher layers for (External Specification for Radio management, maintenance, and Source) Measurement enhanced data that will provide such services as roaming, and coexistence to external entities. Study group formed to investigate a standard for higher throughput (108 - Active (High 320 Mbps), and to enable newer Higher Throughput 802.11n Low applications and market segments. Performance Study Group (HTSG) An amendment to 802.11 standard to make it suitable for interoperable Improvement in communications to and between Latencies and vehicles in the 5 GHz frequency Communications 802.11p Low Active bands. Between Transport Environments Provide enhancements to 802.11 MAC layer by improving the Basic Service Set (BSS) transition with Extended Service Set (ESS), and 802.11 MAC 802.11r support real-time constraints Enhancements Low Active imposed by latency sensitive for BSS applications such as VoIP. Develop a protocol between an ESS mesh and a Wireless Distribution System (WDS) to support broadcast/ 802.11 MAC & 802.11s multicast and unicast delivery over PHY Low Active self-configuring multi-hop topologies. Enhancements 9
  • 10. Wireless Security Initiatives Keith Fleming Interest to Specification Description Main Purpose Security Availability Develop recommended practices to enable measuring and predicting the Improvements to performance of 802.11 WLAN Methodology & devices based on a common and 802.11t Processes to Low Active accepted set of performance metrics, Predict WLAN measurements and methodologies Performance and test conditions. Amendments to 802.11 MAC and 802.11 MAC & 802.11u PHY layer to enable Inter-Working PHY Low Active with external networks. Enhancements Amendments to 802.11 MAC and PHY layer to support wireless management of attached stations in a centralized or in a distributed 802.11 MAC & 802.11v fashion, and create an Access Port PHY Low Active Management Information Base (AP Enhancements MIB). An amendment standard to 802.11 MAC layer to enhance security of 802.11management frames, including de-authentication and disassociation frames. Goal is to Active Security 802.11w develop a host of security features High (WG formed Enhancements including data integrity, data in 2005) confidentiality, data origin authenticity, and replay protection. Primary developed to support 802 wired LANs, the 802.1x authentication framework is included in the 802.11i MAC layer security enhancements. The 802.1x standard provides a framework at link layer for extensible authentication allowing a 802.1x: Port-Based variety of authentication algorithms to Security Published in Network Access operate over it. Establishes a High Enhancements June, 2001 Control framework for WLAN client to communicate with an authentication server to validate the client credentials. It is only focused on authentication and key management, and does not provide encryption. 802.1x is used in combination with an encryption cipher. 10
  • 11. Wireless Security Initiatives Keith Fleming Besides the IEEE, there are several other organizations that have played a major role in defining the security standards for WLAN. The Internet Engineering Task Force (IETF) has been the primary architect for EAP protocols such as EAP-TLS, Protected EAP (PEAP), and EAP-Fast.13 EAP is a flexible and transport protocol that is used to carry authentication information that can support multiple authentication mechanisms.14 EAP is versatile and may be used on dedicated links, switched circuits, and wired/ wireless networks. Table II provides a summary of the EAP protocols – IETF. Table II – Summary of the EAP Protocols -IETF Interest to Specification Description Main Purpose Security Availability EAP is the original 1998 RFC standard (RFC 2284) for Extensible authentication exchange. It provides Authentication an authentication method for the Authentication Protocol (EAP) Point-to-Point (PPP) Protocol at the High Exchange transport layer. A versatile RFC 2284 framework that supports multiple authentication extensions (i.e. EAP- TLS, EAP-MD5, EAP-TTLS, etc.) 15 13 The IETF consists of network designers, operators, vendors, and researchers from all over the world concerned with the evolution and smooth operation of the Internet. 14 EAP was originally defined by RFC 2284. RFC 3579 is a revision to the initial version of EAP. 15 EAP supports many different authentication methods (which will not be discussed in this paper). It is important to note that every AP, client or RADIUS/EAP server supports all EAP authentication methods. Therefore, the EAP authentication method proposed will drive product selection and network design, etc. EAP protocols accommodate different levels of security needs for the EAP client and the back-end EAP server. 11
  • 12. Wireless Security Initiatives Keith Fleming Interest to Specification Description Main Purpose Security Availability EAP-TLS Based on the TLS protocol, similar to (Transport Layer SSL version 3 (Secure Sockets Security) Layer) protocol used for secure WEB Mutual traffic. EAP-TLS provides mutual Authentication authentication and the capability to & Medium dynamically change encryption keys. Key Uses digital certificates, and requires RFC 2716 Management an infrastructure to manage (i.e. issue, revoke, and verify) the certificates and keys. PEAP is an EAP extension that is similar to EAP-TLS but adds capabilities needed for the wireless domain. PEAP provides the security framework for mutual authentication Based on an between an EAP client and an EAP Internet-Draft Protected EAP server, and adds client authentication Authentication from (I-D).17 High (PEAP) and key exchange not available from Enhancements Still in draft EAP-TLS. PEAP addresses gaps in (not yet a EAP by securing the initial exchange, standard) add user database extensibility, and support for one-time token authentication and password change or aging. 16 EAP-FAST is considered the most comprehensive and secure WLAN Based on an scheme. 18 Provides a mutually (I-D).19 Still a authenticated (protected) tunnel to Authentication work in EAP-FAST High progress (not EAP, and incorporates deployment Enhancements flexibility and extensibility by yet a enabling support for most password standard) authentication interfaces. 16 PEAP provides advantages for deploying WLANs in large enterprise environments. It is based on a server-side EAP-TLS mechanism. First, issues associated with installing digital certificates on every client machine are avoided (EAP-TLS it is a requirement). Second, organization can select methods of client authentication that best suit their needs, such as logon passwords, or One Time Password (OTP). 17 PEAP is an Internet-Draft, a collaboration of engineers from Cisco Systems, Microsoft, and RSA Security, submitted to the IETF. 18 The verdict is not conclusive. Refer to an article by George C. Ou, “EAP-FAST: The LEAP and PEAP killer?” at http://www.lanarchitect.net/Articles/Wireless/EAP-FAST/. 19 Internet-Drafts are working documents of the IETF, its areas, and its working groups, and are valid for a period of six months. 12
  • 13. Wireless Security Initiatives Keith Fleming Interest to Specification Description Main Purpose Security Availability LEAP was developed by Cisco to provide security advantages including username/password-based Introduced in Authentication Cisco Lightweight mutual authentication between a December Enhancements High 2000 by EAP (LEAP) wireless client and a RADIUS server, to 802.11 Cisco. and dynamic key generation and key exchange to enhance confidentiality and encryption. 20 The Wi-Fi Alliance is a non-profit organization that promotes and tests for WLAN interoperability of 802.11 devices. 21 The Wi-Fi Alliance will certify a product if has successfully met the interoperability requirements, allowing a vendor to use the Wi-Fi certified logo for its product. 22 This Wi-Fi seal of approval carries a high level of interoperability, and assures the end user is achieving interoperability with other WLAN devices that also bear the Wi-Fi logo. There are many factors required to meet Wi-Fi Alliance interoperability compliance including 40-bit WEP keys, fragmentation, PSP Mode, and SSID probe requests to name a few. In addition to certifying WLAN devices for interoperability, the Wi-Fi Alliance developed Wi-Fi Protected Access (WPA) to address security deficiencies in WEP.23 WPA, a subset of 802.11i specification, provided an interim solution for the security gaps identified in WEP, without waiting for 802.11i standard to be developed. The WPA 20 LEAP is not an IETF standard, but introduced by Cisco in December 2000 as a way to quickly improve the overall security of WLAN authentication. 21 The Wi-Fi Alliance was formed in 1999 as WECA – Wireless Ethernet Compatibility Alliance. In October 2002, the Wi-Fi Alliance announced the WPA standard would be available in Wi-Fi products starting in early 2003. 22 There are over 200 members associated with the Wi-Fi Alliance from the world’s leading companies. In 2005, there are over 1,500 Wi-Fi Certified products. 23 WPA addressed all known vulnerabilities in WEP. 13
  • 14. Wireless Security Initiatives Keith Fleming solution required firmware updates (not hardware), and products be certified by Wi-Fi Alliance, while maintaining 802.11i compatibility.24 WPA uses the Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC) for encryption. It provides mutual authentication by using 802.1x/EAP authentication or pre-shared key (PSK) technology. In large enterprise environments, WPA provides a high level of confidentiality and mutual authentication for all wireless users when deployed with a RADIUS server and database. WPA offers two classes of certification: a WPA-Enterprise and WPA-Personal. 25 The Wi-Fi Alliance released Wireless Protected Access 2 (WPA2) in September 2004, which incorporated the full implementation of 802.11i.26 WPA2 provides major advancements in key management, encryption and pre-authentication mechanisms. WPA2 differs from WPA by providing a stronger encryption mechanism through CCMP using the AES encryption standard. It is similar to WPA in that it still utilizes the 802.1x and EAP for authentication. Similar to WPA, WPA2 offers two modes of operations: a Personal and Enterprise mode. Also, WPA2 creates fresh session keys on very association (similar to WPA). This provides an added security benefit by offering unique, fresh encryption keys for a specific client, and avoids key reuse. WPA2 does not address any flaws with WPA, but provides an advantage to corporations and government entities since it provides a security solution (AES) that meets the FIPS (Federal Information 24 WPA can be implemented immediately and inexpensively through firmware (software) upgrades, reduces the overall cost and impact to network operations. 25 The personal mode is designed for the home and SOHO environment, and does not employ the 802.1x authentication process. It does deploy the same encryption procedures as an Enterprise mode. The Personal mode is not subject of this paper. 26 WPA2 certification was launched in September 1, 2004. In the Spring 2006, the Wi-Fi Alliance will require all APs be WPA2 certified to receive the Wi-Fi seal of approval. 14
  • 15. Wireless Security Initiatives Keith Fleming Processing Standards) 140-2 compliance requirements.27 WPA2 certified products are backward compatible with WPA. Upgrading to WPA2 may require new hardware requirements due to AES, and not be available for firmware (software) upgrade. Table III provides a summary of the WLAN standards - Wi-Fi Alliance. Table III – Summary of WLAN Standards – Wi-Fi Alliance Interest to Specification Description Main Purpose Security Availability A subset of 802.11i, WPA addresses all known vulnerabilities in WEP. Provides mutual authentication by WPA (Wi-Fi Protected Security Launched means of the 802.1x/EAP High Access) Enhancement October 2003 authentication process. Provides a stronger encryption technology than WEP through TKIP with MIC. WPA2 is the certified interoperable version of the 802.11i specification. WPA2 provides mutual Launched WPA2 (Wi-Fi authentication by means of the Higher High September Protected Access 2) 802.1x/EAP authentication process. Performance 2004. Provides a new advanced encryption technology using CCMP deploying AES encryption. The Wireless LAN Association (WLANA) is a non-profit education trade organization that’s chartered to educate and promote WLAN technologies. It serves as an educational resource to learn more about WLANs that includes a directory, white papers and case studies providing valuable information about WLAN products, services, and 27 AES is adopted has the official government standard by the Department of Commerce, and the National Institute of Standards and Technology (NIST). 15
  • 16. Wireless Security Initiatives Keith Fleming implementations.28 The organization offers various levels of certifications to provide an educational standard for the WLAN industry. 29 Wireless Security (Overview) Wireless communications offers many benefits to an organization including portability, flexibility, increased productivity, and lower installation costs. However, there is the security challenge with WLAN. Enterprise organizations must have the assurance that a WLAN deployment offers minimum risk before the benefits can be fully realized. In additional to the risks associated in wired networks, there are additional risks inherent in wireless technology exacerbated by wireless connectivity, and some new risks not associated with wired networks. Simply, security is the weak link to the wireless revolution. In the wired world, protection is provided to some extent by wires, and access is available through a physical jack to communicate. In the wireless world, the airwaves are open for all to listen, similar to an “Ethernet port in the parking lot”, creating more challenges. Security breaches can be very costly to an organization putting at risk their most valuable assets, including intellectual property, proprietary business processes, customer data, not to mention the dollar costs due to lost business and recovering from the event. The security challenge is to incorporate basic security mechanics and mechanisms for 28 WLANA has many partners contributing content and information to the WLANA directory of information. Refer to the WLANA website: www.wlana.org. 29 WLANA offers the following certifications: Certified Wireless Network Administrator (CWNA), Certified Wireless Security Professional (CWSP), Certified Wireless Network Integration ((CWNI), and the Certified Wireless Network Expert (CWNE). 16
  • 17. Wireless Security Initiatives Keith Fleming organizations deploying wireless networks.30 The goal to successfully implementing a WLAN is to ensure all tools and techniques are used to minimize any security risks associated from a passive or active attach. The first step to address the complexity of securing wireless networks is by discussing the basic security mechanics, and mechanisms available for wireless deployments. Basic security mechanics, in the wireless world, entails the general capabilities of confidentiality, integrity, availability, authentication, authorization, and access control. Mechanisms provide the means through technologies, protocols, and implementations to achieve the basic security mechanics. Some important key mechanisms to deploy in a wireless network include encryption protocols, digital signatures, and key management. Security, for all practical purposes, is the combination of processes, procedures, and systems used to achieve the basic security mechanics. Table IV describes the basic security mechanics and mechanisms for wireless deployments. Table IV – Basic Security Mechanics and Mechanisms Basic Security Mechanics Definitions Mechanisms & Key Mechanisms Confidentiality Capability to protect information from Encryption unauthorized entities. The capability to (Symmetric and send/receive data without divulging any Asymmetric) information to unauthorized entities during the transmission of data. Integrity Capability to protect data content from Digital Signatures unauthorized modifications. Capability to (Using one-way hash send/receive data such that unauthorized functions) entities cannot change any part of the 30 Cisco defines basic security mechanics as a general capability that includes confidentiality, integrity, availability, authentication, authorization, and access control. Mechanisms are defined as detailed technologies, protocols, and implementations that include encryption and key management. 17
