* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security in Wireless LANs
		                    
		                    
								Survey							
                            
		                
		                
                            
                            
								Document related concepts							
                        
                        Computer security wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
IEEE 802.11 wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Authentication wikipedia , lookup
						
						
							Transcript						
					
					Security in Wireless LANs
Presented by Raquel S.
Whittlesey-Harris
6/25/02
Contents
Wireless LANs, An Overview
Security Threats
Basic Definitions
HIPERLAN
802.11
Solutions
References
5/25/2017
2
Wireless LANs, An Overview
What is Wireless Local Area Network
technology (WLAN)?
A wireless (w/o wired cables) data
communication system that uses shared radio
waves or infrared light to transmit and receive
data
Provides freedom and flexibility to connect to a
network or internet w/o being physically
connected with a cable or modem
5/25/2017
3
Wireless LANs, An Overview
Communication is via air, walls, ceilings and
cement structures (throughout or between
buildings)
Can alleviate network deployment costs
Solve some installation problems of older structures
(asbestos)
Essentially an unlimited number of points for attacking
We will take a look at two standards
IEEE’s 802.11
ETSI’s HIPERLAN
5/25/2017
4
Wireless LANs, An Overview
Peer-to-Peer (Adhoc)
Wireless devices have no access point
connection and each device communicates with
each other directly
5/25/2017
5
Wireless LANs, An Overview
Client/Server (infrastructure networking)
Extends an existing wired LAN to wireless
devices by adding an access point (bridge and
central controller)
5/25/2017
6
Security
What is a secure environment?
No system is 100% secure
Generally applications, industries apply
their own set of security tolerances
5/25/2017
E.g., DHHA (Department of Health and Human
Services) has created a set of rules called the
HIPAA (Health Insurance Portability and
Accountability Act) to regulate the use and
discloser of protected health information
7
Security Threats
Denial-of-Service
The system or network becomes unavailable to
legitimate users or services are interrupted or delayed
(due to interference)
Equipment can be purchased from electronic stores
easily and prices are reasonable
Protection is expensive and difficult
Only total solution is to have the wireless network inside of the
faraday cage (applicable in rare cases)
Easy however to locate the transceiver used to
generate the interference
5/25/2017
8
Security Threats
Interception/Eavesdropping
(confidentiality)
Identity of a user is intercepted for use later to
masquerade as a legitimate user
Data stream is intercepted and decrypted for the
purpose of disclosing private information
Radio band transmissions are readily intercepted
There is no means to detect if a transmission has
been eavesdropped
Strong encryption is necessary to keep the contents
of intercepted signals from being disclosed
5/25/2017
9
Security Threats
The frequency band and transceiver power has a great
effect on the range where the transmission can be
heard
2-5 MHz radio band and 1 W transceiver power
W/o electromagnetic shielding the network transmissions may be
eavesdropped from outside of the building for which the network
is operating
Manipulation
Data has been compromised
Inserted, deleted or otherwise modified
Can occur during transmission or to stored data
E.g., a virus
5/25/2017
10
Security Threats
Masquerading
The act of an adversary posing as a legitimate user in
order to gain access to a wireless network or system
served by the network
Strong authentication is required to prevent such
attacks
Repudiation
User denies performing an action on the network
Sending a particular message
Accessing the network
Again strong authentication of user’s is required,
integrity assurance methods, and digital signatures
5/25/2017
11
Security Threats
Transitive Trust
Intrusion by fooling the LAN to trust the mobile
controlled by the intruder
Authentication again important
Infrastructure
These attacks are based on weaknesses in the system
Software, configuration, hardware failure, etc.
Protection almost impossible
5/25/2017
Best to just test the system as thoroughly as possible
12
Summary – Security Threats
Denial-of-Service
Interception/Eavesdropping
Manipulation
Masquerading
Repudiation
Transitive Trust
Infrastructure
