RSA - WLAN Hacking

2,148 views

Published on

RSA Europe 2005
WLAN Hacking

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,148
On SlideShare
0
From Embeds
0
Number of Embeds
24
Actions
Shares
0
Downloads
97
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • RSA - WLAN Hacking

    1. 1. WLAN Hacking Threats and Countermeasures RSA Europe, Vienna, 18 October John Rhoton HP Services, Mobile Technology Lead
    2. 2. Objectives <ul><li>Describe state of WLAN security </li></ul><ul><ul><li>Mechanisms </li></ul></ul><ul><ul><li>Vulnerabilities/threats/exploits </li></ul></ul><ul><li>Provide countermeasures and best practices to address threats </li></ul>
    3. 3. Needs determine security SSID MAC Filter WEP WPA/802.11i
    4. 4. <ul><li>Requires management of authorized MAC addresses </li></ul><ul><li>LAA (Locally Administered Address) can override UAA (Universally Administered Address) </li></ul>MAC Filters
    5. 5. 802.11b Security Vulnerabilities <ul><li>Symmetric secret keys </li></ul><ul><ul><li>Poor key management </li></ul></ul><ul><ul><li>Hardware theft is equivalent to key theft </li></ul></ul><ul><li>Algorithmic weaknesses </li></ul><ul><ul><li>WEP </li></ul></ul><ul><ul><li>Packet spoofing, disassociation attack </li></ul></ul><ul><ul><li>Replay attack </li></ul></ul><ul><li>Decoy AP </li></ul><ul><li>Rogue AP </li></ul>
    6. 6. Equipment of a Wi-Fi freeloader <ul><li>Mobile device </li></ul><ul><ul><li>Linux </li></ul></ul><ul><ul><li>Windows </li></ul></ul><ul><ul><li>Pocket PC </li></ul></ul><ul><li>Wireless card </li></ul><ul><ul><li>Orinoco card </li></ul></ul><ul><ul><li>Prism 2 card </li></ul></ul><ul><li>Driver for promiscuous mode </li></ul><ul><li>Cantenna and wireless MMCX to N type cable </li></ul>
    7. 7. War driver gone wild
    8. 8. Bringing the “War” to War Driving
    9. 9. Bringing the “War” to War Driving
    10. 10. Tools <ul><li>NetStumbler—access point reconnaissance </li></ul><ul><ul><li>http://www.netstumbler.com </li></ul></ul><ul><li>WEPCrack—breaks 802.11 keys </li></ul><ul><ul><li>http://wepcrack.sourceforge.net/ </li></ul></ul><ul><li>AirSnort—breaks 802.11 keys </li></ul><ul><ul><li>Needs only 5-10 million packets </li></ul></ul><ul><ul><li>http://airsnort.shmoo.com/ </li></ul></ul><ul><li>chopper </li></ul><ul><ul><li>Released August 2004 </li></ul></ul><ul><ul><li>Reduces number of necessary packets to 200-500 thousand </li></ul></ul><ul><li>Aircrack, Airopeek, Airsnare, Airmagnet, Airjack, Aerosol, Kismet, Packetyzer, NAI Sniffer, Retina WiFi Scanner… </li></ul>
    11. 11. NetStumbler
    12. 12. WiFiFoFum
    13. 13. Airsnort cracked the WEP key – About 16 hours <ul><li>chopper reduces by an order of magnitude </li></ul>
    14. 14. FBI – ISSA Los Angeles 2005 <ul><li>FBI Computer Scientist James C. Smith (left) & </li></ul><ul><li>FBI Special Agent Geoff Bickers (right) </li></ul>broke 128-bit WEP key in three minutes
    15. 15. Ten-minute WEP crack <ul><li>Kismet </li></ul><ul><ul><li>reconnaissance </li></ul></ul><ul><li>Airodump </li></ul><ul><ul><li>WEP cracking </li></ul></ul><ul><li>Void11 </li></ul><ul><ul><li>deauth attack </li></ul></ul><ul><li>Aireplay </li></ul><ul><ul><li>replay attack </li></ul></ul>Source: tom’s networking
    16. 16. Wireless LAN security evolution 1999 2003 2005 WEP WPA 802.11i / WPA2 Timeline Privacy: 40 bit RC4 with 24 bit IV Auth: SSID and Shared key Integrity: CRC Privacy: Per packet keying (RC4) with 48 bit IV Auth: 802.1x+ EAP Integrity: MIC Privacy: AES Auth: 802.1x+ EAP Integrity: MIC Security
    17. 17. Improved Security Proposals ( WPA) <ul><li>Temporal Key Integrity Protocol </li></ul><ul><ul><li>Fast/Per packet keying </li></ul></ul><ul><ul><li>Message Integrity Check (MIC) </li></ul></ul><ul><ul><ul><li>Multilinear Modular Hash (MMH replaces CRC) </li></ul></ul></ul><ul><li>WPA-Personal </li></ul><ul><ul><li>Pre-shared key (Alphanumeric password) </li></ul></ul><ul><li>WPA-Enterprise </li></ul><ul><ul><li>802.1x (adapted for 802.11 MAC by 802.11i WG) with EAP </li></ul></ul><ul><ul><li>No predefined EAP mechanisms </li></ul></ul>