  • 18. Wireless Security Initiatives Keith Fleming Basic Security Mechanics Definitions Mechanisms & Key Mechanisms exchanged data without the sender/receiver detecting the change. Availability Capability to send/receive data without Defensive disruption. Ensures that a system or data is technologies to accessible/available when needed. 31 detect/guard against DoS attacks Authentication Capability to validate the identity of the 802.1x, RADIUS, sender/receiver of information. PAP/CHAP, MS- CHAP, etc. Authorization Usually follows an authentication 802.1x (based on procedure, and establishes what capabilities authentication), and information a user can access. multiple levels and protocols Access Control Capability ensuring users see only the Based on information for which they are authorized. authentication, encryption Encryption Capability to transform data (or plain text) WEP, CKIP, TKIP, into meaningless bytes (Cipher text) based AES on some algorithm. Decryption Capability to transform the meaningless WEP, CKIP, TKIP, bytes (Cipher text) back to meaningful data AES (or plain text). Key Management Process and capability of generating, storing, and distributing keys. 32 Confidentiality The goal of confidentiality is to protect information during its transmission from unauthorized entities. Encryption is the key mechanism to achieve confidentiality. Simply, encryption is the means to encode data using cryptography to achieve privacy of in-transit data, and meaningless to unauthorized recipients. By converting data into a form that cannot be easily understood, encryption attempts to prevent eavesdropping from anyone who is not authorized to read it. In the wireless world, the goal is to prevent 31 A denial of network availability usually involves some form of DoS attack, which can range from physical destruction of network equipment to attacks designed to saturate a network’s bandwidth. 32 Key is a digital code used to encrypt, decrypt and sign information. Key management is the process of generating, storing, distributing, and providing the overall protection of keys. A compromised key can provide the most direct means of unauthorized access. 18
  • 19. Wireless Security Initiatives Keith Fleming eavesdroppers from capturing packets and analyzing them later. Therefore, the algorithm must be able to achieve confidentiality for a certain length of time. The process to encrypt data is through use of an algorithm, or key. There are two key paradigms used to encrypt data: symmetric key and asymmetric key algorithms. In the wireless world, the preferred method for data confidentiality is symmetric key algorithms. 33 It uses a common key and the same cryptographic algorithm to both encrypt and decrypt data. Symmetric key algorithm uses one of two different methods to encrypt and decrypt data: block ciphers and stream ciphers. Early WLAN deployments used the block cipher method.34 Generally, block cipher methods are more suitable for software-based encryption. The newer symmetric key algorithms employ a stream cipher method. 35 Stream ciphers are more efficient for hardware-based encryption. In addition, stream ciphers are considered more inherently secure than block ciphers. Whereas, block ciphers transform identical message blocks into identical cipher-text blocks when using a fixed key, allowing for an unauthorized entities to delete, insert or replay of cipher-text, and conduct cipher-text searching for matches. Stream ciphers employ a memory function that encrypts a stream of data (usually a character or byte of data) under a time varying function of the key that prevents deletion, insertion or replay of cipher-text, and cipher-text searching. 33 Also known as secret key encryption, symmetric key encryption is faster having a major performance advantage that can handle bulk encryption much better than asymmetric key encryption. Designed for hardware, the symmetric key encryption can encrypt large amounts of data more efficiently. 34 Block cipher method breaks up data in 64-bit blocks or a finite size, and chains them together using one of four common chaining mechanisms called a mode (ECB, CBC, CFB & OFB). A mode is a method of combining the plain text (not encrypted), the secret key, and cipher text (encrypted) of a message to generate the cipher text that is transmitted to the recipient. Cryptosystems are used on each block independently. 35 Stream cipher method encipher stream of data usually a byte at a time. 19
  • 20. Wireless Security Initiatives Keith Fleming Asymmetric encryption uses a pair of keys to encrypt and decrypt data: a public key and a private key. 36 It can use the same algorithm or a different but complimentary algorithm to scramble or unscramble data. What one key encrypts, only the other key can decrypt. Thus, if plain text is encrypted using the public key, than the private key must be used to decrypt the cipher-text (and vice versa). Asymmetric encryption is rarely used for data confidentiality. 37 The algorithm is typically used in applications involving sender authentication using digital signatures and key management, and the exchange of session symmetric keys. Integrity Integrity provides the means to detect if data has been tampered with in any way. Deploying strong integrity mechanisms are aimed at providing confidence that the data coming into or exiting the network is trustworthy. A digital signature is the preferred mechanism to achieve integrity. Simply, a digital signature is an encrypted message digest or hash that is appended to a document.38 A digital signature uses a public key encryption algorithm to confirm the identity of the sender and encrypt the hash of a message, and a one-way secure hash function algorithm to ensure the integrity of the document. 39 36 Also known as public key encryption. 37 Asymmetric encryption requires public/private key generation that is complex that includes stringent mathematical computations and is processor intensive. Also, this performance constraint makes it less effective to hardware (chip) offload. 38 A hash or message digest is a result of a one-way hash algorithm to generate a fixed length code from an input message. 39 The sender generates a hash and encrypts it to be transmitted to the receiver. The receiver separates the message and the signature. The message is input into a one-way hash function with a result of a hash of the message. The hash from this message is verified with the decrypted hash from the digital signature. Integrity has been preserved if the both codes are equal. 20
  • 21. Wireless Security Initiatives Keith Fleming Authentication Authentication is the capability to validate the identities of a user, service or device based on predefined criteria. Due to the broadcast nature of WLANs, much attention and focus has been given to authentication to prevent unauthorized access to network resources by a user or device. Authentication is the process of determining whether the authorized user, service or device that has tried to gain access to the network is in fact the authorized entity. In the wireless world, the 802.11 specifications do not consider the user, but only authenticates a wireless station or device. Authentication systems can range from simple name-password matches to challenge-response protocols. The 802.11 specifications define two basic authentication services: open authentication and shared-key authentication methods. There are two other mechanisms that are commonly used for authentication: the Service Set Identifier (SSID), and the Media Access Control (MAC) address. Open Authentication and Vulnerabilities Open authentication method does not employ cryptographic validation. It is a null authentication algorithm, meaning the AP will grant any request for authentication by a device. A wireless station can access the wireless network without any identity verification. If a wireless client (station) can find and communicate with an Access Point (AP), it will be allowed to join the wireless network. The only security mechanism employed for open authentication is the SSID of the AP. If WEP encryption is not employed, a device only needs to know the SSID of the AP to gain access to the network. 21
  • 22. Wireless Security Initiatives Keith Fleming 40 If WEP encryption is enabled on the AP, the device will not be able to transmit or receive data from the AP without a correct WEP key. In 1997, 802.11 specified authentication to be connectivity-oriented, and allow devices quick access to wireless networks. 41 Open authentication provides simplicity and ease with connecting to a wireless network, and is recommended for a public WLAN. 42 There is no way an AP can determine whether a wireless client is valid or not by employing open authentication. This can provide considerable security risk if open authentication is deployed without WEP encryption implemented. However, WEP has been compromised and is no longer a viable WLAN security solution. WEP vulnerabilities will be discussed in more detail later. Shared Key Authentication and Vulnerabilities Shared key authentication use to be considered one of the more secure methods of authentication in a WLAN environment. It uses a cryptographic technique for authentication, and is based on a challenge-response protocol. The shared key authentication requires a static WEP key to be configured by a wireless client. The AP sends a random challenge in plaintext to a wireless client. If the wireless client has knowledge of the shared key, it will encrypt the challenge and sent the result back to the AP. The AP will allow access only if the decrypted value (the result computed by the wireless client) is the same as the random challenge transmitted by the AP. 40 Wired Equivalent Privacy (WEP) is the security protocol specified in 802.11 specifications. It is designed to provide a WLAN with the same level of security and privacy expected of a wired LAN. 41 Many 802.11 compliant devices do not have the CPU capabilities required to exercise complex authentication algorithms such bar code readers. 42 Open authentication is a viable connectivity mechanism when employing technologies like an IPSec/VPN solution for security to connect to corporate networks. 22
  • 23. Wireless Security Initiatives Keith Fleming There are several fundamental problems with shared-key authentication. First, it does not provide for mutual authentication, but merely establishes proof that both parties (AP and wireless client) share the same secret. 43 Secondly, the shared-key authentication method depends on the WEP infrastructure that has been deemed insecure for a variety of reasons. Third, the challenge-response process explained above is vulnerable to a man- in-the-middle attack. An eavesdropper can capture both the plain-text challenge text and the cipher-text response by just sniffing with a protocol analyzer, and determine the key stream (Figure 2). 44 Figure 2 – Known Plaintext Attack 43 The wireless client does not actually authenticate the AP and vice versa, and has no assurance as of each parties identity. 44 The WEP encryption process derives cipher-text by performing an exclusive OR (XOR) function on the plaintext with the key stream. An eavesdropper can perform a XOR on the captured plaintext and cipher- text to derive the key stream. 23
  • 24. Wireless Security Initiatives Keith Fleming MAC Address Authentication and Vulnerabilities The AP’s policy can also base its access on the client’s MAC address, where the authenticating MAC address is matched to the AP’s table of valid MAC addresses.45 MAC address filtering is not specified in the 802.11 specifications. However, many vendors support this method of authentication. MAC address filtering provide another layer of security to limit unauthorized devices from accessing an network, and augments the open and shared key authentications provided by 802.11 specifications. Availability 45 MAC based authentication is not suitable for large enterprise deployments, and more appropriate for the SOHO environment where the number of computers (and corresponding registration table) are small. It is valid as a first layer of defense to deny access to client adapters. 24
  • 25. Wireless Security Initiatives Keith Fleming Requires that a WLAN be available to authorized users when needed. It is the capability to receive and send data without disruption of services. DoS attacks are a threat to network availability. Organizations must deploy defense mechanisms to detect and guard against various forms of DoS attacks to ensure availability is achieved. Access Control Access control is the capability to ensure users see only the information for which they are authorized. Entities (usernames, MAC/IP addresses, etc.) use credentials such as passwords, and shared keys to establish the identity, that is authenticated by AAA systems (RADIUS, LDAP, etc). It uses 802.1x authentication protocols or similar (EAP, LEAP, PEAP, etc.) to exchange credentials and establish challenge/response handshakes. Once authenticated, an AAA system provides the authorization and controls the access to what network resources are allowed by a user. Access control security mechanisms are based on authentication, and having knowledge of WEP keys before access and privileges are granted. Encryption/Decryption Encryption is the mechanism to achieve confidentiality. It is the capability to transform plaintext into meaningless bytes, known as Cipher text, based on three primary 802.11 algorithms: WEP, TKIP and AES (CCMP). Decryption is the reverse process. It is the capability to transform meaningless bytes (Cipher text) back to meaningful data (or plain text). Simply, encryption techniques provide three main goals in a WLAN: confidentiality, message integrity, and supports authentication, authorization and access control process. See discussions above for 25
  • 26. Wireless Security Initiatives Keith Fleming confidentiality, message integrity and access control. A detailed discussion of WEP, TKIP, and AES (CCMP) encryption algorithm are found later in this paper. Key Management Key management is the process of distributing keys to support encryption, decryption, and mutual authentication. It is the process of generating, storing, distributing, and providing the overall protection of keys. A key is digital code. Primarily used to encrypt, decrypt and sign information. Keys length and the strength of a key are two important topics related to key management. Key strength is the capability to withstand the digital code from being deciphered, and is usually measured by the time, effort and resources required to break the key. Key length is the number of bits in the key. The longer the key length, the more difficult it becomes to break a key with brute-force. However, there must be a balance between key “cost” and the worth of the information that the key is protecting. Longer key lengths require more overhead and bandwidth, and are more computationally expensive to encrypt and decrypt. There are two types of keys: public keys, and shared or secret keys. With public keys, there known by everyone. With shared (or secret keys), it is known only by the recipient of the message. (See symmetric and asymmetric key operations above for a discussion on keys). With WEP, keys were distributed manually, and unique only to the network. A WEP key was vulnerable to unauthorized access. A compromised key provides the most direct means of unauthorized access. With the IEEE 802.11i standard (WPA/WPA2 protocols), keys are distributed dynamically (automated), and are unique to a packet, session and user. 26
  • 27. Wireless Security Initiatives Keith Fleming WLAN (Basic Architecture & Fundamentals) Wireless networks can be categorized into three groups based on their coverage range. The Wireless Wide Area Networks (WWAN) extends over large geographical areas and includes technologies such 3G cellular, Cellular Digital Packet Data CDPD, and Global Systems for Mobile Communications (GSM). WWAN is focused on linking different networks over a large geographical area to allow wider file sharing and connectivity. Wireless Personal Area Networks (WPAN) is an IEEE 802.15 specification that represents technologies with a very short range such as Bluetooth and IR. 46 WPAN is focusing on technology called “plugging in” that allows any two WPAN-equipped devices that come into close proximity (within several meters of each other) or within a few kilometers of a central server to communicate as if connected by a cable. Also, WPAN is promoting the ability of each device to lock out other devices selectively, preventing needless interference or unauthorized access to information. The focus of this paper is WLANs that has range coverage that falls between WWANs and WPANs. WLAN Architecture The 802.11 standard is based on cellular architecture where the system is divided into cells. Each cell (called a Basic Service Set or BSS) is controlled by a base station called an Access Point or (AP). 47 A typical installation will include several cells, where APs are connected through a backbone (called a Distribution System or DS) usually Ethernet. 48 However, a backbone can be wireless. The whole interconnected WLAN including the 46 WPAN is fairly new and undergoing a rapidly development. Currently, there are four specifications defined by the IEEE (802.15.1 –802.15.4) that deal with Bluetooth. 47 BSS can be considered a coverage area. 48 A DS is usually a wired network that connects a WLAN to the rest of the world such as a corporate LAN, access provider, or the Internet. 27
