Wireless LAN SecurityCatur Iswahyudi

1

2

Wireless LAN Security

Outline Wired Equivalent Privacy (WEP)

◦ first security protocol defined in 802.11 Wi-Fi Protected Access (WPA)

◦ defined by Wi-Fi Alliance WPA2 802.11i

3

In the early 1980s, the IEEE began work on developing computer network architecture standards◦ This work was called Project 802

In 1990, the IEEE formed a committee to develop a standard for WLANs (Wireless Local Area Networks)◦ At that time WLANs operated at a speed of 1 to 2

million bits per second (Mbps)

History

4

In 1997, the IEEE approved the IEEE 802.11 WLAN standard

Revisions◦ IEEE 802.11a◦ IEEE 802.11b◦ IEEE 802.11g◦ IEEE 802.11n

IEEE 802.11 WLAN Standard

5

IEEE 802.11 Wireless Networks

Speeds of upto 54 Mb/s Operating Range: 10-100m indoors, 300m

outdoors Power Output Limited to 1 Watt in U.S. Frequency Hopping (FHSS), Direct Sequence & Infrared (IrDA) (– Networks are NOT compatible with each

other) Uses unlicensed 2.4/5 GHz band (2.402-

2.480 ,5 GHz) Provide wireless Ethernet for wired networks

WLAN Components

More about WLAN

Modes of Operation Ad Hoc mode (Independent Basic Service

Set - IBSS) Infrastructure mode (Basic Service Set -

BSS)

Ad-Hoc mode

Laptop users wishing to share files could set up an ad-hoc network using 802.11 compatible NICs and share files without need for external media.

Client A Client B

Client C

Infrastructure mode In this mode the clients communicate via a central station

called Access Point (AP) which acts as an ethernet bridge and forwards the communication onto the appropriate network, either the wired or the wireless network.

Client AAccess point

Client B

WLAN Security – Problem !! There is no physical link between the nodes of a wireless network, the

nodes transmit over the air and hence anyone within the radio range can eavesdrop on the communication. So conventional security measures that apply to a wired network do not work in this case.

Internal networkprotected

Wireless Access Point

Valid User Access Only

Basic security services defined by IEEE The three basic security services defined by IEEE for the WLAN

environment are as follows: Authentication—A primary goal of WEP was to provide a security

service to verify the identity of communicating client stations. This provides access control to the network by denying access to client stations that cannot authenticate properly. This service addresses the question, “Are only authorized persons allowed to gain access to my network?”

Confidentiality—Confidentiality, or privacy, was a second goal of WEP. It was developed to provide “privacy achieved by a wired network.” The intent was to prevent information compromise from casual eavesdropping (passive attack). This service, in general, addresses the question, “Are only authorized persons allowed to view my data?”

Integrity—Another goal of WEP was a security service developed to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack. This service addresses the question, “Is the data coming into or exiting the network trustworthy—has it been tampered with?”

Authentication The IEEE 802.11 specification defines two means to “validate”

wireless users attempting to gain access to a wired network: open-system authentication and shared-key authentication.

One means, shared-key authentication, is based on Cryptography, and the other is not. The open-system authentication technique is not truly authentication; the access point accepts the mobile station without verifying the identity of the station. It should be noted also that the authentication is only one-way: only the mobile station is authenticated. The mobile station must trust that it is communicating to a real AP.

Privacy The 802.11 standard supports privacy (confidentiality)

through the use of cryptographic techniques for the wireless interface. The WEP cryptographic technique for confidentiality also uses the RC4 symmetric key, stream cipher algorithm to generate a pseudo-random data sequence.

Integrity The IEEE 802.11 specification also outlines a means to provide

data integrity for messages transmitted between wireless clients and access points. This security service was designed to reject any messages that had been changed by an active adversary “in the middle.” This technique uses a simple encrypted Cyclic Redundancy Check (CRC) approach.

Security Threats Network security attacks are typically divided into passive

and active attacks. These two broad classes are then subdivided into other types of attacks.

