Wireless Security Update

1
Wireless Security Update

• Mark Ciampa
• Western Kentucky University
• mark.ciampa_at_wku.edu

2
Oxymoron

• Government organization
• Same difference
• Pretty ugly
• Working vacation
• Tax return

3
Oxymoron

• Jumbo shrimp
• Adult male
• Act naturally
• Microsoft Works
• Wireless security

4
Wireless Advantages

• Mobility
• Increased productivity
• Easier installation
• Less expensive installation

5
Wireless Disadvantages

• Radio signal interference
• Health risks
• Security

6
Wireless Security Vulnerabilities

• Unauthorized users access the wireless network
• Attackers view transmitted data
• Employees install rogue access points
• Weaknesses in original IEEE 802.11 wireless
  security and new WPA

7
Wireless Attack Tools

• NetStumbler Discover wireless network
• Airopeek Airmagnet Packet sniffers
• Kismet Airsnort Break security

8
Wireless Security Attitudes

• It doesnt matter if someone uses my wireless
  LAN
• You cant make a wireless LAN secure
• I dont know what to do

9
Does Wireless Security Matter?

• Get into any folder set with file sharing enabled
• See wireless transmissions
• Access to network behind firewall can inject
  malware
• Download harmful content linked to unsuspecting
  owner

10
Does Wireless Security Matter?

• Legal implications
• Security begins at home

11
Can Make Wireless Secure

• Significant improvement wireless security
• New IEEE wireless standard ratified
• Common non-technical wireless security language
  now used
• Vendors making wireless security easier

12
Wireless Security Update

• Wireless security that doesnt work and why
• Wireless security that does work
• How to secure a home WLAN
• Contents of wireless curriculum
• How to secure an enterprise WLAN

13
Wireless Security Update

• WLAN Defenses That Do Not Work

14
Common WLAN Defenses

• Encrypt transmissions (WEP)
• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Use advanced security (WPA)

15
WLAN Defenses That Dont Work

• Encrypt transmissions (WEP)
• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Use advanced security (WPA)

16
WEP

• Wired equivalent privacy (WEP) intended to guard
  confidentiality of data through cryptography
• WEP relies on a secret key that is shared
  between device and access point (AP)
• Using same (shared) secret key to both encrypt
  and decrypt is private key cryptography or
  symmetric encryption

17
WEP Objectives

• Efficient - Algorithm must be proficient enough
  to be implemented in either hardware or software
• Exportable - Must meet the guidelines set by the
  U.S. Department of Commence so wireless device
  using WEP can be exported overseas
• Optional - The implementation of WEP in wireless
  LANs is an optional feature

18
WEP Objectives

• Reasonably strong - Security of the algorithm
  lies in the difficulty of determining the secret
  keys through attacks, which is related to the
  length of the secret key and the frequency of
  changing keys. WEP was to be reasonably strong
  in resisting attacks.
• Self-synchronizing - Each packet must be
  separately encrypted (prevents a single lost
  packet from making subsequent packets
  indecipherable)

19
WEP Keys

• WEP keys must be a minimum of 64 bits in length
• Most vendors add an option to use a larger
  128-bit WEP key for added security (a longer key
  is more difficult to break)

20
WEP Key Creation

• 64-bit WEP key created by entering 5 ASCII
  characters (5y7js) or 10 hexadecimal characters
  (456789ABCD)
• 128-bit WEP key created by entering 13 ASCII
  characters (98jui2wss35u4) or 26 hexadecimal
  characters (3344556677889900AABBCCDDEE)
• Passphrase created by entering 16 ASCII
  characters (marchspringbreak)

21
How WEP Works

• 1. Information has cyclic redundancy check (CRC)
  checksum value calculated (WEP calls this
  integrity check value (ICV)) and appends it to
  end of text
• 2. WEP default shared secret key combined with
  initialization vector (IV), a 24-bit value that
  changes each time a packet is encrypted

22
How WEP Works
23
How WEP Works

• 3. Default shared secret key and IV are then
  entered into an RC4 pseudo-random number
  generator (PRNG) that creates a random number
  (output is keystream)
• 4. Text ICV and keystream combined through
  exclusive OR (XOR) to create ciphertext
• 5. IV pre-pended to ciphertext

24
How WEP Works
25
WEP Wont Work

• WEP creates a detectable pattern for attackers
  (weak keys)
• Attacker who captures packets for length of time
  can see the duplication and use it to crack the
  code
• Weakness is with initialization vector (IV),
  24-bit value that changes each time a packet is
  encrypted

