Wireless Network Security Vedavyas Duggirala CS 6204, Spring 2005 - - PowerPoint PPT Presentation

1 CS 6204, Spring 2005

Wireless Network Security

Vedavyas Duggirala

2 CS 6204, Spring 2005

Wireless Devices - Benefits and Risks

♦ Benefits

– Allow Mobility – Greater flexibility, efficiency and reduced wiring costs – Enable new applications from retail settings, shop floor & first responders

♦ Risks

– Suffers from all the risks of wired networks – Communication media (air) is open – Mobility and compactness raise physical security concerns.

3 CS 6204, Spring 2005

Wireless Technology Overview

♦ Wireless Wide Area Networks

e.g. 2G Cellular, 3G, CDPD, GSM, Mobitex …

♦ Wireless Local Area Networks

e.g. 802.11, HiperLAN

♦ Wireless Personal Area Networks

e.g. Bluetooth, IR

♦ Wireless Devices

e.g. Laptops, PDA, Pagers, Cell Phones, Smart Phones …

4 CS 6204, Spring 2005

802.11 Overview

♦

Physical Layer Direct Sequence Spread Spectrum (DSSS), Frequency Hopping Spread Spectrum (FHSS), Orthogonal Frequency Division Multiplexing (OFDM), infrared (IR).

♦

Frequency Band 2.4 GHz (ISM band) and 5 GHz.

♦

Data Rates 1 Mbps, 2 Mbps, 5.5 Mbps (11b), 11 Mbps (11b), 54 Mbps (11a)

♦

Data and Network Security: RC4-based stream encryption algorithm for confidentiality, authentication, and integrity. Limited key management. (AES is being considered for 802.11i.)

♦

Operating Range Up to 150 feet indoors and 1500 feet outdoors.

♦

Positive Aspects: Ethernet speeds without wires; many different products from many different companies. Wireless client cards and access point costs are decreasing.

♦

Negative Aspects: Poor security in native mode; throughput decrease with distance and load.

5 CS 6204, Spring 2005

802.11 Overview

♦

Infrastructure mode:

– Clients connect via an Access Point (AP) – Coverage area of AP is called BSS (Basic Service Set) – AP’s can be connected by wired

• r wireless means. Total

coverage area is called ESS (Extended Service Set) ♦

Ad-hoc mode:

– Clients connect to each other directly – Coverage area is called IBSS (Independent BSS)

6 CS 6204, Spring 2005

802.11 Security

♦ Security provided by WEP (Wired Equivalent Privacy) Protocol ♦ No end to end security, only for the wireless portion ♦ Authentication: Verify Identity of communicating clients ♦ Confidentiality: Provides privacy achieved by wired network.

Protects against passive attacks (eavesdropping)

♦ Integrity: Message is not modified in transit between client and AP

7 CS 6204, Spring 2005

802.11 Authentication

Open

♦

One stage challenge-response

♦ A station is allowed to join a

network without any identity

• verification. Station just

responds with a MAC address

♦ Only “authentication” method

required by the standard

Shared

♦ Two stage challenge response ♦ Based on RC4 stream cipher ♦ Station is allowed to join based

• n knowledge of a shared secret

♦ Does not provide mutual

• authentication. Only client is

authenticated, AP is not.

♦ Vulnerable to Man in the

middle attacks

♦

Not required by the standard

8 CS 6204, Spring 2005

802.11 Privacy and Integrity

♦

Confidentiality - Data encrypted only for wireless portion from client to Access Point (AP)

♦

Integrity - CRC is used to detect message tampering

♦

Uses the RC4 symmetric key, stream cipher algorithm to generate a pseudo- random data sequence. This “key stream” is simply added modulo 2 (exclusive-OR-ed) to the data to be transmitted

♦

Key size is 40bits. Most vendors provide 104bit keys

♦

24 bit Initialization Vector is used as a part of the encryption

9 CS 6204, Spring 2005

802.11 Vulnerabilities

♦ Suffers from flawed implementation of RC4 and is

vulnerable irrespective of key length

♦ IV generation is not specified ♦ IV is transmitted in clear text on all packets ♦ Keys not chosen randomly (based on passphrase

rather than mouse movements / computer noise)

♦ CRC not fundamentally cryptographically secure

unlike secure hash algorithms

♦ Key management kept out of the standard.

