Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities
1. Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis
Phone number: +30-210-6841287
Fax number: +30-210-6841412
Email address: meletis@telecron.com
Mail address:
Telecron Hellas
32 Kiffisias Ave.
Marousi, GR 15125
GREECE
Alkis Simitsis (*)
Phone number: +30-210-7721402, +30-210-7721602
Fax number: +30-210-7721442
Email address: asimi@dblab.ece.ntua.gr
Mail address:
Data and Knowledge Base Systems Laboratory
Department of Electrical and Computer Engineering
National Technical University of Athens
9 Iroon Polytechniou Street
Zographou, GR 15780
GREECE
Stefanos Gritzalis
Phone number: +30-22730-82234, +30-210-6492112
Fax number: +30-22730-82009, +30-210-6492399
Email address: sgritz@aegean.gr
Mail address:
Lab. of Information and Communication Systems Security
Dept. of Information and Communication Systems Engineering
University of the Aegean
Samos, GR 83200
GREECE
(* Corresponding author)
2. 1
Wireless Security: Common Protocols and Vulnerabilities
Meletis Belsis, Telecron, Greece
Alkis Simitsis, National Technical University of Athens, Greece
Stefanos Gritzalis, University of the Aegean, Greece
INTRODUCTION
The fast growth of the wireless technology has exponentially increased the abilities
and possibilities of computing equipment. Corporate users can now move around
enterprise buildings with their laptops, PDAs and WiFi, enable VoIP handsets and
retain communications with their offices. Business users can work from almost
anywhere by attaching their laptop to a WiFi hotspot and connect to their corporate
network. However, not many enterprises know and understand the potential security
vulnerabilities that are introduced by the use of WiFi technologies. Wireless
technologies are insecure by their nature. Anyone with the appropriate hardware can
steal information transmitted using the airwaves. This chapter discusses the security
vulnerabilities that are inherited in wireless networks. Also, it provides a description
of the current security trends and protocols used to secure such WiFi networks along
with the problems from their application.
BACKGROUND
Currently, several enterprises consider information security as a monolithic
architecture, in which simply they install a firewall or an intrusion detection system.
Unfortunately security is not a single device or software: «In the real world, security
involves processes. It involves preventive technologies, but also detection and
reaction processes, and an entire forensics system to hunt down and prosecute the
guilty. Security is not a product; it itself is a process. … » (Schneier, 2000).
The above definition represents the fact that total protection of corporate networks
goes beyond a firewall engine. Each appliance that is added and/or changed into a
system should incorporate the re-designing of a systems overall security policy and
infrastructure. The same principle exists when incorporating wireless devices to
extend the overall enterprise architecture. Deploying a wireless network has as
consequence the change of the security risks and needs of entire network
infrastructure. Nowadays, the techniques that are used for the realization of attacks in
wireless connected networks resemble with the ones that are used to target common
LANs. In the next paragraphs, we present the major categories of attacks that include
techniques that have been successfully used for attacking corporate wireless networks.
Denial of Service. In their simplest form, an adversary can continuously transmit
association request packets. Such action could render an access point unavailable to
authorized users. Adversaries can use a powerful RF transceiver, to transmit amplified
signals in all of frequency bands frequencies (channels), creating an interjection
which prevents the communication of terminals with the corporate Access Points (RF
Jamming). Such an attack could be easily deployed from the outside premises of an
enterprise (e.g., parking). An example appliance that can be used for the
concretization of this attack is the Power Signal Generator (PSG -1) by the YDI.
Man-In-The-middle attacks. Combining an RF Jamming attack with the use of a
portable computer and necessary software an attacker can easily steal or alter
3. 2
corporate information (Akin, 2003). The adversary will use a denial of service attack
to force authorized terminals connected to a corporate Access Point to identify and
roam to an access point with better signal that the one already connected to. Using this
predetermined behavior the attacker can masquerade his/her laptop as an access point
and force all wireless clients to connect to it. By using this technique an adversary can
intercept all wireless communications links and read or alter information on them.
Fresnel Zone Sniffing. Stealing information from point-to-point wireless links is
difficult. The attacker needs to calculate the link path and identify ways to attach its
laptop to the link’s Fresnel Zone.