26
WEP Wont Work

• IV is 24-bit number 16,777,216 possible values
• Expanded WEP not increase IV
• AP transmitting at only 11 Mbps can send and
  receive 700 packets each second
• Since different IV used for each packet IVs
  start repeating in less than 7 hours
• Ways to reduce time needed to minutes
• Some WLANs always start with the same IV after
  the system is restarted and then follow the same
  sequence of incrementing IVs

27
WEP Wont Work

• RC4 uses a pseudo-random number generator (PRNG)
  to create keystream
• PRNG does not create true random number but what
  appears to be (pseudo) random number
• First 256 bytes of the RC4 cipher can be
  determined by bytes in the key itself
• RC4 cipher is not considered the most effective
  cipher for the task

28
WLAN Defenses That Dont Work

• Encrypt transmissions (WEP)
• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Use advanced security (WPA)

29
SSID Beaconing

• Service Set Identifier (SSID) is beaconed from
  AP
• Provides information to wireless devices wanting
  to join network
• Beaconing SSID is default mode
• Some users disable SSID beaconing so network not
  appear on Windows list of available wireless
  networks

30
Disable SSID Beaconing
31
Disable SSID Beaconing Wont Work

• SSID is initially transmitted in cleartext when
  device negotiating with AP
• Attacker only has to watch for any authorized
  device to negotiate
• If attacker cannot capture initial negotiation
  process can force one to occur

32
Force Renegotiation
33
Disable SSID Beaconing Wont Work

• If SSID suppressed from beacon frames, still
  transmitted in other management frames sent by
  the AP
• Windows cant see it
• Netstumbler can see it
• Many users do not change default SSID and these
  well known an attacker can try default SSIDs
  until a connection is accepted

34
Disable SSID Beaconing Wont Work

• Steps to manually enter SSID on wireless device
  that not receive beaconed SSID are inconvenient
• Turning off SSID beaconing prevents wireless
  devices from freely roaming from one wireless
  network to another
• Many access points prohibit or discourage turning
  off SSID beaconing

35
Discourage Turning Off SSID Beaconing
36
Disable SSID Beaconing Wont Work

• Not uncommon to detect multiple wireless signals
  at home or work
• May received signal with broadcast SSID and
  signal where broadcast SSID turned off
• If using Windows XP the device will always
  connect to the access point that is broadcasting
  its SSID

37
WLAN Defenses That Dont Work

• Encrypt transmissions (WEP)
• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Use advanced security (WPA)

38
MAC Address Filtering

• Access control - Intended to limit a users
  admission to the AP (only those authorized able
  to become part of wireless LAN)
• Most common type of access control is Media
  Access Control (MAC) address filtering (not part
  IEEE standard)
• MAC address is unique 48-bit number burned
  into the network interface card adapter when
  manufactured

39
MAC Address
40
MAC Address
41
MAC Address Filtering

• Access to the wireless network can be restricted
  by entering the MAC address of approved or denied
  devices
• Once the MAC addresses are entered, only specific
  devices can be authenticated based on MAC address

42
MAC Address Filtering
43
MAC Filtering
44
MAC Address Filtering Wont Work

• MAC addresses initially exchanged in cleartext
  between device and access point
• MAC address can be spoofed
• Some wireless NICs allow for a substitute MAC
  address to be used
• Programs available that allow users to spoof MAC
  address

45
MAC Address Filtering Wont Work
46
WLAN Defenses That Dont Work

• Encrypt transmissions (WEP)
• Hide my network (Disable SSID beaconing)
• Restrict who can join my network (MAC address
  filtering)
• Use advanced security (WPA)

47
WPA Wont Work

• Wi-Fi Protected Access (WPA)
• Intended to provide enhanced security using older
  wireless equipment
• Must enter same passphrase on access point and
  wireless device
• Passphrases less than 20 characters subject to
  offline dictionary attacks

48
Wireless Security Update

• Wireless Security Solutions

49
802.11i

• By IEEE organization
• Designed specifically address WLAN
  vulnerabilities
• Ratified June 2004

50
Common Security Models

• By Wi-Fi organization
• Personal Security Model
• WPA Personal
• WPA2 - Personal
• Enterprise Security Model
• WPA - Enterprise
• WPA2 - Enterprise

51
Wireless Security Update

• Personal Security Model - WPA

52
Personal Security Model

• Designed for single users or small office home
  office (SOHO) settings of lt 10 devices and
  authentication server unavailable
• Personal security model has 2 options
• WPA Legacy hardware
• WPA2 Newer hardware

53
Wi-Fi Protected Access (WPA)

• Wi-Fi Alliance introduced Wi-Fi Protected Access
  (WPA) in October 2003
• Subset of 802.11i
• Addresses encryption authentication
• Designed to enhance security on older WLAN devices