    18. 18. IEEE 802.1x Explanation <ul><li>Restricts physical access to the WLAN </li></ul><ul><li>Handles automated key change </li></ul><ul><li>Can use existing authentication system </li></ul>Controlled port Uncontrolled port Supplicant Authentication Server Authenticator
    19. 19. EAP Methods client/server dependent <ul><li>Both Client and RADIUS server must support same EAP method </li></ul><ul><li>Microsoft </li></ul><ul><ul><li>supports EAP API for XP and W2K. </li></ul></ul><ul><ul><li>EAP-MD5 disallowed for wireless </li></ul></ul><ul><ul><li>EAP-TLS in Windows XP release </li></ul></ul><ul><ul><li>Service pack 1 adds protected EAP (PEAP) </li></ul></ul><ul><ul><ul><li>MS-CHAPv2—passwords </li></ul></ul></ul><ul><ul><ul><li>TLS (SSL channel)—certificates </li></ul></ul></ul><ul><ul><ul><ul><li>PEAP-EAP-TLS a little slower than EAP-TLS </li></ul></ul></ul></ul><ul><ul><ul><li>SecurID—but not tested/supported for wireless </li></ul></ul></ul>
    20. 20. 802.1x Implementation <ul><li>802.1x supplicant </li></ul><ul><li>802.1x capable Access Point </li></ul><ul><li>802.1x Authorization Server </li></ul>Supplicant (Client) Authenticator (Access Point) Authentication Server (RADIUS Server) RADIUS 802.1x EAP EAP TKIP / MIC
    21. 21. <ul><li>Ratified June 2004 </li></ul><ul><li>AES selected by National Institute of Standards and Technology (NIST) as replacement for DES </li></ul><ul><ul><ul><li>Symmetric-key block cipher </li></ul></ul></ul><ul><ul><ul><li>Computationally efficient </li></ul></ul></ul><ul><ul><ul><li>Can use large keys (> 1024 bits) </li></ul></ul></ul><ul><li>Cipher Block Chaining Message Authentication Code ( CBC-MAC or CCMP) replaces TKIP </li></ul><ul><ul><li>RFC 3610 </li></ul></ul><ul><li>May require equipment upgrades </li></ul><ul><ul><li>Some WPA implementations already support AES </li></ul></ul><ul><li>Update for Windows XP (KB893357) </li></ul><ul><li>Transition Security Networks (TSN) interoperate with WEP </li></ul><ul><li>Robust Security Networks (RSN) prohibit WEP </li></ul>802.11i / WPA2
    22. 22. VPN Overlay VPN Concentrator
    23. 23. Role-based Access Control <ul><li>Bluesocket </li></ul><ul><li>Perfigo (Cisco) </li></ul><ul><li>Cranite </li></ul><ul><li>Aruba </li></ul><ul><li>HP ProCurve (Vernier) </li></ul>Role Schedule Location User Access Control IP Address Port Time VLAN
    24. 24. Enterprise WLAN Security Options <ul><li>WPA – Enterprise </li></ul><ul><ul><li>Eventual transition to 802.11i </li></ul></ul><ul><ul><li>Requires WPA-compliant APs and NICs </li></ul></ul><ul><li>VPN Overlay </li></ul><ul><ul><li>Performance overhead (20-30%) </li></ul></ul><ul><ul><li>VPN Concentrator required </li></ul></ul><ul><li>RBAC </li></ul><ul><ul><li>Additional appliance and infrastructure </li></ul></ul><ul><ul><li>Most refined access </li></ul></ul><ul><li>Home WLAN: WEP key rotation, firewall, intrusion detection </li></ul><ul><li>Public WLAN: MAC address filter, secure billing, VPN passthrough </li></ul>
    25. 25. Rogue Access Points <ul><li>Highest risk when WLANs are NOT implemented </li></ul><ul><ul><li>Usually completely unsecured </li></ul></ul><ul><ul><li>Connected by naïve (rather than malicious) users </li></ul></ul><ul><li>Intrusion Detection Products </li></ul><ul><ul><li>Manual, Sensors, Infrastructure </li></ul></ul><ul><li>Multi-layer perimeters </li></ul><ul><ul><li>802.1x </li></ul></ul><ul><ul><li>RBAC, VPN </li></ul></ul>Internet Intranet Access
    26. 26. Summary <ul><li>WLAN security had a bad start </li></ul><ul><ul><li>WEP is insufficient </li></ul></ul><ul><ul><li>MAC filtering is even worse </li></ul></ul><ul><li>WPA and 802.11i are solid </li></ul><ul><ul><li>As far as we know today… </li></ul></ul><ul><li>Consider multi-layer perimeter control (VPN, RBAC) </li></ul><ul><li>Opt-out disabled </li></ul><ul><ul><li>Rogue access points are the biggest threat of all! </li></ul></ul>
    27. 27. Send mail to: [email_address]

    ×