– No secure mechanism to change Keys frequently. – Keys are set statically, shared or left at default values

10 CS 6204, Spring 2005

Taxonomy of Security Attacks

♦ Passive Attacks – Does not modify content – Difficult to detect ♦ Active Attacks – Modifies the content – Detectable, but not necessarily preventable

11 CS 6204, Spring 2005

802.11 Security Attacks

♦ Security features are not frequently enabled. The AP is not secure out

• f the box

♦ Passive eavesdropping - Can be launched from outside the building ♦ Traffic analysis - Open source tools (AirSnort, WEPcrack) available

which sniff the traffic and crack the encryption keys.

♦ Active attack using systematically modified packets to see when the

AP acknowledges

♦ Rouge AP which masquerades as legitimate one can collect passwords

and other data. Often deployed by insiders without knowledge of IT staff

♦ Physical security of AP needed. Most can be reset with a pin and

default passwords are widely know or are not enabled

♦ Denial of Service attacks by sending continuous jamming signal

12 CS 6204, Spring 2005

Risk Mitigation

♦ Defense-in-depth ♦ Cost-benefit analysis of the methods ♦ Management Policies

– Specify who can use and deploy WLAN – Specify limitations on access and physical security – Guidelines on reporting theft and loss of equipment – Guidelines on encryption and key management – Define scope and frequency of security audit

13 CS 6204, Spring 2005

Risk Mitigation

♦ Operational Countermeasures

– Provide Physical security to AP – Use Photo-ID, Biometrics, Smart cards to restrict access – Set the power and range of wireless equipment – Use tools to map wireless coverage

♦ Technical Countermeasures

– AP configuration - change default password – Establishing the proper default encryption – Controlling reset function

14 CS 6204, Spring 2005

Risk Mitigation

♦ Technical countermeasures

– Using MAC ACL functionality – Change SSID. Disable the broadcast – Maximize Beacon Interval – Changing default cryptographic keys – Using SNMPv3 – Change default Channel (avoid interference) – Install all Software patches and upgrades – Third party security assessments

15 CS 6204, Spring 2005

Risk Mitigation

♦ Use Personal Firewalls ♦ Intrusion Detection Systems should be

used and properly configured

♦ Virtual Private Networks

– Provides strongest protection – Based on higher layers (IPSec)

16 CS 6204, Spring 2005

Emerging Security Standards

♦ WiFi Protected Access (WPA)

– Not perfect. Short term measure – Can be implemented in software – 802.1X port-based access control. Provides a framework to allow the use of robust upper layer authentication protocols. – Integrated with RADIUS, Diameter, Kerberos – Temporal Key Integrity Protocol (TKIP) extends the IV space, allows for per-packet key construction, provides cryptographic integrity, and provides key derivation and distribution.

♦ 802.11 TG i is working on long term solution

– Requires hardware and protocol changes – Enhanced AES based ciphers – Protects against forgeries, replay attacks

17 CS 6204, Spring 2005

Wireless Personal Area Networks

♦ Eliminate cables between stationary and mobile

devices – e.g. keyboard, mouse, speaker, printer, fax, head phones,PDA, Smart Phones…

♦ Facilitate both data and voice communication ♦ Ad-hoc networks and data synchronicity between

devices

– Two bluetooth laptops /PDA’s can exchange files

18 CS 6204, Spring 2005

Bluetooth(802.15) Specs

♦ Physical Layer Frequency Hopping Spread Spectrum (FHSS). ♦ Frequency Band 2.4 – 2.4835 GHz (ISM band). ♦ Hop Frequency 1,600 hops/sec. ♦ Data Rate 1 Mbps (raw). Higher bit rates are anticipated. ♦ Data and Network Security: Three modes of security (none, link-

level, and service level), two levels of device trust, and three levels of service security. Stream encryption for confidentiality, challenge- response for authentication. PIN-derived keys and limited management.

