Security Issues of IEEE 802.11b


Published on

Security Issues of IEEE 802.11b

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Issues of IEEE 802.11b

  1. 1. Security Issues of IEEE 802.11b Wireless Local Area Networks Issues | Analysis | Suggestions | Solutions | Adaptations Seminar on Security Issues of 802.11b presented on 21-10-2008 by Sreekanth G S, 274, R7, Computer Science, Sree Chitra Thirunal College of Engineering
  2. 2. <ul><ul><li>Quick Note : </li></ul></ul><ul><ul><ul><li>Local Area Networks need not scale only up to a building or a particular location. Present scenarios represent Local Area Networks connecting offices across the continents using methods such as VPN (Virtual Private Network). </li></ul></ul></ul><ul><li>Local Area Network </li></ul><ul><ul><li>Definition </li></ul></ul><ul><ul><li>Scope </li></ul></ul><ul><ul><li>Expansion </li></ul></ul><ul><li>Wireless Local Area Network </li></ul><ul><ul><li>Difference from conventional LAN </li></ul></ul><ul><ul><li>Current IEEE Standards </li></ul></ul><ul><ul><li>Primitivism of IEEE802.11b </li></ul></ul><ul><ul><li>Scalability of WLAN </li></ul></ul><ul><ul><li>Hotspots – Wi-Fi (Wireless Fidelity) </li></ul></ul>
  3. 3. <ul><ul><li>Quick Note : </li></ul></ul><ul><ul><ul><li>99% of the world’s Wi-Fi network issues are caused by interference and most of them from cordless telephones. This issue is termed as Wi-Fi band exploitation and device makers consortium has repeatedly requested IEEE to issue a new freq. band. </li></ul></ul></ul><ul><li>Wireless Local Area Network </li></ul><ul><ul><li>Released – October 1999 </li></ul></ul><ul><ul><li>Frequency band – 2.4GHz </li></ul></ul><ul><ul><li>Data rate – 4.5 Mbit/s (Typical) </li></ul></ul><ul><ul><li>Data rate – 11 Mbit/s (Maximum) </li></ul></ul><ul><ul><li>Range - ~38m (Indoor) </li></ul></ul><ul><ul><li>802.11b devices suffer interference from other products operating in the 2.4 GHz band. Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, baby monitors and cordless telephones. </li></ul></ul>
  4. 4. <ul><ul><li>Quick Note : </li></ul></ul><ul><ul><ul><li>OFDM - Orthogonal Frequency-Division Multiplexing </li></ul></ul></ul><ul><ul><ul><li>DSSS - Direct-Sequence Spread Spectrum </li></ul></ul></ul><ul><ul><ul><li>Mod. – Modulation technique </li></ul></ul></ul><ul><ul><ul><li>r in. - Range Indoor, r out. – Range Outdoor </li></ul></ul></ul>
  5. 5. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Wi-Fi is not an easy word to wireless deployment of LAN or WLAN. Any solution which addresses all or some of the above mentioned seven security problems need not be an ideal solution to the deployment problems faced by most of the companies. </li></ul><ul><li>Seven Security Problems </li></ul><ul><ul><li>Easy Access </li></ul></ul><ul><ul><li>“ Rogue” Access Points </li></ul></ul><ul><ul><li>Unauthorized Use of Service </li></ul></ul><ul><ul><li>Service and Performance Constraints </li></ul></ul><ul><ul><li>MAC Spoofing and Session Hijacking </li></ul></ul><ul><ul><li>Traffic Analysis and Eavesdropping </li></ul></ul><ul><ul><li>Higher Level Attacks </li></ul></ul>
  6. 6. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Our College is an excellent example of Wi-Fi Easy Access. </li></ul><ul><li>SSID is broadcasted. </li></ul><ul><li>Key level encryption is used. </li></ul><ul><li>1. Easy Acces </li></ul><ul><ul><li>Wireless LANs are easy to find. </li></ul></ul><ul><ul><li>All wireless networks need to announce their existence. </li></ul></ul><ul><ul><li>The information needed to join a network is also the information needed to launch an attack on a network. </li></ul></ul><ul><ul><li>Your 802.11 network and its parameters are available for anybody with an 802.11 card. </li></ul></ul><ul><ul><li>Short of moving into heavily-shielded office space that does not allow RF signals to escape, there is no solution for this problem. </li></ul></ul><ul><ul><li>The best you can do is to mitigate the risk by using strong access control and encryption solutions. </li></ul></ul>