5/25/2017
Faraday Cage
Encryption techniques
Authentication
Authentication
Authentication,
integrity assurance,
digital signatures
Authentication
Thorough Testing
13
Basic Definitions
Confidentiality
Integrity
Are you communicating with whom you think?
Is the data you are looking at correct or has it been
tampered with?
Availability
Are you the only one who is viewing information
specific to you or authorized users?
Are the required services there when you need them?
Authentication
Are you who you say you are?
5/25/2017
14
HIPERLAN
Developed by the European Telecommunications
Standards Institute (ETSI)
Similar to 802.11
HiperLAN/1
Provides communications up to 20 Mbps in the 5-GHz
range of the radio frequency spectrum
HiperLAN/2
Provides communications up to 54 Mbps in the same
FR band
Compatible with 3G WLAN systems (data, images,
voice)
5/25/2017
15
HIPERLAN
Defines the MAC sublayer, Channel Access
Control (CAC) sublayer and the physical
layer
Currently the defined physical layers use 5.15 –
5.30 GHz frequency band and supports
Up to 2,048 Kbps synchronous traffic
Up to 25 Mbps asynchronous traffic
5/25/2017
16
HIPERLAN
Properties
Provides a service that is compatible with the ISO MAC service
definition in ISO/IEC 15 802-1
Compatible with the ISO MAC bridges specification ISO/IEC 10
038 for interconnection with other LANS
Ad-hoc or arranged topology possible
Supports mobility
May have coverage beyond the radio range limitation of a single
node
Supports asynchronous and time-bounded communication by
means of a Channel Access Mechanism (CAM) – priorities provide
hierarchical independence of performance
Power Management
5/25/2017
17
HIPERLAN
Defines an optional encryption-decryption
scheme
All HM-entities (HiperLAN MAC) use a common set
of shared keys (HIPERLAN key-set)
Plain text is ciphered by XOR operation with
random sequence generated by a confidential
algorithm
5/25/2017
Each has a unique key identifier
Uses the secret key and an initialization vector sent in
every MPDU (MAC Protocol Data Unit) as input
18
HIPERLAN
HiperLAN does not define any kind of
authentication
5/25/2017
19
802.11
Defined by IEEE to cover the physical layers
and MAC sublayers for WLANs
3 physical layers
Frequency Hopping Spread Spectrum (FHSS)
Direct Sequence Spread Spectrum (DSSS or DS-CDMA)
Baseband Infrared
DSSS is mostly used since FHSS cannot support
high speeds without violating FCC regulations
All physical layers offer2 Mbps data rate
Radio uses 2,400 – 2,483.5 MHz frequency band
MAC layer is common to all physical layers
5/25/2017
20
802.11
802.11 implementation
5/25/2017
21
802.11
Properties
Supports Isochronous and Asynchronous
Supports priority
Association/Disassociation to an AP in a BSS or ESS
Re-Association or Mobility Management to transfer of association
from one AP to another
Power Management (battery preservation)
Authentication to establish identity of terminals
Acknowledgement to ensure reliable wireless transmission
Timing synchronization to coordinate the terminals
Sequencing with duplication detection and recovery
Fragmentation/Re-assembly
5/25/2017
22
802.11
Defines two authentication schemes
Open System Authentication
All mobiles requesting access are accepted
Shared Key Authentication
Uses shared key cryptography to authenticate
5/25/2017
23
802.11
5/25/2017
24
802.11
Optional Wired Equivalent Privacy (WEP)
mechanism
Confidentiality and Integrity of traffic
Station-to-Station
No end-to-end security
Integrity Check (ICV)
Implements RC4 PRNG[8] algorithm
40 bit secret key
24 bit initialization vector (IV)
5/25/2017
25
802.11
RC4
Input: IV, Random Key, Plaintext
IV and key is input to E  keystream output
Keystream output is XORed with plain text  ciphertext
Keystream output is also fed back to I (to cause a variation as a function
of IV and key); must not use same keystream twice
IV sent as an unencrypted part of the ciphertext stream (integrity must
be assured)
5/25/2017
26
802.11
RC4
Supports variable length keys
Most commonly used are 40 bits for export controlled systems and 128 bits for
domestic applications
128 bit encryption (104 bits key)
Standard does not specify key management or distribution
Provide a globally shared array of 4 keys
Supports an additional array that associates a unique key with each user
station
5/25/2017
27
802.11
RC4
A CRC32 bit stream is appended to the plaintext message to
provide integrity
Does not ensure cryptographic integrity
5/25/2017
28
802.11
Vulnerabilities and Weaknesses
Authentication
Authentication and an association (binding between the station
