Security Enhancement of WLAN Clients Using Smart Card Technology

1
United Arab Emirates University College of
Engineering Department of Electrical
Engineering Graduation Project (II) First
Semester 2003/2004
Security Enhancement of WLAN Clients
Using Smart Card Technology
Faculty Advisor Dr.
Mohammad Abdul Hafez Group members Abdulrahman-R-
Almasri
980211475 Alaaeldin FM Al-Anqar
980211476 Ahmad Mohd Alymmahi
980710581
2
Overview

• Objective.

• To improve the security system of wireless Local
  Area Network (WLAN) clients using the technology
  of smart cards.

• Motivations.

• The demand on wireless technology is increasing.
• The security of WLAN is difficult to guarantee
  !!
• Large companies and banks avoid WLANs !!
• Smart Card Technology is the latest technology
  that came out to markets.
• Users should be convinced !!

3
Overview

• Approach.

• Deploying a wireless LAN.
• Different security solutions like MAC address
  authentication, WEP Encryption, IEEE 802.1x, EAP
  Protocols, and the Radius Server were implemented
  and tested to evaluate their security level.
• The Smart Cards solution was implemented and
  tested .

4
Presentation Contents

• Projects Plan.

• Projects Budget.

• Projects Impacts Safety Considerations.

• Task (1) RF Design Using AVAYA Wireless
• Solution.

• Task (2) Implementing of Existing WLAN
  Security
• Solutions.

• Task (4) Smart Cards Solution .

• Conclusions Recommendations.

• References.

5
Projects Plan
Major tasks of GP1 shown in Gantt chart
6
Projects Budget
Number Item Quantity Availability Pric per unit EAD Total EAD. Unavailable Price EAD.
1 PC 1 v 2000 2000 --
2 Radius Server (Software) 1 v Free -- --
3 PCMCIA 4 v 385.35 1541.4 --
4 Access point 2000 AP-3 2 v 1427.63 2855.26 --
5 Smart cards (Raak) 2 v 110 220 --
6 UTP CAT5 cables 20m X 1Dr / m 40 40
7 RJ-45 Connectors 10 X 3.67 36.7 36.7
8 Sniffer Software 1 v 4771 4771 --
9 Laptops 2 X 1000 2000 2000
Total -- -- - 13484 2096.7
7
Projects Impacts

• Economical Impacts.

• environmental Impacts.

• Health Impacts.

8
Safety Considerations

• The output power of wireless LAN systems is
  very low.
• A little exposure to RF energy is provided to
  those in
• the area of a wireless LAN system.
• No adverse health affects have ever been
  attributed to
• wireless LANs.

9
RF Design Using AVAYA Wireless Solution

• Avaya access point 3 provides a dual slot
  architecture.
• It enables users to have a flexible and smooth
  migration to 5 GHz technologies.
• The Avaya Wireless AP-3 can deliver a data rate
  of both 11 Mbps and/or 54 Mbps.
• It provides great security capabilities via
  Avaya Silver and Gold PC cards.
• Users get robust, reliable connectivity and a
  high performance.

Dual slot architecture of AP-3
10
RF Design Using AVAYA Wireless Solution

• A site survey was done at the 1st floor
• of the EE Department (Male campus).
• Objectives.
• Methodology

- A laptop was used to give a reasonable
mobility to users.
- Client Manager software was used to
verify the quality of the wireless link.
- Two different locations of the access point
were chosen.
- The laptop was moved through a fixed path.
- The RF strength was measured at different
locations through the area.
11
RF Design Using AVAYA Wireless Solution
Exc Excellent VG Very Good
Indicates the RF strength by he color and the
number of columns.
Point Location A B C D E F G H I J L
1 Exc Exc Exc Exc Exc Exc Exc Exc VG VG VG
2 Exc Exc Exc Exc Exc VG VG VG Exc Exc Exc
Site survey measurements of radio frequency
strength
12
Network Analyzer Tools used

• AirSnare
• Netasyst
• Wlanexpert
• WinePcape-3-1
• Biongo
• PCTL
• Fakeap 0.3

13
Network Analyzer Tools used
AirSnare
It monitors network traffic for MAC addresses and
alerts you when a MAC address is found.
Netasyst
It provides the flexibility to monitor Wireless
and LAN networks simultaneously. Also, it
captures frames, and builds a database of network
objects from observed traffic to detect network
anomalies.
SMAC
Its a MAC Address Modifying Utility.
14
Implementation of existing security solutions to
WLAN
Medium Access Control (MAC) Address Filtering

• Overview
• Assigning the MAC addresses of clients in list
  in the access point.
• Only assigned clients can get access to the
  network!!
• Advantages
• Easy to implement, easy to use, suitable for
  small networks!
• Disadvantages
• MAC address can be stolen.
• MAC address can be changed.

