Скачать презентацию Presentation Wireless network security standard l 1 The Скачать презентацию Presentation Wireless network security standard l 1 The

4e33fc7f29f1633cabdcd54be53df0fb.ppt

  • Количество слайдов: 32

Presentation Wireless network security standard l 1 The evolution of WLAN Security l 2 Presentation Wireless network security standard l 1 The evolution of WLAN Security l 2 Basic Wireless Security Features of IEEE 802. 11 l 3 Enhanced Security Features l 4 Comperison of the Standards l 5 Conclusion and Recommendations for Wireless LAN Security l by: Jörg Grünauer at 30. 06. 05 by: http: //134. 91. 24. 143/~gruenauer

WLAN Security Standards 1 The evolution of Wireless network Security l 1997 the original WLAN Security Standards 1 The evolution of Wireless network Security l 1997 the original 802. 11 standard only offers - SSID (Service Set Identifier) - MAC Filtering (Media Access Control) - and WEP (Wired Equivalent Privacy) l 1999 several industry players formes WECA (Wireless Ethernet Compatibility Alliance) for rapid adaption of 802. 11 network products. l 2001 Fluhrer, Mantin and Shamir had identified some weaknesses in WEP. IEEE started Task Group i. l 2002 WECA was renamed in WI-FI

WLAN Security Standards 1 The evolution of Wireless network Security l 2003 Wi-Fi introduced WLAN Security Standards 1 The evolution of Wireless network Security l 2003 Wi-Fi introduced the Wi-Fi Protected Access (WPA). - Should be an interim solution for the weakness of WEP. - Some parts of IEEE 802. 11 i. l 2004 The WPA 2 was introduced. - It based on the final IEEE 802. 11 i standard. - Was ratified on June 25.

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 1 WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 1 (Extended) Service Set Identity, (E)SSID l„The name of the wireless network“ l Two variants of the SSID: - ad-hoc wireless network (called IBSS Independent Basic Service Set), clients without an AP use SSID. - infrastructure network (called ESS Extended Service Set), include an AP use the ESSID. l each client should be configured with a correct (E)SSID. l AP`s have function „any“: Access without a SSID possible - sends beacon-frames: SSID will be broadcasted l Weakness: STA sends the SSID in the clear: So, Sniffing possible.

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 2 WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 2 User authentication l 802. 11 defines two subtypes of authentication service: -> Open System authentication, the simplest Algorithms. - authenticates anyone who request authentication. - provides a NULL authentication process. Initiator Responder Authentication request Authentication response

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 2 WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 2 User authentication -> Shared-Key authentication - member who know shared key and members who not. - waekness: sniffing the shared key process. Initiator Responder Authentication request “challange“ text string WEP encryption WEP decryption of challange text„challange“ text string of encrypted text Encrypted with shared key Positive / negative response based on decryption result

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 3 WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 3 MAC-Filtering l Clients are identified by a worldwide unique hex. MACadresse of 802. 11 NIC. l Mac-Adresses are listed in AP. Weakness: l adresses are easily sniffed by an attacker - appear in the clear, if WEP is enabled. l changing of MAC-Adress with software possible.

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4 WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4 Wireless Equivalent Privacy (WEP) l Three Security Goals - Access Control: Ensure that the communication partners they are, who they pretend. - Data integrity: Ensure that packets are not modified in the air transfer. - Confidentiality: Ensure that content of wireless traffic are prevented from a eavesdropper through encryption.

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. 1 Structure of WEP • Secret Key is used to encrypt packets • CRC Integrity Check ICV: that packets are not modified in transit. - Compute CRC 32 over data plain - CRC to data: (CRC+data) - Pick a random IV and concatenate with secret key: (k+IV) - Input (k+IV) into the RC 4 to generate a pseudo-random key - send IV to peer by placing it in front of the ciphertext: C=(data+CRC) xor RC 4(k+IV))

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. 1 RC 4 in WEP l WEP uses RON´s Code 4 Pseudo Random Generator (PRG). l Developed in RSA laboratories l Secret Key K: - Manually entered the shared key (not to transmit). - 40 bit (reason was the US exportabilitiy) or later 104 bit l Initialisation Vector IV: - Ensure different Random numbers - 24 bit - transmit in clear in front of the cipher (IV+C) l Symmetric: Same key is used in encryption and decryption. l Key stream is independent of plaintext. l Encryption and decyption are fast (~10 times faster than DES). l RC 4 is simple (see http: //www. deadhat. com/wlancrypto/ ).