  • 28. Wireless Security Initiatives Keith Fleming different cells, respective APs and DS, is seen as the upper layers of the OSI model, as a single 802 network. This is referred to as an Extended Service Set (ESS). Simply, the ESS consists of two or more BSS, or wireless clients that are connected to an AP, forming a single sub-network. ESS is multiple BSS cells linked together by either a wired or wireless backbones (DS). 49 A typical WLAN is depicted (Figure 3). Figure 3 - Typical 802.11 Wireless Local Area Network Distribution System (DS) AP AP BSS BSS ESS The 802.11 define two modes of WLAN operations including the independent BSS (IBSS), and the infrastructure mode or ESS (already discussed). Large enterprise deployments are consistent with the WLAN infrastructure mode. On the other hand, the IBSS mode is an ad-hoc mobile network that is not used very often. An IBSS is a BSS that stands alone and is not connected to an AP, communicating only peer to peer. IBSS are usually spontaneous networks that can be set up rapidly, and are limited both temporally and spatially. 50 49 The ESS is the most common WLAN mode. 50 The IBSS mode is an emerging technology with the potential of providing value to the Internet. There are several Mobile Ad-Hoc Network (MANet) protocols being worked at the IETF standards level. Two 28
  • 29. Wireless Security Initiatives Keith Fleming 802.11 Physical Layer The IEEE 802.11 standard focuses on the bottom two layers of the OSI model: the physical and data link layer. The physical layer provides the transmission of bits through a wireless network. The IEEE 802.11 defines several physical techniques to transmit data using a WLAN: Diffused Infrared (IR), frequency hopping spread spectrum (FHSS), direct sequence spread spectrum (DSSS), and orthogonal frequency division multiplexing (OFDM). RF-base solutions are the traditional technology for transmission of data over WLANs. Whereas, IR-based solutions have not generated much interest as a technology, and vendors have not produced 802.11 IR compliant products. IR offers higher transmission rates than RF based systems, but due to distinct limitations precludes its use as a WLAN physical layer standard. 51 Spread spectrum technology uses radio frequency (RF) to transmit data over a WLAN that include: FHSS, DSSS and OFDM. Spread spectrum takes a digital signal and expands it to make it appear more like random background noise (wide bandwidth and low peak power). This makes a spread spectrum signal harder to detect, more noise-like, and difficult to intercept and decode without the proper equipment. 52 The technology employs several methods of modulation including experimental protocols are: (1) The Ad hoc On-Demand Distance Vector (AODV) algorithm enables dynamic, self-starting, multi-hop routing between participating mobile nodes wishing to establish and maintain an ad hoc network, and (2) Adaptive Demand-Driven Multicast Routing (ADMR) protocol is a new on-demand ad hoc network multicast routing protocol that attempts to reduce any non-on-demand components within the protocol. 51 First, frequencies are in the terahertz range. It is restricted to line of sight operations (similar to visible light). Proponents of this technology advocate higher security advantages due to IR not being able to penetrate through walls, and no RF interference. However, due to limited range, costs can more expensive than radio-based solutions. Second, the power output must be set low to reduce damage to the human eye, but also limits the effective transmission range. IR is highly reflective. 52 Spread spectrum was developed by the military in the 1950s in an attempt to reduce jamming and eavesdropping. 29
  • 30. Wireless Security Initiatives Keith Fleming various versions of phase shift keying (PSK), Quadrature amplitude modulation (QAM), and complementary code keying (CCK). DSSS is the spread spectrum technology chosen by the IEEE 802.11 working group, and is widely used with 802.11b devices. 53 A data signal is combined with a higher data rate bit sequence, known as a chipping code or processing gain, that convert each bit of user data into a series of redundant bit patterns (known as chips). 54 DSSS works by dividing the 2.4 GHz band into 11 channels that are 22 MHz wide, and uses a 1 MHz carrier frequency for data transmission. Data is spread and transmitted over one of these 22 MHz channels without hopping to other channels, in effect causing noise on the given channel. With the combination of chips and spreading the signal across the 22 MHz channels, DSSS provides a mechanism for error checking and correction functionality to recover data. The center frequencies for each channel are 5 MHz apart, creating overlapping channels. 55 There is a maximum of only three non-overlapping channels that can be co-located (channels 1, 6 & 11) without some degradation in throughput. DSSS is primary used with 802.11b devices. The FCC (Regulation 15.247) governs DSSS in the United States. In Europe, the European Standard Organizations and Regulations (ETSI) by regulation 300-328 governs the DSSS technology. 53 Vendors and the IEEE 802.11 working group did not favor FHSS, due mostly to security concerns that the hopping codes are published (802.11 standard) and available to anyone. 54 A chipping sequence is a data stream of ones and zeros that are modulated with a second pattern to generate a redundant bit pattern to be transmitted, resulting in a signal that appears as wide band noise to an unintended receiver. 802.11b uses two different sequencing techniques. The Barker code achieves data rates of 1 and 2 Mbps. The CCK uses a series of codes (called complementary sequences) to achieve 5.5 and 11 Mbps data rates. 55 Overlapping channels should not be co-located, since a drastic or complete reduction in throughput will be experienced. 30
  • 31. Wireless Security Initiatives Keith Fleming OFDM is not a spread spectrum technology, but rather a frequency division multiplexing (FDM) modulation technique that can transmit large amounts of digital data over a radio wave. OFDM works by splitting the digital signal into separate sub-signals that are simultaneously transmitted separately at different frequencies over a wireless network. A data signal is divided across 48 separate sub-carriers within a 20 MHz channel that yields transmission rates up to 54Mbps. OFDM is a very efficient at transmitting data at high- speed, and minimizing the amount of crosstalk in signal transmissions. Besides being deployed as an 802.11a and 802.11g WLAN standards, OFDM has been selected for use with 802.16 and WiMax technologies. 56 The U.S. Code of Federal Regulation (Title 47 Section 15.407) regulates OFDM within the United States. The IEEE 802.11 physical layer is divided into two sub-layers: the Physical Layer Convergence Protocol (PLCP), and the Physical Medium Dependent (PMD). The PLCP is responsible for preparing the 802.11 frames (signal) for transmission. It directs the PMD, primary responsible for encoding, to transmit and receive signals, and change radio channels amongst other functions. 57 The Big Three: 802.11b, 802.11a and 802.11g The 802.11 standard has evolved since being ratified in 1997. The original 802.11 specification supported 1 and 2 Mbps in the 2.4 GHz spectrum using FHSS, DSSS and IR. Also, the 802.11 specifications defined the WLAN architecture, various MAC layer services, and WEP algorithm to provide wireless security. Today, three IEEE 802.11 56 OFDM has been supporting the symmetric digital subscriber line (ADSL) standard for quite some time. In addition, OFDM is used with the European based HiperLAN/2 wireless standards. 57 Refer to http://grouper.ieee.org/groups/802/11/main.html for a detailed discussion of the PLCP and PMD. 31
  • 32. Wireless Security Initiatives Keith Fleming protocols have provided major technological advancements to the WLAN industry including 802.11b, 802.11a and 802.11g. The 802.11b standard is the most widely deployed wireless standard with data rates of 11megabits per seconds (Mbps) that is similar to the Ethernet wired LAN connections of 10 Mbps. It operates in the unlicensed portion of 2.4 GHz radio band and is limited to three frequency channels. The protocol increased the data rate to 11 Mbps, and provided an improved range over 802.11. Benefits to 802.11b included ease of use, implementation flexibility, and cost savings. However, 802.11 operate in an unlicensed band (2.4 GHz) that has become overcrowded, and can provide interference problems. 58 The 802.11b is ideal for home and SOHO deployments, but provided liabilities for large enterprise deployments. 59 The 802.11a standard provided significant benefits over 802.11b, with speed (transfer rate) being the greatest advancement. Delivering a maximum data rate of 54Mbps and eight non-overlapping frequency channels, this standard provides increased network capacity, improved scalability, and more flexibility in designing “microcells” without interference from adjacent cells. The IEEE 802.11a standard operates in the 5 GHz frequency ranges that are in the unlicensed National Information Infrastructure (U-NII frequency spectrum. This provides another major advantage for 802.11a, since it is immune to interference from devices that operate in the crowded 2.4 GHz range. The standard introduced multiplexing (OFDM) as a transfer mechanism. While tremendous 58 Devices such as microwave ovens, cordless telephones and Bluetooth devices operate in the 2.4 GHz frequency range. 59 Mostly due to bandwidth limitations and insecurities of WEP. 32
  • 33. Wireless Security Initiatives Keith Fleming transfer speeds are achieved with 802.11a, the effective range is sacrificed. The maximum effective range is 80 feet (average) with relatively an unobstructed path. Whereas, 802.11b can achieve ranges upward of 300 feet given optimal conditions. 60 Another disadvantages, 802.11a is not backward compatible with IEEE 802.11b compliant devices. However, 2.4 and 5 GHz devices can operate within the same physical environment without interference. In Europe, the HiPerLAN/2 directly competes with the 802.11a standard. The IEEE 802.11h standard is working with the ETSI to establish interoperability with HiPerLAN/2. 61 The 802.11g standard provides best of both worlds (802.11a and 802.11b). It achieves the higher speeds, while employing OFDM technologies (like 802.11a). But operates in the 2.4 GHz frequency bands where range was not compromised (like 802.11b). The greatest advantage for WLAN users deploying 802.11g, that higher data rates could still be achieved up to 54 Mbps while operating in the 2.4 GHz unlicensed frequency band. In addition, the maximum effective range of 175 feet (average) was not compromised even though operating at higher data rates. Another advantage, the 802.11g standard offers backward capability for the 802.11b standard by still supporting the CCK modulation. This capability provides upgrading WLANs simple and inexpensive. Again like 802.11b, the 802.11g standard has three channels that can limit wireless capacity and scalability. Another disadvantage is that 802.11g operate in the crowded 2.4 GHz frequency band making it susceptible to interference. Table V provides a standard technology overview for the 802.11 standards. 60 IEEE 802.11b maximum effective range is about 175 feet (average). 61 Known as the “5UP” initiative (5 GHz Unified Protocol) where the IEEE and the ETSI is working to unify certain wireless technologies. 33
  • 34. Wireless Security Initiatives Keith Fleming Table V - 802.11 Standard Technology Overview 802.11b 802.11a 802.11g Frequency Band 2.4 GHz 5GHz 2.4Ghz (ISM Band) (UNII Band) (ISM Band) Frequency Range 2.412-2.484 GHz 5.15 – 5.35 GHz 2.412-2.484 GHz (US) (83 MHz wide) 5.725-5.825GHz (83 MHz wide) (300 MHz wide) Channel Support 11 (1-11) 12 Non-overlapping 11 (1-11) (25 MHz Channels) channels (25 MHz Channels) Non-Overlapping Only 3 12 Non-overlapping Only 3 Channels channels Availability Worldwide US/AP Worldwide Data Rates 1, 2, 5.5 and 11 6, 9, 12, 18, 24, 36, 6, 9, 12, 18, 22, 24, Mbps 48, and 54 Mbps 36, 48, and 54 Mbps Maximum Data 11Mbps 54Mbps 54Mbps Rate AP Simultaneous 20 –30 Users 100+ Users 100 + Users Users Methods of DSSS OFDM OFDM & DSSS Transmission (CCK, BPSK, (BPSK, QPSK, 16- (CCK, BPSK, QPSK) QAM, 64-QAM) QPSK) Basic Access CDMA/CA CDMA/CA CDMA/CA Method Interference Cordless Phones HiperLAN Devices Cordless Phones (Other Devices) Microwave Ovens Microwave Ovens Wireless Video Wireless Video Bluetooth Devices Bluetooth Devices Maximum Range 175 feet 80 feet 175 feet (Average) The 802.11 Medium Access Control (MAC) Layer 34
  • 35. Wireless Security Initiatives Keith Fleming The 802.11 Mac layer is responsible for managing and maintaining communications between WLAN entities (APs, wireless clients - Network Interface Cards (NIC), and Distribution Systems). The 802.11 WLAN consists of a set of essential services that are implemented by WLAN entities to coordinate access to shared radio channels, data transfer, authentication and other important functions. 62 Services are achieved by communication of messages between entities that are composed within frames. Table VI provides a list of essential 802.11 services executed in the MAC layer, but is not an inclusive list. Table VI – 802.11 Mac Layer Essential Services Service Description Group Type Process of establishing client identity prior to a wireless client associating with an AP. The authentication server Authentication must be satisfied that it is indeed the SS 63 Request 64 authorized wireless client. Goal is to provide access control equivalent to a wired LAN. De- Process of terminating an existing SS Notification 65 authentication authentication. Process of establishing the wireless link between the wireless client and the AP. Executed after an SS & Association authentication, an association must Request DSS take place before data frames can be transmitted. A wireless client is associated with only one AP. Process of terminating an association SS & Disassociation Request between a wireless client and an AP. DSS 62 Station services (SS) are MAC layer services implemented by an AP or wireless client. Distribution system services (DSS) are MAC layer services implemented by the backend DS. 63 A station service (SS) is a service that is either implemented by an AP or wireless client within a BSS. 64 A request type can be denied by an entity. 65 A notification type is final, and must be executed. It cannot be refused be either party. 35
  • 36. Wireless Security Initiatives Keith Fleming Service Description Group Type Process of providing a roaming capability for the wireless client. Re-association DSS 66 Request Allows a wireless client to move from one AP to another within an ESS. Provides the capability to protect SS (DSS information from unauthorized Confidentiality for key Request entities. This service is provided only material) for data frames. Process of delivering messages (MAC Distribution DSS Request frames) across a DS. Process of connecting a WLAN with a back-end LAN. Simply, it performs Integration translation of 802.11 frames to frames DSS Request that can transverse another network, and vice versa. Process of delivering data between MAC service access points, with Data Delivery SS Request minimal duplication and reordering of frames. . There are two ways to provide medium access to a radio channel, as defined in the 802.11 standard, before a frame can be transmitted: the distributed coordination function (DCF), and point coordination function (PCF). DCF is based on collision sense multiple access with collision avoidance (CSMA/CA) methodology to access wireless entities. 67 With DCF, a wireless station contending for access will transmit data after first sensing if the medium is free.68 If not, the wireless station will wait and defer its transmission to a later time. 69 The receiving station sends an acknowledgment (ACK) if no errors was detected 66 A distributed system service (DSS) is a service that is implemented by a back-end DS. 67 WLANs, different from the wired world, cannot both receive and transmit on the same channel using radio transceivers (unless a full duplex radio is developed significantly increasing the cost). The receiving station must inform the sending station through an acknowledgment (ACK) that no errors were received in the frame. CSMA/CD cannot be used for the IEEE 802.11 technology. 68 The medium must be free for a specified amount of time, also known as the Distributed Inter Frame Space (DFIS). 69 The IEEE 802.11 uses a basic back-off algorithm and a back-off timer for fairness. 36
  • 37. Wireless Security Initiatives Keith Fleming in the frame. The sending station will retransmit a frame if it does not receive an ACK within a specified amount of time, assuming a collision or RF interference occurred. PCF is an optional provision in 802.11 to allow an AP to grant access to wireless stations after polling a station during the contention free period. It is primary used to implement time-critical services such as voice and video transmissions. The transmission of PCF- based traffic occurs alternately between contention periods (or DCF). Prior to transmitting a frame, the sending station calculates a value, known as network allocation vector (NAV), to determine the amount of time necessary to send the frame based on the frames length and data rate. 70 The NAV value is placed in the duration field within the header of the frame. The receiving station uses this value to set its corresponding NAV, and reserve the medium for the sending station. The wireless 802.11 uses the Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) as the packet transmission protocol. This differs from the “wired” Ethernet, which uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Radio Frequency technology does not have the capability to detect collisions, and uses collision avoidance by first listening to determine if another wireless station is transmitting. If the medium is not busy, the wireless station can transmit. If the medium is busy, the CSMA/ CA protocol uses a random back-off timer before transmitting again. Wireless Basic Components The basic WLAN architecture consists of APs that comprise the WLAN infrastructure and network interface cards (NIC) or client adapters for the wireless client. The antenna 70 NAV must be zero before a sending station can attempt to transmit a frame. 37