and access point (AP)) is required before transmission
States
 Unauthenticated & unassociated
 Authenticated & unassociated
 Authenticated and associated
Two authentication methods mentioned earlier
5/25/2017
Open System Authentication (OSA)
Shared Key Authentication
29
802.11
OSA
Default authentication method
Two management frames exchanged
Station  station MAC address, identifier (authentication
request)  AP
AP  status field (authentication success or failure)
Authenticated and unassociated
Two frames to establish association
Most vendors implement a wireless access control mechanism
based on examining the station MAC address and blocking
unwanted stations from associating
5/25/2017
Requires that a list of authorized MAC addresses be loaded on
each AP
30
802.11
OSA Weaknesses
Loading and identifying MAC addresses is
manually intensive
Snoopers can get valid MAC addresses and
modify a station to use the valid address
Potential to create problems with 2 addresses using
the network at the same time
5/25/2017
31
802.11
Shared Key Authentication
Uses the optional WEP algorithm along with a
challenge response system to mutually
authenticate a station and an AP
APs  beacon (announce presence)
Station  beacon (AP address)
Station  management frame (seq #1)  AP
AP  authentication challenge (seq #2)  Station
5/25/2017
Psuedo-random number + shared key + random IV
 Unencrypted
32
802.11
SKA
Station  challenge
AP  frame
5/25/2017
Copies into a new frame which is encrypted (WEP)
 Shared key, new IV
 AP
Decrypts,
Checks CRC32
Checks challenge
Repeat to authenticate the AP
33
802.11
5/25/2017
34
802.11
Shared Key Authentication Weaknesses
Snoopers monitor the second (unencrypted
challenge) and third (encrypted challenge)
exchanges
5/25/2017
Plaintext of the original frame including the random
challenge
Encrypted frame containing the challenge
IV used to encrypt the challenge
XOR of plaintext, ciphertext  keystream to
encrypt the challenge response frame
35
802.11
Snooper does not have shared secret key
but with keystream can enter the network
5/25/2017
Requests authorization to the network
AP sends new challenge (new IV)
Compute a valid CRC-32 checksum
Encrypts the challenge with the keystream
acquired earlier
Appends IV used and sends the frame
Further penetration cannot be achieved
without the proper secret key
36
802.11
RC4 Encryption
WEP does not implement a secure version of RC4 and
violates several other cryptographic design and
implementation principles
Suggestions have been made to not only increase the key sizes
and strengthen key management,
5/25/2017
Replace encryption algorithm
Addition of a session key derivation algorithm
Lengthening the IV to 128 bits
Adding a sequence number in dynamic keyed implementations
Addition of 128 bit cryptographic integrity check
Additional encryption of other payload elements
37
802.11
Interception
802.11 specifies three physical layers,
Infrared (IR)
Frequency Hopping Spread Spectrum (FHSS)
Direct Sequence Spread Spectrum (DSSS)
Broadcasts 900 MHz, 2.4 GHz, 5 GHz
Commercial wireless devices is readily capable of
receiving all signals
It is also fairly simple to modify the device drivers or
flash memory to monitor all traffic
5/25/2017
38
802.11
Keystream Reuse
Standard recommends but does not require changing
the IV for every frame transmitted
No guidance is provided for selecting or initializing the IV
Two packets using the same IV and key allows a
snooper to discover plaintext
The XOR of two ciphertexts  the XOR of two plaintexts
Knowing one plaintext is all it takes
Berkeley indicates that some PCMCIA cards reset the
IV to zero when initialized and then increment the IV
by one for each packet transmitted
5/25/2017
39
802.11
Standard specifies the size of the IV field to be 3 octets
(24 bits)
IV will rollover mode 24
Since MAC frames range in size from 34 bytes to 2346 bytes
Reused after 224 packets
Min rollover occurs at 224 x 34 bytes (570 MB)
Max rollover occurs at 224 x 2346 bytes (40 GB)
Berkeley indicates a busy AP will rollover in about a half of a
day operating at half capacity
Reading the IV is trivial since it is transmitted
unencrypted
5/25/2017
40
802.11
Integrity Assurance
The ICV (Integrity Check Value)
Plaintext is concatenated with the ICV to form the
plaintext to be encrypted
CRC32 – linear function
Possible to change 1 or more bits in the original plaintext
and predict which bits in the CRC32 checksum to modify
Checksum is performed over the entire MAC packet
 Includes higher level protocol routing address and port
