Wireless Security

Wireless Security

Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger At the mall ... CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2 Wireless Networks • Network supported by radio communications .. • Alphabet soup of standards, most on 802.11 • .. destroys the illusion of a hard perimeter. CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 3 Why you should fear Simon Byers ... • Over the course of history radio frequencies have been enormously vulnerable to eavesdropping and manipulation. • ASSUME: Everything you say on a wireless network is going to be heard and potentially manipulated by your adversaries. CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 4 Wireless LANs • Access point networks (ranging to about 300 feet) • All devices connect to the central access point • Pro: very easy to setup and maintain, simple protocols • Con: reliability/speed drops as you get away from AP or contention increases. CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 5 Ad hoc Networks (a.k.a peer-to-peer) • Devices collaboratively work together to support network communication • Network topology changes in response to moving devices, e.g., bluetooth • Pro: highly flexible and responsive to changes in environment • Con: complex, subject to traffic manipulation by malicious peers CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 6 Devices • Laptops (canonical wireless devices) • Desktops, mobile phones, .... • Bluetooth CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7 Attacks on Wireless Networks • DOS • Planted devices • Hijacked connections • Eavesdropping • Somebody is "in the wire" ... CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8 Threats • This is an open network ... • ... to which anyone can connect. • What security is necessary? – Authentication? – Confidentiality? – Integrity? – Privacy? – DOS Protection? – Accountability (traceability)? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9 Security Mechanisms • Note: this is just a network with different threats, so implementing security is very similar to network security • Authentication – Q: What are you authenticating in a wireless network? – Methods: password/passphrase, smartcard, etc. – Tools: radius, Kerberos, PKI services .... • Confidentiality/Integrity – Typically implemented via some transport protocol – IPsec (just implement a VPN -- this is what PSU does) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10 Wireless Security Approaches • MAC Authentication • WEP (Wired Equivalent Privacy) • 802.11i (WPA - Wifi Protected Access) • EAP/LEAP (Extensible Authentication Protocol) • WAP (Wireless Application Protocol) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11 MAC Authentication • Create a list of MAC addresses – media access layer, e.g., ether 00:0a:95:d5:74:6a – Only these devices are allowed on network • Attack – Listen on network for MAC address use -- laptop – Masquerade as that MAC address (easy to do, many devices programmable) – ... can wait for it to go off line to avoid conflict, but not necessary • ARP Security limitations ether 00:0a:95:d5:74:6a CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12 WEP (Wired Equivalent Privacy) • Keys – Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or) – 26 char hexadecimal + 24-bit IV = 128-bit WEP – Ability to send packets is essentially authentication • integrity used as authentication – Built into the vast majority of home wireless routers CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13 Protocol Passphrase Key k • Thep WEP Flaw (greatly simplified) Initialization vector iv • i Plaintext data d ,Prdotocol(for separate blocks 1 and 2) • 1 2 Passphrase Key k Traffic Key kti = kp• ivi p • ||Initialization vector iv • i Ciphertext = E(kti, diPlainte) =xtRdataC4d(,kd ti(for) separatedi blocks 1 and 2) • • 1 2 ⊕ Traffic Key k = k iv • ti p|| i Ciphertext = E(k , d ) = RC4(k ) d • ti i ti ⊕ i Attack Attack Assume iv1 = iv2 Assume iv = iv • • 1 2 Only2417 million IVs (224), so IV of two packets can be found ( one in 4096) Only 17 million IVs• (2 ), so IV of two packets can be found ≈( one in 4096) • (RC4(kt1) d1) (RC4(kt1) d2) = d≈1 d2 (RC4(k ) d ) (⊕RC⊕4(k ) ⊕d ) = d⊕ d t1 ⊕ 1 ⊕ t1 ⊕ 2 1 ⊕ 2 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14 1 1 802.11i (WPA - Wifi Protected Access) • Solution to problems with WEP • Two modes of operation – Pre-shared key mode -- WEP like, shared key derived from single network passphrase – Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users • Protocol fixes to WEP – increase IV size to 48 bits – TKIP - change keys every so often -- Temporal Key Integrity Protocol – improved integrity (stop using CRC and start using MAC) – WPA2: AES instead of RC4 CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15 WAP (Wireless Application Protocol) • A set of protocols for implementing applications over thin (read wireless) pipes. • Short version: a set of protocols to implement the web over wireless links as delivered to resource limited devices – reduce overhead and flabby content (image rich HTML) – support limited presentation and content formats • Wireless Markup Language (XML-based language) – reduce the footprint of the rendering engine (browser) • Security: WTLS – SSL/TLS protocol -- public keys, key negotiation, etc. • Success in Japan, little elsewhere (currently) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16 EAP/LEAP • Extensible Authentication Protocol – Challenge response - auth. only – Bolts onto other authentication mechanisms, e.g., Kerberos, RADIUS – Passes authentication information onto other protocols (WEP, WAP) – LEAP: Cisco implementation/modifications (security problems are possibly serious) – Standards: EAP-MD5, EAP-TLS – PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17 Bluetooth • A standard for building very small personal area networks (PANs) • Connects just everything you can name: PDAs, phones, keyboards, mice, your car • Very short range range network: 1 meter, 10 meters, 100 meters (rare) • Advertised as solution to "too many cables" • Authentication – "pairing" uses pass-phrase style authentication to establish relationship which is often stored indefinitely (problem?) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 18 Bluetooth Security • Everything really works off the PIN • Attacks have progressively been successful at identifying vulnerabilities in the way PINs are used, can be reverse engineered • Privacy: know what is on and how public it is ... • Problem: Cambridgeshire, England • Problem: Bluetooth rifle CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 19 RFIDs • Radio Frequency Identification (RFID) • identity-providing transponders • Passive: no external power - backscatter (Walmart) • Active: internal power (SpeedPass) • History: a soviet listening device (1945), alied FoF (1939) • Privacy/Security anyone? • Q: How do you control who is accessing your information? • A: You don’t (currently) • Security measures • Rolling code (one time tokens) • Crypto-protocols, limited range, ... CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger 20 NIST Evaluation • Any vulnerability in a wired network is present in the wireless network • Many new ones: protocols, systems more public and vulnerable • Recommendations: – Disable file and directory sharing – Turn off APs when not in use – Use robust passwords, 128-bit encryption – Audit, audit, audit – VPNs are a good ... CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 21.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    21 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us