Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lecture 11 wifi security

2,883 views

Published on

Network Security Course (ET1318, ET2437) at Blekinge Institute of Technology, Karlskrona, Sweden

Published in: Technology, Business
  • Be the first to comment

Lecture 11 wifi security

  1. 1. Wireless LAN Security
  2. 2. Characteristics of WLANs• Advantages  Flexibility, Planning, Design, Robustness, Cost, ...• Disadvantages  Qos, Proprietary Solutions, Frequency Restrictions, Safety And Security• Design goals of WLANs  Global Operation, Low Power, License-free Operation, Robust Transmission Technology, Ad-hoc Operation, Transparency To Higher Layers, ...• Transmission technologies in WLAN  Infrared  Radio waves 2
  3. 3. IEEE 802.11• Some Wireless Security Issues:  Radio signals travel through the open atmosphere where they can be intercepted by individuals who are constantly on the move, making them difficult to track down.  Wireless solutions are universally dependent on public-shared infrastructure, where there might be less control and knowledge about the security discipline used.  Rogue access points can jeopardize everything a company spends on firewalls, access control, and other security software.  War dialing, also known as war driving, poses a significant problem. – a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers (Ref: Wikipedia) 3
  4. 4. Characteristics of WLANs• Infrastructure vs. Ad-hoc Networks Infrastructure network AP wired network AP AP AP Ad-hoc network 4
  5. 5. Characteristics of WLANs• Architecture of an Infrastructure Network: 802.11 LAN 802.x LAN – Station (STA) • terminal with access mechanisms to the STA1 wireless medium and radio contact to the access point BSS1 – Basic Service Set (BSS) Portal • group of stations using the same radio Access frequency Point – Access Point (AP) Distribution System (DS) • station integrated into the wireless LAN and the distribution system Access ESS Point – Portal • bridge to other (wired) networks BSS2 – Distribution System (DS) • interconnection network to form one logical network STA2 STA3 – Extended Service Set (ESS) 802.11 LAN • comprised of several BSS 5
  6. 6. Characteristics of WLANs 802.11 LAN• Architecture of an Ad-hoc Network: – Direct communication within a limited STA1 STA3 range IBSS1 • Station (STA): – terminal with access mechanisms to STA2 the wireless medium • Independent Basic Service Set (IBSS): – group of stations using the same radio frequency IBSS2 STA5 STA4 802.11 LAN 6 6
  7. 7. Characteristics of WLANsExample of WLAN site planning 3r d 2n d 1st Basem ent 7 9
  8. 8. IEEE 802.11• IEEE – Institute of Electrical and Electronics Engineers• 802.11 – Family of standards set forth by IEEE to define the specifications for wireless LANs – Specifications for • Medium Access Control (MAC) • Physical Layer (PHY)• IEEE 802.x ? – Local, high-speed connectivity for fixed, portable and moving STAs 8 8
  9. 9. IEEE 802.11• IEEE 802.11 vs. IEEE 802.3 – Similarity • Same LLC -> No difference for upper layer protocols – Differences • WLAN is not private • WLAN is exposed to more environmental problems • IEEE 802.11 PHY has NO collision detection » “Hidden Node Problem” 9 9
  10. 10. IEEE 802.11mobile terminal infrastructure network access pointapplication application TCP TCP IP IP LLC LLC LLC802.11 MAC 802.11 MAC 802.3 MAC 802.3 MAC802.11 PHY 802.11 PHY 802.3 PHY 802.3 PHY 10 10
  11. 11. IEEE 802.11• CSMA Medium Access – “CD” (Ethernet) – If media is sensed idle, transmit – If media is sensed busy, wait until idle and then transmit immediately • If a collision is detected, stop transmitting. • Reschedule transmission according to an exponential back-off• CSMA Medium Access – “CA” (802.11) – Would like to use CSMA but cannot use CD! • Use Collision Avoidance (CA) instead 11 11