Rogue wireless gateways. Rogue wireless gateway is a security vulnerability that is
detected in many today’s enterprise networks. A rogue wireless gateway is an
unauthorized access point that is installed on an enterprise network. Such access
points are usually installed by corporate users, to assist them in the everyday work
(i.e. transfer files/emails from a desktop to a laptop computer). Unfortunately
enterprise users do not know and understand the security implications of installing a
wireless device on a system. Leaving such devices connected to the corporate
network, provide an opportunity to adversaries to connect and steal corporate
information.
AdHoc Networks. The 802.11 protocol specification, allows wireless terminals to
interconnect without the use of an Access point. This mode of operation is called
AdHoc. Unfortunately many of today’s corporate users enable the ad hoc facility on
their laptops and PDA’s either accidentally or deliberately in order to exchange files
with other users. Enabling the ad hoc mode without deploying the necessary security
procedures (i.e., encryption and authentication) could seriously damage corporate
security. Adversaries can search for such unprotected ad hoc networks and connect to
those. From there adversaries can either read the locally stored corporate information,
or if the user’s device is connected to the corporate networks (i.e., LAN, dialup, and
VPN), access the corporate resources (Papadimitratos and Haas, 2002).
The previous example attacks emphasize the need for security that result from the
use of wireless technology. The problem of security becomes more apparent when the
technology of wireless networking is applied in government owned systems. The need
for security in those systems is extensive due to the legislations on personal data
protection and the human lives factors involved.
MAIN THRUST OF THE CHAPTER
The last few years the computing and telecommunications community has realized
the necessity of deploying security controls on wireless networks. Unfortunately most
of today’s wireless security controls have been proven unsafe or managerial infeasible
to maintain. The next few paragraphs describe the most common security protocols
and techniques as well as their vulnerabilities.
Discovering Wireless Networks
Many enterprises support their notion of using insecure WiFi networks based on
the idea that their small wireless networks are hidden from hackers and adversaries.
This notion is called Security through Obscurity, and is something that the IT security
community has analyzed and abolished long before the appearance of wireless
networks.
4. 3
Modern hackers have invented a number of new techniques collectively known as
War Driving or War Chalking, which aim in the discovering of unprotected wireless
networks. An adversary uses a laptop computer along with appropriate discovery
software (i.e. NetStumbler) and a GPS received to pint point the exact location of
Access points on a Map. Today such maps are distributed among the War Driving
community. It is not unusual for enterprises to discover their company access points
on maps found on War Driving web sites (Figure 1).
Figure 1. A War driving result in Los Angeles
Many enterprise administrators try to hide their wireless networks, by activating
the close system option found on Access Point hardware equipment. This option
prohibits the access point from transmitting the network’s beacon information that
incorporates the network’s Service Set Identifier (SSID). Unfortunately the SSID is
incorporated into almost all network management frames. Software packages like
NetStumbler will force the access points in transmitting the SSID by issuing such
management frames (i.e. Reassociation Request).
The techniques of War Driving and War Chalking is been used today in an
extended degree, and adversaries have developed their own marking symbols (Table
1) in order to denote the buildings where wireless networks are discovered. Writing
these symbols in various buildings of the city, adversaries mark their potential targets.
node symbol
open node
closed node
5. 4
WEP node
Table 1. War Chalking Symbols
MAC Access Control Lists
To enhance security many corporations develop Media Access Control (MAC)
control lists declaring the MAC addresses of wireless terminals that are authorized to
access the wired segment a corporate network. Unfortunately the deployment of MAC
Access Control Lists increases the management time and difficulty without offering
real protection from experienced hackers. Having discovered a wireless network an
adversary can eavesdrop on the network and detect authorized MAC addresses that
connect to an access point. Having a list of such authorized MAC addresses, the
adversary can use MAC spoofing attacks and masquerade his laptop as an authorized
client (e.g., using the SMAC software, a snapshot of which is depicted in Figure 2).
Figure 2. SMAC Software Screenshot
Wired Equivalent Privacy (WEP)
The first security protocol developed for wireless networks is the Wired Equivalent
Privacy (WEP). WEP uses RC4 PRNG algorithm (LAN MAN, 1999) for the coding
of information. The WEP key, with a 24 bit Initializing Vector (IV) are used for the
encryption/decryption of wireless data. The protocol works with keys of 64 or the 128
bit (the actual key lengths are 40 and 104 bit but are concatenated with the IV during
the encryption phase). In a WEP environment the encryption keys are installed by the
administrator of the system in each terminal and access point and, thus, the
management of the network becomes more complicated.