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. 2 Weakness of the WEP • Oct 2000: Jesse Walker of Intel published: Unsafe at any keysize; An analysis of the WEP encapsulation. • Mar 2001: Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC 4 and WEP“, „Weaknesses in the Key Scheduling Algorithm of RC 4“

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. 2 Weaknesses in WEP l Keys: - The key length of 40 bit - no key-management: cons: foulty, keys rarely changed l WEP Confidential insecure (IV reuse) - 24 bit IV, AP with 1500 Byte/packet and 11 Mbit/s: 1500*8/(11*10^6)*2^24=18300 sec ~ 5 hrs C 1 xor C 2 = P 1 xor RC 4(k, IV) xor P 2 xor RC 4(k, IV) = P 1 xor P 2 Knowing of C 1 and C 2, possible to get two Plains „xored“

WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. WLAN Security Standards 2 Basic Wireless Security Features of IEEE 802. 11 2. 4. 2 Weaknesses in WEP l WEP Data insecure (CRC-Checksum) - Attacker construct C_new= RC 4(k, IV) xor (M+CRC(M) xor (D, CRC(D)) that will decrypt to M_new with a valid CRC(M_new) : C_new = (M_new+CRC(M_new)) xor RC 4(k, IV) l Weak IV´s - Have the form (A+3, N-1, X), where A index of k, N mostly 256 and X can be nearly 60 different values - Iterate over possible Weak. IV´s over sequence of datapckets until the RC 4 key is found - More details in „Weaknesses in the Key Scheduling Allgorithm of RC 4“

WLAN Security Standards 3 Enhanced Security Features 3. 1 WEPplus l first interim solution WLAN Security Standards 3 Enhanced Security Features 3. 1 WEPplus l first interim solution cames from Lucent Tech. l Based on the observation, that tools the found data analysed in order to calculate shared WEP-key l backward compatible with a software-Update. l generates IV`s for RC 4, without appearing weak IV`s. l Idea: Weak IV`s are widely known, simply be skipped during the encryption. l a collision of identical IV`s can at least be delayed -> only a slight improvement. l acceptable at least for home users.

WLAN Security Standards 3 Enhanced Security Features 3. 2 Wi-Fi Protected Access (WPA) l WLAN Security Standards 3 Enhanced Security Features 3. 2 Wi-Fi Protected Access (WPA) l adresses most of WEP`s weaknesses l needed as soon as possible! l interim solution for replacement of WEP. l works with existing 802. 11 hardware (firmware update will be required) l is a subset of 802. 11 i; so forward compatible. l Cross-Vendor compatible l Goals: - improved encryption - user authentication: l 2 modes: - WPA Enterprise : TKIP/MIC ; 802. 1 X/EAP - WPA Personal : TKIP/MIC ; PSK

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode l Authentication : IEEE 802. 1 X/EAP - Central management of user credentials - An AAA server is required. - Uses RADIUS protocols for AAA and key distribution. - carry the authentication conversation between STA and RADIUS server. - supports multiple Authentication methods, based on passwords, digital Certificates. - Example: TLS, TTLS: Certificates based methods. PEAP, LEAP: Password based methods.