  12. 12. IEEE 802.11• CSMA/CA – Access Method • Station ready to send starts sensing the medium (Carrier Sense based on CCA, Clear Channel Assessment) • If the medium is free for the duration of an Inter-Frame Space (IFS), the station can start sending (IFS depends on service type) • If the medium is busy, the station has to wait for a free IFS, then the station must additionally wait a random backoff time (collision avoidance, multiple of slot-time)(Distributed Coordination Function (DCF)) • Backoff Time = Random () x aSlotTime • If another station occupies the medium during the backoff time of the station, the backoff timer stops (fairness) 12 19
  13. 13. IEEE 802.11 contention window (randomized back-off DIFS DIFS mechanism) Medium Busy next frame Direct Access if t medium is free ≥ DIFS slot timeDistributed Co-ordination Function (DCF): DCF employs a CSMA/CA with binaryexponential backoff algorithm.DCF Interframe Space (DIFS)DIFS = SIFS (2 * Slot time) (SIFS: Short Interframe Space (SIFS), is the small time intervalbetween the data frame and its acknowledgment) 13 20
  14. 14. IEEE 802.11• Hidden Node Problem STAC STAB STAA B B 14 21
  15. 15. IEEE 802.11• MAC Layer – Access Mechanisms – Distributed Coordination Function (DCF) with RTS/CTS handshake • RTS (Request to Send), CTS (Clear To Send) helps determine who else is in range or busy (collision avoidance) -> CSMA/CA • Sender A sends RTS, receiver B sends CTS – Nodes who hear CTS cannot transmit concurrently with A (red region) – Nodes who hear RTS but not CTS can transmit (green region) – Sender A sends data frame, receiver B sends ACK – Nodes who hear the ACK can now transmit 15 22
  16. 16. IEEE 802.11 802.11 MAC Access Mechanism – RTS/CTSSTAC STAB STAA STAD STAx X B 16
  17. 17. IEEE 802.11• DFW MAC - DCF CSMA/CA (Distributed Foundation Wireless MAC)The Network Allocation Vector (NAV) is virtual Short Inter-Frame Space (SIFS) is the shortest of the interfacecarrier sensing mechanism used with wireless spaces. SIFS is used with ACK and CTS framesnetwork protocols. The NAV may be thought of asa counter, which counts down to zero at a uniformrate. When the counter is zero, the virtual CSindication is that the medium is idle; when nonzero,the indication is busy. The medium shall bedetermined to be busy when the STA istransmitting. DIFS RTS data sender SIFS SIFS SIFS CTS ACK receiver NAV (RTS) DIFS other data NAV (CTS) stations t defer access » contention station can send RTS with reservation parameter after waiting for DIFS (reservation determines amount of time the data packet needs the medium) » acknowledgement via CTS after SIFS by receiver (if ready to receive) » sender can now send data at once, acknowledgement via ACK 17 » other stations store medium reservations distributed via RTS and CTS 24
  18. 18. IEEE 802.11• MAC Frames – Types • control frames, management frames, data frames – Sequence numbers • important against duplicated frames due to lost ACKs – Addresses • receiver, transmitter (physical), BSS identifier, sender (logical) – Miscellaneous • sending time, checksum, frame control, data 18 25
  19. 19. IEEE 802.11 MPDU Format (Fields)• MAC Frames MAC Control : contains any protocol control information• MAC Protocol Data Unit (MPDU) Destination MAC Address Source MAC Address MAC Service Data Unit : The data from the next higher layer CRC : Cyclic Redundancy Check; also known as Frame Check Sequence (FCS) field. PHY IEEE 802.11 Data CRC bytes 2 2 6 6 6 2 6 0-2312 4 Frame Address Address Address Sequence Address Duration/ID Data CRC Control 1 2 3 Control 4 bits 2 2 4 1 1 1 1 1 1 1 1 Protocol To From More Power More Type Subtype Retry WEP Order version DS DS Frag Mgmt Data 19 26
