Wireless LAN Security


Published on

1 Comment
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wireless LAN Security

  1. 1. Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University [email_address]
  2. 2. Outline <ul><li>Introduction </li></ul><ul><li>WLAN Authentication </li></ul><ul><li>WEP (Wired Equivalent Privacy) </li></ul><ul><li>IEEE 802.1x </li></ul><ul><li>Conclusion </li></ul>
  3. 3. 1. Introduction <ul><li>Increasing popularity of IEEE 802.11 Wireless LANs (WLANs) </li></ul><ul><li>More laptops and PDAs equipped with WLAN interface. (Intel Centrino tm ) </li></ul><ul><ul><li>By 2005, over 80 percent of professional notebook PCs will have an WLAN interface. </li></ul></ul><ul><li>Public Wireless LAN Hotspots </li></ul><ul><ul><li>ISPs provide WLAN access services at airports, coffee shops, conference centers, shopping malls, … </li></ul></ul>                                     
  4. 4. Comparisons among 802.11 Versions
  5. 5. Wireless LAN Hotspots Internet : Access Point Coffee Shop Airport Conference Center WLAN Adapter
  6. 6. Typical Wireless LAN Configuration Internet/ Intranet Router Switch Router Switch WLAN Adapter + PDA Notebook PC Access Point
  7. 7. IEEE 802.11 Association Services <ul><li>Three association services defined in 802.11 </li></ul><ul><ul><li>Association Service : </li></ul></ul><ul><ul><ul><li>Before a mobile client is allowed to send a data message via an AP, it shall first become associated with the AP. </li></ul></ul></ul><ul><ul><li>Reassociation Service : </li></ul></ul><ul><ul><ul><li>The reassociation service is invoked to “move” a current association from one AP to another. </li></ul></ul></ul><ul><ul><li>Disassociation Service : </li></ul></ul><ul><ul><ul><li>The disassociation service is invoked whenever an existing association is to be terminated. </li></ul></ul></ul>
  8. 8. A Scenario Internet AP #1 AP #2 (1) Association (2) Reassociation (3) Disassociation Associate (1) Reassociate (2) Disassociate (3) move leave
  9. 9. 802.11 Client Authentication Wired Network
  10. 10. 802.11 Client Authentication <ul><li>1. Client broadcasts a probe request frame on every channel </li></ul><ul><li>2. Access points within range respond with a probe response frame </li></ul><ul><li>3. The client decides which access point (AP) is the best for access and sends an authentication request </li></ul><ul><li>4. The access point will send an authentication reply </li></ul><ul><li>5. Upon successful authentication, the client will send an association request frame to the access point </li></ul><ul><li>6. The access point will reply with an association response </li></ul><ul><li>7. The client is now able to pass traffic to the access point </li></ul>
  11. 11. Security Threats <ul><li>Data transmitted can be easily intercepted. </li></ul><ul><li>Signal coverage area cannot be well limited. </li></ul><ul><li>Intentional and non-intentional interference. </li></ul><ul><li> </li></ul><ul><li>User authentication to prevent unauthorized access to network resources </li></ul><ul><li>Data privacy to protect the integrity and privacy of transmitted data </li></ul>
  12. 12. 2. WLAN Authentication <ul><li>SSIDs (Service Set IDs) </li></ul><ul><li>Open Authentication </li></ul><ul><li>Shared Key Authentication </li></ul><ul><li>MAC Address Authentication </li></ul>
  13. 13. SSIDs (Service Set IDs)
  14. 14. SSIDs (Service Set IDs)
  15. 15. Vulnerability of Using SSIDs <ul><li>SSID can be obtained by eavesdropping. </li></ul>
  16. 16. Open Authentication <ul><li>Null authentication </li></ul><ul><li>Some hand-held devices do not have capabilities for complex authentication algorithms. </li></ul><ul><li>Any device that knows the SSID can gain access to the WLAN. </li></ul>
  17. 17. Open Authentication with Differing WEP Keys
  18. 18. Shared Key Authentication <ul><li>1. The client sends an authentication request to the access point requesting shared key authentication </li></ul><ul><li>2. The access point responds with an authentication response containing challenge text </li></ul><ul><li>3. The client uses its locally configured WEP key to encrypt the challenge text and reply with a subsequent authentication request </li></ul><ul><li>4. If the access point can decrypt the authentication request and retrieve the original challenge text, then it responds with an authentication response that grants the client access </li></ul>
  19. 19. Shared Key Authentication <ul><li>Use of WEP key </li></ul><ul><li>Key distribution and management </li></ul>
