Security Issues with Wireless Access

1
Security Issues with Wireless Access
By Christine Meyer
2
Outline

• Wired Equivalent Privacy (WEP) Protocol
• Passive/Active Attacks which illustrate WEP
  Flaws
• Existing solutions for Wireless Security
• Future solutions for Wireless Security
• Conclusion

3
WEP Limitations

• WEP is optional
• All devices share the same key.
• Encryption keys can be recovered through
  cryptanalysis (RC4 stream cipher is used)

4
Problems with WEP

• 24-bit IVs are too short, and this puts
  confidentiality at risk.
• The CRC checksum called the Integrity Check Value
  (ICV) is insecure and does not prevent
  modification of intercepted packets.
• WEP combines the IV with the key in a way that
  enables cryptanalytic attacks. As a result,
  passive eavesdroppers can learn the key after
  observing a few million encrypted packets.
• Integrity protection for source and destination
  addresses is not provided.
• Security flaws in 802.11 data link protocols -
  Communications of the ACM

5
WEP Authentication
Authentication Request
Access Point
Station
Authentication Challenge
Authentication Response
Authentication Result
Your 802.11 Wireless Network has No Clothes, Univ
of Maryland
6
WEP Encryption
WLAN Security Current and Future, IEEE Internet
Computing Sept/Oct 2003
7
WEP Attacks

• Passive attacks to decrypt traffic
• Active attack to inject new traffic
• Active attacks to decrypt traffic
• Table based Attack

http//www.isaac.cs.berkeley.edu/isaac/wep-faq.htm
l
8
Passive attacks to decrypt traffic
Access Point
Destination
Packet 1 XOR Packet 2 Plaintext
Eavesdropper
9
Active attack to inject new traffic
Access Point
Destination
RC4(X) XOR X XOR Y RC4(Y)
Eavesdropper
10
Active attacks to decrypt traffic
Decrypted Message
Decrypted Message
Access Point
Internet
Eavesdroppers Computer
Encrypted Message
Eavesdropper
11
Table based Attack
Access Point
Destination
Eavesdropper
Table of IV and Key Streams
12
Wi-Fi Protected Access (WPA)

• uses TKIP which is the current solution for
  WEPs encryption problems
• included with TKIP is Michael (message integrity
  check) which prevents messages from being
  replayed or modified.
• uses EAP for authentication, offers several
  options for authentication which include digital
  certificates, username password verification,
  smart cards, secure Ids, etc.
• provides key management software, when Radius is
  not provided PSK (pre-shared key) is available.

13
WPA Denial of Service Attack
WPA can shutdown the system if it receives two
failed packets within a one-second period Wi-Fi
Encryption Fix Not Perfect http//www.wired.com/ne
ws/business/0,1367,56350,00.html
14
Temporal Key Integrity Protocol (TKIP)

• Provides a message integrity check called
  Michael
• Provides for packet sequencing to prevent replay
  attacks
• Provides a per-packet key mixing function to
  prevent eavesdropper attacks.
• Security flaws in 802.11 data link protocols -
  Communications of the ACM

15
TKIP Diagram
Security flaws in 802.11 data link protocols -
Communications of the ACM
16
Counter-Mode-CBC-MAC Protocol (CCMP)

• Use a single key to provide confidentiality and
  integrity
• Provide integrity for packet header integrity
  and confidentiality for packet payload.
• Allow precomputation to reduce latency.
• Support pipelining to increase throughput.
• Small implementation size, to keep costs down.
• Small overhead for each packet.
• Avoid modes that are encumbered by patents (or
  pending patents).

Security flaws in 802.11 data link protocols -
Communications of the ACM
17
CCMP Diagram
Security flaws in 802.11 data link protocols -
Communications of the ACM
18
Comparison WEP/TKIP/CCMP
Security flaws in 802.11 data link protocols -
Communications of the ACM
19
802.11i (late 2003)

• Extensible authentication protocol (EAP)
• (create several types of authentication
  credentials)
• Provide framework for AES
• Compatible with RC4
• Use TKIP (temporal key changes every 10000
  packets)

20
Virtual Private Network (VPN)

• Offers a secure connection through a public WLAN
  by creating a tunnel (secure encryption
  connection)

21
Limit Access to Access Point

• Lower APs Signal Strength
• Move AP to a location which prevents access
  beyond office structure
• Use Antennas that control signal strength and
  direction
• Turn off APs broadcast of SSID
• Change default values

22
Conclusion

• Change Encryption algorithm from RC4 to AES
  (eliminates 24-bit IV)
• Provide for Authentication (EAP)
• Provide for Message Integrity (Michael)
• Prevent replay by using packet sequencing
• Prevent broadcast of MAC address/ SSID
• Protect source and destination IPs
• Provide key management software (Radius or PSK)

23
References
Security flaws in 802.11 data link protocols,
Communications of the ACM Volume 46, Number 5
(2003), Pages 35-39 The IEEE 802.11b Security
Problem, IT Pro November/December 2001 Your
802.11 Wireless Network has No Clothes, William
A. Arbaugh, Narendar Shankar, and Y. C. Justin
Wan., 2001 Unsafe at any key size An analysis
of the WEP encapsulation IEEE 802.111-00/362,
October 2000 WLAN Security Current and
Future IEEE Internet Computing, September/October
2003 Wi-Fi Protected Access Strong,
standards-based, interoperable security for
todays Wi-Fi networks Wi-Fi Alliance, April
29,2003
24
Links
Security of the WEP algorithm http//www.isaac.cs.
berkeley.edu/isaac/wep-faq.html Wi-Fi Encryption
Fix Not Perfect http//www.wired.com/news/business
/0,1367,56350,00.html War driving by the
Bay http//www.theregister.co.uk/content/8/18285.h
tml Wireless Privacy An Oxymoron? http//www.wi-
fiplanet.com/columns/article.php/786641.html