Title: Wireless Security
1Wireless Security
- Presented at
- AMCIS 2002
- Dallas, Texas
- By
- Dr. Robert J. Boncella
- Professor of CIS
- School of Business
- Washburn University
2Overview
- Wireless LAN
- Physical Transport
- 802.11 Standards
- WLAN Architecture
- WLAN Security
- Wireless Local Loops (Wireless WAN)
- Physical Transport
- WAP Protocol 1.x
- WAP Protocol 2.0
- WAP Security
3Wireless
4Physical Transport
- RF (Radio Frequency)
- Frequency Hopping Spread Spectrum (FHSS)
- Direct Sequence Spread Spectrum (DSSS)
- IR (Infrared Radiation)
- Point-to-Point
- Diffused
5RF Transport
- Spread Spectrum
- Expand the initial bandwidth and spread it in
order to use a portion of the bandwidth for
portion of the message. - FHSS - Frequency Hopping Spread Spectrum
- Non-consecutive portions of the spread spectrum
are used to transmit portions of the message - DSSS - Direct Sequence Spread Spectrum
- each bit of the message contains additional bits
for error correction purposes - the message bit
along with its redundant bits is called the Chip
Code
6IR Transport
- Diffused
- Reflect signal off of existing surfaces
- e.g. ceiling
- Try this with TV remote
- Point-to-Point
- Signal sent as beam to IR Switch
- IR Switch relays to next IR Switch
- Ring topology
7RF and IR Transport
IR Spectrum 850 to 950 nanometers
8802.11 Standards
- 802.11a (WiFi5)
- operates in the 5GHz RF band
- Max link rate of 54Mbps
- 802.11b (WiFi)
- operates in the 2.4GHz RF band
- max link rate of 11Mbps
- 802.11g (Not Yet Standard)
- Max link rate of 54Mbps
- operates in 2.4GHz RF band
- 802.11i
- improved WEP
- Others
- 802.11d
- 802.11e
- 802.11f
- 802.11h
9WLAN Architecture
- Basic Service Set - BSS
- Extended Service Set - ESS
- Access Point - AP
- Station Types
- No-Transition Mobility but portable
- BSS-Transition Mobility
- ESS-Transition Mobility
10BSS
11ESS
Distribution System (e.g. Ethernet)
Gateway
Server
BSS
BSS
12WLAN Security
- Requirements
- authentication
- confidentiality
- integrity
13WLAN Security Exploits
- Insertion Attacks
- Unauthorized Clients or AP
- Interception and Unauthorized Monitoring
- Packet Analysis
- Broadcast Analysis
- AP connected to hub rather than switch
- AP Clone
- Jamming
- Denial of Service - using cordless phones, baby
monitors, leaky microwave oven, etc.
14WLAN Security Exploits
- Client-to-Client Attacks
- DOS - duplicate MAC or IP addresses
- TCP/IP Service Attacks against wireless client
providing these services - Brute Force Attacks Against AP Passwords
- Dictionary Attacks Against SSID
- Encryption Attacks
- Compromised WEP
- Misconfigurations
- APs ship in an unsecured configuration
15Secure AP Access
- Service Set Identifier - SSID
- Media Access Control (MAC) Address Filtering
- Wired Equivalent Privacy - WEP
16SSID
- Mechanism Used to Segment Wireless Networks
- Each AP is programmed with a SSID that
corresponds to its network - Client computer presents correct SSID to access
AP - Security Compromises
- AP can be configured to broadcast its SSID
- SSID may be shared among users of the wireless
segment
17MAC Filtering
- Each client identified by its 802.11 NIC Mac
Address - Each AP can be programmed with the set of MAC
addresses it accepts - Combine this filtering with the APs SSID
- Overhead of maintaining list of MAC addresses
18WEP-Based Security
- Employs RC4 PRNG to Encrypt/Decrypt data
- RC4 PRNG
- Symmetric Algorithm
- 40 bit encryption key 24 bit initialization
vector - 64 bit string is used as seed to PRNG to generate
a key sequence - ICV (integrity check value) is computed for
plaintext (CRC-32) - ICV is appended to plaintext to make data bit
string - Key Sequence is XORéd to data bit string to
create ciphertext. - Ciphertext and IV are sent to receiver.