  7. 7. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Any Wi-Fi Router (Example: Linksys WRT54GL) can act as a Wireless AP. </li></ul><ul><li>AP login with Credentials can make Client login without credentials. </li></ul><ul><li>Management staff “can” go rogue…. </li></ul><ul><li>2. “Rogue” Access Points </li></ul><ul><ul><li>Easy access to wireless LANs is coupled with easy deployment. </li></ul></ul><ul><ul><li>Any user can run to a nearby computer store, purchase an access point, and connect it to the corporate network without authorization. </li></ul></ul><ul><ul><li>End users are not security experts, and may not be aware of the risks posed by wireless LANs. </li></ul></ul><ul><ul><li>Tools like NetStumbler allow network administrators to wander their building looking for unauthorized access points, but it is expensive to devote time to wandering the building looking for new access points. </li></ul></ul>
  8. 8. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>VPN – Virtual Private Network </li></ul><ul><li>WEP – Wired Equivalent Privacy </li></ul><ul><li>n/w – Network </li></ul><ul><li>3. Unauthorized Use of Service </li></ul><ul><ul><li>Nearly all of the access points running with default configurations have not activated WEP (Wired Equivalent Privacy) or have a default key used by all the vendor's products out of the box. Without WEP, network access is usually there for the taking. </li></ul></ul><ul><ul><li>If you have deployed a VPN to protect the network from wireless clients, it probably has strong authentication capabilities already built-in. </li></ul></ul><ul><ul><li>For corporate users extending wired networks, access to wireless networks must be as tightly controlled. Strong authentication is a must before granting access to the n/w. </li></ul></ul>
  9. 9. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>LAN – Local Area Network </li></ul><ul><li>MAC – Media Access Control (Burned In Address) </li></ul><ul><li>Access Point – Wireless Service Providing Machine </li></ul><ul><li>4. Service and Performance Constraints </li></ul><ul><ul><li>Wireless LANs have limited transmission capacity. </li></ul></ul><ul><ul><li>This capacity is shared between all the users associated with an access point. Due to MAC-layer overhead, the actual effective throughput tops out at roughly half of the nominal bit rate. </li></ul></ul><ul><ul><li>Attackers could also inject traffic into the radio network without being attached to a wireless access point. </li></ul></ul><ul><ul><li>Addressing performance problems starts with monitoring and discovering them. </li></ul></ul><ul><ul><li>No enterprise-class wireless network management system has yet emerged. </li></ul></ul>
  10. 10. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>In cryptography, the man-in-the-middle attack is a form of active eavesdropping in which the attacker makes independent connections with the victims, relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. </li></ul><ul><li>5. MAC Spoofing and Session Hijacking </li></ul><ul><ul><li>802.11 networks do not authenticate frames. </li></ul></ul><ul><ul><li>Attackers can use spoofed frames to redirect traffic and corrupt ARP tables. </li></ul></ul><ul><ul><li>Access points are identified by their broadcasts of Beacon frames. </li></ul></ul><ul><ul><li>You must deploy a cryptographic protocol on top of 802.11 to protect against hijacking. </li></ul></ul><ul><ul><li>Attackers can, however, easily pretend to be an access point because nothing in 802.11 requires an access point to prove it really is an access point. (Man-in-the-Middle Attack) </li></ul></ul>