fields (can redirect message when changing IP
address)
32 bits (4 octets) in MAC frame
5/25/2017
41
Solutions
IEEE is working on upgrade of security standard
Vendors can implement key management
(external to the standard)
Limits choices (interoperability)
VPN (Virtual Private Network)
Provides a secure and dedicated channel over an untrusted network
Provides authentication and full encryption
5/25/2017
42
Solutions
A solution
Requirement – seamless integration into
existing wired networks
link layer security is selected over end-to-end
(machine-to-machine)
Requirement – two-way authentication
Requirement – flexibility to utilize the future
advances in cryptography
5/25/2017
43
Solutions
Authentication – public key cryptography
Certificates contain
Mobile  {Cert_Mobile, CH1, Kist of SKCSs}  Base
{serial number, validity period, machine name, machine public
key, CA name}
CH1 is a random generated number
SKCSs is transmitted to negotiate algorithm used
 Algorithm and key size are transmitted in list
Base  verify signature on Cert_Mobile
5/25/2017
Proves the public key in the certificate belongs to a certified
mobile host
 Not sure if the certificate belongs to the mobile
If certificate is invalid
 Reject connection
44
Solutions
Base  {Cert_Base, E(Pub_Mobile, RN1), Chosen SKCS,
Sig(Priv_Base, {E(Pub_Mobile, RN1), Chosen SKCS, SH1, List
of SKCSs}}  Mobile
Mobile  validates Cert_Base, verify signature of message
(using public key of Base)
Save RN1 for later use
Chosen SKCS is most secure from those supported by both
If CH1 and List of SKCS match those sent by mobile to base
 Authenticate base
Mobile  {E(Pub_Base, RN2), Sig{Priv_Mobile,{E(Pub_Base,
RN2), E(Pub_Mobile, RN1)}}}  Base
5/25/2017
RN2 is randomly generated by mobile
RN1 XOR RN2 is used as a session key for all communications
remaining
45
Solutions
Base  verifies the signature of the message using
Pub_Mobile
Session key formed in two parts sent in different
messages for better protection
Authenticate mobile if valid
Decrypt E(Pub_Base, RN2) with private key
Form session key RN1 XOR RN2
Compromising the private key does not compromise the traffic
Need to know both RN1 and RN2
These transactions are to occur at the MAC layer prior
to network access
5/25/2017
46
Solutions
5/25/2017
47
Solutions
Confidentiality can be achieved using an existing
symmetric cryptography algorithm
IDEA – International Data Encryption Algorithm
DES – Data Encryption Standard
Uses Block Cipher with a 128-bit key
Private key encryption (72 quadrillion possible keys)
Restricted for exportation by US Government
Shared key is agreed using mechanism above
Integrity can be achieved using a fingerprint generated
by a one-way hash function
MD5
SHA
5/25/2017
48
Solutions
Key Change Protocol
Initialized by base or mobile
E.g.,
Base  Signed(Priv_Base,{E(Pub_Mobile, New_RN1),
E(Pub_Mobile,RN1) })  Mobile
Mobile  Signed(Priv_Mobile,{E(Pub_Base, New_RN2),
E(Pub_Base, RN2) })  Base
New RN1 XOR RN2 value is used
5/25/2017
49
Solutions
Key Management
One possible solution is to use the smart card
technology
5/25/2017
CA creates the private and public keys inside the smart
card
 Private key never readable from card
CA signs the public key with his private key and stores the
public key to the smart card
Smart card is given to the end user to use in any wireless
LAN mobile
50
References
Uskela, Sami, Security in Wireless Local Area Networks,
Department of Electrical and Communications
Engineering, Helsinki University of Technology, December
1997
Mahan, Robert, Security in Wireless Networks, SANS
Institute, November 2001
Laing, Alicia, The Security Mechanism for IEEE 802.11
Wireless Networks, SANS Institute, November 2001
Ellingson, Jorgen, Layers One & Two of 802.11 WLAN
Security, SANS Institute, August 2001
5/25/2017
51
References
Fidler, Beau, Mobile Medicine. SANS Institute, August 2001
Hurley, Chad, Isolating and Securing Wireless LANs, SANS Institute,
October 2001
Conn, Dale, Security Aspects of Mobile IP, SANS Institute, December
2001
Voorhees, James, The Limits on Wireless Security: 802.11 in early
2002, SANS Institute, January 2002
McAleer, Sean, A Defense-in-Depth Approach for Securing Mobile
Devices and Wireless LANs, SANS Institute, January 24, 2001
Ow, Eng Tiong, IEEE 802.11b Wireless LAN: Security Risks, SANS
Institute, September 2001
5/25/2017
52
					 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
									 
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                             
                                            