Jom Belajar Keselamatan Rangkaian

1Rangkaian!,Kebolehcapaian didahulukan,Keselamatan diutamakan!!

Sunday, November 1, 2009

Wireless Security

Wireless LANs
  • IEEE ratified 802.11 in 1997.
    • Also known as Wi-Fi.
  • Wireless LAN at 1 Mbps & 2 Mbps.
  • WECA (Wireless Ethernet Compatibility Alliance) promoted Interoperability.
    • Now Wi-Fi Alliance
  • 802.11 focuses on Layer 1 & Layer 2 of OSI model.
    • Physical layer
    • Data link layer
802.11 Components
Two pieces of equipment defined:
  • Wireless station
    • A desktop or laptop PC or PDA with a wireless NIC.
  • Access point
    • A bridge between wireless and wired networks
    • Composed of
      • Radio
      • Wired network interface (usually 802.3)
      • Bridging software
    • Aggregates access for multiple wireless stations to wired network.
Wirelees 802.11 modes
Infrastructure mode:
  • Basic Service Set (BSS)
    • One access point
  • Extended Service Set
    • Two or more BSSs forming a single subnet.
  • Most corporate LANs in this mode.

Ad-Hoc Mode:
  • Also called peer-to-peer.
  • Independent Basic Service Set
  • Set of 802.11 wireless stations that communicate directly without an access point.
    • Useful for quick & easy wireless networks.