The WEP does not offer user authentication; therefore, discovering the WEP key
allows access to a corporate network (Borisov, Goldberg, and Wagner, 2001). The
two authentication models provided by WEP are Open System and the Shared-Key
Authentication (Lambrinoudakis and Gritzalis, 2005). The Open system model uses
6. 5
the MAC access control lists discussed in the previous paragraphs. In the Shared Key
authentication, WEP uses the encryption key to implement a Challenge-Response
authentication scheme.
At the same time WEP uses a 32 bit cycle redundancy check algorithm as Integrity
Check Value (ICV) in order to ensure the integrity of data. Currently, the CRC
algorithm has been already broken by researchers from the University of Berkley
(Tyrrell, 2003).
The key recovery process in a system that uses WEP can be actually realized in a
few hours. This is due to a vulnerability found in the way WEP uses the RC4
algorithm. The weakness of WEP is based on the fact that the IV is only 24 bit and
thus, in a busy network the same IV key is used to encrypt different network packets.
Having eavesdropped two or more packets encrypted with the same IV an adversary
can apply cryptanalysis techniques and recover the WEP key. Today, a number of
freeware software packages that can perform a successful WEP attack are available in
the internet. Examples of such software artifacts include the WEPCrack, and
AIRSnort (Figure 3)
Due to the fact that WEP encryption keys are static, the time between the
discovering of a compromised key and of updating the whole wireless network
infrastructure with a new key is extended. This leaves even more time to adversaries
to access and copy confidential corporate information.
Figure 3. AirSnort Software Screenshot
WiFi Protected Access (WPA)
Understanding the problems of WEP, the international community has moved
forward in developing a more secure protocol, namely 802.11i (Edney and William,
2003). Due to the delay in the development of the final 802.11i standard, the
international community released a pre-802.11i security protocol under the name WiFi
Protected Access (WPA) (Edney and William, 2003).
The WPA uses algorithm RC 4 (Fluhrer et al., 2001) for the encryption of air data
incorporating the Temporal Key Integrity Protocol (TKIP), in order to use dynamic
encryption keys. In order to avoid the security vulnerabilities of CRC – 32, WPA
utilizes a novel integrity protection algorithm, the Michael Message Integrity Check
(MIC) (Cam-Winget et al., 2003), which uses a 64bit key and partitions data into
32bit blocks.
TKIP uses an IV of 48 bit offering better security than the 24 bit IV used by
WEP. It combines a 128 bit temporary key, which is preinstalled in all wireless
terminals, with the MAC address of each terminal, and the 48 bit IV in order to create
a new encryption key for each terminal. The protocol changes the encryption key
every 10.000 packets that are transmitted.
Moreover, WPA employs the 802.1x protocol (port - based access control) to
deliver authenticated connections. This protocol allows the usage of a number of
7. 6
authentication methods to be used such as passwords, and digital certificates (Digital
Certificates).
The user or terminal authentication process is performed by the Extensible
Authentication Protocol (EAP). The EAP protocol is usually associated with a Radius
server in order to securely authenticate users or devices on a network. Figure 4
displays an example EAP authentication process.
Figure 4. 802.1x EAP authentication (EAP Authentication, 2005)
Currently, there exist several EAP implementations:
EAP –MD 5 (Funk, 2003). It was the first protocol that uses user authentication
based on the 802.1x scheme. It provides only one way authentication, ensuring the
authenticity of users but not the servers. The protocol is based on the algorithm MD5.
However, researches have already proved that this protocol is subject to dictionary
and man-in-the-middle attacks (Asokan, Niemi, and Nyberg, 2002).
CISCO – LEAP. The lightweight EAP (LEAP) was created by CISCO. This
protocol, offers bidirectional authentication. The bidirectional authentication makes
the protocol immune to man-in-the-middle attacks, but its challenge handshake
authentication protocol (MSCHAP ver.2) is subject to dictionary attacks. Currently,
there exist several tools on the Internet, like the asleep, that can perform successful
attacks on LEAP. CISCO tries to tackle this disadvantage and at this time, they are
developing a new protocol called EAP-FAST.