  20. 20. Shared Key Authentication Vulnerabilities <ul><li>Stealing Key stream </li></ul><ul><ul><li>WEP uses RC4 </li></ul></ul><ul><li>Man-in-the-Middle Attack </li></ul>C = P  RC4(K) C  P = P  RC4(K)  P = RC4(K)
  21. 21. Deriving Key Stream
  22. 22. MAC Address Authentication <ul><li>Not specified in 802.11 </li></ul><ul><li>Many AP products support MAC address authentication. </li></ul><ul><li>MAC address authentication verifies the client’s MAC address against a locally configured list of allowed addresses or against an external authentication server. </li></ul>
  23. 23. MAC Address Filtering in APs
  24. 24. MAC Authentication via RADIUS
  25. 25. MAC Address Authentication Vulnerabilities <ul><li>MAC Address Spoofing </li></ul><ul><ul><li>Valid MAC addresses can be observed by a protocol analyzer. </li></ul></ul><ul><ul><li>The MACs of some WLAN NICs can be overwritten. </li></ul></ul>
  26. 26. 3. WEP (Wired Equivalent Privacy) <ul><li>IEEE 802.11 Std. </li></ul><ul><li>Goals </li></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Access Control </li></ul></ul><ul><ul><li>Data Integrity </li></ul></ul><ul><li>WEP Key: 64-bit, 128-bit </li></ul>
  27. 27. WEP (Wired Equivalent Privacy) -- 4 Keys -- 104-bit key + 24-bit IV 104 bits
  28. 28. (104 bits) (128 bits) (104 bits) (128 bits)
  29. 29. WEP Vulnerabilities <ul><li>Key attacks </li></ul><ul><ul><li>Statistical key derivation – Several IVs can reveal key bytes after statistical analysis. </li></ul></ul><ul><li>Secret key problems </li></ul><ul><li>Confidentiality attacks </li></ul><ul><li>Integrity attacks </li></ul><ul><li>Authentication attack </li></ul>
  30. 30. IV Replay Attack
  31. 31. Growing a Key Stream
  32. 32. Keystream Reuse in WEP
  33. 33. Keystream Reuse in WEP <ul><li>WEP standard recommends that IV be changed after every packet. </li></ul><ul><li>Many WLAN cards reset the IV to 0 each time they were re-initialized, and then incremented the IV by one after each packet transmitted. </li></ul><ul><li>IV is only 24 bits wide. </li></ul><ul><ul><li>1500 byte packets, 5 Mbps bandwidth </li></ul></ul><ul><ul><li> half of a day </li></ul></ul>
  34. 34. 4. IEEE 802.1X <ul><li>Port-Based Network Access Control </li></ul><ul><li>To provide a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics </li></ul><ul><li>To prevent access to that port in cases in which the authentication and authorization process fails. </li></ul><ul><li>802.1X requires three entities: </li></ul><ul><ul><li>The supplicant—resides on the wireless LAN client </li></ul></ul><ul><ul><li>The authenticator—resides on the access point </li></ul></ul><ul><ul><li>The authentication server—EAP server, mostly RADIUS server </li></ul></ul>
  35. 35. 802.1X in LANs EAP: Extended Authentication Protocol RADIUS: Remote Authentication Dial In User Service <ul><li>EAP-MD5 </li></ul><ul><li>EAP-TLS </li></ul>
  36. 36. Supplicant, Authenticator, and Authentication Server PAE: port access entity
  37. 38. EAP-MD5 Supplicant Authentication Server Challenge Text MD5 (Password + Challenge Text) Accept / Reject
  38. 39. EAP-TLS <ul><li>TLS: Transport Layer Security </li></ul><ul><li>Use TLS public key certification mechanism within EAP. </li></ul><ul><li>Digital certificate signed by CA </li></ul><ul><li>Mutual Authentication </li></ul><ul><ul><li>Client Certificate </li></ul></ul><ul><ul><li>Server Certificate </li></ul></ul><ul><li>Key exchange / Dynamic session key </li></ul>
  39. 40. Man-In-The-Middle Attack <ul><li>Absence of Mutual Authentication </li></ul>
  40. 41. Session Hijacking
  41. 42. 5. Conclusion <ul><li>IEEE 802.11i </li></ul><ul><ul><li>TKIP: Temporal Key Integrity Protocol </li></ul></ul><ul><ul><li>AES: Advanced Encryption Standard </li></ul></ul><ul><li>Certificate based authentication </li></ul><ul><ul><li>EAP-TLS, EAP-TTLS, PEAP </li></ul></ul><ul><li>Password authentication </li></ul><ul><ul><li>LEAP, Diffie-Hellman exchange, </li></ul></ul><ul><ul><li>SPEKE: ZKPP(Zero Knowledge Password Proof) </li></ul></ul>
  42. 43. Reference “ A Comprehensive Review of 802.11 Wireless LAN Security and the Cisco Wireless Security Suite” http://www.cisco.com/warp/public/cc/pd/witc/ao1200ap/prodlit/wswpf_wp.pdf “ Intercepting Mobile Communications: the Insecurity of 802.11” , Borisov, N., Goldberg, I., and Wagner, D., Proc. Of the 7th ACM International Conference on Mobile Computing and Networking, Rome, July 2001. “ An Initial Analysis of the IEEE 802.1X Standard” , Mishra, A., Arbaugh, W. A., University of Maryland, February 2002. “ IEEE Std 802.11 Wireless LAN Medium Access Control and Physical Layer Specifications” IEEE, 1999