  11. 11. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>SSH – Secure Shell </li></ul><ul><li>SSL – Secure Socket Layer </li></ul><ul><li>IPSec – IP (Internet Protocol) Security </li></ul><ul><li>6. Traffic Analysis and Eavesdropping </li></ul><ul><ul><li>802.11 provides no protection against attacks that passively observe traffic. </li></ul></ul><ul><ul><li>A great deal has been written about the flaws in WEP. </li></ul></ul><ul><ul><li>Early WEP implementations are vulnerable to cracking by tools such as AirSnort and WEPCrack. </li></ul></ul><ul><ul><li>Strong cryptographic solutions like SSH, SSL, and IPSec were designed to transmit data securely over public channels. </li></ul></ul><ul><ul><li>It protects only the initial association with the network and user data frames. </li></ul></ul>
  12. 12. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Many networks have a hard outer shell composed of perimeter security devices that are carefully configured and meticulously monitored. Inside the shell, though, is a soft, vulnerable (and tasty?) center. </li></ul><ul><li>7. Higher Level Attacks </li></ul><ul><ul><li>Once an attacker gains access to a wireless network, it can serve as a launch point for attacks on other systems. </li></ul></ul><ul><ul><li>Wireless LANs can be deployed quickly if they are directly connected to the vulnerable backbone, but that exposes the network to attack. </li></ul></ul><ul><ul><li>The solution is straightforward in theory: treat the wireless network as something outside the security perimeter, but with special access to the inside of the network. </li></ul></ul>
  13. 13. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Access Control – ACL – Access Control Lists </li></ul><ul><li>Confidentiality – Encryption Algorithms, Cryptography </li></ul><ul><li>Data Integrity – CRC Checks, Parity Checks, Checksum, MD5 Values </li></ul><ul><li>WEP and its Functionality </li></ul><ul><ul><li>WEP’s security goals are </li></ul></ul><ul><ul><ul><li>Access control: protecting the wireless network from unauthorized access. </li></ul></ul></ul><ul><ul><ul><li>Confidentiality: to prevent eavesdropping. </li></ul></ul></ul><ul><ul><ul><li>Data integrity: to prevent tampering with transmitted messages. </li></ul></ul></ul>
  14. 14. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Plaintext = Message + CRC (Cycic Redundancy Check) </li></ul><ul><li>IV – Initialization Vector </li></ul><ul><li>XOR – Exclusive OR </li></ul><ul><li>RC4 – Encryption Method </li></ul><ul><li>WEP’s security flaws </li></ul><ul><ul><li>WEP relies on an encryption algorithm called RC4. </li></ul></ul><ul><li>Making of Plaintext </li></ul><ul><li>Generation of RC4 Keystream </li></ul><ul><li>XOR of Plaintext and Key </li></ul><ul><li>Making of Ciphertext </li></ul><ul><li>Sending of Ciphertext with IV </li></ul>
  15. 15. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Ciphertext – Incoming Encrypted Message </li></ul><ul><li>KeyStream – RC4(v,k) where v is IV transmitted with Ciphertext </li></ul><ul><li>CRC – Cyclic Redundancy Check </li></ul><ul><li>IV – Initialization Vector </li></ul>WEP’s security flaws (contd…) <ul><li>Stripping out IV </li></ul><ul><li>Generation of key k </li></ul><ul><li>Reassembling of keystream </li></ul><ul><li>XOR with Ciphertext </li></ul><ul><li>Obtaining of Plaintext </li></ul>
  16. 16. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Why do we need Re-Usable Keystream? Why not 256 bits IV? </li></ul><ul><li>Starting from the beginning? Resetting IV on Initialization? </li></ul><ul><li>Key Stream Re-Use </li></ul><ul><ul><li>The IV is only 24 bits long. </li></ul></ul><ul><ul><li>Exhaustion of IV Field. </li></ul></ul><ul><ul><li>No other choice but to Re-Use. </li></ul></ul><ul><ul><li>Two packets will be encrypted using same k and IV. </li></ul></ul><ul><ul><li>Key Stream Re-Use is a major vulnerability. </li></ul></ul>
