csg357 dan ziminski & bill davidge 1 effective wireless security – technology and policy csg...
TRANSCRIPT
CSG357 Dan Ziminski & Bill Davidge 1
Effective Wireless Security – Technology and Policy
CSG 256 Final Project Presentationby
Dan Ziminski&
Bill Davidge
CSG357 Dan Ziminski & Bill Davidge 2
AGENDA
Some attacks to WLANs
Authentication Protocols
Encryption Protocols
Rogue AP problem
Case Studies
CSG357 Dan Ziminski & Bill Davidge 3
802.11 Passive Monitoring802.11 Passive Monitoring
Attacker Passive MonitoringCaptures data
Station
Access Point
Username: dziminski
Password:cleartext
CSG357 Dan Ziminski & Bill Davidge 4
802.11 DOS Attack802.11 DOS Attack
Attacker spoofs 802.11Disassociate frame
Station
Access Point
X Connection is broken
CSG357 Dan Ziminski & Bill Davidge 5
802.11 Man in the Middle Attack802.11 Man in the Middle Attack
Access Point
•Attacker broadcasts spoofed AP SSID and MAC Address •Station unknowingly connects to attacker•MIM attacks can always be established•But if strong authentication and encryption are used, attacker will be nothing more than a bridge.
AP MAC Address
Station MAC Address
AP MAC Address
Station MAC Address
Attacker
Station
CSG357 Dan Ziminski & Bill Davidge 6
Authentication and Encryption Authentication and Encryption StandardsStandards
EAP
802.1x
WPA-TKIP 802.11i
RC4
TLS
MSFTIETF
Encryption Algorithms
Authentication Protocols
PEAP
CSCO/MSFTIETF
CertificateCredentials Username/Password
Encryption Standards WEP
RC4 AES
CSG357 Dan Ziminski & Bill Davidge 7
802.1x Authentication802.1x Authentication
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
CSG357 Dan Ziminski & Bill Davidge 8
802.1x EAP-TLS Authentication802.1x EAP-TLS Authentication
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
Client digital certFrom XYZ CA
Server Digital certFrom XYZ CA
CSG357 Dan Ziminski & Bill Davidge 9
802.1x PEAP authentication802.1x PEAP authentication
StationSupplicant
Access PointAuthenticator RADIUS Server
Authorizer
Digital certFrom XYZ CA
Directory Server
Phase 1:Authenticate AP. Secure tunnelto AP using TLS
Phase 2:Password authenticationwith directory server
Username DanPassword: encrypted
Success/Fail
CSG357 Dan Ziminski & Bill Davidge 10
VPN Authentication and EncryptionVPN Authentication and Encryption
StationAccess Point VPN Gateway
LAN
IPSEC VPN Tunnel
CSG357 Dan Ziminski & Bill Davidge 11
Web AuthenticationWeb Authentication
StationAccess Point
Web auth security device
LAN
HTTPSLogin page
BackendRADIUSServer
CSG357 Dan Ziminski & Bill Davidge 12
Which Authentication to Choose?Which Authentication to Choose?
Wireless Auth Type
Desktop Control Needed
Cost to Implement
Difficult to Manage
Vendor Support
Problems
Vulnerable to Attack
VPN high high medium low low
WEP medium low high low high
802.1x EAP TLS
ceritficates
high high high medium low
802.1x PEAP
medium medium medium medium low
Web Auth low low medium low medium
CSG357 Dan Ziminski & Bill Davidge 13
WEP EncryptionWEP Encryption
IV Payload CRC-32
Encrypted with 40 or 104 bit key. RC4 Algorithm.
integrity check24 bit IV clear text
WEP has several problems1. IV is too small. At 10,000 packets per second IV repeats in 5
hours.2. There are several “weak keys”. Those are especially vulnerable.3. No key update mechanism built in.4. Message replay attacks. DOS.
CSG357 Dan Ziminski & Bill Davidge 14
Wi-Fi Protected Access (WPA) TKIP-Wi-Fi Protected Access (WPA) TKIP-encryptionencryption
•Wi-Fi Protected Access is an interim standard created by the Wi-Fi alliance (group of manufacturers).
•WPA-TKIP fixes problems with WEP.•IV changes to 48 bits with no weak keys. 900 years to repeat an IV at 10k packets/sec.•Use IV as a replay counter.•Message integrity.•Per-packet keying.
•Supported on many wireless card and on Windows XP (after applying 2 hot fixes).