  • 38. Wireless Security Initiatives Keith Fleming is a significant component of the WLAN that can make a difference in the overall performance, and is responsible for radiating the modulated signal for reception by wireless components. Wireless bridges and repeaters serve to provide connectivity between multiple LANs (wired and wireless) at the MAC layer. The enterprise WLAN network is also comprised of the following components: the authentication, authorization and accounting (AAA) server, network management server (NMS), and “wireless-aware” switches and routers. The WLAN components listed above can be easily folded into the current wired architecture within an organization, and provide end-to-end network mobility in enterprise and vertical markets. Table VII provides a description of WLAN components. Table VII – Description of WLAN Components 38
  • 39. Wireless Security Initiatives Keith Fleming WLAN Component Description A primary component of the WLAN infrastructure providing clients with a point of access to the network. It is a layer 2 device that serves as an interface between a wireless and wired network, controlling medium access using RTS/CTS (4-way handshake). An AP is a half- duplex device that incorporates intelligence similar to a sophisticated Ethernet switch. Operates either at the 2.4 or 5 GHz frequency range depending on the 802.11 standard deployed, and uses standard 802.11 Access Point (AP) modulation techniques (see above). APs are responsible for notifying (Fat AP) wireless clients of its availability, and authenticating/associating wireless clients to a WLAN. In addition, APs coordinate use of wired resources and roaming functionality such as re-association. APs can be configured in three modes: root, bridge or repeater mode. There are several kinds of APs ranging from single and multiple radios (depending on the 802.11 technologies), to centrally managed thin APs. 71 A new, integrated AP architecture is emerging that puts the intelligence in the network infrastructure. 72 Used by end-user nodes such as PCs, laptops or PDA computers to connect to a WLAN. The NIC is responsible for scanning the NIC or Client frequency range for connectivity and then associating to an AP or Adapters wireless client. Radio cards are manufactured only in two physical formats: PCMCIA and Compact Flash (CF). Radio cards are connected to adapters such as PCI, ISA and USB. 71 Thin APs, also known as lightweight APs, are little more than a radio-for-wire media converter. It is a stripped down version of the “fat” AP that is paired with a central management controller. Whereas a “fat” AP is a standalone device responsible for all WLAN functionality, the “thin” AP communicates with a single centralized intelligent point that handles the WLAN functionality (802.1x user authentication, wireless encryption, secure mobility, and WLAN management). According to the results of a new International Data Corporation (IDC) research report, “Worldwide WLAN 4Q04 Market Share Update”, “thin” APs showed marginal growth and continued to gain over the “fat” AP architecture. In the report, IDC acknowledged that “fat” AP enterprise shipments and revenues decreased. Presently, there is an industry-wide debate on whether APs should be standalone, “fat” APs , or “thin” APs, whether AP WLAN functionality should be performed at the AP or in the network infrastructure. 72 Companies like Trapeze Networks is introducing a new category of AP, known as the integrated mobility point (MP) or “fit” AP, that takes an intelligent, system approach by separating the responsibilities of the AP and the intelligent control point. The “fit” AP architecture involves an intelligent wire-speed device, known as a Mobility Exchange (MX), located in the wiring closet that is integrated with directly attached MPs. MPs act as an extension of the MX’s physical ports with RF specific intelligence. Fat and Thin APs, on the other hand, uses different architecture approaches. With “fat” APs, all WLAN functionality is distributed to the AP. Whereas, the intelligence of “thin APs” are centralized at an intelligent control point within the network infrastructure. 39
  • 40. Wireless Security Initiatives Keith Fleming WLAN Component Description Wireless bridges and repeaters serve to provide connectivity between multiple LANs (wired and wireless) at the MAC layer. Bridges are Bridge and used to provide wireless connectivity from building-to-building, and Workgroup covers longer ranges than APs. 74A WGB is a smaller-scale bridge 73 Bridge (WGB) responsible for supporting only a limited number of wired clients. Operates at the layer 2 network architecture, and provide segmentation of data frames. Responsible for radiating the modulated signals through the air for reception by wireless components. An antenna is a device that converts high frequency (RF) signals from a cable or waveguide to into propagated waves in the air. Antennas are deployed on APs, Antennas bridges, and clients (through a NIC or client adapter), and come in three generic categories: Omni-directional, semi-directional, and highly directional. Each category of RF antennas has different RF characteristics (propagation pattern, gain, transmit power, etc.), and appropriate uses. 75 Better known as a Remote Authentication Dial-In User Service (RADIUS) server, an AAA server uses the RADIUS protocol to provide authentication, authorization, and accounting services in a WLAN for enterprise infrastructures. Simply, a RADIUS server is a computer-based database that compares usernames and passwords to allow access to a wireless network. AAA servers can provide several AAA Server functions from granting different levels of authorization rights to administrative users, passing policy such as virtual LAN (VLAN) and SSID for clients, to generating dynamic encryption keys for WLAN users. Additionally, an AAA server can provide accounting services such as capturing the start/end of a session to provide statistical data on the amount of resources (time, packets, bytes, etc.) used during the session. NMS can provide a wide range of services to support the management of large WLAN networks including security, performance and Network reliability. NMS support should include configuration management, Management application management, and performance trending and reporting. To Servers (NMS) manage large enterprise WLAN networks, NMS services should also include client association reporting capabilities, and tools to manage the RF spectrum and detect rogue APs. 73 Bridges are not currently defined in the 802.11 standards (not an open standard), which mean they are only compatible with same vendor WLAN components. 74 According to the IEEE 802.11 specification, the maximum coverage range for an AP is one mile. 75 Antennas selection is an important consideration to enhance the security of a WLAN. An antenna should be properly chosen and positioned can reduce signal leakage from the workplace, and reduce the capability to eavesdrop extremely difficult. 40
  • 41. Wireless Security Initiatives Keith Fleming WLAN Component Description Wireless-aware" switches and routers provide layer 2 and 3 integration services between traditional WLAN components and wired network components, and enhanced scalability and management of WLAN "Wireless-Aware" networks. Cisco catalyst 6500 series switch, a “wireless-aware" Switches and switch, provides roaming, network management and security services. Routers Enterprise wireless gateways provide specialized authentication, management and connectivity for wireless clients, and appropriate for large-scale enterprise WLAN deployments. Access Points (APs) - Future Direction: Fat, Fit (Integrated) or Thin There is an industry-wide debate raging that will affect the future direction of large enterprise WLAN deployments. This debate focuses on the functionality of IEEE 802.11 APs. There are three different architecture approaches to where WLAN functionally (intelligence) should be implemented: within the AP (fat), not within the AP (thin), or in a system, integrated approach (fit). The choice of AP will have a fundamental impact on the scalability, performance, security and resiliency of an enterprise WLAN. The standalone or “fat” AP, known as the “traditional” AP architecture, places all WLAN functionally in the AP device. These responsibilities include such important WLAN functions as 802.1x user authentication, wireless encryption, and secure mobility and management. In addition, “fat” APs can handle critical network functions such as routing, IP tunneling, Virtual Private Network (VPN), and 802.1Q trunking. Fat APs are independent devices, which autonomously manage all data and control frames between wireless clients and wired LANs. 41
  • 42. Wireless Security Initiatives Keith Fleming Thin APs, for all practical purposes are radio-for-wire media converters, which communicates with a single centralized intelligent point in the network core. It is a stripped down version of the “fat” AP, with the WLAN functionality now residing with a central management controller. WLAN functions such as 802.1x user authentication, wireless encryption, and secure mobility and management are the responsibility of the central management controller. The “thin” AP is not a standalone or independent device, and must be managed and configured by the management controller. The management controller device, not the AP, is responsible for handling all data and control frames coming to and from all APs. This technology has recently gained industry support. First, it simplifies the management responsibilities due central management of APs. Second, it can be more cost-effective than “fat” APs in large-scale enterprise deployments. The Mobility Point (MP) is a new, integrated AP architecture that distributes the WLAN functions (intelligence) where appropriate. Known as the “integrated” or “fit” AP, the architecture consists of an intelligent wire-speed device, known as a Mobility Exchange (MX), that is located in the wiring closet. It is integrated and directly attached to a MP, which acts as an extension of the MX’s physical ports with RF specific intelligence. Being an integrated system, the MX is primary responsible for security control, user authentication, management and data flow analysis, whereas MP is primary responsible for RF-specific functions such as packet conversion (802.11 to 802.3), wireless encryption, and RF statistics gathering and monitoring (supports rogue AP detection). A key factor to deploying “fit” APs, MX and MP devices can reside anywhere on the network, and can be placed between any wired infrastructures providing security, 42
  • 43. Wireless Security Initiatives Keith Fleming performance, and ease of deployment benefits. For example, rogue detection, encryption, and off-loaded 802.1x authentication are security functions best performed closest to the user, at the MP. There are distinct advantages to deploying “fit” AP architecture in an enterprise-wide environment: diminishes security risks, simplifies configuration and management requirements, highly scalable, improves performance, and seamlessly integrates with the wired LAN. The following is list of key features that diminish security risks with “fit” AP deployments: • All security-related control functions, such as 802.1x authentication and secure mobility, are performed by the MX and physically secure (inside a locked wiring closet), while still being placed as close to a user as possible. • EAP processing and master key generation are performed by a MX, which provides significant load reductions on the AAA server. 76 • Integrated AP via the MP has the capability to conduct RF data and statistics for troubleshooting and detection of rouge APs. • Integrated AP supports wireless packet encryption at the MP, that is deployed closest to the user with the benefits of network traffic reduction and encryption deliver performance improvements. There is no traffic bottlenecks at the MX, and provides system scalability with each MP. • Provides identity-based authorization and enforcements (i.e. VLAN membership and ACLs) to provide uninterrupted session capabilities. 77 76 With some EAP protocols, the “fit” or “integrated” AP can eliminate up to 80% of the load from a RADIUS server (as compared to “fat” and “thin” AP implementation). 77 With an integrated (fit) AP architecture, a MX has the capability to learn each user’s identity when they authenticate to the network. In addition, it obtains the user’s authorizations from an AAA server to be able to enforce those permissions. This allows secure mobility for the user to move about the network with the same local VLAN and subnet, providing uninterrupted session capabilities. Enforcement can include roaming policies that restrict the geographic roaming areas for a user. 43
  • 44. Wireless Security Initiatives Keith Fleming • Eliminates a single point of failure (provide relief during a DoS attack). • Provides no impact to the backbone configuration during a deployment or upgrade, since no new client software or reconfiguration is required. . Serious consideration must be given to what AP architecture is implemented. Key factors to consider are security, scalability, ease of management and configuration, performance and cost. The integrated (fit) AP architecture is a new approach to implementing an enterprise-wise WLAN infrastructure, and positioned to be embraced by the industry. Table VIII summarizes the security features of an integrated (fit) AP architecture, with comparisons to the fat and thin AP architectures. Table IX provides a comparison where functions are distributed in the different AP architecture (Fat, Fit and Thin). Table VIII – Security Comparisons for AP Architectures (Fat, Fit and Thin) 78 Integrated (Fit) Fat AP Thin AP AP Security Physical Security of APs No Yes Yes Security of AP Link No No Yes Identity-based Authorization and Enforcement (VLAN Membership, No No Yes ACLs) Central Controller AP (Insecure Within the Security Enforcement Point (leaves path to core location) wiring closet vulnerable) No system- Insufficient RF wide Rogue Detection and Location processing Yes coordination horsepower or location 78 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part 2: Scalability, Performance and Resiliency", (http://www.trapezenetworks/technology/whitepapers). 44
  • 45. Wireless Security Initiatives Keith Fleming Table IX - WLAN Functionality for Different AP Architecture (Fat, Fit and Thin) 79 Integrated (Fit) Fat AP Thin AP AP Security 802.11 to 802.3 Packet Conversion AP Central Controller Mobility Point Wireless Encryption (WEP, TKIP, AP Central Controller Mobility Point AES) Mobility Authentication Control AP Central Controller Exchange Mobility Wireless to Wireless Forwarding AP Central Controller Exchange Mobility Stored Configuration, Image AP Central Controller Exchange Mobility Console Port Configuration AP Central Controller Exchange RF Statistics Gathering and AP Central Controller Mobility Point Monitoring QoS Treatment AP Central Controller Mobility Point Mobility Class of Service (CoS) AP Central Controller Exchange Access Control List (ACL) Mobility AP Central Controller Enforcement Exchange WLAN Basic Topology The basic topology of a WLAN usually consists of a wireless infrastructure (such as wireless clients, stations, supplicants, and APs) that is connected to a distribution system medium (DSM) or wired infrastructure, by means of an AP. There are several design options depending on the organization (University, corporate, public WLAN, etc.), WLAN policies, and cost restraints. Figure 3 provides a simplified WLAN topology that 79 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part I: Security and Manageability", (http://www.trapezenetworks/technology/whitepapers). 45
  • 46. Wireless Security Initiatives Keith Fleming is suitable for large enterprise deployments. Notice the AAA system and RADIUS server is part of the DSM, and not within the wireless infrastructure. Figure 4 – Simplified WLAN Topology 46