54
Temporal Key IntegrityProtocol (TKIP)

• WPA replaces WEP with new encryption Temporal Key
  Integrity Protocol (TKIP)
• TKIP uses 128-bit per-packet key (dynamically
  generates a new key for each packet and prevents
  collisions)
• TKIP distributes key to client and AP, setting up
  automated key hierarchy and management system
• TKIP dynamically generates unique keys to encrypt
  every data packet

55
TKIP Encryption

• TKIP strong substitution WEP encryption
• Instead of replacing WEP engine TKIP designed to
  fit into the existing WEP procedure with a
  minimal amount of change
• Device starts with 2 keys, a 128-bit encryption
  key (temporal key) and 64-bit MIC

56
TKIP Encryption

1. Temporal key XORed with senders MAC address to
   create an intermediate Value 1
2. Value 1 then mixed with a sequence number to
   produce Value 2 (the per-packet key) and then
   entered into the (PRNG), just as with normal WEP
3. Senders MAC address and receivers MAC address
   are all run through a MIC function and creates
   text with MIC key appended value is then XORed
   with keystream to create ciphertext

57
TKIP Encryption
58
TKIP Key Mixing

• WEP constructs a per-packet RC4 key by
  concatenating a key and packet IV
• TKIP per-packet key construction (TKIP key
  mixing) substitutes temporary (temporal) key for
  WEP base key and constructs a per-packet key that
  changes with each packet
• Temporal keys have fixed lifetime and are
  replaced frequently

59
IV Sequencing

• TKIP reuses the WEP IV field as a sequence number
  for each packet
• Both the transmitter and receiver initialize the
  packet sequence space to zero whenever new TKIP
  keys are set, and the transmitter increments the
  sequence number with each packet it sends
• Length of the sequence number (IV) has been
  doubled, from 24 bits to 48 bits.

60
Message IntegrityCheck (MIC)

• WPA replaces Cyclic Redundancy Check (CRC) with
  Message Integrity Check (MIC), designed to
  prevent an attacker from altering packets
• Attacker can modify a packet and the CRC, making
  it appear that the packet contents were the
  original
• Receiver and transmitter each compute and then
  compare the MIC
• If not match, the data is assumed to have been
  tampered with and the packet is dropped
• Optional countermeasure all clients are
  de-authenticated and new associations are
  prevented for one minute if MIC error occurs

61
Pre-Shared Key (PSK) Authentication

• WPA authentication can be accomplished by either
  authentication server or pre-shared key (PSK)
• Passphrase (the PSK) is manually entered to
  generate encryption key on AP and devices in
  advance
• PSK not used for encryption but instead serves as
  the starting point (seed) for generating the
  encryption keys
• Disadvantage of key management key must be
  created and entered in any device (shared)
  prior to (pre) communicating

62
Wi-Fi Protected Access (WPA)

• Designed to enhance security on older WLAN
  devices
• Should only be used if devices cannot support WPA2

63
Personal Security Model
64
Wireless Security Update

• Personal Security Model WPA2

65
Wi-Fi Protected Access 2 (WPA2)

• Wi-Fi Alliance introduced Wi-Fi Protected Access
  2 (WPA2) in September 2004
• WPA2 based on the final IEEE 802.11i
• WPA2 uses AES for data encryption and supports
  authentication server or PSK technology
• WPA2 allows both AES and TKIP clients to operate
  in the same WLAN IEEE 802.11i only recognizes
  AES

66
AES

• AES algorithm processes blocks of 128 bits, yet
  the length of the cipher keys and number of
  rounds can vary, depending upon the level of
  security that is required
• Available key lengths are of 128, 192 and 256
  bits, and the number of available rounds are 10,
  12, and 14
• Only the 128-bit key and 128-bit block are
  mandatory for WPA2
• It is recommended that AES encryption and
  decryption be performed in hardware because of
  the computationally intensive nature of AES

67
AES Security
68
Personal Security Model
69
Wireless Security Update

• How To Make a Home Wireless LAN Secure

70
Steps Protect Personal Wireless

• Install Microsoft Hot Fix (KB893357)
• Turn on WPA2
• On older equipment use WPA
• MUST use 20 character WPA passphrase
• Turn on wireless VLAN
• If want to deter casual users
• Use MAC address filtering
• Use unidentifiable SSID
• Turn off SSID beaconing

71
Set WPA2 on AP
72
Set WPA2 on AP
73
Set WPA2 on Device
74
Show WPA2
75
Turn on VLAN
76
Secure Easy Setup

• Collaboration between Linksys and Broadcom
• Activate WPA security at the push of a button
• Automatically configures custom SSID and enables
  WPA dynamic key encryption settings
• No need to manually enter a passphrase or key
• Two step process
• Push the SES button on access point
• Click the START SES button on client
• To add more wireless devices to network simply
  push the button on the router again to repeat
  process