19WEP Authentication
- Access request by client
- Challenge text sent to client by AP
- Challenge text encoded by client using shared
secret then sent to AP - If challenge text encoded properly AP allows
access else denied
20WEP Security Weaknesses
- All clients and APs in wireless network share
the same encryption key - No protocol for encryption key distribution
- IV transmitted in the clear
- default Open System authentication
21WLANs and VPNS
- VPN provides secure tunnel through an
untrusted network - Requires VPN Client and Server software
- Wireless path considered the untrusted network
- Alternative to MAC filtering and WEP
22Best Practices for WiFi Security
- Use WEP
- change default key
- change WEP key frequently
- Password Protect Client Drives and Folders
- Change Default SSID
- Use Sessions Keys If Available
- Use MAC Filtering If Available
- Use A VPN
- Requires VPN Server
- VPN Client Maybe Included With Op Sys
23Wireless Local Loops
24WAP Protocol
- Wireless Application Protocol
- used with small low-powered devices
- low bandwidth devices
- e.g. cell phones
- Layered Protocol
- Two versions of protocol stack
- WAP1.x Protocol Stack
- WAP2.0 Protocol Stack
- Used with WAP Devices
- clients - cell phones
- gateways -
- translate wireless protocols into Internet
protocols - located near Mobile Telephone Exchange
- Provide Security
25WAP 1.x Protocol Stack
WAP Device
Wireless Application Environment
Wireless Session Protocol
Wireless Transaction Protocol
Wireless Transport Layer Security
Wireless Datagram Protocol
GSM, TDMA, CDMA, CDPD, et al
26WAP 1.x Gateway
27WAP 2.x Protocol Stack
28WAP 2.0 Proxy
29Transport Layer Security
- Use of cipher suites
- Certificates of authentication
- Digital Signatures
- Session Resume
- Provides for TLS tunneling
- end-to-end transport layer security
30Bibliography
Dornan, Andy (2002) "LANs with No Wires, but
Strings Still Attached", Network Magazine, (17)
2, pp. 44-47. Dornan, Andy (2002) "Fast Forward
to 4G?", Network Magazine, (17) 3, pp.
34-39. Fratto, Mike (2001) "Tutorial Wireless
Security", Network Computing, Jan. 22, 2001, 3
pages, http//www.networkcomputing.com/1202/1202f1
d1.html Garber, Lee (2002) "Will 3G Really Be
the Next Big Wireless Technology?", IEEE
Computer, (35) 1, pp.26-32. Gast. Matthew S.
802.11 Wireless Networks The Definitive Guide
OReilly Associates Inc., Sebastopol, CA
(2002). Kapp, Steve (2002) "802.11 Leaving the
Wire Behind", IEEE Internet Computing Online",
January/February 2002, http//www.computer.org/int
ernet/v6n1/w102wire2.htm. Internet Security
Systems, (2001) "Wireless LAN Security 802.11b
and Corporate Networks", http//www.iss.net/suppo
rt/documentation/otherwhitepapers.php Macphee,
Allan (2001), "Understanding Digital Certificates
and Wireless Transport Layer Security (WTLS)",
Entrust Whitepaper, http//www.entrust.com/resour
ces/whitepapers.htm Nichols, Randall K., and
Lekkas, Panos C., Wireless Security Models,
Threats, and Solutions, McGraw-Hill, New York,
NY, 2002. Varshney, Upkar and Vetter, Ron (2000)
"Emerging Mobile and Wireless Networks",
Communications of the ACM, (43) 6, pp. 73-81.
31These slides will be available on August 12, 2002
on the web site www.washburn.edu/cas/cis/boncella
follow the link Wireless Security Presentation
AMCIS 2002