Security in a wireless world Wireless Networking security issues

1
Security in a wireless worldWireless Networking
security issues

• Robert G. Moskowitz
• February 5, 2002
• rgm_at_trusecure.com

2
Agenda

• Quick look at Wireless Networking
• Security Risks
• Security Tools
• Some futures in Wireless Security

3
Wireless Networking

• IEEE 802.11
• WLAN
• 11b _at_ 11Mb, 2.4Ghz.
• 11a _at_ 54Mb, 5.6Ghz
• 11g _at_ 54Mb, 2.4Ghz in standards process
• Stations and Access Points (AP)
• IEEE 802.1x
• Authentication Servers
• RADIUS
• Extensible Authentication Protocol (EAP, RFC 2284)

4
Wireless Networking

• Two types of networks
• Infrastructure
• One or more APs and wireless stations
• One AP is a BSS (Basic Service Set)
• More than one AP is an ESS (Extended Service Set)
• AdHoc or Peer-to-peer
• Only wireless stations
• An IBSS (Independent Basic Service Set)
• Hidden host problem

5
Wireless LANs
6
Wireless AdHoc LANs
7
Risks of RF Networking

• No boundaries
• Strength of broadcast and sensitivity of
  reception
• 300 normal, 1500 with standard booster antennas
• Networking group defined by a public name
• SSID -- 32 bytes
• Easily discovered, as it should be
• 2.4Ghz is unlicensed, shared media
• Microwaves - 8ms outages
• Commercial units potentially worst
• Wireless phones
• Panasonic phones completely takes down WLAN

8
The Access Point as a Hub

• All wireless traffic is handled by the AP
• Stations only talk directly in non-AP or AdHoc
  mode
• But passive listening to all traffic is easy
• DSNIFF and NETSPY
• MAC address filtering available on many APs
• Static filters are easy to defeat
• Proprietary tools available from some vendors
• Most are early 802.1x products
• 802.1x is standard for MAC address access control
• Configurable re-authentication available and
  STRONGLY recommended

9
The Access Point as a Bridge

• All devices on wired side of AP available at
  Layer 2 to all Stations
• ARP poisoning
• I own IP address x.x.x.z
• Layer 2 attack against Layer 3
• Route all traffic to a wire-side server through a
  wireless station
• Layer 2 defense
• Wireless on its own subnet
• Layer 3 defense
• Wired servers only accept secure connections
• VPNs dont help

10
ARP Poisoning
11
WLAN Security

• Defined in base standard, 802.11-1997
• WEP -- Wired Equivalence Privacy
• Layer 2 security
• No protection from Layer 1 RF attacks
• RC4 with 40 or 104 bit secret
• 24 bit Initialization Vector added for a 64 or
  128 bit per packet key
• 32 bit CRC check on each packet
• Poorly constructed, attacks defined in Dec 00
• Attack now under 200 packets
• Attack tools readily available

12
Roaming Risks

• No standard for roaming
• Only concept defined in standard
• MAC level association and Bridging announcements
  occur before any authentication
• Many station implementations do not even bother
  to use REASSOCIATE function
• A malicious ASSOCIATE can stop traffic to a
  wireless station

13
ASSOCIATE Attack
14
Security Mitigation

• VPN
• IPsec, L2TP, PPTP
• Protects application traffic on wireless
• Does NOT protect wireless stations in general
• IPsec does NOT protect Layer 2 traffic
• L2TP and PPTP MAY protect Layer 2 traffic
  depending on configuration
• Nested VPNs typically NOT tested
• VPN from station to gateway behind AP
• VPN from station to corporate gateway

15
More Security Mitigation

• Personal Firewall
• Treats wireless network like the Internet
• Which is always a wise approach
• Does not protect station traffic from passive
  collection or active attack
• Active attack is HARD as ALL traffic is routed
  through the AP, even between two wireless
  stations
• Does not protect against an ARP poison attack
  from another wireless station
• How to launch a Man-in-the-Middle attack the easy
  way

16
More Security Mitigation

• Wired-side Firewall
• Treats wireless network like the Internet
• Does not protect station traffic from passive
  collection or active attack
• Does not protect a wireless station from an ARP
  poison attack by another wireless station
• Does protect wired side servers from an ARP
  poison attack
• Can stop unauthorized wireless stations from
  accessing the wired network

17
ARP Station Attack
18
Secure in Depth

• Firewalls
• Protect wire side from wireless
• No other systems between AP and firewall
• Protect wireless systems (personal firewalls)
• VPNs
• Terminate at firewall
• Protect ICMP, TCP, and UDP datagrams
• Use WEP
• Protect ARPs and other layer 2 traffic
• Use MAC filters

19
Real Wireless Security

• Authenticate all wireless stations
• By MAC addresses
• Authenticate all datagrams
• Layer 2 and Sub-MAC
• Encrypt all datagrams
• Protect roaming

20
Wireless Station Authentication

• IEEE 802.1x
• Standard as of June 2001
• Extensible Authentication Protocol (EAP, RFC
  2284) over Ethernet (EAPoL)
• Station as SUPPLICANT, AP as AUTHENTICATOR, with
  a backend Authentication Server (e.g. RADIUS)
• Permits the MAC address of a Supplicant to a port
  on an access device
• Developed for Hubs, Switches, and Bridges works
  well with wireless APs

21
Wireless Station Authentication

• IEEE 802.1x
• Supports timer-based reauthentication
• Mitigates MAC address spoofing
• Provides for the use of RADIUS as Authentication
  Server (AS), but any AAA server will work
• Most EAP types usable. TLS and SRP most
  mentioned
• TLS is X.509 certificate based
• SRP is a strong UserID and Password (RFC 2945)
• These EAP types establish a Master Session Secret
  between the Station and AS
• Secret is used for datagram protection

22
Wireless Datagram Protection

• New and improved WEP
• Two styles -- old RC4 cards and new AES cards
• Retrofitting good security on old style cards
• Good key mixing
• Developed by top cryptographer team and reviewed
  by Ron Rivest and others
• Adequate Message Integrity Check (MIC)
• Developed by top cryptographer to work within
  card limitations
• Frequent rekeying using EAPoL Key messages
• Every 10,000 to 30,000 packets

23
Wireless Datagram Protection

• New improved security
• AES-CBC with 128 bit keys
• Two Authentication Modes
• AES-OCB
• New Dual Mode
• AES-Counter-mode
• Rekeying using EAPoL Key messages
• May never need to rekey for a given session
• 264 packets per keying
• Looking for a name other than WEP

24
Protect Roaming

• Proposal for roaming support (Inter-Access Point
  Protocol) offer new attacks
• Spoofed ASSOCIATE and REASSOCIATE can result in
  old AP dropping knowledge of station
• IAPP spoofing (normally over wired network)
• Proposals to add authentication to ASSOCIATE and
  REASSOCIATE
• Specification now protects MOVEs
• Requires a RADIUS server for APs
• No protection for ADDs
• Requires group secret with rekeying

25
The Future of Secured WLAN

• 802.1x
• Finished standard, updates in 802.1aa
• Security attack found in EAPoL-Key format
• Which EAP types?
• 802.11i
• Secured wireless communications for old and new
  wireless NICs
• 802.11f
• Standard and secured roaming
• Needs 802.11i to provide for authenticated
  ASSOCIATES and REASSOCIATES

26
Remaining Attacks

• ARP poison attacks
• Hard with no visibility to IP addresses, but
  these can be guessed.
• No wired-side systems between the APs and a router

27

• QUESTIONS?