  20. 20. IEEE 802.11• Valid MAC Address Format Function To From Address 1 Address 2 Address 3 Address 4 DS DS Ad-hoc 0 0 DA SA BSSID - From AP 0 1 DA BSSID SA - To AP 1 0 BSSID SA DA - Within 1 1 RA TA DA SA DS Service Set Identifier (SSID) is the name of a WLAN Basic Service Set (BSS): • In infrastructure mode, a single AP together with all associated STAs is called a BSS • In ad hoc mode a set of synchronized stations, one of which acts as master, forms a BSS. • The most basic BSS consists of one access point and one station. Basic Service Set Identifier (BSSID): • Uniquely identifies each BSS • The BSSID is the MAC address of the wireless access point (WAP). 20 27
  21. 21. IEEE 802.11• Acknowledgement bytes 2 2 6 4 ACK Frame Receiver Duration CRC Control Address• Ready-To-Send bytes 2 2 6 6 4 Frame Receiver Transmitter RTS Duration CRC Control Address Address• Clear-To-Send bytes 2 2 6 4 CTS Frame Receiver Duration CRC Control Address 21 28
  22. 22. IEEE 802.11• MAC Management – Synchronization • try to find a LAN, try to stay within a LAN • timer etc. – Power management • sleep-mode without missing a message • periodic sleep, frame buffering, traffic measurements – Association/Reassociation • integration into a LAN • roaming, i.e. change networks by changing access points • scanning, i.e. active search for a network – MIB - Management Information Base • managing, read, write 22 29
  23. 23. IEEE 802.11• Synchronization beacon interval access B B B B point busy busy busy busy medium value of the timestamp beacon frame t B beacon interval B1 B1 station1 B2 B2 station2 busy busy busy busy medium value of the timestamp t 23 B beacon frame random delay 30
  24. 24. IEEE 802.11• MAC Power Management – Idea: switch the transceiver off if not needed – States of a station: sleep and awake – Timing Synchronization Function (TSF) • stations wake up at the same time – Infrastructure • Traffic Indication Map (TIM) – list of unicast receivers transmitted by AP • Delivery Traffic Indication Map (DTIM) – list of broadcast/multicast receivers transmitted by AP – Ad-hoc • Ad-hoc Traffic Indication Map (ATIM) – announcement of receivers by stations buffering frames – more complicated as there is no central AP – collision of ATIMs possible (scalability?) 24 31
  25. 25. IEEE 802.11• Power-saving with wake-up pattern TIM interval DTIM interval Infrastructure network access D B T T d D B point busy busy busy busymedium p d station t T TIM D DTIM awake data transmission B broadcast/multicast p Power d to/from the station Save 25 poll 32
  26. 26. IEEE 802.11• Roaming – No or bad connection? Then perform: – Scanning • scan the environment, i.e., listen into the medium for beacon signals or send probes into the medium and wait for an answer – Reassociation Request • station sends a request to one or several APs – Reassociation Response • success: AP has answered, station can now participate • failure: continue scanning – AP accepts Reassociation Request • signal the new station to the DS • the DS updates its data base (i.e., location information) • typically, the DS now informs the old AP so it can release resources 26 33
  27. 27. IEEE 802.11 • Connection set-up time• IEEE 802.11b – Connectionless/always on• Data rate – 1, 2, 5.5, 11 Mbit/s, depending • Quality of Service on SNR – Typical best effort, no – User data rate max. approx. 6 guarantees (unless polling is Mbit/s used, limited support in products)• Transmission range – 300m outdoor, 30m indoor • Manageability – Max. data rate ~10m indoor – Limited (no automated key distribution, symmetrical Encryption)• Frequency – Free 2.4 GHz ISM-band • Advantages/Disadvantages – Advantage: many installed• Security systems, lot of experience, – Limited, WEP insecure, SSID available worldwide, free ISM- band, many vendors, integrated in laptops, simple system• Cost – Disadvantage: heavy – 100€ adapter, 250€ base station, interference on ISM-band, no dropping service guarantees, slow relative speed only• Availability – Many products, many vendors 27 34