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode • Encryption: TKIP - Designed as a wrapper around WEP - uses the same RC 4 -Engine used by WEP - includes a MIC (called Michael) at the end of each plaintext message - ensure that message are not be spoofed. Components: - MIC - TSC (sequence counter) - Per-Packet Key Mixing

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode • Encryption: TKIP / MIC - Uses a 64 bit key - Partitions packets into 32 blocks - Uses shifts, XORs, additions to each 32 block to get a 64 bit authentication tag. - Michael is calculated on data source and dest. Adresse (SA / DA) - MIC = Michael_key(SA, DA, Plain. MSDU) - prevents capturing, altering, resending data packets

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode • Encryption: TKIP / TSC - IV is extended to 48 bits. - In realty 32 bits are added to 24 bit of WEP but 8 bits are not used. - uses as a sequence counter (TSC) , starts from 0 and incremented by 1 for each MPDU. - TSC 1 and TSC 0 or lower 16 bit. IV are the seq# in Phase 2. - TSC-TSC 5 or upper 32 bit. IV increment by one, after lower IV rotate and is used in Phase 1.

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode • Encryption: TKIP / Key-Mix - not simple concatenation IV to key - Phase 1: 128 b_res=Mix 1(128 b. TK, 48 bit. MAC, Upper. IV 32 b) - Ensure unique key, if clients share the same key - Phase 2: 128 b_perpacketkey=Mix 1(res 1, Lower. IV 16 b)

WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 1 Wi-Fi Protected Access (WPA) Enterprise Mode • Encryption: Benefits by TKIP - unique Key to encrypt every packet: keys are stronger - 280 trillion possible keys - IV: 48 bit length, reduce IV reuses - IV sents encrypted - MIC replace CRC-Check - upgrade with firmware for WEP hardware possible

WLAN Security Standards 3 Enhanced Security Features 3. 2. 2 Wi-Fi Protected Access (WPA) WLAN Security Standards 3 Enhanced Security Features 3. 2. 2 Wi-Fi Protected Access (WPA) Personal Mode • Encryption: TKIP • Authentication: Pre-shared key PSK - special mode (with no 802. 1 X infrastructure) - enter a passphrase on all STAs and AP (Masterkey is calculated) - based on four-way-key handshake - first pair: STA and AP exchange random values (nonces) - second pair: AP instructs STA to install calculated Key, STA confirmed -> AP does the same. - configuration of Passphrase similar to WEP.

WLAN Security Standards 3 Enhanced Security Features 3. 3 WPA 2 / 802. 11 WLAN Security Standards 3 Enhanced Security Features 3. 3 WPA 2 / 802. 11 Task Group i l WPA is/was a compromise solution, WPA 2 is 802. 11 i l 802. 11 i uses concept of a Robust Security Network (RSN) l biggest difference: AES is used for encryption l usually AES-Encryption is performed in hardware, l is enabled in two mode like WPA: - Enterprise Mode: - authentication: 802. 1 X/EAP - encryption: AES-CCMP - Personal Mode: - authentication: PSK - encryption: AES-CCMP

WLAN Security Standards 3 Enhanced Security Features 3. 3. 1 WPA 2 / 802. WLAN Security Standards 3 Enhanced Security Features 3. 3. 1 WPA 2 / 802. 11 i AES-CCMP l AES is a symmetric key-cipher l has a block-Size of 128 bits, a key-length of 128 bits. l encryption includes 4 stages to make up 1 round. - Each round is iterated 10, 12 or 14 times depending of the bit-size, for WPA 2 10. l AES uses Counter-Mode/CBC-Mac Protocol (CCMP) l CCMP is an special dot 11 i Encryption algorithm l CCM combination of Cipher Block Chaining Counter (CBC-CTR) and Message Authenticity Check (CBC-MAC)

WLAN Security Standards 3 Enhanced Security Features 3. 3. 2 WPA 2 / 802. WLAN Security Standards 3 Enhanced Security Features 3. 3. 2 WPA 2 / 802. 11 i CCMP CBC-CTR • CBC-CTR encryption increments counter to the AES-TK • XORs the Plaintext to create data • Random nonce is the IV, calls the PN Value • Packet. Number increase by 1 after encryption • PN length< 2^48, is contained in the CCMP MPDU

WLAN Security Standards 3 Enhanced Security Features 3. 3. 3 WPA 2 / 802. WLAN Security Standards 3 Enhanced Security Features 3. 3. 3 WPA 2 / 802. 11 i CCMP MPDU • encipher process expanded MPDU-Size by 16 bytes • 4 for PN 0 -1/Key-ID field, 4 for PN 2 -5 and 8 for MIC • Key. ID bit signals an extended PN of 6 bytes.