  17. 17. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Public Key/ Private Key Encryption Model </li></ul><ul><li>IV – Initialization Vector </li></ul><ul><li>XOR – 1101 XOR 1001 = 0100 </li></ul><ul><li>RC4 Hacking in Detail </li></ul><ul><ul><li>Done using two fields, k and IV. </li></ul></ul><ul><ul><li>Secret Key – k </li></ul></ul><ul><ul><li>Public Key – IV </li></ul></ul><ul><ul><li>Secret Key k is constant. </li></ul></ul><ul><ul><li>Hence, two or more packets are encrypted using same IV. </li></ul></ul><ul><ul><li>Means, both packets were encrypted in the very same way. </li></ul></ul><ul><ul><li>They can be XORed to cancel out two key streams. </li></ul></ul><ul><ul><li>Results in XOR of two original unencrypted packets. </li></ul></ul><ul><ul><li>Knowing bit stream in one of the packet gives out the other. </li></ul></ul><ul><ul><li>Hence, key k is identified. </li></ul></ul>
  18. 18. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>TKIP – Temporal Key Integrity Protocol </li></ul><ul><li>WPA – Wi-Fi Protected Access </li></ul><ul><li>IEEE 802.11i-2004 , or 802.11i , is an amendment to the IEEE 802.11 standard specifying security mechanisms for wireless networks. </li></ul><ul><li>Solutions to Key Stream Re-Use </li></ul><ul><ul><li>Increasing the size of IV field. </li></ul></ul><ul><ul><li>A 24 bits to 48 bits increase = 16.7 million to 281 trillion IVs. </li></ul></ul><ul><ul><li>Decreases very likelihood of Key Stream Re-Use. </li></ul></ul><ul><ul><li>Making secret key ‘k’ dynamic. </li></ul></ul><ul><ul><li>Improvement to WPA. </li></ul></ul><ul><ul><li>Implementation of TKIP. </li></ul></ul><ul><ul><li>Enhancements including per packet key mixing function. </li></ul></ul><ul><ul><li>Message Integrity Check called Michael. </li></ul></ul><ul><ul><li>Extended IV with sequencing rules and Re-Keying mech. </li></ul></ul><ul><ul><li>Mandatory in upcoming 802.11i </li></ul></ul>
  19. 19. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>KSA – Key Scheduling Algorithm </li></ul><ul><li>PRGA – Pseudo Random Generation Algorithm </li></ul><ul><li>A pseudorandom process is a process that appears random but is not. </li></ul><ul><li>RC4 Algorithm </li></ul><ul><li>RC4 generates a pseudorandom stream of bits (a keystream) which, for encryption, is combined with the plaintext using bit-wise exclusive-or; decryption is performed the same way (since exclusive-or is a symmetric operation). To generate the keystream, the cipher makes use of a secret internal state which consists of two parts: </li></ul><ul><li>A permutation of all 256 possible bytes (denoted &quot;S&quot; below). </li></ul><ul><li>Two 8-bit index-pointers (denoted &quot;i&quot; and &quot;j&quot;). </li></ul><ul><li>The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Once this has been completed, the stream of bits is generated using the pseudo-random generation algorithm (PRGA). </li></ul>
  20. 20. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>Pseudorandom sequences typically exhibit statistical randomness while being generated by an entirely deterministic causal process. Such a process is easier to produce than a genuine random one, and has the benefit that it can be used again and again to produce exactly the same numbers, useful for testing and fixing software. </li></ul>RC4 Algorithm (contd…) The key-scheduling algorithm (KSA) The key-scheduling algorithm is used to initialize the permutation in the array &quot;S&quot;. &quot;keylength&quot; is defined as the number of bytes in the key and can be in the range 1 ≤ keylength ≤ 256, corresponding to a key length of 40 – 128 bits. First, the array &quot;S&quot; is initialized to the identity permutation. S is then processed for 256 iterations. for i from 0 to 255 S[i] := i endfor j := 0 for i from 0 to 255 j := (j + S[i] + key[i mod keylength]) mod 256 Swap (S[i],S[j]) endfor