  28. 28. IEEE 802.11• IEEE 802.11a• Data rate – 6, 9, 12, 18, 24, 36, 48, 54 Mbit/s, • Connection set-up time depending on SNR – User throughput (1500 byte packets): 5.3 – Connectionless/always on (6), 18 (24), 24 (36), 32 (54) • Quality of Service – 6, 12, 24 Mbit/s mandatory – Typical best effort, no guarantees (same as all 802.11• Transmission range products) – 100m outdoor, 10m indoor • Manageability – Limited (no automated key• Frequency distribution, symmetrical Encryption) – Free 5.15-5.25, 5.25-5.35, 5.725-5.825 GHz ISM-band • Advantages/Disadvantages• Security – Advantage: fits into 802.x standards, free ISM-band, – Limited, WEP insecure, SSID available, simple system, uses less crowded 5 GHz band• Cost – 280€ adapter, 500€ base station – Disadvantage: stronger shading due to higher frequency, no• Availability QoS – Some products, some vendors 28 35
  29. 29. IEEE 802.11• Other IEEE 802.11 flavors – 802.11d: Regulatory Domain Update – 802.11e: MAC Enhancements – QoS • Enhance the current 802.11 MAC to expand support for applications with Quality of Service requirements, and in the capabilities and efficiency of the protocol. – 802.11f: Inter-Access Point Protocol • Establish an Inter-Access Point Protocol for data exchange via the distribution system. – 802.11g: Data Rates > 20 Mbit/s at 2.4 GHz; 54 Mbit/s, OFDM – 802.11h: Spectrum Managed 802.11a (DCS, TPC) – 802.11i: Enhanced Security Mechanisms • Enhance the current 802.11 MAC to provide improvements in security. – Study Groups • Radio Resource Measurements • High Throughput 29 36
  30. 30. WLAN Security• General Methods  MAC Filter  SSID Cloaking  WEP• General Attacks 30 36
  31. 31. Mac Filter• Filter authorized devices based on MAC-address (The network card physical address)• It’s easy to spoof MAC-addresses  The address length is only 12-digit long  Easy to eavesdrop on a wlan connection and find out active hosts 31
  32. 32. SSID Cloaking• Every WLAN network has a associated SSID-name• By SSID Cloaking the access point will not broadcast its SSID• Actually the SSID broadcasted from the access point are null• Host can probe to this null SSID (called active scanning) and then be-able to find or cloaked networks• This will NOT give you a hidden WLAN 32
  33. 33. Wired Equivalent Privacy (WEP)• Uses a 64-bit key (some vendors use a 128-bit key but this is not standardised).• Uses a data integrity checksum called Integrity Check Value (ICV)• Uses an Internal Vector IV that has the length of 24-bits• The 64-bit key are a combination of the IV (24-bits) and a static key (40 bits) 24-bit IV 40-bit static key 33
  34. 34. WEP Weakness• IV collisions attack  The IV is always sent in clear text and are different in every frame the IV will eventually repeat over a period of time (every 16 million packet)  When IV collisions occur a cracker can with easy means recover the secret key• Weak key attack  Sometimes a weak IV is generated which makes cracking of the secret key easy• Re-injection attack  A cracker uses tools to inject packets that accelerate the collisions of weak IVs• Bit-flipping attack  Due to problems in the ICV a cracker can tamper with encrypted packets With a combination of the first three, existing tools can crack a “secure” WEP network in 5 minutes 34
  35. 35. Dynamic WEP Encryption• Due to the weakness of static WEP, dynamic WEP were introduced• Dynamic WEP encryption changes the encryption key (re-keying) automatically so often that it is harder (impossible?) for a cracker to gather enough information to make a successful decryption of the key• Can be configured and implemented in many ways  Per-user encryption  Per-frame encryption 35
  36. 36. Wi-Fi Protected Access - WPA • Developed in 2004 to be a successor of WEP and cover the flaws within WEP • WPA became a standard before the IEEE standard 802.11i where released • Supports TKIP/RC4 dynamic encryption  Authentication using ether of – 802.1X/EAP for Enterprise – Pre-shared key for SOHO  Link securing using dynamic keys – Per-link – Per-frame 36FREDRIK ERLANDSSON