WLAN Security Standards 3 Enhanced Security Features 3. 3. 4 WPA 2 / 802. WLAN Security Standards 3 Enhanced Security Features 3. 3. 4 WPA 2 / 802. 11 i CCMP CBC-MAC (1) • works by taken 128 bit block of data and encrypts with CTR mechanism • zero padding, if plaintext not a multiple of AES-Blocksize 16 – (100 mod 16) = n zero pads • computation produced in a 128 -bit tag value • CCMP truncates the tag to most significant 64 bits to form the MIC, the other simply are discarded • forging this MIC: 1 in 10^19 chances

WLAN Security Standards 3 Enhanced Security Features 3. 3. 4 WPA 2 / 802. WLAN Security Standards 3 Enhanced Security Features 3. 3. 4 WPA 2 / 802. 11 i CCMP CBC-MAC (2)

WLAN Security Standards 3 Enhanced Security Features 3. 3. 5 CCMP Putting the Pieces WLAN Security Standards 3 Enhanced Security Features 3. 3. 5 CCMP Putting the Pieces together • Benefits: - strong encryption - provides data and header integrity - provides confidentiality

WLAN Security Standards 4 Comparison of the standards WEP l Cipher l Key Size WLAN Security Standards 4 Comparison of the standards WEP l Cipher l Key Size l Key Life l Packet Key l Data Integrity l Key Management WPA RC 4 40 or 104 bits 24 bit IV Concatenation CRC 32 None RC 4 AES 104 bits per. Pack 128 bits encry. 48 bit IV Two. Phase. Mix Not Needed Michael MIC CCM 802. 1 X/EAP/PSK Security Level WPA 2

WLAN Security Standards 5 Conclusion and Recommendations for Security is not a state, it WLAN Security Standards 5 Conclusion and Recommendations for Security is not a state, it is a process in continue! Some hints to protect a WLAN from attack: l ensure compatibilty to use hardware from one vendor, use Wi-Fi Certified devices. l change default SSID and disable SSID broadcasting. l Use MAC-adress authentication if you have manageable number of Clients and only some AP´s. l not only for enterprises: implement user authen. Upgrade AP to use WPA or WPA 2/802. 11 i. l enable and use WPA 2, WPA or for older hardware that supports WEP, enable this. Uses it at least with 128 bit. WEP. l change WEP-KEY frequently

WLAN Security Standards References and Literature l http: //www. wifi. org l l l WLAN Security Standards References and Literature l http: //www. wifi. org l l l l l http: //standards. ieee. org/wireless http: //www. lancom. de (Techpaper) http: //www. cisco. com http: //en. wikipedia. org/wiki/Wired_Equivalent_Privacy (etc. ) http: //en. wikipedia. org/wiki/Wireles_LAN (etc. ) http: //www. bsi. bund. de/literat/doc/wlan. pdf http: //www. isaac. cs. berkeley. edu/isaac/wep-faq. html http: //www. drizzle. com/~aboba/IEEE (etc. ) http: //www. wardrive. net/security/links (etc. ) http: //www. cs. umd. edu/~waa/wireless. html l William A. Arbaugh, Narendar Shankar, Justin Wan: Your 802. 11 Wireless Network has no Clothes: March 30, 2001 l Mike Radmacher, Sicherheits- und Schwachstellenanalyse entlang des Wireless-LANProtokollstacks, Diplomarbeit DII at the Uni-Duisburg-Essen in WS 03/04 l Sebastian Papierok, Sicherheit in drahtlosen Netzwerken, Seminar at the Uni-Duisburg. Essen in WS 04/05 l Scott Fluhrer, Itsik Mantin, Adi Shamir; „Attacks on RC 4 and WEP“, „Weaknesses in the Key Scheduling Algorithm of RC 4“ l Prasad, Anand: 802. 11 WLANs and IP networking: security, Qos, and mobility; Boston, Mass. ; London Artech House 2005; ISBN 1 -580 -53789 -8