Wireless Security

CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger At the mall ...

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2 Wireless Networks • Network supported by radio communications .. • Alphabet soup of standards, most on 802.11 • .. destroys the illusion of a hard perimeter.

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 3 Why you should fear Simon Byers ... • Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation.

• ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries.

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 4 Wireless LANs • Access point networks (ranging to about 300 feet) • All devices connect to the central access point

• Pro: very easy to setup and maintain, simple protocols • Con: reliability/speed drops as you get away from AP or contention increases.

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 5 Ad hoc Networks (a.k.a peer-to-peer) • Devices collaboratively work together to support network communication • Network topology changes in response to moving devices, e.g., bluetooth

• Pro: highly flexible and responsive to changes in environment • Con: complex, subject to traffic manipulation by malicious peers

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 6 Devices • Laptops (canonical wireless devices) • Desktops, mobile phones, .... • Bluetooth

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7 Attacks on Wireless Networks • DOS • Planted devices • Hijacked connections • Eavesdropping • Somebody is "in the wire" ...

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8 Threats • This is an open network ... • ... to which anyone can connect. • What security is necessary? – Authentication? – Confidentiality? – Integrity? – Privacy? – DOS Protection? – Accountability (traceability)?

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9 Security Mechanisms • Note: this is just a network with different threats, so implementing security is very similar to network security • Authentication – Q: What are you authenticating in a wireless network? – Methods: password/passphrase, smartcard, etc. – Tools: radius, Kerberos, PKI services .... • Confidentiality/Integrity – Typically implemented via some transport protocol – IPsec (just implement a VPN -- this is what PSU does)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10 Wireless Security Approaches • MAC Authentication • WEP (Wired Equivalent Privacy) • 802.11i (WPA - Wifi Protected Access) • EAP/LEAP (Extensible Authentication Protocol) • WAP (Wireless Application Protocol)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11 MAC Authentication • Create a list of MAC addresses – media access layer, e.g., ether 00:0a:95:d5:74:6a – Only these devices are allowed on network • Attack – Listen on network for MAC address use -- laptop – Masquerade as that MAC address (easy to do, many devices programmable) – ... can wait for it to go off line to avoid conflict, but not necessary • ARP Security limitations

ether 00:0a:95:d5:74:6a

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12 WEP (Wired Equivalent Privacy) • Keys – Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or) – 26 char hexadecimal + 24-bit IV = 128-bit WEP – Ability to send packets is essentially authentication • integrity used as authentication – Built into the vast majority of home wireless routers

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13 Protocol

Passphrase Key k • Thep WEP Flaw (greatly simplified) Initialization vector iv • i Plaintext data d ,Prdotocol(for separate blocks 1 and 2) • 1 2 Passphrase Key k Traffic Key kti = kp• ivi p • ||Initialization vector iv • i Ciphertext = E(kti, diPlainte) =xtRdataC4d(,kd ti(for) separatedi blocks 1 and 2) • • 1 2 ⊕ Traffic Key k = k iv • ti p|| i Ciphertext = E(k , d ) = RC4(k ) d • ti i ti ⊕ i Attack Attack

Assume iv1 = iv2 Assume iv = iv • • 1 2 Only2417 million IVs (224), so IV of two packets can be found ( one in 4096) Only 17 million IVs• (2 ), so IV of two packets can be found ≈( one in 4096) • (RC4(kt1) d1) (RC4(kt1) d2) = d≈1 d2 (RC4(k ) d ) (⊕RC⊕4(k ) ⊕d ) = d⊕ d t1 ⊕ 1 ⊕ t1 ⊕ 2 1 ⊕ 2

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14

1

1 802.11i (WPA - Wifi Protected Access) • Solution to problems with WEP • Two modes of operation – Pre-shared key mode -- WEP like, shared key derived from single network passphrase – Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users • Protocol fixes to WEP – increase IV size to 48 bits – TKIP - change keys every so often -- Temporal Key Integrity Protocol – improved integrity (stop using CRC and start using MAC) – WPA2: AES instead of RC4

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15 WAP (Wireless Application Protocol) • A set of protocols for implementing applications over thin (read wireless) pipes. • Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices – reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats • Wireless Markup Language (XML-based language) – reduce the footprint of the rendering engine (browser) • Security: WTLS – SSL/TLS protocol -- public keys, key negotiation, etc. • Success in Japan, little elsewhere (currently)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16 EAP/LEAP • Extensible Authentication Protocol – Challenge response - auth. only – Bolts onto other authentication mechanisms, e.g., Kerberos, RADIUS – Passes authentication information onto other protocols (WEP, WAP) – LEAP: Cisco implementation/modifications (security problems are possibly serious) – Standards: EAP-MD5, EAP-TLS – PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17 Bluetooth • A standard for building very small personal area networks (PANs) • Connects just everything you can name: PDAs, phones, keyboards, mice, your car • Very short range range network: 1 meter, 10 meters, 100 meters (rare) • Advertised as solution to "too many cables" • Authentication – "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?)

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18 Bluetooth Security • Everything really works off the PIN • Attacks have progressively been successful at identifying vulnerabilities in the way PINs are used, can be reverse engineered • Privacy: know what is on and how public it is ... • Problem: Cambridgeshire, England • Problem: Bluetooth rifle

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19 RFIDs • Radio Frequency Identification (RFID) • identity-providing transponders • Passive: no external power - backscatter (Walmart) • Active: internal power (SpeedPass) • History: a soviet listening device (1945), alied FoF (1939) • Privacy/Security anyone? • Q: How do you control who is accessing your information? • A: You don’t (currently) • Security measures • Rolling code (one time tokens) • Crypto-protocols, limited range, ...

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger 20 NIST Evaluation • Any vulnerability in a wired network is present in the wireless network • Many new ones: protocols, systems more public and vulnerable • Recommendations: – Disable file and directory sharing – Turn off APs when not in use – Use robust passwords, 128-bit encryption – Audit, audit, audit – VPNs are a good ...

CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21