wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
1. CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Security
CSE497b - Spring 2007
Introduction Computer and Network Security
Professor Jaeger
www.cse.psu.edu/~tjaeger/cse497b-s07/
2. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
At the mall ...
Page 2
3. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Networks
• Network supported by
radio communications ..
• Alphabet soup of
standards, most on 802.11
• .. destroys the illusion of a
hard perimeter.
Page 3
4. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Why you should fear Simon Byers ...
• Over the course of history radio frequencies have
been enormously vulnerable to eavesdropping and
manipulation.
• ASSUME: Everything you say on a wireless network
is going to be heard and potentially manipulated by
your adversaries.
Page 4
5. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless LANs
• Access point networks (ranging to about 300 feet)
• All devices connect to the central access point
• Pro: very easy to setup and maintain, simple
protocols
• Con: reliability/speed drops as you get away from
AP or contention increases.
Page 5
6. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Ad hoc Networks (a.k.a peer-to-peer)
• Devices collaboratively work together to support
network communication
• Network topology changes in response to moving
devices, e.g., bluetooth
• Pro: highly flexible and responsive to changes in
environment
• Con: complex, subject to traffic manipulation by
malicious peers
Page 6
7. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Devices
• Laptops (canonical wireless devices)
• Desktops, mobile phones, ....
• Bluetooth
Page 7
8. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Attacks on Wireless Networks
• DOS
• Planted devices
• Hijacked connections
• Eavesdropping
• Somebody is "in the wire" ...
Page 8
9. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Threats
• This is an open network ...
• ... to which anyone can connect.
• What security is necessary?
– Authentication?
– Confidentiality?
– Integrity?
– Privacy?
– DOS Protection?
– Accountability (traceability)?
Page 9
10. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Security Mechanisms
• Note: this is just a network with different threats, so
implementing security is very similar to network
security
• Authentication
– Q: What are you authenticating in a wireless network?
– Methods: password/passphrase, smartcard, etc.
– Tools: radius, Kerberos, PKI services ....
• Confidentiality/Integrity
– Typically implemented via some transport protocol
– IPsec (just implement a VPN -- this is what PSU does)
Page 10
11. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Wireless Security Approaches
• MAC Authentication
• WEP (Wired Equivalent Privacy)
• 802.11i (WPA - Wifi Protected Access)
• EAP/LEAP (Extensible Authentication Protocol)
• WAP (Wireless Application Protocol)
11
12. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
MAC Authentication
• Create a list of MAC addresses
– media access layer, e.g., ether 00:0a:95:d5:74:6a
– Only these devices are allowed on network
• Attack
– Listen on network for MAC address use -- laptop
– Masquerade as that MAC address (easy to do, many
devices programmable)
– ... can wait for it to go off line to avoid conflict, but not
necessary
• ARP Security limitations
Page 12
ether 00:0a:95:d5:74:6a
13. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
WEP (Wired Equivalent Privacy)
• Keys
– Pass-phrase converts 40 bits from passphrase, plus 24 bit
initialization vector (or)
– 26 char hexadecimal + 24-bit IV = 128-bit WEP
– Ability to send packets is essentially authentication
• integrity used as authentication
– Built into the vast majority of home wireless routers
Page 13
14. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
The WEP Flaw (greatly simplified)
Page 14
Protocol
• Passphrase Key kp
• Initialization vector ivi
• Plaintext data d1, d2 (for separate blocks 1 and 2)
• Traffic Key kti = kp||ivi
• Ciphertext = E(kti, di) = RC4(kti) ⊕ di
Attack
• Assume iv1 = iv2
• Only 17 million IVs (224), so IV of two packets can be found (≈ one in 4096)
(RC4(kt1) ⊕ d1) ⊕ (RC4(kt1) ⊕ d2) = d1 ⊕ d2
ey kp
vector ivi
a d1, d2 (for separate blocks 1 and 2)
ti = kp||ivi
E(kti, di) = RC4(kti) ⊕ di
= iv2
on IVs (224), so IV of two packets can be found (≈ one in 4096)
(RC4(kt1) ⊕ d1) ⊕ (RC4(kt1) ⊕ d2) = d1 ⊕ d2
15. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
802.11i (WPA - Wifi Protected Access)
• Solution to problems with WEP
• Two modes of operation
– Pre-shared key mode -- WEP like, shared key derived from
single network passphrase
– Server mode -- uses 802.1X authentication server to
authenticate/give unique keys to users
• Protocol fixes to WEP
– increase IV size to 48 bits
– TKIP - change keys every so often -- Temporal Key
Integrity Protocol
– improved integrity (stop using CRC and start using MAC)
– WPA2: AES instead of RC4
Page 15
16. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
WAP (Wireless Application Protocol)
• A set of protocols for implementing applications over
thin (read wireless) pipes.
• Short version: a set of protocols to implement the
web over wireless links as delivered to resource
limited devices
– reduce overhead and flabby content (image rich HTML)
– support limited presentation and content formats
• Wireless Markup Language (XML-based language)
– reduce the footprint of the rendering engine (browser)
• Security: WTLS
– SSL/TLS protocol -- public keys, key negotiation, etc.
• Success in Japan, little elsewhere (currently)
Page 16
17. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
EAP/LEAP
• Extensible Authentication Protocol
– Challenge response - auth. only
– Bolts onto other authentication mechanisms, e.g.,
Kerberos, RADIUS
– Passes authentication information onto other protocols
(WEP, WAP)
– LEAP: Cisco implementation/modifications (security
problems are possibly serious)
– Standards: EAP-MD5, EAP-TLS
– PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2
protocols
Page 17
18. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Bluetooth
• A standard for building very small personal area
networks (PANs)
• Connects just everything you can name: PDAs,
phones, keyboards, mice, your car
• Very short range range network: 1 meter, 10
meters, 100 meters (rare)
• Advertised as solution to "too many cables"
• Authentication
– "pairing" uses pass-phrase style authentication to
establish relationship which is often stored
indefinitely (problem?)
Page 18
19. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
Bluetooth Security
• Everything really works off the PIN
• Attacks have progressively been successful at
identifying vulnerabilities in the way PINs are used,
can be reverse engineered
• Privacy: know what is on and how public it is ...
• Problem: Cambridgeshire, England
• Problem: Bluetooth rifle
Page 19
20. CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
RFIDs
• Radio Frequency Identification (RFID)
• identity-providing transponders
• Passive: no external power - backscatter (Walmart)
• Active: internal power (SpeedPass)
• History: a soviet listening device (1945), alied FoF (1939)
• Privacy/Security anyone?
• Q: How do you control who is accessing your information?
• A: You don’t (currently)
• Security measures
• Rolling code (one time tokens)
• Crypto-protocols, limited range, ...
20
21. Page
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger
NIST Evaluation
• Any vulnerability in a wired network is present in the
wireless network
• Many new ones: protocols, systems more public and
vulnerable
• Recommendations:
– Disable file and directory sharing
– Turn off APs when not in use
– Use robust passwords, 128-bit encryption
– Audit, audit, audit
– VPNs are a good ...
Page 21