Passive Attack Passive Attack—An attack in which an unauthorized party

gains access to an asset and does not modify its content (i.e., eavesdropping). Passive attacks can be either eavesdropping or traffic analysis (sometimes called traffic flow analysis). These two passive attacks are described below.

Eavesdropping—The attacker monitors transmissions for message content. An example of this attack is a person listening into the transmissions on a LAN between two workstations or tuning into transmissions between a wireless handset and a base station.

Traffic analysis—The attacker, in a more subtle way, gains intelligence by monitoring the transmissions for patterns of communication. A considerable amount of information is contained in the flow of messages between communicating parties.

Active Attack Active Attack—An attack whereby an unauthorized party

makes modifications to a message, data stream, or file. It is possible to detect this type of attack but it may not be preventable. Active attacks may take the form of one of four types (or combination thereof): masquerading, replay, message modification, and denial-of-service (DoS).

Masquerading—The attacker impersonates an authorized user and thereby gains certain unauthorized privileges.

Replay—The attacker monitors transmissions (passive attack) and retransmits messages as the legitimate user.

Message modification—The attacker alters a legitimate message by deleting, adding to, changing, or reordering it.

Denial-of-service—The attacker prevents or prohibits the normal use or management of communications facilities.

Technical Countermeasures Technical countermeasures involve the use of

hardware and software solutions to help secure the wireless environment.

Software countermeasures include proper AP configurations (i.e., the operational and security settings on an AP), software patches and upgrades, authentication, intrusion detection systems (IDS), and encryption.

Hardware solutions include smart cards, VPNs, public key infrastructure (PKI), and biometrics. It should be noted that hardware solutions, which generally have software components, are listed simply as hardware solutions.

Wireless Security of 802.11 The IEEE 802.11 specification identified several services to

provide a secure operating environment. The security services are provided largely by the Wired Equivalent Privacy (WEP) protocol to protect link-level data during wireless transmission between clients and access points.

WEP does not provide end-to-end security, but only for the wireless portion of the connection

Wireless Security Wireless security is a huge headache in IT Wireless security widely misunderstood Wireless security is everyone’s problem

even if you don’t “think” you have a WLAN Banning WLANs often result in “improvised”

home grown solutions Wireless LANs can be secured Wireless security applicable elsewhere in IT

Relative risks of Wireless LANs Wireless security is NOT an oxymoron Less dangerous than having an Internet

connection direct or indirect Attacks from the Internet can come from

anywhere on the entire globe◦ Web/FTP/Mail/DNS Servers◦ Back doors R00TK1T5 that can dial home

Attacks on Wireless LANs are limited to a couple of kilometers

Six dumbest ways to secure a WLANOverview

MAC “authentication” SSID “hiding” LEAP authentication Disabling DHCP Antenna placement and signal suppression Switch to 802.11a or Bluetooth Wireless

LANs______________________________________ Dishonorable mention: WEP

Access is controlled by limiting a device’s access to the access point (AP)

Only devices that are authorized can connect to the AP◦ One way: Media Access Control (MAC) address

filtering◦ CCSF uses this technique (unfortunately)◦ See www.ccsf.edu/wifi

Controlling Access to a WLAN

24

Controlling Access

25

MAC Address Filtering

26

Usually implemented by permitting instead of preventing

CCSF does thiswww.ccsf.edu/wifi

MAC Address Filtering

27

MAC addresses are transmitted in the clear◦ An attacker can just sniff for MACs

Managing a large number of MAC addresses is difficult

MAC address filtering does not provide a means to temporarily allow a guest user to access the network ◦ Other than manually entering the user’s MAC

address into the access point

MAC Address Filtering Weaknesses

28

Designed to ensure that only authorized parties can view transmitted wireless information

Uses encryption to protect traffic WEP was designed to be:

◦ Efficient and reasonably strong

Wired Equivalent Privacy (WEP)

2929

WEP secret keys can be 64 or 128 bits long The AP and devices can hold up to four

shared secret keys◦ One of which must be designated as the default

key

WEP Keys

30

31

WEP Encryption Process

32

When a node has a packet to send, it first generates CRC for this packet as an integrity check value (ICV).