EAP-FAST (Ghosh and Gupta, 2005). The EAP-FAST is developed and market by
CISCO. The protocol is though to be as secure as EAP-PEAP, and as easy to deploy
as EAP-LEAP. The protocol operates similar with the EAP-PEAP. It uses two distinct
phases. In phase 1 a secure tunnel is established using a Protected Access Credential
(PAC) shared key. PAC is used in order to avoid deploying digital certificates. After
the establishment of the secure tunnel, authentication is performed on phase 2 using
the MSCHAP v2 protocol. The PAC secret can either be manually shared to all nodes,
or can be automated through an optional Diffie-Hellman process. Unfortunately, using
the manual shared key distribution process will make the management of the network
an extremely difficult. On the other hand the anonymous Diffie-Hellman process can
make the protocol suspected to man-in-the-middle attacks. Along with this during the
anonymous Diffie-Helman, the protocol transmits the user name in cleartext
(unencrypted) and thus possession of a user name could further lead an attacker in
performing social engineering attacks. It is going to be a while before the protocol is
8. 7
thorough tested and used by the international community (Lambrinoudakis and
Gritzalis, 2005).
EAP – TLS (Aboba and Simon, 1999). The EAP-Transport Layer Security (EAP-
TLS) has been developed by Microsoft Corporation. This protocol uses the Transport
Layer Security (TLS) protocol with digital certificates for both clients and servers in
order to provide bidirectional authentication. The protocol transmits the user name in
cleartext. A possible information leakage in this form could provide the basis for
further attacks (i.e., social engineering). Along with this, the use of both client and
server certificates makes the management of this protocol hassle for large corporate
networks.
EAP – TTLS (Funk and Blake-Wilson, 2003). The EAP-Tunneled TLS (EAP-
TTLS) protocol was created by the companies Funk and Certicom. It is based on the
idea of EAP-TLS, but in order to minimize the management process, it uses their
digital certificates only for the servers and not for the clients. Clients authenticate
servers by using digital certificates; thus, the protocol builds an encrypted tunnel. The
encrypted tunnel provides a secure medium on which clients can be authenticated
using a challenge response mechanism. Although, currently, there are not known
attacks, the protocol is suspected to be vulnerable to man-in-the-middle attacks
(Asokan, Niemi, and Nyberg, 2002).
EAP – PEAP (Palekar et al., 2003). The Protected EAP (PEAP) protocol is the
result of a common effort from different IT companies. The PEAP uses digital
certificates for servers. Also, clients authenticate servers. After a successful server
authentication, the protocol creates an encrypted tunnel between the client and the
server. Inside this secure tunnel the system can use any of the previously described
EAP authentication methods in order to enable client authentication. The chosen
combination today is to use the EAP-TLS inside the encrypted tunnel in order to
provide client authentication (EAP-PEAP/EAP-TLS). Similar to the TTLS protocol,
no known attack exist today, but PEAP is suspected to be vulnerable to man-in-the-
middle attacks.
802.11i
Having discovered the vulnerabilities in WEP, the started producing the
specification of a new protocol, the IEEE 802.11i. The 802.11i follows the similar
principles with the WPA, and uses 802.1x and EAP protocols for authentication and
key management. The 802.11i uses the Counter-Mode/CBC-MAC Protocol (CCMP)
protocol with the Advance Encryption Standard (AES) (NIST, 2001) algorithm to
provide data encryption and integrity protection.
In addition to the previous the 802.11i provides the Robust Security Network
(RSN) feature. RSN allows the two ends of a communication link to negotiate the
encryption algorithms and protocols to be used. This facility enables updating a
wireless network with new algorithms and protocols, in order to protect it from future
vulnerabilities.
Still, the 802.11i protocol requires special encryption hardware to run the AES
algorithm; due to this fact, additional time is needed for the vendors to change their
existing hardware to support the 802.11i protocol. To enable the migration of WEP
and WPA systems to 802.11i the WiFi Alliance has proposed a new security protocol
the WPA2. The new protocol incorporates all 802.11i functionality, but also enables
the use of the TKIP protocol, to support devices that do not have the necessary
hardware to run the AES algorithm.
9. 8
VPN’s
To provide a solution to the problem of security, many companies are
extending/developing Virtual Private Networks (VPN’s) (Karygiannis and Owens,
2002). Maintaining a VPN requires the engagement of specialized personnel or the
training of existing personnel; in both cases, the costs associated with deploying a
wireless infrastructure is highly increased. Along with the cost associated with the
deployment of a VPN, VPN’s incorporate a number of operational problems on a
system.
In networks where the users roam contentiously, a Layer-3 VPN solution will
disrupt a user’s connection and may even force the user to re-authenticate. Along with
this, applications that run on client terminals and access data stored on the corporate
servers may be seriously disrupted from a Layer-3 disconnection. Such disconnections
can seriously damage the integrity and availability of corporate information.