  37. 37. WPA2• When 802.11i were introduced the WPA2 certification became a more complete implementation of the 802.11i• Supports both CCMP/AES and TKIP/RC4  802.1X/EAP for Enterprise  Pre-shared key for SOHO 37
  38. 38. Wireless Attacks• Rouge Access Point  A WiFi access point is installed by a clueless user on the network  Uncontrolled and unmonitored  Provides a open hole for drive by hackers to the internal network• Peer-to-Peer Attacks  Due to poorly configured endpoints (hosts) two host can connect to each other and hence no central security policy can be used they can full access to each others services• Wireless Hijacking - Man in the middle attack  A cracker uses his computer as a AP and fools users to connect to him instead of a real AP  The cracker can see all data• Eavesdropping  Everything sent on a wireless network can be intercepted by anyone within range. – Wardriving 38
  39. 39. The End 39 ET2437 - Network Security 39
  40. 40. HIPERLAN • ETSI standard – European standard, cf. GSM, DECT, ... – Enhancement of local Networks and interworking with fixed networks – integration of time-sensitive services from the early beginning • HIPERLAN (HIgh PErformance Radio LAN) family of standards – one standard cannot satisfy all requirements • range, bandwidth, QoS support • commercial constraints – HIPERLAN 1 standardized since 1996 – no products! 40 [ET2405 - WLAN] Doru Constantinescu 42 ET2437 - Network SecurityFREDRIK ERLANDSSON
  41. 41. HIPERLAN • HIPERLAN Standardization Scope higher layers medium access logical link network layer control layer control layer channel access medium access data link layer control layer control layer physical layer physical layer physical layer IEEE 802.11 layers OSI layers HIPERLAN layers 41 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 43 ET2437 - Network SecurityFREDRIK ERLANDSSON
  42. 42. HIPERLAN • HIPERLAN family – An Overview HIPERLAN 1 HIPERLAN 2 HIPERLAN 3 HIPERLAN 4 access to ATM wireless local point-to-point Application wireless LAN fixed networks loop wireless ATM Frequency 5.1 – 5.3 GHz 17.2 – 17.3 GHz decentralized, cellular, point-to- Topology ad-hoc/infrastr. centralized multipoint point-to-point Antenna omni-directional directional Range 50 m 50 – 100 m 5000 m 150 m QoS statistical ATM Traffic Classes (VBR, CBR, ABR, UBR) Mobility < 10 m/s stationary Interface Conventional LAN ATM networks Data Rate 23.5 MBit/s > 20 MBit/s 155 MBit/s 42 Power Conservation 2007-12-17 yes [ET2405 - WLAN] Doru Constantinescu not necessary 44 ET2437 - Network SecurityFREDRIK ERLANDSSON
  43. 43. HIPERLAN • HIPERLAN/2 – short range (< 200 m), indoor/campus, 25 Mbit/s user data rate – access to telecommunication systems, multimedia applications, mobility (< 10 m/s) • HIPERACCESS – wider range (< 5 km), outdoor, 25 Mbit/s user data rate – fixed radio links to customers (“last mile”), alternative to xDSL or cable modem, quick installation – Several (proprietary) products exist with 155 Mbit/s plus QoS • HIPERLINK – currently no activities – intermediate link, 155 Mbit/s – connection of HIPERLAN access points or connection between HIPERACCESS nodes 43 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 45 ET2437 - Network SecurityFREDRIK ERLANDSSON
  44. 44. HIPERLAN • HiperLAN2 – Official name: BRAN HIPERLAN Type 2 • H/2, HIPERLAN/2 also used – High data rates for users • More efficient than 802.11a – Connection oriented – QoS support – Dynamic Frequency Selection (DFS) – Security support • Strong encryption/authentication – Mobility support – Network and application independent • convergence layers for Ethernet, IEEE 1394, ATM, 3G – Power save modes – Plug and Play 44 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 46 ET2437 - Network SecurityFREDRIK ERLANDSSON