77
Secure Easy Setup
78
Wireless Security Update

• Contents of Wireless Curriculum

79
Wireless Curriculum

• CompTIA dropped proposed Wireless certification
• Most popular wireless certifications from CWNA
  (Planet3)
• Wireless
• Certified Wireless Network Administrator
• Certified Network Security Professional

80
Course Technology Wireless Textbooks

• Guide to Wireless Communications 2ed (Wireless)
  May 2006
• CWNA Guide to Wireless LANs 2ed (CWNA) August
  2005
• CWSP Guide to Wireless Security 1st (CWSP)
  August 2006

81
Wireless Security Update

• Enterprise Security Model WPA WPA2

82
Enterprise Security Model

• Designed for medium to large-size organizations
  such as businesses, government agencies, and
  universities with authentication server
• The personal security model has 2 options WPA
  WPA2 (older equipment may be forced to implement
  WPA, while newer equipment can support WPA2)

83
802.1x

• IEEE 802.11i authentication and key management
  uses IEEE 802.1x (originally developed for wired
  networks)
• 802.1x port security (device requests access to
  network prevented from receiving any traffic
  until its identity can be verified)
• 802.1x blocks all traffic on port-by-port basis
  until the client is authenticated using
  credentials stored on authentication server

84
802.1x Authentication

• The supplicant is device which requires secure
  network access and sends request to an
  authenticator that serves as an intermediary
  device (authenticator can be an access point on a
  wireless network or a switch on a wired network)
• The authenticator sends request from supplicant
  to authentication server, which accepts/rejects
  the supplicants request and sends that
  information back to the authenticator, which in
  turn grants or denies access to the supplicant
• Strength of the 802.1x protocol is that
  supplicant never has direct communication with
  authentication server

85
802.1x

1. Device requests from AP permission to join WLAN
2. AP asks device to verify its identity
3. Device sends identity information to AP, which
   passes encrypted information to authentication
   server
4. Authentication server verifies/rejects clients
   identity and returns information to AP
5. Approved client now join the network

86
802.1x
87
802.1x Supplicant

• Supplicant, required on the wireless device, is
  software that is installed on the client to
  implement the IEEE 802.1x protocol framework
• Supplicant software may be included in client
  operating system, integrated into device drivers,
  or installed as third-party standalone software
• Some vendors of wireless NICs supply supplicant
  with their cards

88
Authentication Server

• Authentication server stores the list of the
  names and credentials of authorized users
• Wireless user credentials may also be stored in
  an external database, such as Structured Query
  Language (SQL), Lightweight Directory Access
  Protocol (LDAP), or Microsoft Active Directory
• Typically a Remote Authentication Dial-In User
  Service (RADIUS) server is used

89
RADIUS

• Request is first sent to authenticator, which
  relays the information (username, password, type
  of connection) to RADIUS server
• Server first determines if AP itself is permitted
  to send requests
• RADIUS server attempts to find the users name in
  its database
• Then applies the password to decide whether
  access should be granted to this user

90
Encryption

• Once authenticated by IEEE 802.1x same protocol
  next provides the wireless device a unique
  encryption key called the MK
• From single key all the necessary encryption keys
  for encrypted communication can then be created
• Keys can also be changed during a session

91
Encryption

• Eliminates difficulties and potential dangers
  associated with PSK
• Each user has a unique key
• Keys remain strong and require no management
• Adding additional APs only requires that the
  newly installed APs connect to the existing
  authentication server

92
Extensible Authentication Protocol (EAP)

• EAP-Transport Layer Security (EAP-TLS) - Requires
  the use of certificates to validate a supplicant
  and supported by Microsoft and included in
  Microsoft Windows XP and Windows Server 2003
• Lightweight EAP (LEAP) - Propriety standard
  supported by Cisco LEAP provides authentication
  based on the Windows username and password logon
  (certificates are not required)
• EAP-TunneledTLS (EAP-TTLS) - Supports advanced
  authentication methods such as using tokens
• Protected EAP (PEAP) - Uses certificates similar
  to Secure Sockets Layer (SSL) with Web browsers
  supplicant presents a certificate to the
  authentication server (via the authenticator) but
  does not require a certificate from the server in
  return
• Flexible Authentication via Secure Tunneling
  (FAST) - Most recent variation can set up a
  tunnel without checking digital certificates and
  also support tokens

93
Enterprise Security Model
94
Wireless Security Update

• Mark Ciampa
• Western Kentucky University
• mark.ciampa_at_wku.edu