  • 47. Wireless Security Initiatives Keith Fleming Wireless Threats and Vulnerabilities WLANs are more susceptible to attacks and unauthorized access, than wired LAN environments. It is difficult to prevent access to a wireless network, since WLANs work through the air. Anyone can capture and transmit wireless signals if they are within range and have the right tools. This makes wireless security a real challenge. The press and published reports/papers have documented numerous attacks on 802.11 wireless networks exposing organizations to considerable security risks. The consequences of an attack can lead to devastating results for an organization such as loss of proprietary information, loss of network service, legal and recovery costs, and a tarnished image that can have financial and operational ramifications. There are two types of security attacks: passive and active. Passive attacks consist of unauthorized access to an asset or network for the purpose of eavesdropping or traffic analysis, and not modifying its content. An active attack is an unauthorized access to an asset or network for the purpose of either making modifications to a message, data stream, or file, or by disrupting the functions of a network service. There are many reasons why an attacker may target a wireless network or organization. However, the three main goals of an attacker are to disrupt an organization normal network operations by denial of service (DoS), gaining read access, and/or by gaining write access. The sequence of an attack usually starts with the reconnaissance phase, followed by an active attack to gain network access or DoS. Figure 5 provides a general taxonomy of WLAN security attacks. 47
  • 48. Wireless Security Initiatives Keith Fleming Figure 5 – General Taxonomy of WLAN Security Attacks Attacks (WLAN) Passive Attacks Active Attacks Eavesdropping Traffic Analysis Network Access DoS Attacks Read Access Write Access There is usually two phases to an attack. The first phase is the known as the reconnaissance phase, conducted passively. 80 During the reconnaissance phase, an attacker must discover a target network, and then find out more information about the network. Two methods are deployed to execute undetectable passive attack: eavesdropping, and traffic analysis. Eavesdropping is the capability to monitor transmissions for message content. An attacker listens and intercepts wireless signals between the AP and wireless client. Traffic analysis is the capability to gain intelligence by monitoring transmission for patterns of communications, or perform packet analysis. In the wireless world, sniffing tools are the most effective means of finding out what is happening on a network. Undetectable, sniffing can perform two key functions: packet capture and packet analysis and display. Analyzing a packet allows an attacker to 80 Active host and port scanning is also a reconnaissance technique, but considered an active attack which can be detectable. 48
  • 49. Wireless Security Initiatives Keith Fleming determine what capabilities are on a network, and can provide all sorts of confidential information to exploit an organization. With packet capture, an attacker is able to recover WEP keys within a few minutes, providing the capability to read all the data passing between the wireless client and the AP.81 There is a wide variety of sniffing tools available, both on the commercial market and through open-source code.82 Another technique used during reconnaissance is War Driving. War Driving is the process of surveying wireless networks by use of an automobile. 83 With programs like Network Stumbler and GPS, a WLAN can be detected, plotted and posted to a website. Table X provides a list of some of the more popular sniffing tools. Table X – Sniffing Tools Tool Capability Source Notes AirSnort War Driving Open-source: http://airsnort. Recovers encryption (Packet capture shmoo.com keys (Windows or and analysis) Linux Based) WEBCrack Packet Analysis Open-source: Recovers WEP keys http://wepcrack. (PERL based scripts) sourceforge.net Ethereal Packet Capture Open-source: Based on Libpcap, a http://ethereal.com packet capture library (text and GUI based) Tcpdump Packet Capture Open-source: Based on Libpcap, a http://tcpdump.org packet capture library 81 The Fluher-Mantin-Shamir Attack (FMS) is the most damaging attack on WEP. Discovered by three cryptographers: Scott Fluhrer, Itsik Mantin, and Adi Shamir. Through packet capture, an attacker was able to recover WEP keys in little as nine minutes of sniffing. After gathering five to 10 million packets, an attacker uses tools such as WEPCrack and AirSnort that can determine encryption keys in a few minutes. Refer to the paper "Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer, Mantin and Shamir for more details. 82 Sniffing tools are not only used by attackers, but find value in an organization with use by network administrators. Sniffing tools are helpful determine if a network is properly configured, and to detect whether attacks are taking place. 83 Similar to War Driving, there are several other methods used to detect WLANs. War Strolling is the technique of walking around with wireless equipment looking for networks. War flying is executed by mounting an antenna on a plane and flying around to search for networks. War Chalking is the practice of signposting open APs. Once found, a basic war-chalking symbol is made on the sidewalk, usually with chalk or spray paint. 49
  • 50. Wireless Security Initiatives Keith Fleming Tool Capability Source Notes (text based only) Sniffer Packet Capture & Network Associates Capability to decrypt Wireless Display (commercial product) WEP-based traffic and quickly detect Rogue APs. (Windows and PDA based) Net Stumbler War Driving; Open-source: Records SSIDs in Network http://netstumbler.com beacons and interfaces Discovery; with GPS to map a Packet Capture network. (Windows- based) Prismdump Packet Capture Freeware (Linux) Text base Kismet War Driving; Open-source: Most complete War Network http://kismetwireless.net Driving tool. Works Discovers; with most client cards Packet Capture that support Rfmon mode. Operates on most OS systems. Wellenreiter War Driving; Open-source: Perl and C++ based Network http://www.wellenreiter.net for Linux and BSD Discovers; systems. Packet Capture AiroPeek & Packet Capture & WildPackets - Deployed to OmniPeek Analysis/Display http://www.wildpackets.com troubleshoot, secure and monitor WLANs Active attacks are primarily conducted by either limiting an organizations network availability through a DoS attack or by gaining unauthorized read and/or write access to a network (Network Access). An active attacker may masquerade as an authorized user and gain certain unauthorized privileges, monitor transmissions passively and then retransmit messages as a legitimate user (replay), or modify legitimate messages. DoS attacks can range from physical destruction of equipment, disruption of certain network services that prevent or prohibit the normal use of an organization’s network capabilities to a full-blown attack designed to use all of a network’s bandwidth. DoS 50
  • 51. Wireless Security Initiatives Keith Fleming attacks can disrupt services for a particular user or for the whole network. End results can include an attacker a means to setup a rogue AP and associate users to a bogus network (Man-in-the-Middle (MitM) attack, to completely shutting down the network not allowing any transaction to take place. In the wireless world, DoS attacks are more problematic since it is easier to access a network. The following are some common practices for accomplishing DoS: • Deploy radio-jamming equipment • Saturate a network’ bandwidth by continually broadcasting frames • Conduct disassociation/de-authentication attacks • Conduct transmit duration attacks by configuring the transmit duration field to a maximum of 30-packets-per-second rate • Saturate AP tables by flooding associations • Setup a rogue AP and associate users to a bogus network to establish a MitM attack Active attacks can be accomplished by means of gaining network access to have read and write capabilities. The goal for network access attacks is to gain access to network resources or to capture and decrypt data (if encrypted). Read access is the ability of an attacker to intercept and read traffic from a network, providing the capability to launch attacks on encryption, authentication, and other protection methods. Once an attacker is able to discover a target network through reconnaissance, and capture unencrypted or encrypted traffic by means of a sniffer, the attacker has the potential to gain key material and recover encryption keys. A compromise of the encryption keys can provide an 51
  • 52. Wireless Security Initiatives Keith Fleming attacker full access to the target network. Write access is the capability to send traffic to a network entity. The following are some goals of an attacker with network read and write access: • Recover encryption keys • Recover keystreams generated by encryption keys 84 • Inject data packets: write encrypted data by replaying captured keystream • Encrypt data with key and inject the data to the network • Install spying software on a wireless client and have the capability to read the results • Setup a rogue AP and control network parameters (such as encryption keys) • Bypass Authentication schemes: o By deploying MAC address spoofing to evade MAC address filtering o By deploying shared-key authentication bypass attacks o By performing LEAP Dictionary attacks if network is using 802.1x for authentication o By performing PEAP MitM attacks if network is using 802.1x for authentication • Install malicious code on a wireless client WLANs, by its own architecture, have security problems embedded in its technology. The WLAN technology must advertise their existence so clients and APs can link up. 84 In legacy systems not deploying WPA and 802.11i, there are several uses for recovered keystreams. An attacker only needs one keystream to inject an unlimited number of packets into a network. An attacker can conduct bit-flipping attacks and replay, and has the capability to decrypt packets if has gathered a complete keystream dictionary for the WEP key. 52
  • 53. Wireless Security Initiatives Keith Fleming Accomplished by special frames called beacons that are transmitted and serve as the primary discovery mechanisms for wireless clients to detect APs within a BSS. This exposes a signal to anyone cable of listening and within range. If a WLAN can be located within a heavy-shielded office where RF signals are not capable of escaping, then the risk of unauthorized access is minimized. Since this is not always a viable solution, other security methods must be deployed such as strong access control and encryption technology. The techniques for gaining unauthorized access to a WLAN are well-known security issues. Many security issues exploiting WLANs have recently been corrected with technology developments in the 802.11i standard. Table XI is list of well-known security attacks deployed against WLANs. Table XI – Wireless Security Attacks Solutions for Attack Description Target Protection Mac Filtering, Firewalls (wired), Network DoS Attacks Disruption of network services. IDS (Wired), DMZ Services architecture, 802.11i Disassociation & Exploits unauthenticated nature of 802.11 Network Requires strong De-authentication management frames. Due to a lack of Services authentication of (DoS Attack) 85 strong authentication, a wireless client management and can spoof disassociate or de-authenticate control frames. a message, thereby disrupting network 802.11i does not services. Since an AP must associate with currently prevent a wireless client first before traffic can be these attacks. transmitted, an attacker can effectively keep one or more stations from 85 Disassociation and De-authentication attack are at the MAC layer. 53
  • 54. Wireless Security Initiatives Keith Fleming Solutions for Attack Description Target Protection transmitting by repeatedly sending disassociate frames. There are several known implementations of this type of attack.86 Logic in wireless Based on the Transit Duration field of an NIC cards to ignore 802.11 frame, that announces to other the Transmit nodes how long a frame will last. If a Duration field. Transit Duration stream of packets are sent by an attacker, Requires strong Network Field (DoS and the transit duration field is set to its authentication of Services Attack) 87 maximum setting (1/30th of a second), this management and prevents other stations from transmitting control frames. for that duration of time, effectively 802.11i does not occupying the network. currently prevent these attacks 802.1x& EAP- Authentication Exploits authentication methods to gain Network based Attacks network access. 88 Access Authentication Flawed mutual authentication mechanism, based on a challenge- response protocol. During the shared-key authentication process, each party Open-key responds to a challenge with an encrypted Shared-key Network authentication or message proving its knowledge of the Authentication Access EAP-based WEP key. 89 An attacker can simply XOR authentication the challenge and response message and determine a portion of the keystream to generate a successful authentication response in the future. Sniffing can detect valid MAC addresses MAC Address that can be used with certain 802.11 card Network 802.11i (TKIP and Spoofing drivers to spoof a MAC address and gain Access CCMP) or VPNs network access. 86 Omerta (named after the Sicilian code of silence), developed by Mike Schiffman, is a tool capable of listening and sending a disassociate message for every packet it sees. AirJack is suite of tools (essid_jack, wlan_jack, and fata_jack) that can launch disassociation or de-authentication attacks. For more details refer to http://802.11ninja.net. Void11, developed by Reyk Floeter, consist of two types of de- authentication attacks. In one version, an AP is flooded with authenticate requests, thereby attempting to crash the AP or deny service by filling up tables of associated services. 87 Transit Duration field attacks occur at the MAC layer. 89 The shared-key authentication process requires a wireless client to use a pre-shared WEP key with an AP. The client encrypts the challenge, and the AP authenticates the client by decrypting the shared key response. 88 Authentication attacks can be launched on shared-key and MAC address filtering schemes, as while as attacks on the 802.1x protocols. 54
  • 55. Wireless Security Initiatives Keith Fleming Solutions for Attack Description Target Protection An attacker has ability to capture/decrypt frames during the association process to provide critical information. With this information, an attacker can setup a rogue AP to force a wireless client to re- associate with a bogus AP. This allows Man-in-the- the attacker to access all data transmitted Network Physical Security, Middle (MitM) back and forth between a wireless client Access T802.1x or VPNs and a server. Note: the wireless client and server believe they are connected directly to each other, and not a bogus AP or MitM. (See figure 6 for a pictorial description of a MitM using a rogue AP.) An attacker can collect challenge and response exchanges from password-based protocols, with the capability to determine the login name - password combination. Use of open source tools Dictionary based on a dictionary of hundreds of Strong Password Network Attacks (Crack thousands of words/phrases, and an Policy, 802.1x and Access passwords) offline computer to cycle through every VPNs possible name - password combination, login information can be compromised. Once compromised, an attacker has WLAN access with the rights and privileges of that user. An attacker can recover keystreams that a key can generate called a known plaintext attack. An attacker sends data over a wired network to a wireless client, and captures the encrypted data from the AP Known Plaintext being sent to the wireless client. Once Attack Network captured, an attacker can apply an XOR WPA & 802.11i (WEP Keystream Access operation on the plaintext and captured Recovery) data (cipher-text) to determine the keystream.90 An attacker will be able to decrypt any traffic used by that WEP key, once a dictionary is established for all 15 million keystreams. 91 90 RC4, the underlying encryption technique for WEP, uses XOR logic to derive one key element if two are known: cipher-text, plaintext and the keystream. An attacker only needs to know two of the three elements to calculate the third element. Since cipher-text is broadcasted, and the attacker knows the plaintext, the keystream can be derived through XORing. 55
