Wireless LAN Security

1
Wireless LAN Security

• Kim W. Tracy
• NEIU, University Computing
• k.w.tracy_at_ieee.org

2
Outline

• Threats to LANs Wireless LANs
• Wireless LAN Security Techniques
• Summary

3
Fundamental Premise

• Security cannot be considered in isolation and to
  be effective must consider the entire system
• That is, network and LAN security must be
• Consistent with other security mechanisms
• E.g. application, data, hardware, and physical
• Supportive of other security mechanisms

4
Threats
5
LAN Threats
6
Specific LAN Threats

• Availability
• Worms/Virus DoS
• Errant applications creating lots of
  traffic/malformed traffic
• Authentication
• Spying devices on LAN
• For example, a contractor connecting to LAN
• Secrecy
• Sniffers being connected to the LAN to collect
  passwords, etc.

7
Authentication
8
Current State of LAN Authentication

• Usually none!
• If in the building can plug in to the LAN
• Can cause severe problems
• Using LAN for illegal purposes (company/person
  may be liable)
• Can more easily compromise servers
• For example, send spam from your mail servers
• Wireless LANs are bringing issue out

9
Authentication services

• 802.1X IEEE standard for LAN authentication
• Can use PKI certificate-based authentication
• Kerberos (closed environment)
• Single login (once per session)
• To multiple servers/domains
• Ticket for each server
• X.509 (open environment)
• Based on public key infrastructure
• Used in SSL, IPSEC, S/MIME, SET
• One-way, two-way or three-way authentication

10
Kerberos
11
X.509 Authentication
A
B
Ta, Ra, B, EkpubB(Kab) sgnA
One-way authentication
Ta, Ra, B, EkpubB(Kab) sgnA
Two-way authentication
Tb, Rb, A, Ra, EkpubA(Kab) sgnB
Ta, Ra, B, EkpubB(Kab) sgnA
Tb, Rb, A, Ra, EkpubA(Kab) sgnB
Three-way authentication
Rb sgnA
12
IEEE 802.1X Terminology

• 802.1X
• created to control access to any 802 LAN
• used as a transport for Extensible
  Authentication Protocol (EAP, RFC 2284)

13
802.1X Model
AP
Authentication Server
STA
Port Status
14
Wireless LAN Security
15
Introduction

• 802.11 standard specifies the operating
  parameters of wireless local area networks
  (WLAN)
• History 802.11, b, a, g, i
• Minimal security in early versions
• Original architecture not well suited for modern
  security needs
• 802.11i attempts to address security issues with
  WLANs

16
802.11b

• Wired Equivalent Privacy (WEP)
• Confidentiality
• Encryption
• 40-bit keys (increased to 104-bit by WEP2)
• Based on RC4 algorithm
• Access Control
• Shared key authentication Encryption
• Data Integrity
• Integrity checksum computed for all messages

17
802.11b

• Vulnerabilities in WEP
• Poorly implemented encryption
• Key reuse, small keys, no keyed MIC
• Weak authentication
• No key management
• No interception detection

18
802.11b

• Successful attacks on 802.11b
• Key recovery - AirSnort
• Man-in-the-middle
• Denial of service
• Authentication forging
• Known plaintext
• Known ciphertext

19
802.11i

• Security Specifications
• Improved Encryption
• CCMP (AES), TKIP, WRAP
• 2-way authentication
• Key management
• Ad-hoc network support
• Improved security architecture

20
802.11i Authentication
Source Cam-Winget, Moore, Stanley and Walker
21
802.11 Encryption
Source Cam-Winget, Moore, Stanley and Walker
22
802.11i Potential Weaknesses

• Hardware requirements
• Hardware upgrade needed for AES support
• Strength of TKIP and Wrap questionable in the
  long term
• Authentication server needed for 2-way
  authentication
• Complexity
• The more complex a system is, the more likely it
  may contain an undetected backdoor
• Patchwork nature of fixing 802.11b

23
No Control over WLAN?

• Often you want to connect to a wireless LAN over
  which you have no control
• Options
• If you can, connect securely (WPA2, 802.11i,
  etc.)
• If unsecured, connect to your secure systems
  securely
• VPN Virtual Private Network
• SSL connections to secure systems
• Be careful not to expose passwords
• Watch for direct attacks on untrusted networks

24
WLAN Security - Going Forward

• 802.11i appears to be a significant improvement
  over 802.11b from a security standpoint
• Vendors are nervous about implementing 802.11i
  protocols due to how quickly WEP was compromised
  after its release
• Only time will tell how effective 802.11i
  actually will be
• Wireless networks will not be completely secure
  until the standards that specify them are
  designed from the beginning with security in mind

25
Summary

• Wireless LAN Security is not independent of the
  greater network security and system security
• Threats to the Wireless LAN are largely in terms
  of being available and in providing a means to
  attack systems on the network
• That is, not many folks attack routers (yet)

26
References

• ftp//ftp.prenhall.com/pub/esm/web_marketing/ptr/p
  fleeger/ch07.pdf - Charles Shari Pfleegers
  chapter on network security
• http//www.gocsi.com/forms/fbi/pdf.jhtml - To
  request the Computer Security Institute/FBI
  yearly survey results (widely referenced)