802.11 Wireless Security

802.11 Wireless Security 802.11 Wireless Security

Presentation by Presentation by

Paul Petty and Sooner Brooks-HeathPaul Petty and Sooner Brooks-Heath

Wireless Networks?Wireless Networks?Beer….huh?Beer….huh?

Presentation OutlinePresentation Outline

• 802.11 Protocol Overview802.11 Protocol Overview• 802.11 (in)Security802.11 (in)Security• Wireless LAN AttacksWireless LAN Attacks• Software DemonstrationSoftware Demonstration

802.11 Protocol Overview802.11 Protocol Overview

• IEEE Wireless LAN StandardIEEE Wireless LAN Standard• Operates on ISO Model within the Data Link Operates on ISO Model within the Data Link

and Physical Layersand Physical Layers• Two Primary Operating ModesTwo Primary Operating Modes

Infrastructure ModeInfrastructure Mode Ad-Hoc ModeAd-Hoc Mode

• SSID assigned to Access PointsSSID assigned to Access Points

Security MethodsSecurity Methods

• Two Main Security Objectives of 802.11Two Main Security Objectives of 802.11• User AuthenticationUser Authentication

Protocol SpecifiedProtocol Specified OtherOther

• Data Integrity and Privacy Data Integrity and Privacy WEPWEP Third PartyThird Party

Security Methods - AuthenticationSecurity Methods - Authentication

• 802.11 Specifies Two Modes for 802.11 Specifies Two Modes for Authentication Authentication

OSA (Opens Systems Authentication)OSA (Opens Systems Authentication) Shared Key AuthenticationShared Key Authentication

• Other Authentication Methods (Currently Other Authentication Methods (Currently Used)Used)

MAC Address TableMAC Address Table

Open System Open System AuthenticationAuthentication

Access PointNode


Beacon Access PointNode


Beacon

SSID Matches Authentication Req

Access PointNode


Beacon


Access Point Accepts NodeAuthentication Resp

Access PointNode


Beacon


Access Point Accepts NodeAuthentication Resp

Access PointNode

Node is Associated

Shared Key Shared Key AuthenticationAuthentication

Access PointNode


Authentication Req Access PointNode



Challenge Text


Challenge TextWEP Encryption of Challenge Text




Challenge TextWEP Encryption of Challenge Text Encrypted Challenge Text



Challenge TextWEP Encryption of Challenge Text Encrypted Challenge Text WEP Decryption of

Encrypted Challenge Text




Encrypted Challenge TextAuthentication Decision




Encrypted Challenge TextAuthentication DecisionNode Approval

based on Decision

MAC Address AuthenticationMAC Address Authentication

• Access Points Programmed With List of MAC Access Points Programmed With List of MAC AddressesAddresses

• Only Valid Node MAC Addresses AuthorizedOnly Valid Node MAC Addresses Authorized• Practical in Smaller Wireless LANsPractical in Smaller Wireless LANs• Not Outlined in 802.11 Protocol – Hardware Not Outlined in 802.11 Protocol – Hardware

SpecificSpecific

Data Integrity and PrivacyData Integrity and Privacy

• Due to the vulnerability of the wireless Due to the vulnerability of the wireless medium, the 802.11 protocol has specified a medium, the 802.11 protocol has specified a method of protecting the integrity and privacy method of protecting the integrity and privacy of data transmitted over wireless LANs. of data transmitted over wireless LANs.

• Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP)

WEP – Wired Equivalent PrivacyWEP – Wired Equivalent Privacy

• WEP is the security protocol for wireless WEP is the security protocol for wireless LANs operating under the 802.11 standard. LANs operating under the 802.11 standard.

• WEP is designed to provide the security of a WEP is designed to provide the security of a wired LAN through encryption via the RC4 wired LAN through encryption via the RC4 algorithm. algorithm.

• Primary function is to safeguard against Primary function is to safeguard against eavesdropping.eavesdropping.