♦ Operating Range About 10 meters (30 feet); can be extended to 100

meters.

♦ Throughput Up to approximately 720 kbps. ♦ Positive Aspects: No wires and cables for many interfaces. Ability to

penetrate walls and other obstacles. Costs are decreasing with a $5 cost

• projected. Low power and minimal hardware.

♦ Negative Aspects: Possibility for interference with other ISM band

• technologies. Relatively low data rates. Signals leak outside desired

boundaries.

19 CS 6204, Spring 2005

Bluetooth Security Features

♦ Frequency hopping makes eavesdropping slightly

more difficult

♦ Range can be easily limited by power to safe

distances

♦ Provides Authentication, Authorization and

Confidentiality for the wireless portion of traffic

♦ Auditing or non-repudiation are not provided

20 CS 6204, Spring 2005

Security Modes

♦ Security Mode 1 - No security ♦ Security Mode 2 - Service-level enforced security

– Security Manager controls access to services and devices after a channel is established – Security Manager contains access control policies and can interface with other protocols and users

♦ Security Mode 3 - Link level enforced security

– Devices are authenticated based on a shared secret link key – Unidirectional or mutual authentication is possible

21 CS 6204, Spring 2005

Bluetooth Bonding - Link key generation

♦ User enters same 1-16

byte PIN on both devices

♦ Authentication is via

challenge-response

♦ Unsuccessful auth devices

have to wait before trying again

♦ Waiting period increases

exponentially with number

• f failuers

22 CS 6204, Spring 2005

Bluetooth Encryption scheme

♦ Encryption mode 1 - None ♦ Encryption mode 2 - Broadcast traffic not encrypted, individual traffic

encrypted with link keys

♦ Encryption mode 3 - All traffic encrypted with a master link key ♦ Key Stream changes per packet ♦ Key length can be negotiated. Minimum length can also be specified

23 CS 6204, Spring 2005

Bluetooth vulenerabilites

♦ A device may be compromised ♦ Malicious user can use bluetooth device as

bugging device

♦ Man in the middle attacks for challenge -response.

Need mutual authentication

♦ Bluetooth networks are unlikely to be monitored

by network admins. Security is left to the user.

♦ Denial of service via interference by common

appliances (operates in 2.4GHz ISM band)

♦ Battery draining attacks ♦ See table for more

24 CS 6204, Spring 2005

Bluetooth - Risk Mitigation

♦ Specify who, if any can use bluetooth ♦ Restrict range by decreasing power ♦ Integrate with other user and application

authentication

♦ Ensure you use all the provided security

features (mutual authentication, minimum encryption key length, Larger PINs …)

♦ Not many management software or tools

have appeared

25 CS 6204, Spring 2005

Wireless Handheld devices

♦ Users use them for both personal and business data without

the knowledge of the company IT staff

♦ Small size and low cost of devices means they can be

easily stolen or lost

♦ Limited power and processing power puts a limitation on

strength of feasible encryption schemes

♦ Users download potentially unsafe third party freeware

apps like games, utilities

♦ Many users have limited security awareness about the

threats posed by these devices

26 CS 6204, Spring 2005

Some Threats and Countermeasures

♦ Information stored on the devices must be

encrypted

♦ Data transmission during synchronization must be

protected from eavesdropping

♦ Remote synchronization via dialing must use VPN ♦ Devices must have personal firewalls ♦ Tools to delete data after x number of

unsuccessful attempts

♦ Smart phones have ability to record audio and

• video. They should be restricted in secure zones

27 CS 6204, Spring 2005

Wireless threats - Summary

♦ Threats are byproduct of the features

– Mobility causes Physical security problems – Using AIR as media causes eavesdropping – New technology

• protocols are not mature enough
• user awareness of risks is low