Generates an IV; concatenates it with the secret key; applies RC4 to create RC4 key stream.

Performs XOR operation on the above two streams, byte by byte, to produce ciphertext.

Appends the IV to the ciphertext and transmits to the receiver.

WEP Encryption Process (2)

33

WEP Encryption Process (3)

34

Transmitting with WEP

35

IV is 24-bit long 224 choices. The probability of choosing the same IV

value is more than 99% after only 12,00 frames.

Only a few seconds elapse with 11Mbps and 1KByte frame size.

IV values are sent in plain text attackers can detect a duplicate value and re-use past keys.

Analysis of WEP Encryption

36

Before a computer can connect to a WLAN, it must be authenticated

Types of authentication in 802.11◦ Open system authentication

Lets everyone in◦ Shared key authentication

Only lets computers in if they know the shared key

Device Authentication

37

38

39

WEP Summary Authentication is first carried out via

◦ open system authentication, or◦ shared key authentication

Data packets are then encrypted using the WEP encryption process described above. Each packet requires a new IV.

40

Static WEP keys (no periodic updates) High frequency of repeating the same IV

◦ IVs are only 24-bit long◦ Packets can be replayed to force the access point

to pump out IVs. CRC is weak in integrity check.

◦ An attacker can flip a bit in the encrypted data and then change the CRC as well.

Authentication is too simple.

WEP Weaknesses

41

42

WPA

Wireless Ethernet Compatibility Alliance (WECA)◦ A consortium of wireless equipment

manufacturers and software providers WECA goals:

◦ To encourage wireless manufacturers to use the IEEE 802.11 technologies

◦ To promote and market these technologies◦ To test and certify that wireless products adhere

to the IEEE 802.11 standards to ensure product interoperability

WPA History

43

In 2002, the WECA organization changed its name to Wi-Fi (Wireless Fidelity) Alliance

In October 2003 the Wi-Fi Alliance introduced Wi-Fi Protected Access (WPA)◦ WPA had the design goal to protect both

present and future wireless devices, addresses both wireless authentication and encryption

PSK or 802.11X addresses authentication and TKIP addresses encryption

WPA History (2)

44

Key size increased to 128 bits Larger IVs: 48-bit long Changing security keys through Temporary

Key Integrity Protocol (TKIP)◦ Encryption keys are changed (based on a master

key) after a certain number of packets have been sent.

◦ An IV is mixed with data (not concatenate). Ciphering scheme is the same as WEP

◦ compatible with old wireless LAN cards

WPA: Improving WEP Encryption

45

WPA uses a new message integrity check scheme called Michael, replacing the CRC function in WEP.

A frame counter is added to Michael to avoid replay or forgery attack.

WPA: Improving Integrity Check

46

Temporal Key Integrity Protocol (TKIP) Purpose: to upgrade WEP systems to be

secure TKIP uses RC4 as WEP

◦ Addresses WEP’s known exposures◦ Changes the temporal keys every 10000 packets

48

49

Two options: PSK (inexpensive, home/personal

networking) 802.11X (expensive, enterprise networking)

WPA Authentication

50

Pre-shared key (PSK) authentication◦ Uses a passphrase to generate the encryption key

Key must be entered into both the access point and all wireless devices◦ Prior to the devices communicating with the AP

The PSK is not used for encryption◦ Instead, it serves as the starting point (seed) for

mathematically generating the encryption keys Results in a pair-wise master key (PMK) Followed by a 4-way handshake to handle key

management and distribution, which uses the PMK to generate a pair-wise transient key (PTK).