15
MAC Address Filtering (Cont.)
Testing

• MAC Address authentication was enabled in the
  access point.

• MAC Addresses of clients were assigned into the
  table.

16
MAC Address Filtering (Cont.)

• Netasyst was used to analyze the network

• All clients using the network and their MAC
  Addresses were picked.

17
Gantt Chart for Graduation Project (2)
18
MAC Address Filtering (Cont.)

• The network was detected using AirSnare
• All MAC addresses of clients using the network
  were shown.

• SMAC was used to change the MAC address in order
  to get into the network.

19
Implementation of existing security solutions to
WLAN
Wired Equivalent Privacy (WEP)
Overview

• A security protocol that provides a high level
  of security.
• It relies on a secret shared key between an
  access point and a client.
• The (Ron's Code 4) RC4 encryption algorithm is
  used in WEP.

20
WEP Encryption (Cont.)
(1) An initial authentication frame is sent.
(2) A challenge text (128 bytes) is sent from the
AP to the station.
(3) The challenge key is encrypted with the
shared key and then sent back.
(4) The challenge key is decrypted with the
shared key at the AP and then compared.
Shared Key Authentication
21
WEP Encryption (Cont.)
Advantages

• More secure than MAC Authentication.
• Users should have the key in order connect the
  network.
• RC4 is simple enough that most programmers can
  quickly implement it in software.

Disadvantages

• The key can be obtained easily using some
  hacking tools.
• Lack of key distribution and key management .

22
WEP Encryption (Cont.)
Testing
The length of the key was chosen
The WEP encryption was enabled
The keys were entered
Key 1 was chosen to be the IV
23
Netasyst Some important commands

• Wired Equivalent Privacy (WEB) Analyses

-Netasyst Provides the user with 802.11 WEP
shared key. -The number of packets observed on
the wireless LAN indicates that Wired Equivalent
Policy encryption was used on the
packet. -Netasyst includes 64 and 128 bits web
data encryption
24
Netasyst Some important commands
The encrypted data of IEEE 11.b
25
Implementation of existing security solutions to
WLAN
802.11x Authentication
Overview

• A protocol that used to enforce authentication
  and access control for wireless networks.
• It works in conjunction with the EAP.
• 802.1x acts as the gate keeper while EAP acts as
  the authentication mechanism.

26
802.1x Authentication
Components of 802.1x

• Supplicant which is simply wireless client
  software
• Authenticator access point or network port
• authentication server

27
802.1x Authentication
Advantages

• Multi-vendor standard framework for securing the
  network.
• Allows the addition of newer authentication
  methods without replacing network equipment.
• Supports both wired and wireless networks.
• Uses industry standard authentication servers
  (example RADIUS Server).

28
802.1x Authentication
Disadvantages

• Weaknesses in WEP .
• EAP is not secure enough (EAP packets can be
  spoofed and changed).

29
Implementation of existing security solutions to
WLAN
Extensible Authentication Protocol (EAP)
Overview

• A mechanism that defines a standard message
  exchange between devices.
• Internet Protocol (IP) is not required.
• It transports messages between devices.
• EAP supports a number of authentication
  protocols.

30
EAP Encryption (Cont.)
Protocols of EAP

• EAP-MD5 (Message-Digest 5).
• EAP-TLS (Transport Level Security).
• EAP-TTLS (Tunneled TLS).
• EAP-PEAP (Protected EAP Protocol).
• Cisco LEAP (Lightweight EAP).

                                                              
                                                              
Components of EAP

• Client / Supplicant.
• Authenticator.
• Authenticator Server.

31
EAP Encryption (Cont.)
802.1x and EAP Authentication
Unauthorized State

• The supplicant requests access to the
  authenticator
• The client can send a start EAP Message
• The supplicant returns its identity

EAP Message is returned
The identity is forwarded to the server

• The identity is checked

Acceptance/Rejection Message

• Acceptance occurred

Authorized State
32
EAP Encryption (Cont.)
Advantages

• Supports multiple authentication protocols.
• There is no need to reprogram it!!
• Easy to implement and deploy.

Disadvantages

• The authentication mechanism is weak!!
• Attackers can recover passwords easily .

33
Implementation of existing security solutions to
WLAN
Radius Server
Overview

• RADIUS Remote Authentication Dial In User
  Service.
• It remotes users according to a database.
• It assigns an IP address to the wireless device
  or establishing a time limit on the session.
• RADIUS servers Steel-Belted, WinRadius, NAVIS,
  Merit, Kerberos, Microsoft IAS.