  • 56. Wireless Security Initiatives Keith Fleming Solutions for Attack Description Target Protection A WEP keystream recovery method by waiting for a collision (repeated keystreams). An attacker can collect IV IV Collisions collisions and through cryptographic Network (WEP Keystream WPA & 802.11i techniques compromise the data and Access Recovery) keystreams. 92 Once compromised, an attacker can built up a dictionary of keystreams. An attacker can recover the encryption keys by use of a sniffer to collect from 5 WEP Cracking to 10 million packets. With use of tools Network (WEP Key such as WEPCrack or AirSnort, an WPA & 802.11i 93 Access Recover Attacks) attacker can determine encryption keys within a few minutes, and gain read/write access of encrypted data. WPA & 802.11i (MIC Algorithm), Traffic Injection After recovering one keystream, an Network Cisco has (WEP Keystream attacker has the capability to inject Access implemented Recovery) packets by reusing the same IVs. mechanisms to reject repeated IVs Bit-flipping Bit flipping relies on the weakness of the Network WPA & 802.11i Attack (Message Integrity Check Vector (ICV), since it Access (MIC Algorithm) Modification) can be recalculated even in the encrypted form. 94 An attacker can take a message, flip some arbitrary bits in the data portion of the frame (higher layer packets), recalculate a proper ICV, then rebroadcast the message and be considered valid. The ICV will pass through an AP or wireless client, but the CRC will be rejected at layer 3 (Router), generating a plain-text error message, in which an attacker can sniff the error 91 WEP uses the initialization vector (IV) to provide a certain level of security by not repeating the same keystream. Since WEP keys are static, IV permits 224 (about 16 million) possible keystreams for each key. 92 Since there is about 16 million possible keystreams for one key, and WEP are static (legacy systems), a keystream can be used more than once (known as a collision). Collisions can reveal important information about the data and keystream, and be exploited. Statistical analysis has calculated that all possible IVs (about 16 million) would be exhausted in five hours if operating in a busy network. 93 There is no keystream to recover using CCMP. With the TKIP algorithm, a key and an associated keystream are used only once. 94 WEP uses the Integrity Check Vector (ICV), which is known to be an insecure checksum. It uses a linear sum methodology that is predicable. An attacker will be able to know which bit of the encrypted ICV has changed after altering a bit in the encrypted message. Thus, an ICV can be fixed and pass checksum validity. 56
  • 57. Wireless Security Initiatives Keith Fleming Solutions for Attack Description Target Protection 95 message and derive the keystream. Derived from recovering keystreams from a WEP key, an attacker can grow WPA & 802.11i Initialization the keystream by using the same IV/WEP Network (MIC Algorithm, Vector (IV) key pair as the observed frame. Reuse or Access TSC in TKIP, and Replay Attack replay of this IV/WEP key pair can PN in CCMP) 96 generate a keystream large enough to subvert a network. PEAP MitM An attacker can setup a rogue AP and AS Network PEAPv2 97 to steal a clients credentials if one of two Access rules for PEAP are violated. First, the client must validate the server certificate, and not have the capability to override invalid server certificates. Second, the inner PEAP authentication credentials must not be configured to run outside of a protected session. If so, an attacker can steal the credentials to successfully launch a PEAP authentication session. 95 Bit flipping can be used in reaction and inductive attacks. A reaction attacks exploits the flaws of the ICV in the WEP protocol, and predictable bits in fields like TCP/IP packets. An attacker can guess some of the bits in a message, and determine the value of other bits not known, by flipping certain bits, and rebroadcast the message. An attacker is able to determine if a packet had a valid TCP checksum by looking for an encrypted TCP acknowledgement (ACK) packet, which is short and recognizable by its length although encrypted. By repeating this procedure, an attacker can deduce whether other bits were 0 or 1 by the absence or presence of an ACK response, with an end result of recovering some if not all of the keystream for a particular IV. An inductive attack is a methodical trail and error procedure that relies on WEP to provide feedback when an attacker has correctly guessed parts of the keystream. An ICMP ping or ARP request packet (that demands a reply) is sent by sending 256 versions of a packet that covers all possibilities of a known keystream (n) plus one byte (n + 1). If correct with the proper encrypted checksum, an AP will accept it and respond providing the attacker with the additional byte of the keystream. Process can be continued until the full length of the keystream (1500 bytes) is derived. 96 MIC prevents an attacker from changing the packet counter if attempting to rebroadcast a message with a new packet counter. TSC and PN are packet counters. 97 Still under development has an IETF standard. The IETF is addressing PEAP MitM attacks for all vendors. 57
  • 58. Wireless Security Initiatives Keith Fleming Solutions for Attack Description Target Protection Note: EAP-TTLS is susceptible to the same MitM attack. Exploits the use of MS-CHAPv1 (an unencrypted form for authentication) in the Cisco-proprietary LEAP protocol. An attacker can execute offline dictionary attacks from the challenge/response Dictionary Attack information sniffed from a LEAP Network Strong Password on LEAP authentication, and match the logon name Access Policy 98 - password combination. Once matched, an attacker can pose as a wireless client using the LEAP authentication method. Tools such as asleap provide the means to launch this type of attack. The capability of an attacker to redirect network traffic away from a legitimate end user. Known as session hijacking, an Session attacker must have the ability to both Network 802.11i, 802.1x & Hijacking sniff network traffic, and insert own Access VPNs information. Executed by setting up a Rogue AP, with unsuspecting wireless clients trying to authenticate to it. Unauthorized APs in a network, a rogue APs are used by attackers to gain future Corporate Policy, Network Rogue APs access to the network through MitM Physical Security & Access attacks. (See Figure 6 for a MitM attack SWAN 99 using a rogue AP 98 A strong password policy is the main countermeasure for dictionary attacks. A strong password policy should include a length of 12 characters (combination of numeric, lower and uppercase alpha-numeric, and symbols), and changed on a regular basis. Passwords should not be based on any words found in the dictionary or any variant of the users name. Password enforcement should include tools that enforce password policy at creation time, and conduct automated password cracking operations on a regular basis to determine passwords within the organization that are vulnerable. 99 The Cisco Structured Wireless-Aware Network (SWAN) architecture enables several security features that provide an end-to-end security solution., including rogue AP detection and suppression . 58
  • 59. Wireless Security Initiatives Keith Fleming Figure 6 – MitM Attack Using a Rogue AP WEP (The Legacy Protocol) Wired Equivalent Privacy (WEP) was the initial encryption protocol specified by the IEEE 802.11 standard to authenticate users and encrypt data payloads over a wireless medium. WEP was intended to provide the security goals of confidentiality, data integrity, and access control, to make the wireless medium as secure as the wired Ethernet. Even though the designers new there were potential flaws, the early adopters of WLANs believed they could simply implement WEP, and have a complete secure wireless network.100 Vendors found out quickly that WEP was not the complete solution, but by that time the WLAN technology had gained immense popularity (home and SOHO market), before the problem was widely published. To prevent disclosure of packets in transit (confidentiality), WEP uses the RC4 algorithm, a symmetric cipher, which produces a key stream that is the same length as the 100 The 802.11 standard meet the following selection criteria for security: exportable, reasonably strong, self-synchronizing, computationally efficient, and optional. In September 1994, the WEP algorithm (RC4), a trade secret of RSA Security, was leaked to the general public (Cypherpunks mailing list). 59
  • 60. Wireless Security Initiatives Keith Fleming data. RC4 was not designed for reuse with the same key. To overcome this flaw, a 24-bit initialization vector (IV) was added that changed the value for each packet. The WEP encryption process start with an IV being generated, then concatenated with the WEP key through the RC4 algorithm to create a WEP seed value. The WEP seed is run through a pseudo random number generator (PRNG) to produce a cipher-stream, then through a XOR process with the plaintext/ICV message. The result is the WEP cipher-text that is appended with the IV (in plaintext), and the key # to form the message to be transmitted. WEP had some serious flaws in providing confidentiality. First, the IVs are short or static that allows the key stream to be repeated, exposing the data to be decrypted and compromised. Second, IVs are transmitted in the clear for a recipient to successfully decrypt a packet. The manner in which the IV is incremented and sent in the clear allows an attacker to recovery an RC4 key stream, and launch active attacks such as traffic injection, message modification and replay, dictionary-based, and WEP key cracking. 101 To prevent modification of packets in transit (data integrity), WEP uses the Integrity Check Vector (ICV), which is known to be an insecure checksum. It is a four-octet linear sum methodology that is predicable, and uses a 32-bit cyclic redundancy check (CRC-32). The plaintext is sent through an Integrity Check algorithm (CRC-32), produces an ICV, which is appended to the plaintext. The ICV is included in the encrypted payload (cipher-text). Weakness with the ICV, allows an attacker to execute a 101 Two papers that document WEP insecurities (weaknesses in how the encryption is implemented). Researchers at Berkeley document their findings at: http://www.issac.cs.berkeley.edu/issac/wep-faq.html. Using the Fluhrer, Mantin, and Shamir Attack to break WEP is documented at: http://www.cs.rice.edu/~astubble/wep/wep_attack.html. 60
  • 61. Wireless Security Initiatives Keith Fleming bit-flipping attack. An attacker can take a message, flip some arbitrary bits in the data portion of the frame (higher layer packets), recalculate a proper ICV, and then rebroadcast a valid message. WEP uses the shared-key authentication mechanism to achieve access control. Based on a challenge-response protocol, the shared key authentication requires a static WEP key to be configured by a wireless client. The process starts with the AP sending a random challenge in plaintext to a wireless client. If the wireless client has knowledge of the shared key, it encrypts the challenge and sends the result back to the AP. The AP allows access only if the decrypted value (the result computed by the wireless client) is the same as the random challenge transmitted by the AP. The shared-key authentication method is flawed, and compromises bits of the key stream. It does not provide for mutual authentication, but merely establishes proof that both parties (AP and wireless client) share the same secret. It depends on the WEP infrastructure that has been deemed insecure for a variety of reasons. Also, the one-way challenge-response is vulnerable to a man-in-the-middle attack. An eavesdropper can capture both the plain-text challenge text and the cipher-text response by just sniffing with a protocol analyzer, and determine the key stream. WEP key management is another serious problem identified with the WEP protocol. Key management was not supported, which did not provide the automatic exchange of encryption keys between wireless client and AP. This means WEP keys must be manually configured (static keys), and changed regularly to maintain effective security. 61
  • 62. Wireless Security Initiatives Keith Fleming In large enterprise environment this would be tedious, costly and almost an impossible task. Static WEP keys lead to another serious vulnerability with the WEP protocol, many WLAN users sharing the identical key for long periods of time. First, a WEP key could be compromised if a laptop was lost or stolen, leaving all other wireless components sharing that key vulnerable. Second, large amounts of traffic data are potentially available to an eavesdropper to recover key streams and launch active attacks, especially in a large environment sharing the same WEP key. WEP provides varying levels of encryption ranging from 40 to 152 bits.102 The general logical would prevail that more bits equal better security, since a longer encryption key would take more effort to break.103 That is not true with WEP. The source of the weakness is not with the key length, but with the 24-bit IV. Regardless if it is a 64-bit or 128-bit WEP, they still use the exact same 24-bit IV. An attacker has no reason to brute force an attack, when it is so much easier to exploit IV by other means. Wireless Security (The Next Generations) Wi-Fi Protect Access (WPA) 102 WEP keys are available in several key lengths, 64-bit and 128-bit, for 802.11b/g standard, and up to 152- bit for 892.11a standard. Sometimes referenced as 40-bit, 104 -bit, and 128-bit, this is a misnomer. This reference refers to the secret key lengths. However, a 24-bit IV is concatenated with a secret key length yielding WEP key lengths of 64-bit, 128-bit and 152-bit. RC4 stream ciphers have the capability to actually handle keys as large as 256 bits. 103 Using a 128-bit instead of a 40-bit encryption key, based on today’s computer horsepower, would increase the time to brute force crack a WEP key from a few days to approximately 20 weeks. 62
  • 63. Wireless Security Initiatives Keith Fleming Security problems in the 802.11 standard and WEP led to the development of the 802.11i standard. In October 2003, the Wi-Fi Alliance launched Wi-Fi Protect Access (WPA) to address all known vulnerabilities in WEP. This was an interim solution to provide quick relief to the vulnerabilities of the 802.11 standard, where the Wi-Fi Alliance adopted as much of the 802.11i that was available at the time. 104 The impetus for WPA centered on the security vulnerabilities in 802.11, where many vendors (members of the Wi-Fi Alliance) were concerned that these problems stood to give the standard a bad name and hurt industry sales. WPA was designed to be a strong, economical solution that worked with legacy hardware (802.11 products), and provided the forward compatibility with the 802.11i standard. By 2004, all products had to incorporate WPA to be Wi-Fi certified. WPA made major improvements to encryption, authentication, data integrity, key management, and added a network security capability determination feature. WPA introduced a new encryption technology, Temporal Key Integrity Protocol (TKIP) with Message Integrity Check (MIC), to replace WEP and provide strong data confidentiality and payload integrity. The Wi-Fi Alliance implemented mutual authentication in WPA by means of the IEEE 802.1x/EAP authentication to provide a strong authentication between a wireless client and an authentication server via an AP.105 In addition, WPA paved the way for use of the open authentication method, and benched the flawed shared- key authentication method. Key management, one of the biggest problems in 802.11, was addressed and implemented in 802.11i (and WPA) that provided a separate authentication process to enable the distribution of keys. The network security capability 104 Based on the earlier draft (version 3.0) of the 802.11i standard. 105 WEP lacks authentication methodology. WPA also uses a pre-shared key (PSK) technology for authentication in the Personal-mode. 63
  • 64. Wireless Security Initiatives Keith Fleming determination feature incorporated WPA information elements in the 802.11 frames (beacon, probe, response, and re-association request) to determine which authentication and cipher suite to use. TKIP was designed to fix the vulnerabilities of WEP, without replacing legacy hardware. For this reason, TKIP kept the basic mechanisms of WEP: the IV, RC4 encryption, and ICV. However, the RC4 encryption scheme was reinforced using a 128-bit per-packet key, and a longer 48-bit IV. Unlike WEP, TKIP encrypts every data packet sent with its own unique encryption key. The keys are dynamically generated, providing more security against intruders who relied upon the predictability of static keys in WEP. 106 In addition, WPA includes a Message Integrity Check (MIC), called Michael, to prevent message modification. 107 There are three protocols associated with TKIP: MIC (or Michael), a key mixing algorithm, and an IV enhancement. First protocol, MIC, is a cryptographic message integrity algorithm to prevent any modifications to a message. It uses a hash instead of a linear checksum that addressed the flaws with the ICV. 108 The hashing algorithm, called Michael, is designed to ensure the contents of data packet have only been sent by legitimate wireless clients, and there is no modification of data during packet transmission. Michael produces two 32-bit words that make up a 64-bit hash. A hash is 106 TKIP dynamically generates unique keys to encrypt every data packet, providing approximately 280 trillion possible key combinations to be generated for every given packet. 107 An attacker can capture, alter and resend data packets. 108 A hash is a mathematical calculation that provides a fingerprint of a message or file, which is unique and proves the integrity and authenticity of a message. A hash depends on a key, and is non-linear, which prevents an attacker from modifying parts of the message and predict parts of the hash that will change. This eliminates bit-flipping attacks. 64