802.11 Physical Layer
Originally three alternative physical layers:
  • Two incompatible spread-spectrum radio in 2.4Ghz ISM band
    • Frequency Hopping Spread Spectrum (FHSS)
    • 75 channels
  • Direct Sequence Spread Spectrum (DSSS)
    • 14 channels (11 channels in US)
  • One diffuse infrared layer
  • 802.11 speed
    • 1 Mbps or 2 Mbps.
802.11 Data Link Layer
  • Layer 2 split into:
    • Logical Link Control (LLC).
    • Media Access Control (MAC).
  • LLC - same 48-bit addresses as 802.3
  • MAC - CSMA/CD not possible.
    • Can’t listen for collision while transmitting.
  • CSMA/CA – Collision Avoidance.
    • Sender waits for clear air, waits random time, then sends data.
    • Receiver sends explicit ACK when data arrives intact.
    • Also handles interference.
    • But adds overhead.
RTS / CTS
  • To handle hidden nodes
  • Sending station sends
    • “Request to Send”
  • Access point responds with
    • “Clear to Send”
    • All other stations hear this and delay any transmissions.
  • Only used for larger pieces of data.
    • When retransmission may waste significant time.
802.11b
  • 802.11b ratified in 1999 adding 5.5 Mbps and 11 Mbps.
  • DSSS as physical layer.
    • 11 channels (3 non-overlapping)
  • Dynamic rate shifting.
    • Transparent to higher layers
    • Ideally 11 Mbps.
    • Shifts down through 5.5 Mbps, 2 Mbps to 1 Mbps.
      • Higher ranges.
      • Interference.
    • Shifts back up when possible.
  • Maximum specified range 100 meters
  • Average throughput of 4Mbps
Joining a BSS
  • When 802.11 client enters range of one or more APs
    • APs send beacons.
    • AP beacon can include SSID.
    • AP chosen on signal strength and observed error rates.
    • After AP accepts client.
      • Client tunes to AP channel.
  • Periodically, all channels surveyed.
    • To check for stronger or more reliable APs.
    • If found, re-associates with new AP.
Roaming and Channels
  • Re-association with APs
    • Moving out of range.
    • High error rates.
    • High network traffic.
      • Allows load balancing.
  • Each AP has a channel.
    • 14 partially overlapping channels.
    • Only three channels that have no overlap.
      • Best for multi cell coverage.
802.11a
  • 802.11a ratified in 2001
  • Supports up to 54Mbps in 5 Ghz range.
    • Higher frequency limits the range
    • Regulated frequency reduces interference from other devices
  • 2 non-overlapping channels
  • Usable range of 30 metres
  • Average throughput of 30 Mbps
  • Not backwards compatible
802.11g
  • 802.11g ratified in 2002
  • Supports up to 54Mbps in 2.4Ghz range.
    • Backwards compatible with 802.11b
  • 3 non-overlapping channels
  • Range similar to 802.11b
  • Average throughput of 30 Mbps
  • 802.11n due for November 2006
    • Aiming for maximum 200Mbps with average 100Mbps
Open System Authentication
  • Service Set Identifier (SSID)
  • Station must specify SSID to Access Point when requesting association.
  • Multiple APs with same SSID form Extended Service Set.
  • APs can broadcast their SSID.
  • Some clients allow * as SSID.
    • Associates with strongest AP regardless of SSID.
MAC ACLs and SSID hiding
  • Access points have Access Control Lists (ACL)
  • ACL is list of allowed MAC addresses.
    • E.g. Allow access to:
    • 00:01:42:0E:12:1F
    • 00:01:42:F1:72:AE
    • 00:01:42:4F:E2:0
  • But MAC addresses are sniffable and spoofable.
  • AP Beacons without SSID
    • Essid_jack
      • sends deauthenticate frames to client
      • SSID then displayed when client sends reauthenticate frames
802.11 Wireless LAN
Three basic security services defined by IEEE for the WLAN environment:
  • Authentication
    • provide a security service to verify the identity of communicating client stations
  • Integrity
    • to ensure that messages are not modified in transit between the wireless clients and the access point in an active attack
  • Confidentiality
    • to provide “privacy achieved by a wired network”
802.11 Authentication
802.11b Security Services
Two security services provided:
  • Authentication
    • Shared Key Authentication
  • Encryption
    • Wired Equivalence Privacy
Wired Equivalence Privacy
  • Shared key between
    • Stations.
    • An Access Point.
  • Extended Service Set
    • All Access Points will have same shared key.
  • No key management
  • Shared key entered manually into
    • Stations
    • Access points
    • Key management nightmare in large wireless LANs
RC4
  • Ron’s Code number 4
    • Symmetric key encryption
    • RSA Security Inc.
    • Designed in 1987.
    • Trade secret until leak in 1994.
  • RC4 can use key sizes from 1 bit to 2048 bits.
  • RC4 generates a stream of pseudo random bits
    • XORed with plaintext to create ciphertext.
802.11 Confidentiality
WEP – Sending
  • Compute Integrity Check Vector (ICV).
    • Provides integrity
    • 32 bit Cyclic Redundancy Check.
    • Appended to message to create plaintext.
    • Plaintext encrypted via RC4
  • Plaintext encrypted via RC4
    • Provides confidentiality.
    • Plaintext XORed with long key stream of pseudo random bits.
    • Key stream is function of
      • 40-bit secret key
      • 24 bit initialisation vector
  • Ciphertext is transmitted.
WEP – Receiving
  • Ciphertext is received.
  • Ciphertext decrypted via RC4
    • Ciphertext XORed with long key stream of pseudo random bits.
    • Key stream is function of
      • 40-bit secret key
      • 24 bit initialisation vector (IV)
  • Check ICV
    • Separate ICV from message.
    • Compute ICV for message
    • Compare with received ICV

WEP Encryption

Shared Key Authentication
  • When station requests association with Access Point
    • AP sends random number to station
    • Station encrypts random number
      • Uses RC4, 40 bit shared secret key & 24 bit IV
    • Encrypted random number sent to AP
    • AP decrypts received message
      • Uses RC4, 40 bit shared secret key & 24 bit IV
    • AP compares decrypted random number to transmitted random number

WEP Safeguards
  • Shared secret key required for:
    • Associating with an access point.
    • Sending data.
    • Receiving data.
  • Messages are encrypted.
    • Confidentiality.
  • Messages have checksum.
    • Integrity.
  • But management traffic still broadcast in clear containing SSID.
Initialization Vector
  • V must be different for every message transmitted.
  • 802.11 standard doesn’t specify how IV is calculated.
  • Wireless cards use several methods
    • Some use a simple ascending counter for each message.
    • Some switch between alternate ascending and descending counters.
    • Some use a pseudo random IV generator.
Passive WEP attack
  • If 24 bit IV is an ascending counter,
  • If Access Point transmits at 11 Mbps,
  • All IVs are exhausted in roughly 5 hours.
  • Passive attack:
    • Attacker collects all traffic
    • Attacker could collect two messages:
      • Encrypted with same key and same IV
      • Statistical attacks to reveal plaintext
      • Plaintext XOR Ciphertext = Keystream