34
Radius Server
Architecture of a WLAN with RADIUS Server
solution
35
WinRadius Server Implementation

• WinRaduis server was implemented as part of WLAN
  security solution

Step1 Installation
1-WinRadius was launched. 2- The "Configure
ODBC automatically" button was clicked at
"Settings/Database.
36
WinRadius Server Implementation
37
WinRadius Server Implementation
Step1 Installation
3- WinRadius was restarted. Now, all settings of
WinRadius are OK. 4- Some users were added to
WinRadius by clicking "" toolbar button as shown
in Figure
38
WinRadius Server Implementation
Step1 Installation
5- Radius Test was used to test the functionality
of WinRadius.
39
WinRadius Server Implementation
40
WinRadius Server Implementation
Step 2 WLAN configuration
In Windows XP, IEEE 802.1x was enabled and
MD5-Challenge was chosen as EAP type. Thus
WinRadius will use 802.1x to authenticate the
WLAN users.
41
Enabling the Access Point
Enabling The Servers Status

Entering The IP Address of the Radius Server
Entering The Radius Server Destination port
Entering The shared key
42
Enabling the Access Point
Entering The IP Addresses of the users
Entering The Destination ports of the users
Entering The shared keys
43
WinRadius Server Advantages

• Lower purchase cost The cheapest in the world!!
  
• Lower running cost.
• More safe than ever.
• Easy to understand and easy to manage.

44
Testing the Network
Data sent and received were recognized in the
access point and the server
45
Radius Server Implementation
46
Radius Server Implementation
47
Radius Server Implementation
48
Radius Server Implementation
49
Smart Cards Solution
Smart Card Technology
Overview

• A wallet sized plastic card that is integrated
  with a circuit-chip.
• It can be programmed to perform tasks and store
  information.
• The microprocessor on the smart card is there
  for security.
• The host computer and card reader actually
  "talk" to the microprocessor.

50
Smart Cards Solution
Configuration of Smart Cards
                               
51
Smart Cards Solution
Security of Smart Cards

• Smart cards are extremely secure!!
• It is impossible for a hacker to duplicate or
  corrupt the data stored on a card.
• All standard encryption algorithms can be
  implemented DES, 3-DES, RSA, ECC
• 4 different lengths of the same key are used to
  give the network a powerful security.

52
Smart Cards Solution

• Chip is tamper-resistant.
• Information stored on the card can be PIN
  protected and/or read-write protected.
• Capable of performing data encryption.
• Capable of processing (not just storing)
  information.

Advantages
Disadvantages

• The card can be stolen!!
• PIN Codes can be forgetting.

53
Implementation of Smart Cards Solution

• Raak Technology was used.
• The solution consists of a smart card or token,
  a digital certificate, and a full featured 802.1X
  client.
• Raak smart cards and tokens were printed and
  configured for the end-user, and is ready to use
  right out of the box.
• Raak smart cards and tokens allows the user to
  use them with multiple computers in multiple
  locations.
• A user needs both the physical Smart Card and
  the Smart Card PIN code in order to authenticate.

54
Smart Cards Solution Implementation
C7 Cards
The C7 is protected with a user configurable PIN
(Personal Identification Number). Using the smart
card requires both the card and the PIN, for
complete two-factor authentication.
Features

• Custom printed in full color.
• Personalized with users own digital certificate.
  
• Supports Windows XP Pro, XP Home, 2000.
• Powerful cryptographic co-processor.
• RSA 512, 768, 1024, 2048 keys.

55
Smart Cards Solution Implementation
T8 Tokens
The Raak T8 USB smart Token is printed with the
token ID number,
Features

• Printed with the token ID.
• Complete with a small USB connector.
• Supports Windows XP Pro, XP Home, 2000.
• Powerful cryptographic co-processor.
• RSA 512, 768, 1024, 2048 keys.

56
WinRadius

• WinRadius is a standard RADIUS server for network
  authentication and accounting
• It is used for telecommunication wireless Local
  area Network.
• There are more than 5000 users of WinRadius in
  the world

57
1 K. Chen, "Medium Access Control of Wireless
LANs for Mobile Computing," IEEE Network,
September / October 1994. 2 Pike. James,
Cisco Networking Security, Library of Congress,
2001. 3 Agrawal. Dharma, Zeng. Qing-An,
Wireless and mobile systems, University of
Cincinnati, 2003. 4 Geier. Jim, Wireless
LANs implementing interoperable networks,
Macmillan Technical Publisher, 1999. 5
www.cisco.com. 6 www.iss.com.
7 www.avaya.com.
8 http//www.iec.org/online/tutorials/smartcard
/index.html.
58

• Summary.

• Tasks Achieved.

• Problems and Challenges.

• Recommendations.

59
THANK YOU!!
For Attending and listening!!! We would
appreciate your questions and recommendations !!!