Secure Wide Area Gateway SWAG

1
Secure Wide Area Gateway (SWAG)

• Ethan Dameron
• April 16, 2003

2
All Things Wireless

• Wireless networks make sharing household Internet
  connection painless (e.g. no cables).
• Provide mobility and convenience, but are not
  safe. Most users have no idea just how unsafe.
• It doesnt say its unsafe to use on the box?
• Real issue in Apartment Complexes

3
Types of Wireless Networks

• Wireless networks can be deployed in one of two
  ways.
• Unencrypted All traffic is broadcast in the
  clear and anyone within the broadcast radius can
  passively monitor all network traffic.
• Encrypted Users need to know the secret key in
  order to use the network. All traffic is
  encrypted between the wireless nodes and the
  Access Point using the key.

4
Wireless Access Control

• Unencrypted Network
• Only give registered MAC addresses an IP address
  (e.g. Duke).
• Turn off APs beacon frames advertising the SSID.

• Encrypted Network
• Assume only authorized users know the key.
• Use MAC addresses
• Turn off SSID Beacon frames

5
Unencrypted Network Problems

• No privacy Attacker can passively monitor all
  network traffic to glean useful information about
  users.
• No packet authentication An attacker can monitor
  the network for a valid MAC address to send
  spoofed packets.
• Has all the ingredients for a Man in the Middle
  attack!

6
WEP Encryption Solution

• Wired Equivalent Privacy
• The standard offered solution for 802.11b
• Uses RC4 with 40-bit static key shared among
  users
• Packets encrypted using the shared key
  concatenated with an 24-bit IV as the encryption
  key
• Transmits the IV encrypted packet.

7
Flawed From the Ground Up

• Using a fixed symmetric key is a problem in
  itself
• Giving the key to a large group of users makes
  the key (very) insecure.
• Changing the key disrupts the network
• 40-bit keys are not large enough to withstand
  brute force
• Designed to provided security only to people who
  dont have the key.
• Provides no security at all against people who
  have the key (e.g. authorized users)
• Confidentiality and Authentication are still an
  issue among authorized users.

8
Adding Insult to Injury

• WEP implementation of RC4 is broken
• Certain weak IVs provide enough information about
  the key to break it without using brute force
• Even with perfect encryption, 40-bit keys are not
  long enough
• Weak IVs make WEP unsafe at any key length
• Periodic key changing is not an option because
• disrupts the entire network
• difficult to synchronize among a large user base
• Shared static key is problematic for any
  encryption scheme.

9
Bottom Line

• Unencrypted wireless networks are horribly unsafe
• WEP is broken so now even encrypted wireless
  networks are essentially unencrypted.
• Ultimately, no clean ability to secure a wireless
  network

10
Related Work

• Several attempts have been made to improve WEP,
  none are definitive solutions and are vendor
  specific solutions.
• Lucent tried extending key from 40 bits to 128
  bits, but didnt solve anything.
• Agere tried excluding weak IVs to avoid Key
  Scheduling Algorithm problem.
• Neither method is not part of the standard and
  not universally supported.
• IPSec is not ideal for large transient community
  and difficult to administer

11
Problems with IPSec

• IPSec requires excessive administration resulting
  in time and money.
• Doesnt handle network changes well
• Requires root access on both ends of the point to
  point connection in order to update
  configuration.
• IPSec is a good idea implemented at the wrong
  level.
• IP is best effort providing no guarantees for
  order of arrival or arrival at all
• Encrypted data must be in order and complete in
  order to decrypt

12
What can we do?

• Motivation
• We need wireless, but we need security too.
• The WEP encryption scheme is (painfully) insecure
• When traveling, you cant use encrypted wireless
  (even if it did work).
• Connecting to Ethernet on the road is risky since
  you dont know who is listening
• Many organizations dont allow outside
  connections into certain parts of their networks

13
Does it really matter?

• Everything I do on the Internet that I consider
  private is already protected with SSL.
• How do you know who youre connected to?
• MITM attacks are easy to mount on wireless
  networks.
• MITM attacks are almost impossible to detect
• In general, this is a naïve assumption and
  demonstrates level of (mis)understanding most
  users are operating under.

14
SWAG The Ultimate VPN

• Main Idea
• Provide a secure tunnel to users into a secure
  network via a gateway server.
• When a user wants to connect to the secure
  network he starts a process that
• Establishes a secure (SSL) connection to the
  server
• Authenticates with the server (login procedure)
• Captures all outgoing IP packets and reroutes
  them over the secure tunnel (SSL connection) to
  the server
• Receive all incoming IP packets from the sever
  through the secure tunnel and forward them to
  local ports.

15
SWAG The Ultimate VPN

• The Server
• Authenticates the user
• Communicates with the client machine strictly
  through the SSL connection
• Provides the client machine with a NAT service
  into the secure network
• Provides Internet access via secure network

16
SWAG Operation Modes

• The Service can be deployed in one of two modes
• It can provide a secure 802.11b wireless network
  (Secure Wireless Network)
• It can provide a secure network connection to
  mobile nodes (Roaming VPN)
• Both modes allow mobile nodes to connect to a
  secure network.

17
Roaming VPN Mode

• Client connects through the Internet to the
  gateway server
• Neither IP Address nor geographic location of the
  client need to be known in advance by either
  party.
• Connection medium is irrelevant (wired or
  wireless) Internet connection
• Provides same level of security as if client was
  physically connected to the secure network.
• Users can access network resources remotely.
• NAT service makes it appear as if the users are
  coming from inside the network.

18
SWAG as a Roaming VPN
19
Secure Wireless LAN Mode

• First have a 802.11b wireless LAN in place, but
  no gateway on the wireless network.
• Have one side of a SWAG server connected to the
  wireless LAN and the other connected to the
  secure network.
• All traffic between the wireless node and the
  secure network is encrypted with strong
  encryption (SSL)
• Access to the secure network is controlled by the
  authentication service provided by the SWAG
  server.
• Achieve a truly secure wireless LAN

20
SWAG as a Secure Wireless Network
21
Security Details

• Server public keys are transferred through off
  channels
• Less susceptible to MITM, better than SSH
• Public keys are stored in an encrypted file.
• SSH stores server public keys unencrypted,
  possible MITM if key store is compromised
• 64-bit salt with 128-bit MD5 Hash in password
  file
• Like UNIX, less suceptible to precompiled
  dictionary attacks.
• SSL negotiates strongest cipher between shared
  between client and server

22
Technical Details

• IPTables QUEUE target to capture packets
• Packets are selected with firewall rules and
  appropriate packets are handled in userspace
  (e.g. those needing to be sent over secure
  connection)
• IPTables NAT module for NAT service
• Connection tracking provides cutting edge NAT
  capabilities (constantly improving).
• Raw Sockets to facilitate packet injection
• Give the illusion that packets came in on the
  wire
• JNI wrappers to support non-Java components
  inside a Java environment