CONCLUSIONS
In this chapter, we have discussed the critical issue of wireless security. We have
presented the security vulnerabilities that are frequently inherited in wireless
networks. Also, we have described the most common security protocols and
techniques used. Moreover, we have provided a description of the current security
trends and protocols used to secure such WiFi networks along with the problems from
their application.
REFERENCES
Schneier, B. (2000). Secret and Lies. John Wiley and Sons. 1st Edition.
Akin, D. (2003). Certified Wireless Security Professional (CWSP) Official Study
Guide. McGraw Hill. ISBN 0-07-223012-6.
LAN MAN, Standards Committee of the IEEE Computer Society (1999). Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.
IEEE Standard 802.11, 1999 Edition.
Borisov, N., Goldberg, I., Wagner, D. (2001). Intercepting Mobile Communications:
The Insecurity of 802.11. Retrieved December 16, 2005, from
http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf.
Tyrrell, K. (2003). An Overview of Wireless Security Issues. SANS Information
Security Reading Room. SANS Institute
Edney, J., William, A. (2003). Real 802.11 Security: Wi-Fi Protected Access and
802.11i. Addison-Wesley.
Fluhrer, S., Mantin, I., Shamir, A. (2001). Weaknesses in the Key Scheduling
Algorithm of RC4. In 8th Annual Workshop on Selected Areas in Cryptography,
Springer-Verlag . LNCS 2259.
Cam-Winget, N., Housley, H., Wagner, D., Walker, J. (2003). Security Flaws in
802.11 Data Link Protocols. Communications of the ACM, 46(5).
Funk, P. (2003). The EAP MD5-Tunneled Authentication Protocol (EAP-MD5-
Tunneled). IETF Internet Draft.
Asokan, N., Niemi, V., Nyberg, K. (2002). Man-in-the-Middle in Tunnelled
Authentication Protocols. Cryptology ePrint Archive. Report 2002/163.
10. 9
Aboba, B., Simon, D. (1999). PPP EAP TLS Authentication Protocol. IETF RFC
2716.
Funk, P., Blake-Wilson, S. (2003). EAP Tunneled TLS Authentication Protocol
(EAP-TTLS). IETF Internet Draft.
Palekar, A., Simon, D., Zorn, G., Salowey, J., Zhou, H., Josefsson, S. (2003).
Protected EAP Protocol (PEAP) Version 2. IETF Internet Draft.
NIST (2001). Announcing the Advance Encryption Standard (AES). Federal
Information Processing Standards Publication 197.
Karygiannis, T., Owens, L. (2002). Wireless Network Security. NIST Special
Publication 800-48.
EAP Authentication (2005). Retrieved December 13, 2005, from
http://www.wi-fiplanet.com.
Papadimitratos, P., Haas, Z.J. (2002). Secure Routing for Mobile Ad Hoc Networks.
Working Session on Security in Wireless Ad Hoc Networks, EPFL. Mobile
Computing and Communications Review, 6(4).
Lambrinoudakis, C., Gritzalis, S. (2005). Security in IEEE 802.11 WLANS, CRC
Press.
Ghosh, D., Gupta, A. (2005). Analysis of EAP-FAST Wireless Security Protocol.
Retrieved December 15, 2005, from
http://wwwcsif.cs.ucdavis.edu/~guptaa/finalreport.pdf
TERMS AND DEFINITIONS
Wireless Computer Network. Any computer network that uses wireless
technologies based on the IEEE 802.11x standards to transmit and received data.
Encrypted Tunnel. An encrypted logical (virtual) connection, between two ends.
Data traveling inside the tunnel are encrypted with an agreed encryption algorithm.
Man-in-the-middle attack. An attack where the adversary succeeds in locating
himself in an established connection between two or more authorized nodes. Data
traveling between the nodes are always passing from the adversary.
VPN. Virtual Private Networks are technologies and protocols that used to establish
encrypted tunnels between one or more network nodes.
WiFi Alliance. A non profit organization, with more than 200 members, devoted in
promoting the use and operation of Wireless networks. Products associated by the
WiFi Alliance are able to interoperate.
Fresnel Zone. The area around the visual line of sight of a wireless link on which
the RF waves are spread. This area must be clear from obstacles otherwise the RF
signal is weaken.
Reassociation Request Frame. A data packet transmitted in a wireless network. The
packet enables a client to re connect to an access points. The packet is transmitted
after a client disconnection or when a client roams from one access point to another.