Wireless Security CSE497b - Spring 2007 Introduction Computer and - - PowerPoint PPT Presentation

wireless security
SMART_READER_LITE
LIVE PREVIEW

Wireless Security CSE497b - Spring 2007 Introduction Computer and - - PowerPoint PPT Presentation

Jan 26, 2023 300 likes •526 views

Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger At the mall ... 2

slide-1
SLIDE 1

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wireless Security

CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

www.cse.psu.edu/~tjaeger/cse497b-s07/

slide-2
SLIDE 2

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

At the mall ...

Page

2

slide-3
SLIDE 3

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wireless Networks

  • Network supported by

radio communications ..

  • Alphabet soup of

standards, most on 802.11

  • .. destroys the illusion of a

hard perimeter.

Page

3

slide-4
SLIDE 4

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Why you should fear Simon Byers ...

  • Over the course of history radio frequencies have

been enormously vulnerable to eavesdropping and manipulation.

  • ASSUME: Everything you say on a wireless network

is going to be heard and potentially manipulated by your adversaries.

Page

4

slide-5
SLIDE 5

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wireless LANs

  • Access point networks (ranging to about 300 feet)
  • All devices connect to the central access point
  • Pro: very easy to setup and maintain, simple

protocols

  • Con: reliability/speed drops as you get away from

AP or contention increases.

Page

5

slide-6
SLIDE 6

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Ad hoc Networks (a.k.a peer-to-peer)

  • Devices collaboratively work together to support

network communication

  • Network topology changes in response to moving

devices, e.g., bluetooth

  • Pro: highly flexible and responsive to changes in

environment

  • Con: complex, subject to traffic manipulation by

malicious peers

Page

6

slide-7
SLIDE 7

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Devices

  • Laptops (canonical wireless devices)
  • Desktops, mobile phones, ....
  • Bluetooth

Page

7

slide-8
SLIDE 8

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Attacks on Wireless Networks

  • DOS
  • Planted devices
  • Hijacked connections
  • Eavesdropping
  • Somebody is "in the wire" ...

Page

8

slide-9
SLIDE 9

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Threats

  • This is an open network ...
  • ... to which anyone can connect.
  • What security is necessary?

– Authentication? – Confidentiality? – Integrity? – Privacy? – DOS Protection? – Accountability (traceability)?

Page

9

slide-10
SLIDE 10

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Security Mechanisms

  • Note: this is just a network with different threats, so

implementing security is very similar to network security

  • Authentication

– Q: What are you authenticating in a wireless network? – Methods: password/passphrase, smartcard, etc. – Tools: radius, Kerberos, PKI services ....

  • Confidentiality/Integrity

– Typically implemented via some transport protocol – IPsec (just implement a VPN -- this is what PSU does)

Page 10

slide-11
SLIDE 11

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Wireless Security Approaches

  • MAC Authentication
  • WEP (Wired Equivalent Privacy)
  • 802.11i (WPA - Wifi Protected Access)
  • EAP/LEAP (Extensible Authentication Protocol)
  • WAP (Wireless Application Protocol)

11

slide-12
SLIDE 12

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

MAC Authentication

  • Create a list of MAC addresses

– media access layer, e.g., ether 00:0a:95:d5:74:6a – Only these devices are allowed on network

  • Attack

– Listen on network for MAC address use -- laptop – Masquerade as that MAC address (easy to do, many devices programmable) – ... can wait for it to go off line to avoid conflict, but not necessary

  • ARP Security limitations

Page 12

ether 00:0a:95:d5:74:6a

slide-13
SLIDE 13

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

WEP (Wired Equivalent Privacy)

  • Keys

– Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or) – 26 char hexadecimal + 24-bit IV = 128-bit WEP – Ability to send packets is essentially authentication

  • integrity used as authentication

– Built into the vast majority of home wireless routers

Page 13

slide-14
SLIDE 14

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

The WEP Flaw (greatly simplified)

Page 14

Protocol

  • Passphrase Key kp
  • Initialization vector ivi
  • Plaintext data d1, d2 (for separate blocks 1 and 2)
  • Traffic Key kti = kp||ivi
  • Ciphertext = E(kti, di) = RC4(kti) ⊕ di

Attack

  • Assume iv1 = iv2
  • Only 17 million IVs (224), so IV of two packets can be found (≈ one in 4096)

(RC4(kt1) ⊕ d1) ⊕ (RC4(kt1) ⊕ d2) = d1 ⊕ d2

slide-15
SLIDE 15

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

802.11i (WPA - Wifi Protected Access)

  • Solution to problems with WEP
  • Two modes of operation

– Pre-shared key mode -- WEP like, shared key derived from single network passphrase – Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users

  • Protocol fixes to WEP

– increase IV size to 48 bits – TKIP - change keys every so often -- Temporal Key Integrity Protocol – improved integrity (stop using CRC and start using MAC) – WPA2: AES instead of RC4

Page 15

slide-16
SLIDE 16

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

WAP (Wireless Application Protocol)

  • A set of protocols for implementing applications over

thin (read wireless) pipes.

  • Short version: a set of protocols to implement the

web over wireless links as delivered to resource limited devices

– reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats

  • Wireless Markup Language (XML-based language)

– reduce the footprint of the rendering engine (browser)

  • Security: WTLS

– SSL/TLS protocol -- public keys, key negotiation, etc.

  • Success in Japan, little elsewhere (currently)

Page 16

slide-17
SLIDE 17

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

EAP/LEAP

  • Extensible Authentication Protocol

– Challenge response - auth. only – Bolts onto other authentication mechanisms, e.g., Kerberos, RADIUS – Passes authentication information onto other protocols (WEP, WAP) – LEAP: Cisco implementation/modifications (security problems are possibly serious) – Standards: EAP-MD5, EAP-TLS – PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols

Page 17

slide-18
SLIDE 18

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Bluetooth

  • A standard for building very small personal area

networks (PANs)

  • Connects just everything you can name: PDAs,

phones, keyboards, mice, your car

  • Very short range range network: 1 meter, 10

meters, 100 meters (rare)

  • Advertised as solution to "too many cables"
  • Authentication

– "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?)

Page 18

slide-19
SLIDE 19

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

Bluetooth Security

  • Everything really works off the PIN
  • Attacks have progressively been successful at

identifying vulnerabilities in the way PINs are used, can be reverse engineered

  • Privacy: know what is on and how public it is ...
  • Problem: Cambridgeshire, England
  • Problem: Bluetooth rifle

Page 19

slide-20
SLIDE 20

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

RFIDs

  • Radio Frequency Identification (RFID)
  • identity-providing transponders
  • Passive: no external power - backscatter (Walmart)
  • Active: internal power (SpeedPass)
  • History: a soviet listening device (1945), alied FoF (1939)
  • Privacy/Security anyone?
  • Q: How do you control who is accessing your information?
  • A: You don’t (currently)
  • Security measures
  • Rolling code (one time tokens)
  • Crypto-protocols, limited range, ...

20

slide-21
SLIDE 21

Page CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

NIST Evaluation

  • Any vulnerability in a wired network is present in the

wireless network

  • Many new ones: protocols, systems more public and

vulnerable

  • Recommendations:

– Disable file and directory sharing – Turn off APs when not in use – Use robust passwords, 128-bit encryption – Audit, audit, audit – VPNs are a good ...

Page 21