This document discusses WLAN security threats and countermeasures. It describes vulnerabilities in early security standards like WEP. It then outlines improved security mechanisms in WPA and 802.11i like AES encryption and 802.1x authentication. Finally, it recommends a multi-layered approach using tools like VPN, firewalls, and rogue AP detection to securely manage enterprise WLAN access.

1. WLAN Hacking Threats and Countermeasures RSA Europe, Vienna, 18 October John Rhoton HP Services, Mobile Technology Lead

2. Objectives Describe state of WLAN security Mechanisms Vulnerabilities/threats/exploits Provide countermeasures and best practices to address threats

3. Needs determine security SSID MAC Filter WEP WPA/802.11i

4. Requires management of authorized MAC addresses LAA (Locally Administered Address) can override UAA (Universally Administered Address) MAC Filters

5. 802.11b Security Vulnerabilities Symmetric secret keys Poor key management Hardware theft is equivalent to key theft Algorithmic weaknesses WEP Packet spoofing, disassociation attack Replay attack Decoy AP Rogue AP

6. Equipment of a Wi-Fi freeloader Mobile device Linux Windows Pocket PC Wireless card Orinoco card Prism 2 card Driver for promiscuous mode Cantenna and wireless MMCX to N type cable

7. War driver gone wild

8. Bringing the “War” to War Driving

9. Bringing the “War” to War Driving

10. Tools NetStumbler—access point reconnaissance http://www.netstumbler.com WEPCrack—breaks 802.11 keys http://wepcrack.sourceforge.net/ AirSnort—breaks 802.11 keys Needs only 5-10 million packets http://airsnort.shmoo.com/ chopper Released August 2004 Reduces number of necessary packets to 200-500 thousand Aircrack, Airopeek, Airsnare, Airmagnet, Airjack, Aerosol, Kismet, Packetyzer, NAI Sniffer, Retina WiFi Scanner…

11. NetStumbler

12. WiFiFoFum

13. Airsnort cracked the WEP key – About 16 hours chopper reduces by an order of magnitude

14. FBI – ISSA Los Angeles 2005 FBI Computer Scientist James C. Smith (left) & FBI Special Agent Geoff Bickers (right) broke 128-bit WEP key in three minutes

15. Ten-minute WEP crack Kismet reconnaissance Airodump WEP cracking Void11 deauth attack Aireplay replay attack Source: tom’s networking

16. Wireless LAN security evolution 1999 2003 2005 WEP WPA 802.11i / WPA2 Timeline Privacy: 40 bit RC4 with 24 bit IV Auth: SSID and Shared key Integrity: CRC Privacy: Per packet keying (RC4) with 48 bit IV Auth: 802.1x+ EAP Integrity: MIC Privacy: AES Auth: 802.1x+ EAP Integrity: MIC Security

17. Improved Security Proposals ( WPA) Temporal Key Integrity Protocol Fast/Per packet keying Message Integrity Check (MIC) Multilinear Modular Hash (MMH replaces CRC) WPA-Personal Pre-shared key (Alphanumeric password) WPA-Enterprise 802.1x (adapted for 802.11 MAC by 802.11i WG) with EAP No predefined EAP mechanisms

18. IEEE 802.1x Explanation Restricts physical access to the WLAN Handles automated key change Can use existing authentication system Controlled port Uncontrolled port Supplicant Authentication Server Authenticator

19. EAP Methods client/server dependent Both Client and RADIUS server must support same EAP method Microsoft supports EAP API for XP and W2K. EAP-MD5 disallowed for wireless EAP-TLS in Windows XP release Service pack 1 adds protected EAP (PEAP) MS-CHAPv2—passwords TLS (SSL channel)—certificates PEAP-EAP-TLS a little slower than EAP-TLS SecurID—but not tested/supported for wireless

20. 802.1x Implementation 802.1x supplicant 802.1x capable Access Point 802.1x Authorization Server Supplicant (Client) Authenticator (Access Point) Authentication Server (RADIUS Server) RADIUS 802.1x EAP EAP TKIP / MIC

21. Ratified June 2004 AES selected by National Institute of Standards and Technology (NIST) as replacement for DES Symmetric-key block cipher Computationally efficient Can use large keys (> 1024 bits) Cipher Block Chaining Message Authentication Code ( CBC-MAC or CCMP) replaces TKIP RFC 3610 May require equipment upgrades Some WPA implementations already support AES Update for Windows XP (KB893357) Transition Security Networks (TSN) interoperate with WEP Robust Security Networks (RSN) prohibit WEP 802.11i / WPA2

22. VPN Overlay VPN Concentrator

23. Role-based Access Control Bluesocket Perfigo (Cisco) Cranite Aruba HP ProCurve (Vernier) Role Schedule Location User Access Control IP Address Port Time VLAN

24. Enterprise WLAN Security Options WPA – Enterprise Eventual transition to 802.11i Requires WPA-compliant APs and NICs VPN Overlay Performance overhead (20-30%) VPN Concentrator required RBAC Additional appliance and infrastructure Most refined access Home WLAN: WEP key rotation, firewall, intrusion detection Public WLAN: MAC address filter, secure billing, VPN passthrough

25. Rogue Access Points Highest risk when WLANs are NOT implemented Usually completely unsecured Connected by naïve (rather than malicious) users Intrusion Detection Products Manual, Sensors, Infrastructure Multi-layer perimeters 802.1x RBAC, VPN Internet Intranet Access

26. Summary WLAN security had a bad start WEP is insufficient MAC filtering is even worse WPA and 802.11i are solid As far as we know today… Consider multi-layer perimeter control (VPN, RBAC) Opt-out disabled Rogue access points are the biggest threat of all!

27. Send mail to: [email_address]