  • 65. Wireless Security Initiatives Keith Fleming computed, and then compared by both receiving/transmitting entities. The MIC value must match for data to be accepted. If not, the packet is dropped since it is assumed that packet integrity has been compromised, unless optional countermeasures are implemented. In this case, all packet reception and transmissions are disabled, and all wireless clients de-authenticated and new associations are prevented for 60 seconds.109 Second protocol, TKIP replaced the flawed 24-bit IV with a 48-bit TKIP Sequence Counter (TSC) to fix the IV reuse problems in WEP. The TSC is a 48-bit counter starting at zero and incremented by 1 for each packet, that provides a receiver the means to keep track of the highest value for each MAC address, to ensure packets arrive in sequence. A packet is dropped if the TSC value (TKIP Packet) is less than or equal to one it has already received, to prevent replay attacks. Due to the first protocol enhancements of ICV and MIC, an attacker is also prevented from changing the TSC and using to it rebroadcast a packet. The TSC is used in the decryption algorithm, and if modified will result in the ICV and MIC to not match and the packet to be dropped. The TSC function allows a key stream never to be reused with the same key. This protocol prevents an attacker from launching a replay attack, known plain text and dictionary-based attacks after recovering a key stream. 109 Michael is a much simpler algorithm to calculate than such hashing algorithm like Secure Hash Algorithm (SHA1). This is a downside to the algorithm, why additional countermeasures were added. There are two countermeasures added to the Michael algorithm to safeguard against active attacks: logging, and disable and de-authenticate. The first logs failures as an attack. However, the ICV is checked prior to Michael value being checked to prevent an attacker from creating failures for Michael to log. Second countermeasures disable and de-authenticate, resulting in a wireless client to negotiate new keys. 65
  • 66. Wireless Security Initiatives Keith Fleming Third protocol, TKIP incorporates a key mixing function to ensure encryption keys changes on a per-packet basis. It is designed to protect the 128-bit Temporal Encryption Key (TEK), a temporary base key used for creating unique per-packet keys. The key- mixing algorithm is a two-phase operation. To simplify, the TEK, is combined with the TSC and a 48-bit Transmitter Address (TA) to produce a unique per-packet, 128-bit WEP seed, which is used with WEP algorithm. The TSC counter, as stated before, increases with each packet, resulting in the WEP seed to change with each packet. 110 As result, TKIP dynamically generates unique keys to encrypt every data packet communicated during a wireless session, providing approximately 280 trillion possible key combinations to be generated for every given packet. In WPA, mutual authentication is achieved with the 802.1x/EAP framework. Mutual authentication helps to ensure only authorized users access the network. It is a process to confirm that a wireless client is authenticating to an authorized server, and not to a rogue AP accidentally. The authentication process starts with an EAP supported protocol, the wireless client (user) contacts an AP with a request (association) to be authenticated.111 With 802.1x port access control, a wireless client is not granted access to an AP until it is authenticated. The AP passes this request to an Authentication server (AS), where the AS challenges the user for a valid password (via the AP), and authenticates the response from user (if valid). 110 The WEP seed includes the first 24-bits of the IV, and the 104 bits of the WEP key. 111 EAP supported protocols are restricted to only those EAP methods that support mutual authentication for both a wireless client and the authentication server, such as TLS, TTLS, LEAP and PEAP. 66
  • 67. Wireless Security Initiatives Keith Fleming Thereafter, an AP receives authorization from the AS, and opens a port to accept data from the user. The wireless client is then allowed to join the WLAN. Once authenticated, the AS and the wireless client simultaneously generate a Pairwise Master Key (PMK), as part of the mutual authentication process. 112 Master keys serve as the root of the key hierarchy for transient keys. The PMK is a shared key used by the wireless client and AS to negotiate the transient keys (PTK keys) used for a session.113 . It is not the PMK, but the transient keys that are used in the encryption and hashing functions. The PMK is not directly involved in generating keystreams for encryption, helping to prevent weak key compromises.114 Once the master shared key is derived, the AS transfers this key to the AP via the RADIUS protocol. 115 WPA incorporates a robust key generation and management system that integrates the authentication process and data integrity functions. Using the 802.1x/EAP protocol, a master key is dynamically generated. 116 After PMK generation, the process of exchanging keys is known as the 4-way handshake, and the Group Key (GTK) 117 handshake. The 4-way handshake and GTK are security handshakes used to establish and install the transient keys to be used between a wireless client and an AP during the session, including the TKIP encryption keys. It is a four-packet exchange process of 112 The PMK is 256 bits 113 Pairwise Transient Keys or PTK (512 bits) is a result of a PMK and two nonce generated from a 4-way handshake, and mixed with a pseudo random function. The PTK consists of three keys: EAPOL KCK confirmation key), EAPOL KEK (encryption key), and TKIP. 114 A PMK can last a longtime with multiple associations to an AP. 115 A unique PMK exists between each wireless client and its associated AP. 116 A master key can be manually configured, and more conducive to a SOHO environment. 117 The 4-way handshake establishes the PTK to be used for unicast traffic. The GTK is used to distribute the group key need for multicast traffic. 67
  • 68. Wireless Security Initiatives Keith Fleming EAPOL-key messages. The 802.1x EAPOL key packets are used to distribute per-session keys to wireless clients that have already been successfully authenticated. It must be noted that transient keys are temporary, and last only as long as a wireless client is associated and authenticated to an AP. WPA added a network capability determination feature in the 802.11 frames to specify through WPA information elements (in the frame) the required authentication method (802.1x or pre-shared key) and preferred cipher suite (WEP, TKIP or AES). The WPA information elements are available in the following frames: Beacon frames (AP to all clients in the BSS), Probe response (AP to wireless client), Association request (client to AP), and Re-association requests. The wireless client will take this information from the WPA information elements to determine the authorization method and cipher-suite to use. WPA is not perfect, and does expose some limitations. First, it is susceptible to DoS attacks. As mention before, the TKIP protocol employs two countermeasures to limit weaknesses in the Michael algorithm. When two data packets fail the MIC within a 60 second period, An AP, assuming it under an active attack, will disassociate every client that is associated. In effect, network connecting is lost for 60 seconds. But the upside, an attacker will not be able to gleam information for the encryption keys. In addition, 802.11i (including WPA) does not address the security weakness with some EAP protocols such as LEAP and PEAP. 68
  • 69. Wireless Security Initiatives Keith Fleming WPA is a leap forward for WLAN security than WEP.118 Most vulnerabilities addressed in WEP has been fixed with WPA. TKIP significantly increased the strength and complexity of wireless encryption, making it far more difficult for an attacker to break into a WLAN. Through WPA, wireless security measures were greatly expanded including: the size of the key, number of keys in use by adding dynamic key generation on a per-packet basis, a stronger encryption cipher (TKIP), creating an integrity checking mechanism, and incorporating mutual authentication. WPA has addressed and eliminates many known passive and active attacks. MIC is able to detect any modifications of messages, thereby eliminating such attacks as an inductive, replay, and bit flipping. By means of the TKIP key mixing algorithm, WEP keystreams recovery are rendered useless. Dictionary-based WEP key recoveries are not possible, since the attacker can no longer guess. 119 WEP cracking is also defeated with TKIP’s key mixing algorithm. WPA also provides some relief for the detection of rogue AP’s. Wi-Fi Protect Access 2 (WPA2) WPA2 was launched in September 2004, by the Wi-Fi Alliance. It is based on the final ratified version of the IEEE 802.1li standard.120 WPA2 is the second generation of WPA security that incorporates a new, more advanced encryption mechanism using the Counter –Mode/CBC-MAC protocol (CCMP) called the Advanced Encryption Standard (AES). 118 WPA was independently verified to address all of the WEP known weaknesses. 119 If Pre-shared master keys based on ASCII characters, the possibility of a dictionary-based still exits. 120 The IEEE 802.11i standard was ratified in June 2004. 69
  • 70. Wireless Security Initiatives Keith Fleming 121 WPA2 authentication still uses the 802.1x/EAP authentication scheme introduced in WPA. However, the full 802.11i standard incorporates EAP over an Ethernet LAN (EAPOL) protocol that enables clients to pre-authenticate with APs. This is accomplished by sending a clients credential through a wired LAN, well in advance, to make it easier to roam between APs and from wired to wireless environments. In addition, WPA2 is backward compatible and interoperable with products that are Wi-Fi Certified for WPA. CCMP is based on the newly released Advanced Encryption Standard (AES), which received wide international scrutiny by cryptographic experts. 122 AES meets U.S. government security requirements, and is accepted has a standard encryption suite. 123 CCMP is a highly robust algorithm solution that is not compatible with older WEP- oriented hardware, and will require new hardware and protocol changes.124 CCMP provides stronger encryption (confidentiality), message integrity than TKIP, and also incorporates replay protection. The future of WLAN deployments is moving towards CCMP as the accepted compliance standard. 121 The AES cipher developed by two Belgian cryptographers: John Daemen and Vincent Rijndael. AES is also known as the Rijndael algorithm. The CCMP is a combination of the Cipher Block Chaining Counter Mode (CBC-CTR) for encryption and the CBC Message Authenticity Check (CBC-MAC) for message integrity, which provides encryption and message integrity into one solution. 122 AES it considered to be a very secure encryption suite, as a result of wide international security by cryptographic experts. It is the current state-of -the art encryption algorithm, as a result of international involvement to produce a strong encryption algorithm. It takes 2 to 120 power operations to break an AES key, making it an extremely secure cryptographic algorithm. 123 Adopted by the U.S. Department of Commerce and the National Institute of Standards and Technology (NIST) as the official government standard for data privacy. It is approved/published in the Federal Information Processing Standard (FIPS) 142. 124 AES requires different co-processors that are not available in WPA certified products, requiring new hardware to deploy WPA2. 70
  • 71. Wireless Security Initiatives Keith Fleming AES was selected by NIST due to its cryptographic strength, and relative ease to implement. 125 Derived by the Rijndael algorithm, AES is a relatively simple cipher that uses a substitution-permutation computation.126 It is fast, deployed with either software or hardware, and requires very little memory. AES is a symmetric key encryption technique that uses a block cipher method to encrypt bits in blocks of plaintext, which is calculated independently.127 Each block size is 128 bits, and deploys a 128 bit key length. 128 AES operates on a 4 x 4 array of bytes called a state. With WPA2, there are 10 rounds, and four stages that make up one round.129 The four stages include: • SubBytes (a non-linear substitution step) - Each byte is replaced with another byte according to a lookup table. • ShiftRows (transposition step) – Each row of the state is shifted cyclically a certain number of steps. • MixColumns (a mixing operation step) – A mixing operation is conducted on the columns of the state, combining the four bytes in each column using a linear transformation. • AddRoundKey – (XOR operation) – Each byte of the state is combined with a byte of the round sub-key using the XOR operation. 125 NIST solicited the cryptography community for new encryption algorithms that had to be fully disclosed to the public, and available royalty free. They selected the Rijndael algorithm as the Federal Information Processing standard (FIPS-197) in November 2001. In June 2003, the National Security Agency (NSA) deemed AES “secure enough to protect classified information up to the Top Secret level”. This is the first time that NSA approved an encryption algorithm for Top secret being public disclosed beforehand. 126 There are some differences between Rijndael and AES. Rijndael supports larger range of block and key sizes, with key/block sizes in any multiple of 32 bits between 128 and 256 bits. Whereas, AES uses one fixed block size of 128 bits, and is capable to deploy a key size of 128, 192 or 256 bits. 127 Symmetric key cipher uses the same key for both encryption and decryption. Block cipher (type of a symmetric key cipher) that uses groups of bits of a fixed length, called blocks. 128 AES specification identifies three possible key lengths: 128, 192 or 256 bite length. The WPA2/802.11i uses a 128 bit key length. 129 The final round (10) omits the MixColumns stage. 71
  • 72. Wireless Security Initiatives Keith Fleming As of 2005, there has been no successful attack against AES. 130 AES is an extremely secure cryptographic algorithm. In April 2006, WPA2 will be mandatory where wireless products must be certified with the Wi-Fi logo. Figure 7 provides a summary of the WLAN security standards. Figure 7 – WLAN Security Standards 131 WEP WPA 802.11i (RSN, WPA2) Cipher Algorithm RC4 RC4 (TKIP) Rijndael (AES-CCMP) Encryption Key 40-bit 128-bit (TKIP) 128-bit (CCMP) Initialization Vector 24-bit 48-bit (TKIP) 48-bit (CCMP) Authentication Key None 64-bit (TKIP) 128-bit (CCMP) Integrity Check CRC-32 Michael (TKIP) CCM Key Distribution Manual 802.1x (EAP) 802.1x (EAP) Packet, Session, Key Unique to: Network User Packet, Session, User Key Hierarchy No Derived from 802.1x Derived from 802.1x Cipher Negotiation No Yes Yes Ad-hoc (P2P) Security No No Yes (IBSS) Pre-Authentication (Wired LAN) No No Using 802.1x (EAPOL) WLAN Security Domain Conceptual Model (The Big Picture!) The WLAN Security Domain Conceptual Model, introduced by Cisco Systems, provides a basic security conceptual model for how WLANs (best practice) should be secured (Figure 8). This model identifies the entities, functionalities, and shows the relationships between the different components of a WLAN. Securing a WLAN is a very intricate and detailed process that requires numerous components to ensure a network is not accessible 130 With a WPA2/802.11i implementation (10 rounds), the best known attacks have been able to break up to seven rounds. Some cryptographers worry about the security of AES, that seven rounds provides little margin for comfort. Other concerns point out the mathematical structure of AES is very neat, and this may be exploited. In 2002, the “XSL” attack was theorized by Nicolas Courtois and Josef Pieprzyk, which identified a potential weakness in the AES algorithm. Several cryptography experts found flaws in the underlying mathematic of the XSL attack, indicating that an attack on AES is very speculative but unlikely to be carried out .in practice. 131 Reproduced from an the article: “Emerging Technology: Wireless Security-Is Protected Access Enough?”, Andy Domain, 10/26/2003. URL Http://www.networkmagazine.com/shared/article/ showArticle.jhtml?articled=15201417. 72