  21. 21. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>For such applications as cryptography, the use of pseudorandom number generators is insecure. When random values are required , the goal is to make a message as hard to crack as possible, by eliminating or obscuring the parameters used to encrypt the message from the message itself or from the context in which it is carried. </li></ul>RC4 Algorithm (contd…) The pseudo-random generation algorithm (PRGA) For as many iterations as are needed, the PRGA modifies the state and outputs a byte of the keystream. In each iteration, the PRGA increments i , adds the value of S pointed to by i to j , exchanges the values of S[ i ] and S[ j ], and then outputs the value of S at the location S[i] + S[j] (modulo 256). Each value of S is swapped at least once every 256 iterations. i := 0 j := 0 while GeneratingOutput: i := (i + 1) mod 256 j := (j + S[i]) mod 256 Swap(S[i],S[j]) Output S[(S[i] + S[j]) mod 256] ^ input[i] endwhile
  22. 22. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>RC4 Using Streams - WEP, WPA , BitTorrent protocol encryption , Microsoft Point-to- Point Encryption , Secure Sockets Layer , Secure shell , Remote Desktop Client (RDC over RDP) , Kerberos , SASL Mechanism Digest-MD5 . </li></ul>RC4 Algorithm (contd…) Test Vectors Sample test vectors are provided below: RC4( &quot;Key&quot;, &quot;Plaintext&quot; ) == BBF316E8D940AF0AD3 RC4( &quot;Wiki&quot;, &quot;pedia&quot; ) == 1021BF0420 RC4( &quot;Secret&quot;, &quot;Attack at dawn&quot; ) == 45A01F645FC35B383552544B9BF5 OR In Plain/Text: Password: Text: Output: RC4( &quot;24g3&quot;, &quot;24z0&quot;) == nhnW RC4( &quot;24g3&quot;, &quot;24z2&quot;) == nhnU RC4( &quot;5ybdt&quot;, &quot;5ybu8&quot;) == XJrkp
  23. 23. <ul><ul><li>Quick Note : </li></ul></ul><ul><li>L2TP – Layer 2 Tunneling Protocol </li></ul><ul><li>RADIUS – Remote Authentication Dial In User Service </li></ul><ul><li>SHA – Secure Hash Algorithm </li></ul><ul><li>LDAP – Lightweight Directory Access Protocol </li></ul><ul><li>VPN, Kerberos, IPSec….. </li></ul><ul><ul><li>Virtual Private Network, a n/w within a n/w. </li></ul></ul><ul><ul><li>Kerberos Authentication with RADIUS Servers. </li></ul></ul><ul><ul><li>IPSec Implementations with L2TP. </li></ul></ul><ul><ul><li>Firewalls, Monitors, Sniffing Detectors. </li></ul></ul><ul><ul><li>Better Encryption Algorithms like SHA. </li></ul></ul><ul><ul><li>Round Robin Based Key Modifying Methods. </li></ul></ul><ul><ul><li>Domain Based Auth Systems. </li></ul></ul><ul><ul><li>LDAP Authentication Methods. </li></ul></ul><ul><ul><li>BSSID Usages. </li></ul></ul><ul><ul><li>Understanding of Security Issues. </li></ul></ul>
  24. 25. <ul><li>Thank you for your patience and co-operation. </li></ul><ul><li>This seminar presentation is also available on </li></ul><ul><ul><li>References: </li></ul></ul><ul><ul><li>IEEEExplore – </li></ul></ul><ul><ul><li>Wikipedia - </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Seven Security Problems – O’Reilly Media - </li></ul></ul>Based On: Security issues of the IEEE 802.11b wireless LAN Boland, H.   Mousavi, H.    Carleton University, Ottawa, Ont., Canada IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
  25. 26. <ul><ul><li>Special Thanks To: </li></ul></ul><ul><ul><ul><li>Subu Surendran Sir, SCT College of Engineering, Trivandrum </li></ul></ul></ul><ul><ul><ul><li>Students of R7(05-09), SCT College of Engineering, Trivandrum </li></ul></ul></ul><ul><li> </li></ul> [email_address] +91.9446384450