Wireless Network Security Issues

1
Wireless Network Security Issues

• By Advait Kothare

SJSU CS265 Fall 2004
2
Introduction

• A presentation of the paper Your 802.11 Wireless
  Network has No Clothes by
• William A. Arbaugh,Narendra Shankar,Y.C. Justin
  Wan at Univ. Maryland at College Park
• Explosive growth in wireless networks.
• But many security issues initially left open by
  802.11 standards committee.
• Result weak or non-existent security solutions
  for current deployments.

3
Introduction (Cont.)

• In the Wired World emphasis on protection from
  external compromise. (Firewalls)
• Wireless Networks provide an access point for any
  adversary beyond physical controls.
• A back door is opened for an attacker, which
  can be exploited. (Parking lot attacks)
• And a simple eavesdropping attack against 802.11
  shared key authentication.

4
Standard Security Mechanisms

• Wired Equivalent Privacy protocol (WEP)
• For confidentiality of network traffic
• Demostrated to be vulnerable
• Open Systems Authentication
• Authenticates anyone who requests authentication
• Management frames sent in clear even with WEP
• Shared Key Authentication
• Uses a standard challenge and response protocol

5
Shared Key Authentication
6
Shared Key Authentication (Cont.)

• Initator sends an authentication req. management
  frame
• Responder replies by sending mgmt. Frame with 128
  octets of challenge text.
• Text Generated using WEP PRNG with shared secret
  and a random initialization vector (IV)
• Initiator copies the text into a new frame,
  encrypts with WEP using shared secret and a new
  IV
• Responder verifies text and 32-bit CRC (ICV)

7
Weaknesses in Shared Key Auth.

• Passive attack, eavesdropping 1 leg of auth.
• Works because fixed structure of protocol
• Random challenge is the only diffrence between
  two Authentication messages.
• Also because of weakeness in WEP
• WEP Pseudo Random Number Generator
• K Shared key
• IV Initialization Vector (Sent in clear)
• P Plain text challenge text
• C Cipher text
• R Challenge text

8
Shared Key Auth. (Cont)

• Messages based on sequence numbers

Sequence Status Code Challenge Text WEP Used
1 Reserved Not Present NO
2 Status Present NO
3 Reserved Present YES
4 Status Not Present NO
9
Shared Key Flaw (Cont.)

• Attacker captures 2nd 3rd frames.
• 2nd Frame gt Random challenge in clear (P)
• 3rd Frame gt Encrypted challenge (C)
• PRNG stream
• WEPK,IVP R C P
• Stream can be derived from above without knowing
  the shared Key (K)

10
Shared Key Attack

• Attacker requests authentication from an AP
• AP responds with challenge text (R) in clear
• Attacker takes R and PRNG to get valid
  authentication response by XOR-ing the 2
• Attacker computes a new integrity check value
  (ICV)
• Valid response allows Attacker to join the
  network.

11
Conclusions Future Work

• All deployed 802.11 networks are at risk
• WEP can make it harder but vulnerable as keys are
  static and hard to change
• Vendors have used un-authenticated Diffie-Hellman
  for key exchange.
• Worse solution as Man In The Middle attack can
  give the Key to the attacker.

12
Question Comments