WPA Personal Security

51

WPA Personal Security (2)

52

A PSK is a 64-bit hexadecimal number◦ Usually generated from a passphrase

Consisting of letters, digits, punctuation, etc. that is between 8 and 63 characters in length

If the passphrase is a common word, it can be found with a dictionary attack

Pre-Shared Key Weakness

53

People may send the key by e-mail or another insecure method

Changing the PSK key is difficult◦ Must type new key on every wireless device and

on all access points◦ In order to allow a guest user to have access to a

PSK WLAN, the key must be given to that guest

PSK Key Management Weaknesses

54

Three components:◦ Remote authentication dial-in user service (RADIUS)◦ authenticator (access point)◦ supplicant (client)

Uses EAP authentication framework◦ EAP-PSK, EAP-TLS, EAP-TTLS, EAP-MD5

Results in a pair-wise master key (PMK) Followed by a 4-way handshake to handle key

management and distribution, which uses the PMK to generate a pair-wise transient key (PTK).

WPA Authentication via 802.11X

55

56

EAP-TLS

• AS verifies client’s digital signature using client’s public key got from client’s certificate Certclient

• Get random number p by decrypting with its private key

• Client calculates H(c,s,p), compares it with the value sent by As

57

4-way Handshake

58

Key Hierarchy

59

WPA2

60

Wi-Fi Protected Access 2 (WPA2)◦ Introduced by the Wi-Fi Alliance in September

2004◦ The second generation of WPA security◦ Still uses PSK (Pre-Shared Key) authentication◦ But instead of TKIP encryption it uses a stronger

data encryption method called AES-CCMP

AES: Advanced Encryption Standard CCMP: Counter Mode with Cipher Block Chaining Message Authentication Code Protocol

WPA2 Personal Security

61

PSK Authentication◦ Intended for personal and small office home office

users who do not have advanced server capabilities

◦ PSK keys are automatically changed and authenticated between devices after a specified period of time known as the rekey interval

WPA2 Personal Security (2)

62

AES-CCMP Encryption◦ Encryption under the WPA2 personal security

model is accomplished by AES-CCMP◦ This encryption is so complex that it requires

special hardware to be added to the access points to perform it

WPA2 Personal Security (3)

63

WPA and WPA2 Compared

64

The most secure method Authentication uses IEEE 802.1x Encryption is AES-CCMP

WPA2 Enterprise Security

65

Wireless Security Models

66

A superset of all WLAN security mechanisms including WEP, WPA and WPA2.

PSK (personal) or 802.11X (enterprise) is used for authentication and key management.

67

802.11i

Captive Portal Infrastruktur Captive Portal awalnya dirancang

untuk keperluan komunitas yang memungkinkan semua orang dapat terhubung (open network). Captive portal sebenarnya merupakan mesin router atau gateway yang memproteksi atau tidak mengizinkan adanya trafik hingga user melakukan registrasi/otentikasi

Radius Server Radius server adalah server Remote Authentikasi Dial-in

Service (RADIUS), sebuah protokol keamanan jaringan komputer berbasis server yang sering digunakan untuk melakukan authentikasi dan otorisasi serta pendaftaran akun (account) pengguna secara terpusat untuk mengakses jaringan yang aman.

Radius server bertugas untuk menangani AAA (Authentication, Authorization, Accounting). Intinya bisa menangani otentikasi user, otorisasi untuk servis2, dan penghitungan nilai servis (billing) yang digunakan user.

Radius server bisa dibedakan menjadi 2 : internal mikrotik dan eksternal

Hotspot bisa menggunakan internal radius mikrotik, bisa juga menggunakan eksternal. Jika tidak bisa mengautentikasi pada lokal database mikrotik, jika telah dispesifikasikan, maka hotspot mikrotik bisa mencari pada radius eksternal.

See more : ◦ http://www.nadasumbang.com/apa-itu-radius-server/◦ http://www.nadasumbang.com/setting-hotspot-mikrotik/◦ http://www.nadasumbang.com/setting-radius-dan-hotspot-mikrotik/

Security+ Guide to Network Security Fundamentals

http://hackingsecuritytools.blogspot.com http://hackwithkali-linux.blogspot.in http://hackers.university/free-wifi-password-

hack-tool/

72

Reference