RC4RC4

• Stream Cipher or Symmetric Encryption Stream Cipher or Symmetric Encryption Algorithm Algorithm

• Developed by Ron Rivest at RSA Securities in Developed by Ron Rivest at RSA Securities in 19871987

• Source Code Cracked and Leaked in 1994Source Code Cracked and Leaked in 1994• Often Used in Software Applications due to its Often Used in Software Applications due to its

SpeedSpeed• Original WEP Schemes Specified 40 bit keys Original WEP Schemes Specified 40 bit keys • New Hardware Specifies 104 bit keysNew Hardware Specifies 104 bit keys

RC4 AlgorithmsRC4 Algorithms

Initialization:Initialization:

i = 0i = 0

j = 0j = 0

Generation Loop:Generation Loop:

i = i + 1i = i + 1

j = j + S[i]j = j + S[i]

Swap(S[i], S[j])Swap(S[i], S[j])

Output z = S[S[i] + Output z = S[S[i] + S[j]]S[j]]

Initialization:Initialization:

For i = 0 .. N - 1For i = 0 .. N - 1

S[i] = iS[i] = i

j = 0j = 0

Scrambling:Scrambling:

For i = 0 .. N - 1For i = 0 .. N - 1

j = j + S[i] + K[i j = j + S[i] + K[i mod l]mod l]

Swap(S[i], S[j])Swap(S[i], S[j])

KSA PRGA

RC4 Implemented in WEPRC4 Implemented in WEP

Encrypted WEP PacketEncrypted WEP Packet

Hdr + Prbl DataIV ICV

24 bit Initialization Vector

Encrypted under Key + IV using the RC4 Stream Cipher

Header and Preamble Information

Example of RC4 EncodingExample of RC4 EncodingTwo (00000010 in binary) is our encrypting variable (key).

It is XORed with some plain text to produce cipher text. For this example we will use the plain text message “HI”

H I 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 XOR 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 1

Encrypted Message

Once the receiving node gets the message, it must XOR the encrypted message with the same key to decrypt it.

0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 1

Encrypted MessageXOR 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 H I

Problems with WEPProblems with WEP

• No Defined Key Management ProtocolNo Defined Key Management Protocol• Manual Key Configuration RequiredManual Key Configuration Required• Initialization Vector (IV) is too SmallInitialization Vector (IV) is too Small• Inappropriate Integrity Check Value Inappropriate Integrity Check Value

AlgorithmAlgorithm• Weak Use of RC4Weak Use of RC4• Easily Forged Authentication MessagesEasily Forged Authentication Messages

Attack Types Against Wireless LANsAttack Types Against Wireless LANs

• Passive Passive Packet Listening and DecryptionPacket Listening and Decryption

• ActiveActive Table Building Table Building Man-in-the-Middle AttacksMan-in-the-Middle Attacks Bit Flipping Bit Flipping

DemonstrationDemonstration

AirMagnet Wireless LAN Discovery SuiteAirMagnet Wireless LAN Discovery Suite• Application for Laptop PCs and PDAsApplication for Laptop PCs and PDAs• Wireless LAN AnalyzerWireless LAN Analyzer

Real Time Packet Capture and DecodeReal Time Packet Capture and Decode AP SSID DiscoveryAP SSID Discovery Mismatch ToolsMismatch Tools

ConclusionConclusion

• Wireless LANs under 802.11 are NOT fully Wireless LANs under 802.11 are NOT fully securedsecured

• Possible Attack Prevention TechniquesPossible Attack Prevention Techniques• VPNsVPNs• Dynamic Key ReschedulingDynamic Key Rescheduling• 802.1X – User Authentication802.1X – User Authentication

• More research needs to be done on wireless More research needs to be done on wireless LAN security techniques and their LAN security techniques and their implementation. implementation.

- References Listed on Project Website - - References Listed on Project Website -

802.11 Wireless Security

Documents

Transcript of 802.11 Wireless Security