  45. 45. HIPERLAN • HiperLAN2 Handover Situations • Sector handover • Radio handover • Network handover AP APT APC 1 Core Network (Ethernet, 3 AP Firewire, APT ATM, UMTS) APC 2 APT 45 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 47 ET2437 - Network SecurityFREDRIK ERLANDSSON
  46. 46. HIPERLAN • HiperLAN2 - Centralized vs. Direct mode AP AP/CC control control data control data MT1 MT2 MT1 MT2 MT1 MT2 + CC data control Centralized Direct 46 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 48 ET2437 - Network SecurityFREDRIK ERLANDSSON
  47. 47. HIPERLAN • Protocol stack in HiperLAN2 (in AP) Higher layers DLC control DLC user Convergence layer SAP SAP Radio link control sublayer Data link control - basic data transport function Radio DLC Association resource connection control Scope of control control HiperLAN2 Error standards control Radio link control Medium access control Physical layer 47 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 49 ET2437 - Network SecurityFREDRIK ERLANDSSON
  48. 48. HIPERLAN • HiperLAN2 MAC Frames 2 ms 2 ms 2 ms 2 ms TDD, 500 OFDM MAC frame MAC frame MAC frame MAC frame ... symbols/frame random broadcast phase downlink phase uplink phase access phase variable variable variable 48 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 50 ET2437 - Network SecurityFREDRIK ERLANDSSON
  49. 49. HIPERLAN • HiperLAN2 – DLC – Six transport channels for data transfers in the different phases • Broadcast channel (BCH) – 15 bytes • Frame channel (FCH) – multiple 27 bytes • Access feedback channel (ACH) – 9 bytes • Long transport channel (LCH) – 54 bytes • Short transport channel (SCH) – 9 bytes • Random channel (RCH) – 9 bytes 49 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 51 ET2437 - Network SecurityFREDRIK ERLANDSSON
  50. 50. HIPERLAN • Valid configuration of MAC frames 2 ms 2 ms 2 ms 2 ms MAC frame MAC frame MAC frame MAC frame ... random broadcast downlink uplink access BCH FCH ACH DL phase DiL phase UL phase RCHs Valid combinations of MAC frames for BCH FCH ACH DiL phase UL phase RCHs a single sector AP BCH FCH ACH DL phase UL phase RCHs BCH FCH ACH UL phase RCHs BCH FCH ACH DL phase DiL phase RCHs BCH FCH ACH DiL phase RCHs BCH FCH ACH DL phase RCHs 50 BCH FCH ACH RCHs 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 52 ET2437 - Network SecurityFREDRIK ERLANDSSON
  51. 51. Summary • All WLANs suffer from limitations but allow for a new degree of freedom for their users • Standard insures interoperability! – WiFi Alliance (Wireless Fidelity) insures interoperability of 802.11 products (former WECA) • HiperLAN2 comprises many interesting features but no products are available yet • Technologies that might influence WLANs – Wireless Sensor Networks – Radio Frequency Identification (RFID) – Ultra Wide Band Technology (UWB) • Most likely the typical mobile devices of tomorrow will comprise several technologies 51 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 53 ET2437 - Network SecurityFREDRIK ERLANDSSON
  52. 52. Overlay Networks – Global goal Integration of heterogeneous fixed and mobile networks with varying transmission characteristics regional vertical handover metropolitan area campus-based horizontal handover 52 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 54 ET2437 - Network SecurityFREDRIK ERLANDSSON
  53. 53. References • http://www.ieee802.org/11 • http://grouper.ieee.org/groups/802/11/Reports • http://www.csrc.nist.gov/encryption/aes • http://www.hiperlan2.com • http://www.etsi.org • IEEE, “Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) specifications” IEEE 802.11, IEEE (1999) • ETSI, “Radio Equipment and Systems (RES), High Performance Radio Local Area Network (HIPERLAN) Type 1, Functional specification”, European Telecommunication Standard, ETS 300652, ETSI (1996) • Jochen Schiller, “Mobile Communications”, 2:nd Edition, Addison- Wesley, 2003 53 2007-12-17 [ET2405 - WLAN] Doru Constantinescu 55 ET2437 - Network SecurityFREDRIK ERLANDSSON

×