Active WEP attack
  • If attacker knows plaintext and ciphertext pair
    • Keystream is known.
    • Attacker can create correctly encrypted messages.
    • Access Point is deceived into accepting messages.
  • Bitflipping
    • Flip a bit in ciphertext
    • Bit difference in CRC-32 can be computed
Brute force key attack
  • Capture ciphertext.
    • IV is included in message.
  • Search all 240 possible secret keys.
    • 1,099,511,627,776 keys
    • ~170 days on a modern laptop
  • Find which key decrypts ciphertext to plaintext.
Wepcrack
  • First tool to demonstrate attack using IV weakness.
    • Open source, Anton Rager.
  • Three components
    • Weaker IV generator.
    • Search sniffer output for weaker IVs & record 1st byte.
    • Cracker to combine weaker IVs and selected 1st bytes.
  • Cumbersome.
Airsnort
  • Automated tool
    • Cypher42, Minnesota, USA.
    • Does it all!
    • Sniffs
    • Searches for weaker IVs
    • Records encrypted data
    • Until key is derived.
  • 100 Mb to 1 Gb of transmitted data.
    3 to 4 hours on a very busy WLAN.
Avoid the weak IVs
  • FMS described a simple method to find weak IVs
    • Many manufacturers avoid those IVs after 2002
    • Therefore Airsnort and others may not work on recent hardware
  • However David Hulton aka h1kari
    • Properly implemented FMS attack which shows many more weak IVs
    • Identified IVs that leak into second byte of key stream.
    • Second byte of SNAP header is also 0xAA
    • So attack still works on recent hardware
    • And is faster on older hardware
    • Dwepcrack, weplab, aircrack
802.11 safeguards
  • Security Policy & Architecture Design
  • Treat as untrusted LAN
  • Discover unauthorised use
  • Access point audits
  • Station protection
  • Access point location
  • Antenna design
Security Policy & Architecture
  • Define use of wireless network
    • What is allowed
    • What is not allowed
  • Holistic architecture and implementation
    • Consider all threats.
    • Design entire architecture
Discover unauthorized use
  • Search for unauthorised access points, ad-hoc networks or clients.
  • Port scanning
    • For unknown SNMP agents.
    • For unknown web or telnet interfaces.
  • Warwalking!
    • Sniff 802.11 packets
    • Identify IP addresses
    • Detect signal strength
    • But may sniff your neighbours
  • Wireless Intrusion Detection
    • AirMagnet, AirDefense, Trapeze, Aruba,…
Access point audits
  • Review security of access points.
  • Are passwords and community strings secure?
  • Use Firewalls & router ACLs
    • Limit use of access point administration interfaces.
  • Standard access point config:
    • SSID
    • WEP keys
    • Community string & password policy
WPA
  • Wi-Fi Protected Access
    • Works with 802.11b, a and g
  • “Fixes” WEP’s problems
  • Existing hardware can be used
  • 802.1x user-level authentication
  • TKIP
    • RC4 session-based dynamic encryption keys
    • Per-packet key derivation
    • Unicast and broadcast key management
    • New 48 bit IV with new sequencing method
    • Michael 8 byte message integrity code (MIC)
  • Optional AES support to replace RC4
WPA and 802.1x
  • 802.1x is a general purpose network access control mechanism
  • WPA has two modes
    • Pre-shared mode, uses pre-shared keys
    • Enterprise mode, uses Extensible Authentication Protocol (EAP) with a RADIUS server making the authentication decision
    • EAP is a transport for authentication, not authentication itself
    • EAP allows arbitrary authentication methods
SUMMARY
  • WAP is used on small, handheld devices like cell phones for out-of-the-office connectivity
  • Designers created WTLS (Wireless Transport Layer Security) as a method to ensure privacy of the data because it was being broadcast
  • 802.11 does not allow physical control of the transport mechanism
  • Transmission of all network data wirelessly transmits frames to all wireless machines, not just a single client
  • Poor authentication. The SSID is broadcast to anyone listening
  • Flawed implementation of the RC4 encryption algorithm makes even encrypted traffic subject to interception and decryption
  • WEP is used to encrypt wireless communications in an 802.11 environment and S/MIME for email

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home