•Uses 802.1x for key distribution.
•Can also use static keys.
CSG357 Dan Ziminski & Bill Davidge 15
TKIP – Per Packet KeyingTKIP – Per Packet Keying
48 bit IV
16 bit lower IV32 bit upper IV
Key mixing Key mixing
Per-Packet-KeyIVIV d
Session Key
MAC Address
104 bits24 bits
128 bits
•Fixes the weaknesses of WEP key generation but still uses the RC4 algorithm.
CSG357 Dan Ziminski & Bill Davidge 16
802.11i AES-encryption802.11i AES-encryption
•Ratified by the IETF in June of 04.
•Uses the AES algorithm for encryption and 802.1x for key distribution.
•Backwards compatible with TKIP to support WPA clients.
•802.11i not in many products yet.
CSG357 Dan Ziminski & Bill Davidge 17
Which Encryption to Choose?Which Encryption to Choose?
Wireless Encryption
Type
Desktop Control Needed
Cost to Implement
Difficult to Manage
Vendor Support
Problems
Vulnerable to Attack
none low low low low high
WEP medium low high low medium
WPA TKIP high high high medium low
802.11i AES high high high high none
VPN high high medium low none
CSG357 Dan Ziminski & Bill Davidge 18
Newbury NetworksNewbury Networks
• 3-hour “war driving” DNC in Boston
– A total of 3,683 unique Wi-Fi devices– An average of 1 wireless network card
every 2 minutes– Nearly 3,000 of the total Wi-Fi devices
were discovered in Boston's Back Bay
CSG357 Dan Ziminski & Bill Davidge 19
3-hour “war driving” DNC in Boston3-hour “war driving” DNC in Boston
– 65% of the wireless networks detected had no encryption
– 457 unique wireless access points-the majority of which were unsecured
CSG357 Dan Ziminski & Bill Davidge 20
DefCon X Hacker Convention-2002DefCon X Hacker Convention-2002
• 2-hour monitoring Wireless LAN
– Identified 8 sanctioned access points
– 35 rogue access points, and more than– – 800 different station addresses
CSG357 Dan Ziminski & Bill Davidge 21
DefCon X Hacker Convention-2002DefCon X Hacker Convention-2002
– 200 to300 of the station addresses were fakes
– 115 peer-to-peer ad hoc networks and identified 123 stations that launched a total of 807 attacks during the two hours
– 490 were wireless probes from tools such as Netstumbler and Kismet
CSG357 Dan Ziminski & Bill Davidge 22
DefCon X Hacker Convention-2002DefCon X Hacker Convention-2002
• 100 were varying forms Denial-of-Service attacks that either– jammed the airwaves with noise to shut
down an access point– targeted specific stations by continually
disconnecting them from an access point or
– forced stations to route their traffic through other stations
CSG357 Dan Ziminski & Bill Davidge 23
DefCon X Hacker Convention-2002DefCon X Hacker Convention-2002
– 27 attacks came from out-of-specification management frames where hackers launched attacks that exploited 802.11 protocols to take over other stations and control the network
• 190 were identity thefts, such as when MAC addresses and SSIDs
CSG357 Dan Ziminski & Bill Davidge 25
Case Studies-UniversityCase Studies-University
• University– fosters an open, sharing environment – “…allow all, deny some…” as far as
access goes. – large area– large user population– knowledgeable support group and a wide
spectrum of knowledge in the user base
CSG357 Dan Ziminski & Bill Davidge 26
Case Studies-Financial InstitutionCase Studies-Financial Institution
– restricted access
– limited number of authorized users
– Technical staff with control of user hardware
– geographically dispersed locations
CSG357 Dan Ziminski & Bill Davidge 27
Case Study: Global Bank (alias)Case Study: Global Bank (alias)
•In process of deploying enterprise WLAN.
•Using 802.1x EAP-TLS with client web certificate for authentication.
•Tested PEAP, but failed auth attempts would lock out users Active Directory account.
•Had a small VPN pilot but found it didn’t scale.
•Originally started testing WPA-TKIP but too many interoperability problems with card and APs.
•Switched to WEP with keys rotating every 30 minutes using 802.1x. They feel that this is secure enough.
•Monitor for rogue APs. Any rogue that is detected by 3+ APs is investigated and removed if on LAN.
CSG357 Dan Ziminski & Bill Davidge 28
Case Studies: home networksCase Studies: home networks
– small number of users
– with no expectation of heavy volume
– Limited technological expertise