  • 73. Wireless Security Initiatives Keith Fleming by unauthorized users. The key components in the WLAN conceptual model are: entities, identifies, credentials, capabilities, communication channels, AAA systems, authorization protocols, authorization and access control, encryption, message integrity, and other protocols. A description of the conceptual model follows: • Entities consist of users and WLAN technologies (SSID, MAC/IP addressing, etc.) that have corresponding identifiers (principals, wireless NIC cards, and APs). • Entities have credentials such as passwords, and shared keys to establish the identity, that is authenticated and authorized by AAA systems (RADIUS, LDAP, etc) using 802.1x authentication protocols or similar (EAP, LEAP, PEAP, etc.) to exchange credentials and establish challenge/response handshakes. • AAA systems provide critical security functions such as keys for encryption (AES, TKIP, RC4, etc) and message integrity (MIC, CRC), usernames, password hashes, policies, and authorization and access control. • The IEEE 802.11 provides communication channels through the WLAN standards (802.11a/b/g/i) to facilitate integrity and confidentiality within the wireless signal. Whereas, confidentiality is achieved through encryption, and message integrity by means of digital signatures with suitable protocols for key exchange, key refresh, etc. Figure 8 – The WLAN Security Domain Conceptual Model 132 132 Based upon Cisco’s domain conceptual model. Reproduced from “Cisco Wireless LAN Security, Expert guidance for securing your 802.11 network”, Cisco Press, 2005. 73
  • 74. Wireless Security Initiatives Keith Fleming 74
  • 75. Wireless Security Initiatives Keith Fleming Security Considerations, Recommendations and Best Practices: WLAN The IEEE, vendors and other organizations have come a long way to secure the vulnerabilities in WEP. With WPA2 (or full implementation of 802.11i), enterprise organizations are provided a high level of assurance that only authorized users can access their wireless networks. It is highly recommended that an organization deploy WPA2 if cost is not a consideration. WPA is an alternative if cost is a consideration, and a legacy system is already in place. In addition to deploying IEEE 802.11i through WPA/WPA2, the following list provides other security considerations, recommendation and best practices for WLAN implementations in an enterprise environment. Management Considerations, Recommendations and Best Practices • Develop Corporate Policy that addresses use of IEEE 802.11 WLAN’s. • Establish a strong password policy, and deploy technology that encrypts passwords before being sent over the network. • Train users in computer security awareness and risks associated with WLAN’s. • Deploy WPA/WPA2 certified hardware/software. • Ensure client NIC and AP support firmware upgrade (prior to purchase). • Perform comprehensive security assessments periodically (regular/random intervals). • Establish external boundary protection around perimeter of building(s). • Deploy physical access controls to the building (i.e. biometrics, Access badge, Guards, etc). • Establish AP coverage (site survey) for the enterprise environment. 75
  • 76. Wireless Security Initiatives Keith Fleming • Complete inventory of all APs/802.11 devices, and maintain a database for periodic review. • Establish a security and technical approval process prior to deploying an AP and wireless client within an enterprise environment. • Place APs on the interior of the building (instead of exterior) to minimize leakage. • Deploy APs in secure areas to prevent unauthorized access/user manipulation. • Determine which security architecture and authentication methods that meet security policy and technical design goals. • Provide strong physical security for access point hardware. Technical Considerations, Recommendations and Best Practices • Use directional antennas and lower transmit power to cover only the AP coverage area, and minimize any leakage outside this zone. • Turn off APs when not being used. • Ensure only certified and authorized engineers have access to APs, and use reset function only when needed. • Ensure the default SSID is changed in an AP, and broadcast SSID feature is disable to force wireless client to match AP. • Design AP’s channel coverage to not interfere with other AP’s. • Ensure all default setting for 802.11 hardware/software is changed. • Determine all AP protocols and capabilities, and disable all non-essential management protocols on an AP. • In WEP/WPA/WPA2, enable all security features of the WLAN product. 76
  • 77. Wireless Security Initiatives Keith Fleming • With WEP, ensure default shared keys are periodically replaced by more unique secure keys. • Install firewalls between a wired and wireless infrastructure. • Install security products such as antivirus and personal firewall software on wireless clients. • Disable file sharing on wireless clients, especially in un-trusted environments. • Deploy MAC address control lists. • Do not deploy hubs, and use wireless-aware layer 2 switches. • Deploy IPsec-based VPN technology if deploying WEP architecture. • Deploy WPA2 (802.11i) if not dealing with a legacy system. • Ensure software patches are tested and deployed o a regular basis. • Ensure that a strong password policy is being implemented on APs and wireless clients, and they are change on a regular basis. • Deploy 802.1x for key management and authentication. (Note: Use EAP protocol that is right for your enterprise environment.) • Deploy user authentication technology (in addition to 802.1x) such as biometrics, smart cards, and PKI. • Do not deploy an ad-hoc mode in a WLAN. • Use static IP addressing, and disable DHCP. • With WEP, establish management traffic for an AP is on a dedicated wired subnet. • Do not use SNMP v1 and SNMP v2, and configure SNMP settings for least privilege (i.e. read only). 77
  • 78. Wireless Security Initiatives Keith Fleming • Use or SNMP v3 equivalent cryptographically protected protocols for AP management traffic. • Deploy intrusion detection systems. • Use AAA server technology deploying RADIUS, LDAP or Kerberos protocols. • Deploy wireless DMZ for APs (treat base stations as un-trusted), and ensure appropriate firewalls, VPNs, IDS, are installed, and use VPN’s to tunnel into the trusted network. • Install the following security technologies in wireless clients: firecell, VPNs, IDS, antivirus, and desktop scanning software. • Deploy technologies and establish processes that monitor and detect rogue access points (i.e. SWAN). • In WEP, set authentication method to “Open”, and AP to a closed network. • Deploy EAP methods that support mutual authentication. WLANs (Over the Horizon) WiMax (IEEE 802.16) WiMax (IEEE 802.16) is a high-speed wireless broadband capable of covering a radius of two to six miles.133 The industry is excited about this technology, since it can provide the technology to deal with the last-mile issue at a cost much cheaper than wire-line technologies.134 Furthermore, WiMax can operate without a direct line of sight to a base 133 WiMax is cable of transferring approximately 70M bit/sec over a distance of 30 miles from one base station to thousands of users. 134 According to Eric Maniton of In-Stat, an Arizona Research Firm, WiMax costs about $2 billion to deploy to 85 million homes, as compared to SBC Communications plans to spend $4 billion to connect only 18 million homes with high-speed fiber cable. 78
  • 79. Wireless Security Initiatives Keith Fleming station. This provides attractive business opportunities in rural areas, especially where there are lots of trees. WiMax is still in its formative years, and the potential to be a totally disruptive technology is still speculative. If WiMax is able to wrap data, voice and video into “one high-speed, cost-efficient package”, which is considered technically feasible, will totally disrupt the cable/ DSL providers, Satellite, and telephone industries. Approved in January 2003, the interest in WiMax has attracted the “entire food chain of tech companies”. The WiMax forum is a conglomerate of over 220 companies promoting a single standard for wireless broadband technology. These companies range from chipmakers to equipment manufacturers to software developers, and include giants like Intel, Cisco Systems, Dell and Time Warner. Intel is one of the biggest backers of the technology, has already shipped its first WiMax chips to equipment manufacturers. In April 2005, the WiMax Forum announced the first WiMax certified products are scheduled to be available by the end of the year. In 2007, WiMax is expected to begin launching full-scale deployments of WiMax certified products. It is conducting over 50 WiMax tests around the country to test interoperability between products, and the effects of weather conditions and the physical environment (trees, buildings, etc.) on WiMax technology. The standard has still to address such issues as whether WiMax will use the licensed or unlicensed frequency spectrum. 135 WiMax will certainly make its mark on Wi-Fi, be it disruptive or integrated, is still speculative. 135 WiMax supports the licensed and unlicensed frequency band operations below 11 GHz. 79
  • 80. Wireless Security Initiatives Keith Fleming Summary The ability to secure a WLAN has come a long way, suitable for large enterprises to deploy with a certain level of assurance that their wireless network will not be compromised. The flaws detected in WEP have been fixed with the ratification of the IEEE 802.11i standard, and the rollout of WPA and WPA2. Organizations such as the IEEE, IETF, and Wi-Fi Alliance, have addressed many issues dealing with wireless security including confidentiality (encryption), mutual authentication, data integrity, and key management. Manufacturers such as Cisco Systems (Swan136) and Trapeze networks (Fit APs) have pushed the envelope of wireless technology to encompass end-to-end solutions that add another layer of security. However, to fortify your network requires more than just deploying WLAN technologies (hardware and software), but requires strong operational practices, corporate policies that are enforceable, and a well-designed infrastructure incorporating best practices in the wired and wireless medium. WPA and WPA2 are only a single part of an end-to-end network strategy. WLANs may never be totally “hack-free”, and achieve the “Fort Knox” solution to enterprise-class wireless security, and be totally immune to DoS attacks. But with the right network architecture, deployed with WPA or WPA2, enterprise organizations can achieve a high level of security assurance that their networks will not be compromised. Bibliography 136 Cisco Structured Wireless-Aware Networks (SWAN) is a cost-reducing end-to-end solution for deploying, managing, operating, and securing up to thousands of APs across different industries and deployment scenarios. It provides the framework to integrate and extend wired/wireless networks, and provides “wireless awareness” and enterprise-class security and security policy monitoring to the network infrastructure. For more details, refer to http://www.cisco.com/go/swan. 80
  • 81. Wireless Security Initiatives Keith Fleming Reynolds, Janice, “Going Wi-Fi, A Practical Guide to Planning and Building an 802.11 Network”, CMP Books, 2003 Sankar, Krishna, S. Sundaralingham, A. Balinsky, and D. Miller, “Cisco Wireless LAN Security”, Cisco Press, 2005 Nichols, Randal and Lekkas, Panos, “ Wireless Security, Models Threats and Solutions”, McGraw-Hill, 2002 “CWNA Certified Wireless Network Administrator: Official Study Guide (Exam PW0-100) Second Edition”, Planet3 Wireless Inc., 2003 Carr, Jim, “Configuring Wireless Security”, Network Magazine, February 01, 2005, http://networkmagazine.com/shared/article/showArticle.jhtml?articeld=57701960 “Wi-Fi Protected Access”, Retrieved from http://en.wikipedia.org/wiki/Wi- Fi_Protected_Access “TKIP”, Retrieved from http://en.wikipedia.org/wiki/TKIP Geier, Jim, “Infrared WLAN”, Wi-Fi Planet, March 17, 2003, http://www.wi- fiplanet.com/tutorials/article.php/2110301 “Protected Extensible Authentication Protocol {Cisco Aironet 1200 Series}”, Retrieved from http://www.cisco.com “Cisco Catalyst 6500 Series Wireless LAN Services Module”, Retrieved from http://www.cisco.com/en/US/products/ps5865/index.html Nedeltechev, Plamen PhD, “Wireless Local Area Networks and the 802.11 Standard”, March 31, 2001 “Wireless 802.11b Modulation”, Vocal Technogires, Retrieved from http://ww.vocal.com/data_sheets/wireless_802.11b_mod.html Moore, Matthew, CyberScience Lab Report: Introduction to the 802.11 Wireless Network Standard”, CyberScience Laboratory, May 16, 2003 “FAQ Wireless LAN”, Micronet, 2005, retrieved from http://www.micronet.info/FAQ/ wireless/wireless.asp Geier, Jim, “802.11a Physical Layer Revealed”, Wi-Fi Planet, March 14, 2003, http://www.wi-fiplanet.com/tutorials/article.php/2109881 81
  • 82. Wireless Security Initiatives Keith Fleming Vichr, Roman, and Vivek Malhorta, “Securing 802.11 transmissions, Part 1: 802.11x’s elusive security”, IBM, 15 April 2003, http://www-106.ibm.com/developerworks/ wireless/library/wi-80211security.html “Deploying Wi-Fi Protected Access (WPA) and WPA2 in the Enterprise”, Wi-Fi Alliance, March 2005, http://www.wifialliance.com “WPA2 Q&A”, Wi-Fi Alliance, March 2005, http://www.wifialliance.com Posey, Brian, “Have Wireless Networks Surpassed the Security of Wired Networks?”, WindowSecurity.com, Mar 22, 2005, http://windowsecurity.com/ Dorman, Andy, “Emerging Technology: Wireless Security – Is Protected Access Enough?”, Network Magazine, October 16, 2005, http://networkmagazine.com/ shared/article/showArticle.jhtml?articled=15201417 Geier, Jim, “WPA Security Enhancements”, Wi-Fi Planet, March 20, 2003, http://www.wi-fiplanet.com/tutorials/article.php/2148721 Karygiannis, Tom and Les Owens, “Wireless Network Security 802.11, Bluetooth and Handheld Devices, NIST - National Institute of Standards and Technology (Special Publication 800-48), U.S. Department of Commerce, November 2002 Rendon, Jim, “Wi-Fi security must go beyond encryption”, SearchMobileComputing .com, 09 March 2004, http://searchmobilecomputing.techtarget.com “Wireless LAN Security FAQ”, Retrieved from http://www.iss.net/wireless/ WLAN_FAQ.php “Cisco SAFE: Wireless LAN Security in Depth”, Retrieved from http://www.cisco.com LaRosa, Jon, “WPA: A Key Step Forward in Enterpriser-class Wireless LAN (WLAN) Security”, Meetinghouse Data Communications, May 26, 2003 Griffith, Eric, “Wi-Fi Alliance Plansd for the Future”, Wi-Fi Planet, April 7, 2005, http:// www.wi-fiplanet.com/news/article.php/3495936 Rivituso, Monica, “The Next Disruptive Technology”, SmartMoney.com, April 5, 2005, http://yahoo.smartmoney.com “Cisco Structured Wireless-Aware Network”, Retrieved from http://www.cisco.com Lawson, Stephen, “WiMax staring to make its move”, Network World, June 07, 2004 “WiMax Technology”, WiMax Forum, Retrieved from http://wimaxforum.org/tech 82
  • 83. Wireless Security Initiatives Keith Fleming Diaz, Sam, and Dean Takahashi, “Taking WiFi to the Max”, Mercury News, October 04, 2004 “Quick Guide to IEEE WG & Activities”, Retrieved from http://grouper.ieee.org/groups/ 802/11/QuickGuide_IEEE_802_WG_and_Activities.htm “Wi-Fi Alliance Introduces Next Generation of Wi-Fi Security”, Wi-Fi Alliance Press Release, September 01, 2004, http://www.wi-fi.org Ou, George C., “EAP-FAST: The LEAP and PEAP Killer?”, July 6, 2004, http://www.lanarchitect.net/Articles/Wireless/EAP-FAST Phifer, Lisa, “Cisco LEAP (Lightweight Extensible Authentication Protocol)”, SearchDomino, August 12, 2002 Storer, Amy, “Amid Shakeup, WLAN switch sales booming”, SearchNetworking.com, April 14, 2005, http://searchnetworking.techtarget.com “WLAN Deployment on the rise”, Wireless.ITWorld.com, April 06, 2005, http:// www.itworld.com/jump/wirenl/wireless.itworld.com/4244/nls_ebizwlandeploy050330/ Geier, Eric, “802.11 Security Beyond WEP”, Wi-Fi Planet, June 26, 2002, http://www.wi-fiplanet.com/tutorials/article.php/1377171 Geier, Eric, “The “Thin” Access Point Approach”, Wi-Fi Planet, February 26, 2004 http://www.wi-fiplanet.com/tutorials/article.php/3318401 Dornan, Andy, “Building The Intelligent Wireless LAN”, Network Magazine, November 5, 2003, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleld= 16000350 Fogarty, Kevin, “Why aren’t people adopting 802.11i security?”, Network World, April 05, 2005 Storer, Amy, “Interoperability, thin AP to grow WLAN Market”, SearchNetworking.com, March 25, 2005, http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_ gci1071199,00.html Funk, Paul, “The nuts and bolts of 802.11i wireless LAN security’, Network World, March 28, 2005,http://www.techworld.com/mobility/featuires/index.cfm?featureID=1293 Dornan, Andy, “Wireless LANs: Freedom vs. Security?”, Network Magazine, July 7, 2003, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleld= 10818265 “802.11i”, Retrieved from http://en.wikipedia.org/wiki/802.11i 83
  • 84. Wireless Security Initiatives Keith Fleming “AP Architecture Impact on the WLAN, Part 1: Security and Manageability”, Retrieved from http://www.trapezenetworks.com/technology/whitepapers/ Part1APArch/ Part1APArch.asp “AP Architecture Impact on the WLAN, Part 2: Scalability, Performance and Resiliency”, Retrieved from http://www.trapezenetworks.com/technology/whitepapers/ Part2APArch/ Part2APArch.asp McCaffrey, James, “Keep Your Data Secure with the New Advanced Encryption Standard”, MSDN Magazine, November 2003, http://msdn.microsoft.com/msdnmag/ issues/03/11/AES/?print=true Nobel, Carmen, “WI-FI Alliance to Promote WLAN Security”, eWEEK, January 31, 2005 “Wireless Security Blackpaper”, Retrieved from http://arstechnica.com/articles/paedia/ security.ars/1 Fluhrer, Scott, Itsik Mantin, and Adi Shamir, “Weaknesses in the Key Scheduling Algorithm of RC4”, 2001 “The Advanced Encryption Standard (Rijndael)”, Retrieved by http://home.ecn.ab.ca/ ~jsavard/crypto/co040401.htm 84